Egregoros · Phoenix Framework

Post

Remote status

Context

rose ☭

yay just did my first update with my sysupdate tool !!
its like systemd-sysupdate but is portable and doesn't rely on the systemdevil and also has a proper manifest format
doesn't have a release yet because i still need to add a user interface, but soon!!
git.pinkro.se/Rose/sysupdate.git

mia (developer mode)

@mia@shrimptest.0x0.st remote

@rose nice!

note that in bash, the results of parameter expansion are always subject to word splitting (unlike zsh). a specially crafted manifest may easily lead to RCE here: git.pinkro.se/Rose/sysupdate.git/tree/usr/bin/sysupdate#n53

i know you’re basically just doing a PoC at this stage but i thought i should mention it anyway. there’s so much string munging going on in lieu of safe parsing that i want to suggest not doing it with shell scripts

Replying to @mia@shrimptest.0x0.st

rose ☭

@rose@snac.pinkro.se remote

oh yeah navi already told me that i was missing a bunch of quotes, ill definetly have to go over it again to try and catch any cases of missing quotes

i was thinking of making it in a compiled language, something like C, but since I want this to be as portable as possible and run on any posix (which im sure i still have some bashism to iron out) system, right now the only non posix dependency would be curl and that runs practically anywhere either way

Replies

Replying to @rose@snac.pinkro.se

sarah tonin

@SRAZKVT@tech.lgbt remote

@rose @mia imo having smth that is linux specific but that you can rewrite fully in one afternoon is just as compatible as one codebase you can run anywhere with minor tweaks (as long as you're a developer)

Replying to @SRAZKVT@tech.lgbt

mia (developer mode)

@mia@shrimptest.0x0.st remote

@SRAZKVT @rose besides, there’s basically no such thing as a posix-only system. it would be an absolute horror to use.

bash already isn’t posix, and there’s no true posix sh in widespread use

Replying to @mia@shrimptest.0x0.st

Haelwenn /элвэн/

@lanodan@queer.hacktivis.me remote

@mia @SRAZKVT @rose A posix-only system is complete utter nonsense and so far would be self-conflicting (some utilities like for example df(1) and ps(1) rely on system interfaces that are OS-specific).

Replying to @lanodan@queer.hacktivis.me

H. Faust

@hfaust@shitposter.world remote

@lanodan @mia @rose @SRAZKVT Looking at the list of POSIX "certified" OS, all of them are awful