commit 2d4cce46159eebc2079a13ec38376a5ce08d17e9 Author: yafox Date: Tue Nov 24 19:33:42 2020 +0000 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d416e82 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +pkg/** +gpg/** +!gpg/fingerprints.csv diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..bd8c239 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright 2020 "yafox" + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README b/README new file mode 100644 index 0000000..c832c44 --- /dev/null +++ b/README @@ -0,0 +1,196 @@ +src.sh +=== + +usage: `src.sh [ []]` + +src.sh pulls source code and checks signatures, checksums, and file sizes. +it does not apply patches. this is not an accident. applying patches was part +of src.sh's prototype, but patches are more relevant to the configuration and +build stages of package management than to the source acquisition stage. sets +of patches and build environments are tightly coupled by nature. + +src.sh is used as part of a source based package manager, but it as meant to be +used on its own as well, or as part of any other source based package manager. +it does what it does, and it does it as simply as possible. commits may be few +and far between just because not much may ever need to be done to it. + +it supports git repositories and tarballs as sources (or "archive types"). it +can be extended by adding archive type definition scripts to the `lib/type` +directory. + +it aims to be easy to understand and customise. the codebase for src.sh is only +260 SLOC long. (`sloc.sh` contains the code used to arrive at the SLOC count.) + +all package definitions are kept in a separate repository. this makes it easier +for users to supply their own package definitions. to use a package definition +repository, clone it into `$SRCROOT/pkg`. to maintain multiple package +definition repositories, clone them elsewhere and symlink `$SRCROOT/pkg` to +whichever one should be active at any given time. + +files in SRCROOT are assumed to be trustworthy. no sanitisation is done on the +`urls`, `sigurls`, etc. files. do not populate your `pkg` directory with files +you either have not carefully examined yourself or which are from sources you +would not let run arbitrary commands on your computer! + + +## installation + +clone this repository somewhere, set the SRCROOT variable to point to that +location, and use `src.sh` directly. creating a symlink to `src` somewhere +in PATH is recommended for convenience's sake. (e.g., to call `src.sh` via `src` +throughout the whole system, `ln -s $SRCROOT/src.sh /bin/src`.) + + +## gpg + +PGP signatures are checked if gpg is installed and if signatures are available. +for the check to pass, the project's maintainer keys must be on the "keyring" +gpg uses. to avoid cluttering up the user's personal keyring, src maintains its +own gpg "home" directory at `$SRCROOT/gpg`. by default this directory is empty +except for a CSV containing a mapping of project and maintainer names to PGP +fingerprints and URLs pointing to the resources which were used to find the +fingerprint. this can be used to import keys as needed and to independently +verify that the correct fingerprint is listed. + +for example, importing all the linux-kernel maintainer keys from the keyserver +hosted by University of Mainz: + +``` +cd "$SRCROOT/gpg" +grep '^linux-kernel,' fingerprints.csv | cut -d, -f3 | while read print; do + gpg --homedir=. --keyserver=pgp.uni-mainz.de --recv-keys "$print" +done +``` + +because keyservers can be unreliable, a signed repository containing all the +public keys referenced in fingerprints.csv can also be found at +http://git.fuwafuwaqtlkkxwc.onion/yafox/src-keys + + +## defining a package + +multiple archive types are supported, but care should be taken to ensure all +archive types specified in a package produce the same file structure and file +contents. if different archive types producing different source code listings +are desired, split them up into different packages. a package-version pair +should always produce the same source code, regardless of how the source code +was retrieved. + +packages are kept in the `pkg` directory. package definitions consist of a +directory in `pkg` containing a `checks` file and a `urls` file. + +for example: + + / + |-- checks + |-- urls + +the `urls` file is a tab-delimited list associating urls, content types, and +archive types. each line is formatted as follows: + + + +where is the version of the package source code requested, is a string corresponding to a type definition script in `lib/type`, minus +the ".sh" file extension, is "arc" or "sig" (indicating whether +the url points to the ARChive or the SIGnature for the archive), and is +the url at which the described content may be retrieved. + +optionally, a package may also contain a `defaults.sh` file. building on the +first example: + + / + |-- checks + |-- defaults.sh + |-- urls + + +`defaults.sh` is a small shell script that defines default values for `version` +and `type`. if the user does not specify the version and type of archive they +prefer, whatever values are defined in this file will be used. + +for example: + + version="0.0.1" + type="git" + +the `checks` file is a list of tab-delimited lines in this format: + + + +- version: the package version the check is for. + +- type: the archive type the check is for. + +- arc or sig: literally `arc` or `sig`. indicates whether this check is for an + archive or a signature of an archive. + +- size: the expected size of the archive or signature. signature sizes are + always in bytes. archive sizes depend on the archive type script. for + tarballs, it's bytes. for git, it's the working directory's "bytes on disk," + or `du -sk` times 1,024. if the calculated size and the expected size don't + match, the check fails. + +- checksum: the expected checksum of the archive or signature. signature + checksums are always sha512 checksums. archive checksums depend on the + archive type. for tarballs, it's just a sha512 checksum. for git, it's the + sha512 checksum of all the sha512 checksums of all the files in the working + directory sorted, excluding the `.git` directory. if the expected checksum + does not match the calculated checksum, the check fails. + +once a package has been pulled, a few more directories may appear, depending +on the behavior of the archive type definition scripts in the user's version of +src.sh. a package whose user has depended on tarballs and git at various times +may look like this: + + / + |-- git/ # bare git repository; not going to expand this one! + | + |-- sig/ + | |-- 0.01.tar.gz.sig + | |-- 0.02.tar.gz.sig + | |-- 1.00.tar.gz.sig + | |-- 1.01.tar.gz.sig # and so on + | + |-- tarball/ + | |-- -0.01.tar.gz + | |-- -0.02.tar.gz + | |-- -1.00.tar.gz + | |-- -1.01.tar.gz # and so on + | + |-- checks + |-- defaults.sh + |-- urls + + +in this example: + +- `git` contains a bare git respository. + +- `sig` contains all the signatures downloaded from `tar.gz-sigurls` throughout + the package's history and organized by `type` and `version`. + +- `tarball` contains all the `tar.gz` files downloaded from `tar.gz-urls`, + renamed as `.tar.gz`. + +also, the path set in SRCREPO will contain the extracted source code or working +trees (depending on archive type), one directory per version: + + $SRCREPO/ # like /src or $SRCROOT/code or something + |-- / + | |-- 0.01/ + | |-- 0.02/ + | |-- 1.00/ + | |-- 1.01/ # and so on + +## defining archive types + +the definitions in `lib/type` are good examples in themselves, but in short, an +archive definition file consists of a script defining the following functions: + +- get_archive +- sigcheck_archive +- unpack_archive +- archive_name +- archive_size +- archive_checksum diff --git a/USAGE b/USAGE new file mode 100644 index 0000000..e3fe2c5 --- /dev/null +++ b/USAGE @@ -0,0 +1,10 @@ +usage: $(basename $0) [options] [ []] + +default values for and are defined in 's +'defaults.sh' file. if the given is 'default', the version defined +in the package's 'defaults.sh' file will be used. + +options: + --verbose: show a more verbose exit message. + --defaults: print the defaults.sh file for the package and exit. + --set-checks: set values in checks file rather than checking against them. diff --git a/gpg/fingerprints.csv b/gpg/fingerprints.csv new file mode 100644 index 0000000..082e3e1 --- /dev/null +++ b/gpg/fingerprints.csv @@ -0,0 +1,198 @@ +package,owner,fingerprint,citation,key url +linux-kernel,Linus Torvalds,ABAF11C65A2970B130ABE3C479BE3E4300411886,https://kernel.org/category/signatures.html +linux-kernel,Greg Kroah-Hartman,647F28654894E3BD457199BE38DBBDC86092693E,https://kernel.org/category/signatures.html +linux-kernel,Sasha Levin,E27E5D8A3403A2EF66873BBCDEA66FF797772CDC,https://kernel.org/category/signatures.html +linux-kernel,Ben Hutchings,AC2B29BD34A6AFDDB3F68F35E7BFC8EC95861109,https://kernel.org/category/signatures.html +patch,Andreas Gruenbacher,259B3792B3D6D319212CC4DCD5BF9FEB0313653A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=patch&download=1 +patch,Jim Meyering,155D3FC500C834486D1EEA677FD9FCCB000BEEEE,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=patch&download=1 +automake,Karl Berry,17D3311B14BC0F248267BF020716748A30D155AD,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Stefano Lattarini,E1622F96D2BB4E58018EEF9860F906016E407573,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Tom Tromey,E9FE8AE950CB07F5BEB2E805036A75309D33E5B5,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Ralf Wildenhues,357D7084216BD1CF46AFABB232419B785D0CDCFC,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Eric Blake,2B7C1A53420D4AF3BFF4738BF382AE19F4850180,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Eric Blake,71C2CC22B1C4602927D2F3AAA7A16B4A2527436A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Benoit Sigoure,C5B91BDAF3A89934720FBAB4C3013AEF00BC3D49,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Jim Meyering,155D3FC500C834486D1EEA677FD9FCCB000BEEEE,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Akim Demaille,7DF84374B1EE1F9764BBE25D0DDCAA3278D5264E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Bruno Haible,9001B85AF9E1B83DF1BDA942F5BE8B267C6A406D,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Paul Eggert,7E3792A9D8ACF7D633BC1588ED97E90E62AA7E34,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +automake,Mathieu Lirzin,F2A38D7EEB2B66405761070D0ADEE10094604D37,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=automake&download=1 +m4,Akim Demaille,7DF84374B1EE1F9764BBE25D0DDCAA3278D5264E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=m4&download=1 +m4,Paul Eggert,7E3792A9D8ACF7D633BC1588ED97E90E62AA7E34,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=m4&download=1 +m4,Ralf Wildenhues,357D7084216BD1CF46AFABB232419B785D0CDCFC,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=m4&download=1 +m4,Stepan Kasal,10A0114D4D171A8C2913E8CA0C17BCB905909B88,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=m4&download=1 +m4,Eric Blake,2B7C1A53420D4AF3BFF4738BF382AE19F4850180,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=m4&download=1 +m4,Eric Blake,71C2CC22B1C4602927D2F3AAA7A16B4A2527436A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=m4&download=1 +make,Paul D.Smith,6D4EEB02AD834703510B117680CB727A20C79BB2,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=make&download=1 +make,Boris Kolpackov,F608942F312ED82E5B840407C880290BAE084F1D,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=make&download=1 +patch,Andreas Gruenbacher,259B3792B3D6D319212CC4DCD5BF9FEB0313653A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=patch&download=1 +patch,Jim Meyering,155D3FC500C834486D1EEA677FD9FCCB000BEEEE,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=patch&download=1 +attr,Andreas Gruenbacher,259B3792B3D6D319212CC4DCD5BF9FEB0313653A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=attr&download=1 +attr,Brandon Philips,600CD204FBCEA418BD2CA74F154343260542DF34,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=attr&download=1 +attr,Mike Frysinger,B902B5271325F892AC251AD441633B9FE837F581,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=attr&download=1 +bash,Bob Proulx,63B16683841CE3DC25D3C6EB421AFA26387F9A8E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bash&download=1 +bash,Jari Aalto,909146E36C0C9F3F02C66D374DA7F284955A92D8,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bash&download=1 +gzip,Karl Berry,17D3311B14BC0F248267BF020716748A30D155AD,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gzip&download=1 +gzip,Paul Eggert,7E3792A9D8ACF7D633BC1588ED97E90E62AA7E34,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gzip&download=1 +gzip,Jim Meyering,155D3FC500C834486D1EEA677FD9FCCB000BEEEE,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gzip&download=1 +gzip,Eric Blake,2B7C1A53420D4AF3BFF4738BF382AE19F4850180,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gzip&download=1 +gzip,Eric Blake,71C2CC22B1C4602927D2F3AAA7A16B4A2527436A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gzip&download=1 +libgcrypt,Werner Koch,7B96D396E6471601754BE4DB53B620D01CE0C630,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libgcrypt&download=1 +libgcrypt,NIIBE Yutaka,031EC2536E580D8EA286A9F22071B08A33BD3F06,https://gnupg.org/signature_key.html +libtool,Alexandre Oliva,D363BF126B7F7F6FCDCE4F755234845DF2B920F5,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Robert Boehne,564A180D1D88DE909F53EC688D4AE004BE425C25,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Bruce Korb,D0ACBACAC16365BA0CED71A93230630B93A12DFE,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Akim Demaille,7DF84374B1EE1F9764BBE25D0DDCAA3278D5264E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Jim Meyering,155D3FC500C834486D1EEA677FD9FCCB000BEEEE,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Peter O'Gorman,4D671997DD32AE8ED7ED9C7984912AB7DF3B6004,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Ralf Wildenhues,357D7084216BD1CF46AFABB232419B785D0CDCFC,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Eric Blake,2B7C1A53420D4AF3BFF4738BF382AE19F4850180,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Eric Blake,71C2CC22B1C4602927D2F3AAA7A16B4A2527436A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Benoit Sigoure,C5B91BDAF3A89934720FBAB4C3013AEF00BC3D49,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +libtool,Pavel Raiskup,4B6DBBF82054C23F20F916DE771FEDD1409580AB,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtool&download=1 +bison,Akim Demaille,7DF84374B1EE1F9764BBE25D0DDCAA3278D5264E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Paul Eggert,7E3792A9D8ACF7D633BC1588ED97E90E62AA7E34,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Bob Proulx,63B16683841CE3DC25D3C6EB421AFA26387F9A8E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Eric Blake,2B7C1A53420D4AF3BFF4738BF382AE19F4850180,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Eric Blake,71C2CC22B1C4602927D2F3AAA7A16B4A2527436A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Yijun Yu,EDFAB4C9554BDF6AD29A47D57FFE5E4115598D5E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Joel E.Denny,99588B8277CD08CC969B513ED153CE621D233519,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Wojciech Polak,A78EDBD82850EDFE8C7F9850A309D67919A22547,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Alex Rozenman,C28DA2F8435AF1B3C563CC7C17EB3CBCA7EE17A2,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +bison,Jim Meyering,155D3FC500C834486D1EEA677FD9FCCB000BEEEE,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=bison&download=1 +findutils,James Youngman,0C1CD7CA6633D2E914E05F16D52460E9,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=findutils&download=1 +findutils,James Youngman,0CF4E8D871593224842832B888DD9E08C5DDACB9,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=findutils&download=1 +findutils,Bob Proulx,63B16683841CE3DC25D3C6EB421AFA26387F9A8E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=findutils&download=1 +findutils,Eric Blake,2B7C1A53420D4AF3BFF4738BF382AE19F4850180,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=findutils&download=1 +findutils,Eric Blake,71C2CC22B1C4602927D2F3AAA7A16B4A2527436A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=findutils&download=1 +findutils,Bernhard Voelker,A5189DB69C1164D33002936646502EF796917195,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=findutils&download=1 +gdb,Elfyn McBratney,29D591BB87487CC9650F31FE68880C2A456548B4,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gdb&download=1 +gdb,Sergio DuriganJunior,237A54B1028728BF00EF31F4D0EB762865FC5E36,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gdb&download=1 +diffutils,Paul Eggert,7E3792A9D8ACF7D633BC1588ED97E90E62AA7E34,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=diffutils&download=1 +diffutils,Karl Berry,17D3311B14BC0F248267BF020716748A30D155AD,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=diffutils&download=1 +diffutils,Bruno Haible,9001B85AF9E1B83DF1BDA942F5BE8B267C6A406D,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=diffutils&download=1 +diffutils,Jim Meyering,155D3FC500C834486D1EEA677FD9FCCB000BEEEE,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=diffutils&download=1 +diffutils,Eric Blake,2B7C1A53420D4AF3BFF4738BF382AE19F4850180,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=diffutils&download=1 +diffutils,Eric Blake,71C2CC22B1C4602927D2F3AAA7A16B4A2527436A,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=diffutils&download=1 +diffutils,Bob Proulx,63B16683841CE3DC25D3C6EB421AFA26387F9A8E,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=diffutils&download=1 +byacc,Thomas Dickey,C52048C0C0748FEE227D47A2702353E0F7E48EDB,https://invisible-island.net/public/public.html +byacc,Thomas Dickey,F0C3A6669B53095D634AEEB4B48A81C87C650E87,https://invisible-island.net/public/public.html +bit-babbler,BitBabbler Sales,8EAF735424339DDDFE835628125831AE66E70556,http://www.bitbabbler.org/BitBabbler-PGP.asc +e2fsprogs,Theodore Ts'o,9ADE0718585722C08AE6E14DE43CA91B,https://thunk.org/tytso/tytso-key.asc +e2fsprogs,Theodore Y.Ts'o,52C344D60D02CD9B07031447ED3A39E393674C40,https://thunk.org/tytso/tytso-key.asc +e2fsprogs,Theodore Ts'o,44140F903D4FC37F4082381B475FBA0D103D4013,https://thunk.org/tytso/tytso-key.asc +e2fsprogs,Theodore Ts'o[SIGNATURE],9C056649DF837EEFD8AC7542A2334B91,https://thunk.org/tytso/tytso-key.asc +e2fsprogs,Theodore Ts'o,3AB057B7E78D945C8C5591FBD36F769BC11804F0,https://thunk.org/tytso/tytso-key.asc +file,Christos Zoulas,BE04995BA8F90ED0C0C176C471112AB16CB33B3A,https://astron.com/pub/file/README +flex,Will Estes,56C67868E93390AA1039AD1CE4B29C8D64885307,https://github.com/westes/flex/releases +help2man,Brendan O'Dea,87EA44D150D89615E39A3FEEF0DC8E00B28C5995,https://keyring.debian.org +iproute2,Stephen Hemminger,71A17EB00FFDEDCAD9EDD88EA2063D0D95CDE47E,https://github.com/shemminger/iproute2 +iproute2,Stephen Hemminger,9F6FC345B05BE7E766B83C8F80A77F6095CDE47E,https://github.com/shemminger/iproute2 +less,Mark Nudelman,AE27252BD6846E7D6EAE1DD6F153A7C833235259,http://greenwoodsoftware.com +libblkid,Karel Zak,AC9B824B828CD46EB8C06B299D7EB035EC39C284,https://kzak.redcrew.org/doku.pgp?id=me +libblkid,Karel Zak,B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284,https://kzak.redcrew.org/doku.pgp?id=me +libftdi1,Intra2Net open source,3CEA9B8868BC3852618EB5B4707F91A424F006F5,https://intra2net.com/en/developer/opensource-intra2net.asc +libftdi1,Intra2Net open source,FA75DA826E69D06BB4A13161B7B1762E24F006F5,https://intra2net.com/en/developer/opensource-intra2net.asc +libgpg-error,Werner Koch,D8692123C4065DEA5E0F3AB5249B39D24F25E3B6,https://gnupg.org/signature_key.html +libuuid,Karel Zak,AC9B824B828CD46EB8C06B299D7EB035EC39C284,https://kzak.redcrew.org/doku.pgp?id=me +libuuid,Karel Zak,B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284,https://kzak.redcrew.org/doku.pgp?id=me +linux-utils,Karel Zak,AC9B824B828CD46EB8C06B299D7EB035EC39C284,https://kzak.redcrew.org/doku.pgp?id=me +linux-utils,Karel Zak,B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284,https://kzak.redcrew.org/doku.pgp?id=me +lvm2,Marian Csontos,D501A478440AE2FD130A1BE8B9112431E509039F +ncurses,Thomas Dickey,C52048C0C0748FEE227D47A2702353E0F7E48EDB,https://invisible-island.net/public/public.html +ncurses,Thomas Dickey,F0C3A6669B53095D634AEEB4B48A81C87C650E87,https://invisible-island.net/public/public.html +pcre2,Philip Hazel,45F68D54BBE23FB3039B46E59766E084FB0F43D8,https://englanders.us/~jason/howtos/?howto=pcre2 +pcre2,Philip Hazel,372343CE9483E284E1151E0FA4C4952AFB0F43D8,https://englanders.us/~jason/howtos/?howto=pcre2 +rsync,Wayne Davison,0048C8B026D4C96F0E589C2F6C859FB14B96A8C5,https://opencoder.net/WayneDavison.key +valgrind,Julian Seward,0E9FFD0C16A1856CF9C7C690BA0166E698FA6035 +xz,Lasse Collin,3690C240CE51B4670D30AD1C38EE757D69184620,https://build.opensuse.org/package/view_file/OBS:AppImage/xz/xz.keyring +zlib,Mark Adler,5ED46A6721D365587791E2AA783FCD8E58BCAFBA,https://madler.net/madler/pgp.html +libtool,Gary Vaughan,CFE2BE707B538E8B26757D84151308092983D606,https://savannah.gnu.org/forum/forum.php?forum_id=8210 +libtool,Gary Vaughan,12796B6AFCE39A61A0C60183822B7B642983D606,https://savannah.gnu.org/forum/forum.php?forum_id=8210 +libcap,Andrew Morgan,38A644698C69787344E954CE29EE848AE2CCF3F4,https://kernel.org/doc/wot/morgan.html +bash,Chet Ramey,7C0135FB088AAF6C66C650B9BB5869F064EA74AB,https://tiswww.case.edu/php/chet +libevent,Azat Khuzhin,9E3AC83A27974B84D1B3401DB86086848EF8686D,https://github.com/brave/tor_build_scripts +tor,Nick Mathewson,2133BC600AB133E1D826D173FE43009C4607B1FB,https://torproject.org/about/people,https://db.torproject.org/fetchkey.cgi?fingerprint=2133BC600AB133E1D826D173FE43009C4607B1FB +torsocks,David Goulet,B74417EDDF22AC9F9E90F49142E86A2A11F48D36,https://people.torproject.org/~dgoulet,https://people.torproject.org/~dgoulet/dgoulet.pub.asc +pciutils,Martin Mares,5558F9399CD7836850553C6EC28E7847ED70F82D,https://mj.ucw.cz/pgp.html,https://mj.ucw.cz/pgpkey.txt +gdbm,Sergey Poznyakoff,325F650C4C2B6AD58807327A3602B07F55D0C732,https://savannah.gnu.org/user/gray/,https://savannah.gnu.org/people/viewgpg.php?user_id=311 +python3,Lukasz Langa,E3FF2839C048B25C084DEBE9B26995E310250568,https://github.com/docker-library/python/blob/master/update.sh,https://keybase.io/ambv/pgp_keys.asc +libunistring,Bruno Haible,9001B85AF9E1B83DF1BDA942F5BE8B267C6A406D,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libunistring&download=1, +libunistring,Daiki Ueno,462225C3B46F34879FC8496CD605848ED7E69871,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libunistring&download=1, +libunistring,Ben Pfaff,C2D1AB061656AAC54B5E975485199DE8C6648E90,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libunistring&download=1, +gettext,Bruno Haible,9001B85AF9E1B83DF1BDA942F5BE8B267C6A406D,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gettext&download=1, +gettext,Daiki Ueno,462225C3B46F34879FC8496CD605848ED7E69871,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gettext&download=1, +gettext,Stefano Lattarini,E1622F96D2BB4E58018EEF9860F906016E407573,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gettext&download=1, +gettext,Miguel,10633FF7D961C6CDE560AA02FE4FC54C67901C78,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gettext&download=1, +freetype,Veeki Yadav,84F2021D4F5FB0DA9C6A1B375F9F9B11F1DC0907,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=freetype&download=1, +freetype,Nikhil Ramakrishnan,F35E234A7D9ED8E2411BA2C036CAAD7E5542F419,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=freetype&download=1, +freetype,Antoine LECA,6C70DD62E7027A99AAC7931B5AA68F381DD04090,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=freetype&download=1, +freetype,David Turner,FC35B530D3EAD89AF379E2933692467E1012E57B,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=freetype&download=1, +freetype,Werner Lemberg,58E0C111E39F5408C5D3EC76C1A60EACE707FDA5,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=freetype&download=1, +freetype,Hew Yih Shiuan Ewald,4526532CD6DFB69DAB885DE53EF4D233C15799A7,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=freetype&download=1, +freetype,Kushal K S V S,D9AAAFEDFD562AC4D8946D49172FB8FA1C59821B,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=freetype&download=1, +freetype,Arvinder Bhathal,CA98D14E8B8BFC425E52959A5961693682380947,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=freetype&download=1, +fbida,Gerd Hoffmann,A0328CFFB93A17A79901FE7D4CB6D8EED3E87138,https://keybase.io/kraxelorg,https://keybase.io/kraxelorg/pgp_keys.asc +libjpeg-turbo,The libjpeg-turbo Project (Signing key for official binaries),7D6293CC6378786E1B5C496885C7044E033FDE16,,https://libjpeg-turbo.org/key/LJT-GPG-KEY +meson,Jussi Pakkanen,95181f4eed14fdf4e41b518d3bf4693bfeeb9428,http://buildroot-busybox.2317881.n4.nabble.com/RFC-v2-1-4-meson-bump-version-to-0-47-1-td199048.html, +libxslt,Daniel Veillard,C74415BA7C9C7F78F02E1DC34606B8A5DE95BC1F,http://veillard.com, +xorg-util-macros,Alan Coopersmith,CFDF148828C642A7,https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=xorg-xmh,https://raw.githubusercontent.com/clearlinux-pkgs/util-macros/master/CFDF148828C642A7.pkey +libpciaccess,Adam Jackson,995ED5C8A6138EB0961F18474C09DD83CAAA50B2,https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=libxfont,https://raw.githubusercontent.com/clearlinux-pkgs/libpciaccess/master/4C09DD83CAAA50B2.pkey +xcb-proto,Matt Turner,B3969B4F0EF97D721E638EBD9C825A6605D40BBE,https://github.com/archlinux/svntogit-packages/blob/packages/xcb-proto/trunk/PKGBUILD, +xcb-proto,Daniel Stone,A66D805F7C9329B4C5D82767CCC4F07FAC641EFF,https://github.com/archlinux/svntogit-packages/blob/packages/xcb-proto/trunk/PKGBUILD,https://raw.githubusercontent.com/clearlinux-pkgs/xcb-proto/master/CCC4F07FAC641EFF.pkey +xorgproto,Adam Jackson,995ED5C8A6138EB0961F18474C09DD83CAAA50B2,https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=libxfont,https://raw.githubusercontent.com/clearlinux-pkgs/libpciaccess/master/4C09DD83CAAA50B2.pkey +linux-libre,Alexandre Oliva,474402C8C582DAFBE389C427BCB7CF877E7D47A7,https://directory.fsf.org/wiki/Linux-Libre,https://linux-libre.fsfla.org/pub/linux-libre/SIGNING-KEY +libtiff,Bob Friesenhahn,EBDFDB21B020EE8FD151A88DE301047DE1198975,https://github.com/archlinux/svntogit-packages/blob/packages/libtiff/trunk/PKGBUILD, +libwebp,WebP Release Signing Key,6B0E6B70976DE303EDF2F601F9C3D6BDB8232B5D,https://github.com/webmproject/libweb/releases/tag/v1.1.0, +screen,Amadeusz,2EE59A5D0C50167B5535BBF1B708A383C53EF3A4,https://github.com/archlinux/svntogit-packages/blob/packages/screen/trunk/PKGBUILD, +libx11,Matthieu Herrb,C41C985FDCF1E5364576638B687393EE37D128F8,https://github.com/archlinux/svntogit-packages/blob/packages/libx11/trunk/PKGBUILD, +libid3tag,Rob Leslie,4229B6BBA00DE143B485B74D2CE2036B4BF38A33, +feh,Daniel Friesel,781BB7071C6BF648EAEB08A1100D5BFB5166E005,https://finalrewind.org/derf.asc, +libdrm,David Airlie,10A6D91DA1B05BD29F6DEBAC0C74F35979C486BE,https://github.com/archlinux/svntogit-packages/blob/packages/libdrm/trunk/PKGBUILD,https://raw.githubusercontent.com/clearlinux-pkgs/libdrm/master/0C74F35979C486BE.pkey +mesa,Eric Engestrom,57551DE15B968F6341C248F68D8E31AFC32428A6,https://docs.mesa3d.org/releasing.html,https://docs.mesa3d.org/release-maintainers-keys.asc +libelf,Mark Wielaard,12768A96795990107A0D2FDFFC57E3CCACD99A78,https://github.com/archlinux/svntogit-packages/blob/packages/elfutils/trunk/PKGBUILD +xkeyboard-config,Sergey Udaltsov,FFB4CCD275AAA422F5F9808E0661D98FC933A145,https://peegeepee.com/FFB4CCD275AAA422F5F9808E0661D98FC933A145,https://d.peegeepee.com/FFB4CCD275AAA422F5F9808E0661D98FC933A145.asc +strace,Dmitry Levin,296D6F29A020808E8717A8842DB5BD89A340AEB7,https://github.com/archlinux/svntogit-packages/blob/packages/strace/trunk/PKGBUILD,https://keybase.io/ldv_alt/pgp_keys.asc +python2,Benjamin Peterson,C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF,https://github.com/docker-library/python/blob/9f79a9df8fec373757cd0c2a2a75ce41c113e28b/update.sh,https://keybase.io/bp/pgp_keys.asc +sdl2,Sam Lantinga,1528635D8053A57F77D1E08630A59377A7763BE6,https://libsdl.org/download-2.0.php,https://slouken.libsdl.org/slouken-pubkey.asc +libbsd,Guillem Jover,4F3E74F436050C10F5696574B972BF3EA4AE57A3,https://www.hadrons.org/~guillem,https://www.hadrons.org/~guillem/guillem-4F3E74F436050C10F5696574B972BF3EA4AE57A3.asc +libevdev,PeterHutterer,3C2C43D9447D5938EF4551EBE23B7E70B467F0BF,https://github.com/clearlinux-pkgs/libevdev/raw/master/E23B7E70B467F0BF.pkey,https://github.com/clearlinux-pkgs/libevdev/raw/master/E23B7E70B467F0BF.pkey +ccache,Joel Rosdahl,5A939A71A46792CF57866A51996DDA075594ADB8,https://github.com/git-for-windows/MSYS2-packages/blob/3b1bf75383cfd00802f69c00fbe7b15f3c68c034/ccache/PKGBUILD,https://d.peegeepee.com/5A939A71A46792CF57866A51996DDA075594ADB8.asc +sway,Drew DeVault,9DDA3B9FA5D58DD5392C78E652CB6609B22DA89A,https://github.com/swaywm/sway,https://d.peegeepee.com/9DDA3B9FA5D58DD5392C78E652CB6609B22DA89A.asc +musl,musl libc,836489290BB6B70F99FFDA0556BCDB593020450F,https://twitter.com/musllibc/status/578347641395748865,https://musl.libc.org/musl.pub +llvm,Tom Stellard,474E22316ABF4785A88C6E8EA2C794A986419D8A,https://releases.llvm.org/download.html,https://github.com/llvm/llvm-project/releases/download/llvmorg-9.0.1/tstellar-gpg-key.asc +llvm,Hans Wennborg,B6C8F98282B944E3B0D5C2530FC3042E345AD05D,https://releases.llvm.org/download.html,https://releases.llvm.org/10.0.0/hans-gpg-key.asc +libssh2,Daniel Stenberg,27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2,https://keybase.io/bagder,https://keybase.io/bagder/pgp_keys.asc +icu,Steven R. Loomis,4569BBC09DA846FC91CBD21CE1BBA44593CF2AE0,https://github.com/unicode-org/icu/commit/0a1bd3caa9cc8bf7e0bc42c96d7e4f95ecfc9a48,https://raw.githubusercontent.com/unicode-org/icu/master/KEYS +icu,Steven R. Loomis,AAA9AE9C0F0DE47D,https://github.com/unicode-org/icu/commit/0a1bd3caa9cc8bf7e0bc42c96d7e4f95ecfc9a48,https://raw.githubusercontent.com/unicode-org/icu/master/KEYS +icu,Fredrik Roubert,9B432B27D1BA20D7,https://github.com/unicode-org/icu/commit/0a1bd3caa9cc8bf7e0bc42c96d7e4f95ecfc9a48,https://raw.githubusercontent.com/unicode-org/icu/master/KEYS +icu,Jeff Genovy,147473802F35F6CB,https://github.com/unicode-org/icu/commit/0a1bd3caa9cc8bf7e0bc42c96d7e4f95ecfc9a48,https://raw.githubusercontent.com/unicode-org/icu/master/KEYS +libidn2,Simon Josefsson,0424D4EE81A0E3D119C6F835EDA21E94B565716F,https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=libidn2,https://josefsson.org/key.txt +libidn2,Tim Rhsen,1CB27DBC98614B2D5841646D08302DB6A2670428,https://www.gnu.org/software/libidn/#downloading,https://d.peegeepee.com/1CB27DBC98614B2D5841646D08302DB6A2670428.asc +guile,Ludovic Court,3CE464558A84FDC69DB40CFB090B11993D9AEBB5,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Tom Tromey,E9FE8AE950CB07F5BEB2E805036A75309D33E5B5,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Mark Galassi,41566752362BF98F39517752A36D2828C7017E7F,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Neil Jerram,A3EF272127AE1A6C6529BF81D68D40B682D334DB,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Marius Vollmer,2F9BBCCC8527692A04E3331EFAF8226AD5D4E405,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Stefan Jahn,3CE23DE9619BBFDDE52B25F8EC0C2A44FD7B3CC8,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Thien-Thi Nguyen,748EA0E81CB8A7489BFA6CE4670322244C807502,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Kevin Ryde,0DF4245D9BB6C0B1E358EECB2C5302215F6ADD3A,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Christopher Allan Webber,510A8628E2A776788F8C709C4BC025925FF8F4D3,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Daniel Kraft,1142850E6DFF65BA63D688A8B2492AC4A7330737,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Andy Wingo,4FD4D288D445934E0A14F9A5A8803732E4436885,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Michael Gran,7C378E20D1561BC9E9CB3A5454ADD17A8A1F7454,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Julian Graham,1050AC1382C605A53A7B52B21724BA13C30D5C60,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Jose Antonio Ortega Ruiz,A247C4780736A6156BC8DA748C081D34D321D881,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Chris Jester-Young,D4525B491CE4D0471BFF10908E549D02234CC324,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,Andreas Rottmann,DFB44EB478A45EEE6219F228F92FCFC501FD5B62,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +guile,lloda,15F672F17D6755B50CD205D9433EB70200D592CB,https://savannah.gnu.org/projects/guile,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guile&download=1 +libtasn1,Simon Josefsson,0424D4EE81A0E3D119C6F835EDA21E94B565716F,https://savannah.gnu.org/projects/libtasn1,https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=libtasn1&download=1 +libtasn1,Nikos Mavrogiannopoulos,1F42418905D8206AA754CCDC29EE58B996865171,https://savannah.gnu.org/projects/libtasn1,https://d.peegeepee.com/1F42418905D8206AA754CCDC29EE58B996865171.asc +nettle,Niels Mller,343C2FF0FBEE5EC2EDBEF399F3599FF828C67298,https://github.com/msys2/MSYS2-packages/blob/master/nettle/PKGBUILD,https://d.peegeepee.com/343C2FF0FBEE5EC2EDBEF399F3599FF828C67298.asc +libseccomp,Paul Moore,7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A,https://github.com/seccomp/libseccomp,https://keys.openpgp.org/vks/v1/by-fingerprint/7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A +libseccomp,Tom Hromatka,47A68FCE37C7D7024FD65E11356CE62C2B524099,https://github.com/seccomp/libseccomp,https://keys.openpgp.org/vks/v1/by-fingerprint/47A68FCE37C7D7024FD65E11356CE62C2B524099 +dbus,Simon McVittie,DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90,https://lists.debian.org/debian-user/2011/03/msg00439.html,https://d.peegeepee.com/DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90.asc +autoconf-archive,Peter Simons,1A4F63A13A4649B632F65EE141BC28FE99089D72,https://github.com/autoconf-archive/autoconf-archive,https://d.peegeepee.com/1A4F63A13A4649B632F65EE141BC28FE99089D72.asc +gstreamer,Tim-Phillipp Mller,D637032E45B8C6585B9456565D2EEE6F6F349D7CA,https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=gst-rtsp-server,https://d.peegeepee.com/D637032E45B8C6585B9456565D2EEE6F6F349D7C.asc +alsa-lib,ALSA Release Team (Package Signing Key v1),F04DF50737AC1A884C4B3D718380596DA6E59C91,https://www.alsa-project.org/wiki/Download,https://www.alsa-project.org/files/pub/gpg-release-key-v1.txt +libwpe,Adrian Perez de Castro,5AA3BC334FD7E3369E7C77B291C559DBE4C9123B,https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=libwpe,https://d.peegeepee.com/5AA3BC334FD7E3369E7C77B291C559DBE4C9123B.asc diff --git a/lib/get_file.sh b/lib/get_file.sh new file mode 100644 index 0000000..4d21edb --- /dev/null +++ b/lib/get_file.sh @@ -0,0 +1,28 @@ +# the same logic applies whether downloading a tarball or a signature file. +# don't accept anything but the expected number of bytes and check the checksum. +get_file() { + local dest="$1" + local url="$2" + local size="$3" + + # being explicit about the size of the file allows protection against DoS + # attacks where the attacker sends an infinite stream of bytes. it may also + # make finding hash collisions against a particular hash impossible, since + # it may be that no collision using an input equal to the given size exists. + [ ! "$size" ] || sizeopt="-r 0-$size" + curl $sizeopt --compressed -C - -L -o "$dest" "$url" + + return $? +} + +file_size() { + wc -c "$1" | cut -d' ' -f1 +} + +file_checksum() { + sha512sum "$1" | cut -d' ' -f1 +} + +file_name() { + echo "$1" +} diff --git a/lib/log.sh b/lib/log.sh new file mode 100644 index 0000000..2b09101 --- /dev/null +++ b/lib/log.sh @@ -0,0 +1,16 @@ +# if _colors is not already set, if this is running on an interactive +# terminal (as opposed to in a script), if tput is installed, and if tput +# knows some color codes, then set _colors to 'yes'. +{ [ -z "$_colors" ] \ +&& [ -t 1 ] \ +&& [ "$(tput colors 2>/dev/null || echo 0)" -ge 8 ] \ +&& _colors="yes"; } || true # suppress error codes + +_clr="$({ [ "$_colors" = 'yes' ] && tput sgr0; } || echo '')" +_blu="$({ [ "$_colors" = 'yes' ] && tput setaf 6; } || echo '')" +_ylw="$({ [ "$_colors" = 'yes' ] && tput setaf 3; } || echo '')" +_red="$({ [ "$_colors" = 'yes' ] && tput setaf 1; } || echo '')" + +log() { [ "$verbose" != 'yes' ] || echo "$_blu[LOG]$_clr $@"; } +wrn() { echo "$_ylw[WRN]$_clr $@" >&2; } +err() { echo "$_red[ERR]$_clr $@" >&2; exit 1; } diff --git a/lib/type/git.sh b/lib/type/git.sh new file mode 100755 index 0000000..99e2a89 --- /dev/null +++ b/lib/type/git.sh @@ -0,0 +1,43 @@ +get_archive() { + local gitdest="$1" + local url="$2" + + # would be great if there were a way to restrict size here. + if [ -d "$gitdest" ]; then + (cd "$gitdest" && git fetch --all) + else + git clone --mirror "$url" "$gitdest" + fi +} + +archive_name() { + echo "$SRCROOT/pkg/$pkgname/git" +} + +archive_size() { + # don't do this! different sizes on different filesystem types. + ##expr $(du -sk $1 | cut -f1) \* 1024 + + cd "$1" + git count-objects -vH | grep size-pack | cut -d': ' -f2 + cd - >/dev/null +} + +archive_checksum() { + cd "$1" + find . -type f ! -path "**/.git/**" ! -name ".git" \ + | sort \ + | xargs sha512sum \ + | cut -d' ' -f1 \ + | sha512sum \ + | cut -d' ' -f1 + cd - >/dev/null +} + +unpack_archive() { + cd "$1" + git worktree add -f "$2" "$version" + cd - >/dev/null +} + +sigcheck_archive() { return 0; } diff --git a/lib/type/kernel-gz.sh b/lib/type/kernel-gz.sh new file mode 120000 index 0000000..6289e60 --- /dev/null +++ b/lib/type/kernel-gz.sh @@ -0,0 +1 @@ +kernel-tarball.sh \ No newline at end of file diff --git a/lib/type/kernel-tarball.sh b/lib/type/kernel-tarball.sh new file mode 100755 index 0000000..882ce0d --- /dev/null +++ b/lib/type/kernel-tarball.sh @@ -0,0 +1,65 @@ +# for tarballs that use kernel.org's style of signature, where the release +# signature is made against the uncompressed tarball. +get_archive() { + [ -d "$pkg/tarball" ] || mkdir -p "$pkg/tarball" + + local tarball="$1" + local ext="$(echo "$type" | cut -d- -f2)" + get_file "$tarball" "$url" || return 1 + + log "decompressing tarball..." + + case "$ext" in + xz) unxz -k "$tarball" ;; + gz) gunzip -k "$tarball" ;; + *) err "unrecognized extension: $ext" ;; + esac + + return $? +} + +sigcheck_archive() { + local ext="$(echo "$type" | cut -d- -f2)" + local tarball="${1%.$ext}" + gpg --homedir="$SRCROOT/gpg" --verify "$2" "$tarball" \ + || err "$2 does not contain a valid signature for $tarball" +} + +unpack_archive() { + local ext="$(echo "$type" | cut -d- -f2)" + local tarball="${1%.$ext}" + local arcdest="$2" + + log "extracting tarball..." + + # extract the tarball into a temporary directory first, then move either it + # or its contents, if it contained a single directory, to $pkgdest + tempdir="$(mktemp -d)" + tar -xf "$tarball" -C $tempdir + contents="$(ls "$tempdir")" + + if [ "$(echo "$contents" | wc -l)" -gt 1 ]; then + mkdir -p "$arcdest" + contents="." + else + mkdir -p "$(dirname $arcdest)" + fi + mv "$tempdir/$contents" "$arcdest" + rm -r "$tempdir" + rm "$tarball" # remove the uncompressed tarball + + return 0 +} + +archive_name() { + local ext="$(echo "$type" | cut -d- -f2)" + echo "$pkg/tarball/$pkgname-$version.tar.$ext" +} + +archive_size() { + file_size $@ +} + +archive_checksum() { + file_checksum $@ +} diff --git a/lib/type/kernel-xz.sh b/lib/type/kernel-xz.sh new file mode 120000 index 0000000..6289e60 --- /dev/null +++ b/lib/type/kernel-xz.sh @@ -0,0 +1 @@ +kernel-tarball.sh \ No newline at end of file diff --git a/lib/type/raw.sh b/lib/type/raw.sh new file mode 100755 index 0000000..da9afbd --- /dev/null +++ b/lib/type/raw.sh @@ -0,0 +1,30 @@ +get_archive() { + [ -d "$pkg/raw" ] || mkdir -p "$pkg/raw" + + get_file "$1" "$2" "$3" || return 1 + + return 0 +} + +sigcheck_archive() { + gpg --homedir="$SRCROOT/gpg" --verify "$2" "$1" \ + || err "$2 does not contain a valid signature for $1" +} + +unpack_archive() { + [ -d "$2" ] || mkdir -p "$2" + mv "$1" "$2/$pkgname" + rmdir "$pkg/raw" 2>/dev/null || true +} + +archive_name() { + echo "$pkg/raw/$pkgname-$version" +} + +archive_size() { + file_size $@ +} + +archive_checksum() { + file_checksum $@ +} diff --git a/lib/type/tar.bz2.sh b/lib/type/tar.bz2.sh new file mode 120000 index 0000000..c036547 --- /dev/null +++ b/lib/type/tar.bz2.sh @@ -0,0 +1 @@ +tarball.sh \ No newline at end of file diff --git a/lib/type/tar.gz.sh b/lib/type/tar.gz.sh new file mode 120000 index 0000000..c036547 --- /dev/null +++ b/lib/type/tar.gz.sh @@ -0,0 +1 @@ +tarball.sh \ No newline at end of file diff --git a/lib/type/tar.xz.sh b/lib/type/tar.xz.sh new file mode 120000 index 0000000..c036547 --- /dev/null +++ b/lib/type/tar.xz.sh @@ -0,0 +1 @@ +tarball.sh \ No newline at end of file diff --git a/lib/type/tarball.sh b/lib/type/tarball.sh new file mode 100755 index 0000000..cef4b30 --- /dev/null +++ b/lib/type/tarball.sh @@ -0,0 +1,46 @@ +get_archive() { + [ -d "$pkg/tarball" ] || mkdir -p "$pkg/tarball" + + get_file "$1" "$url" "$3" + + return $? +} + +unpack_archive() { + log "extracting tarball..." + + # extract the tarball into a temporary directory first, then move either it + # or its contents, if it contained a single directory, to $pkgdest + tempdir="$(mktemp -d)" + tar -xf "$1" -C $tempdir + contents="$(ls "$tempdir")" + + if [ "$(echo "$contents" | wc -l)" -gt 1 ]; then + mkdir -p "$2" + contents="." + else + mkdir -p "$(dirname "$2")" + fi + + mv "$tempdir/$contents" "$2" + rm -r "$tempdir" + + return 0 +} + +sigcheck_archive() { + gpg --homedir="$SRCROOT/gpg" --verify "$2" "$1" \ + || err "$2 does not contain a valid signature for $1" +} + +archive_name() { + echo "$pkg/tarball/$pkgname-$version.$type" +} + +archive_size() { + file_size $@ +} + +archive_checksum() { + file_checksum $@ +} diff --git a/lib/type/tgz.sh b/lib/type/tgz.sh new file mode 120000 index 0000000..c036547 --- /dev/null +++ b/lib/type/tgz.sh @@ -0,0 +1 @@ +tarball.sh \ No newline at end of file diff --git a/makefile b/makefile new file mode 100644 index 0000000..c76ac13 --- /dev/null +++ b/makefile @@ -0,0 +1,22 @@ +SRCDIR = $(dir $(realpath $(firstword $(MAKEFILE_LIST)))) +PREFIX ?= /usr +DESTDIR ?= $(PREFIX)/bin +SRCREPO ?= $(PREFIX)/var/src +SRCROOT ?= $(PREFIX)/share/src +GITBASE ?= $(shell realpath $(shell git config --get remote.origin.url) | rev \ + | cut -d/ -f2- | rev) + +.PHONY: install uninstall lix-os-pkg + +lix-os-pkgs: + git clone $(GITBASE)/src-lix-os-pkgs pkg + +install: + mkdir -p $(SRCREPO) + ln -sf $(SRCDIR) $(SRCROOT) + ln -sf $(SRCROOT)/src.sh $(DESTDIR)/src + +uninstall: + rm $(DESTDIR)/src + rm $(SRCROOT) + rm -fr $(SRCREPO) diff --git a/sloc.sh b/sloc.sh new file mode 100755 index 0000000..1ea7b20 --- /dev/null +++ b/sloc.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +# find all *.sh files not under `pkg` that are not symbolic links, strip all +# trailing whitespace, then all leading whitespace, then all lines starting +# with '#', then all empty lines. then count the remaining lines. + +find . -name "*.sh" ! -path "**/pkg/**" ! -type l \ +| xargs sed 's/[[:space:]]*$//g; s/^[[:space:]]*//g; s/^#.*$//g; /^$/d' \ +| wc -l - \ +| cut -d' ' -f1 + +# note that this script's ELOC is also included in the count. diff --git a/src.sh b/src.sh new file mode 100755 index 0000000..c40b3c8 --- /dev/null +++ b/src.sh @@ -0,0 +1,126 @@ +#!/bin/sh -e + +export SRCROOT="$(dirname "$(readlink -f "$0")")" +export PREFIX="${PREFIX:-${0%/bin/src}}" +export SRCREPO="${SRCREPO:-$PREFIX/var/src}" + +while [ "${1#-}" != "$1" ]; do + case "$1" in + -e|--exists) exists='yes' ;; + -v|--verbose) verbose='yes' ;; + -d|--defaults) defaults='yes' ;; + -s|--set-checks) setchecks='yes' ;; + esac + shift +done + +[ "$1" ] || { eval "echo \"$(cat $SRCROOT/USAGE)\"" && exit 0; } + +. "$SRCROOT/lib/log.sh" +. "$SRCROOT/lib/get_file.sh" + +[ -d "$SRCREPO" ] || err "$SRCREPO is not a directory!" + +export pkgname="$1" + +pkg="$SRCROOT/pkg/$pkgname" +[ -e "$pkg/checks" ] || [ "$setchecks" ] \ +|| err "'checks' file missing for $pkgname!" + +[ ! -e "$pkg/defaults.sh" ] || . "$pkg/defaults.sh" +[ "$2" = "default" ] || version="${2:-$version}" +export version +export type="${3:-$type}" + +if [ "$defaults" ]; then + cat "$pkg/defaults.sh" + exit 0 +fi + +[ "$version" ] && [ "$type" ] || err "type and version could not be determined." + +# load the archive type's 'get_archive' function +. "$SRCROOT/lib/type/$type.sh" + +arcdest="$SRCREPO/$pkgname/$version" +sigdest="$pkg/sig/$pkgname-$version.$type.sig" + +if [ "$exists" ]; then + [ -e "$arcdest" ] && exit 0 || exit 1 +fi + +[ ! -e "$arcdest" ] || err "$arcdest exists! skipping pull." \ + +# if the package is a symlink to a sibling directory, make a corresponding +# symlink in SRCREPO and bail to avoid duplicating source code. + linktarget="$(readlink "$SRCROOT/pkg/$1" 2> /dev/null)" \ + && [ "${linktarget#*/}" = "$linktarget" ] \ + && ln -sf "$SRCREPO/$linktarget" "$SRCREPO/$pkgname" \ + && log "symlinked $SRCREPO/$pkgname to $SRCREPO/$linktarget." \ + || true # force evaluation to true since "sh -e" exits on non-zero exit codes. + +# if a symlink was created, do the existence check again. act like the code +# was just pulled if the symlink made the sought version available at $arcdest. +[ ! "$linktarget" ] \ +|| [ ! -e "$arcdest" ] \ +|| { echo "$arcdest" && exit 0; } + +# otherwise, let's continue with the business of making the remote requests. +tryurls() { + abbr="$(echo $1 | cut -c1-3)" # 'sig' or 'arc' + dest="$2" + urlsfile="$(eval "echo \"$(cat "$pkg/urls")\"")" + urls="$(echo "$urlsfile" | awk "/^$version\t$type\t$abbr\t/")" + [ -n "$urls" ] || return 0 + + check="$(eval "echo \"$(awk "/$version\t$type\t$abbr\t/" "$pkg/checks")\"")" + if [ ! "$check" ] && [ ! "$setchecks" ]; then + err "no '$abbr' check for $pkgname $version." + fi + + size="$(echo "$check" | cut -f4)" + sum="$(echo "$check" | cut -f5)" + + log "grabbing $pkgname $version $type $1..." + mkdir -p "$(dirname "$dest")" + + echo "$urls" | while read line; do + url="$(echo "$line" | cut -f4)" + log "trying $url" + + get_$3 "$dest" "$url" "$size" && break || continue + done + [ -e "$dest" ] || err "failed to get $pkgname $version $type $1!" + + log "calculating size and checksum..." + truesize="$(${3}_size "$dest")" + truesum="$(${3}_checksum "$dest")" + + if [ ! "$setchecks" ]; then + [ "$truesize" = "$size" ] || err "expected size $size, got $truesize." + [ "$truesum" = "$sum" ] || err "expected checksum $sum, got $truesum." + else + log "setting checks for $name $version" + printf "$version\t$type\t$abbr\t$truesize\t$truesum\n" >> $pkg/checks + [ ! "$check" ] || sed -i "/^$check\$/d" "$pkg/checks" || true + fi +} + +arcname="$(archive_name)" +tryurls "signature" "$sigdest" "file" +tryurls "archive" "$arcname" "archive" + +if [ -f "$sigdest" ]; then + if (which gpg 1>&2 2>/dev/null); then + log "checking signature..." + sigcheck_archive "$arcname" "$sigdest" + else + wrn "signature available but gpg not found! skipping 'sig' check." + fi +fi + +unpack_archive "$arcname" "$arcdest" + +[ "$verbose" ] \ +&& log "$pkgname $version source code extracted to $arcdest" \ +|| echo "$arcdest"