#!/bin/sh -ef
#
# This is a simple package manager written in POSIX 'sh' for use
# in KISS Linux (https://getkiss.org).
#
# This script runs with '-ef' meaning:
# '-e': Abort on any non-zero exit code.
# '-f': Disable globbing globally.
#
# Warnings related to word splitting and globbing are disabled.
# All word splitting in this script is *safe* and intentional.
# shellcheck disable=2046,2086
#
# Dylan Araps.

die() {
    # Print a message and exit with '1' (error).
    printf '\033[1;31m!>\033[m %s.\n' "$@" >&2
    exit 1
}

log() {
    # Print a message prettily.
    printf '\033[1;32m->\033[m %s.\n' "$@"
}

contains() {
    # Check if a "string list" contains a word.
    case " $1 " in *" $2 "*) return 0; esac
    return 1
}

pkg_lint() {
    # Check that each mandatory file in the package entry exists.
    log "[$1] Checking repository files"

    repo_dir=$(pkg_find "$1")

    cd "$repo_dir" || die "'$repo_dir' not accessible"
    [ -f sources ] || die "[$1] Sources file not found"
    [ -x build ]   || die "[$1] Build file not found or not executable"
    [ -s version ] || die "[$1] Version file not found or empty"

    # Ensure that the release field in the version file is set
    # to something. The above test checks for the version field inclusively.
    read -r _ release < version
    [ "$release" ] || die "Release field not found in version file"
}

pkg_find() {
    # Figure out which repository a package belongs to by
    # searching for directories matching the package name
    # in $KISS_PATH/*.
    [ "$KISS_PATH" ] || die "\$KISS_PATH needs to be set"

    # Find the repository containing a package.
    # Searches installed packages if the package is absent
    # from the repositories.
    set -- "$1" $(IFS=:; find $KISS_PATH "$sys_db" -maxdepth 1 -name "$1")

    # A package may also not be found due to a repository not being
    # readable by the current user. Either way, we need to die here.
    [ "$2" ] || die "Package '$1' not in any repository"

    printf '%s\n' "$2"
}

pkg_list() {
    # List installed packages. As the format is files and
    # directories, this just involves a simple for loop and
    # file read.

    # Change directories to the database. This allows us to
    # avoid having to 'basename' each path. If this fails,
    # set '$1' to mimic a failed glob which indicates that
    # nothing is installed.
    cd "$sys_db" 2>/dev/null || set -- "$sys_db/"\*

    # Optional arguments can be passed to check for specific
    # packages. If no arguments are passed, list all. As we
    # loop over '$@', if there aren't any arguments we can
    # just set the directory contents to the argument list.
    [ "$1" ] || { set +f; set -f -- *; }

    # If the 'glob' above failed, exit early as there are no
    # packages installed.
    [ "$1" = "$sys_db/"\* ] && return 1

    # Loop over each package and print its name and version.
    for pkg; do
        [ -d "$pkg" ] || {
            log "Package '$pkg' is not installed"
            return 1
        }

        read -r version 2>/dev/null < "$pkg/version" || version=null
        printf '%s\n' "$pkg $version"
    done
}

pkg_sources() {
    # Download any remote package sources. The existence of local
    # files is also checked.
    log "[$1] Downloading sources"

    # Store each downloaded source in a directory named after the
    # package it belongs to. This avoid conflicts between two packages
    # having a source of the same name.
    mkdir -p "$src_dir/$1" && cd "$src_dir/$1"

    repo_dir=$(pkg_find "$1")

    while read -r src _; do
        case $src in
            # Remote source.
            *://*)
                [ -f "${src##*/}" ] && {
                    log "[$1] Found cached source '${src##*/}'"
                    continue
                }

                wget "$src" || {
                    rm -f "${src##*/}"
                    die "[$1] Failed to download $src"
                }
            ;;

            # Local source.
            *)
                [ -f "$repo_dir/$src" ] || die "[$1] No local file '$src'"

                log "[$1] Found local file '$src'"
            ;;
        esac
    done < "$repo_dir/sources"
}

pkg_extract() {
    # Extract all source archives to the build directory and copy over
    # any local repository files.
    log "[$1] Extracting sources"

    repo_dir=$(pkg_find "$1")

    while read -r src dest; do
        mkdir -p "$mak_dir/$1/$dest" && cd "$mak_dir/$1/$dest"

        case $src in
            # Only 'tar' archives are currently supported for extraction.
            # Any other file-types are simply copied to '$mak_dir' which
            # allows for manual extraction.
            *://*.tar*|*://*.tgz)
                tar xf "$src_dir/$1/${src##*/}" --strip-components 1 \
                    || die "[$1] Couldn't extract ${src##*/}"
            ;;

            *)
                # Local file.
                if [ -f "$repo_dir/$src" ]; then
                    cp -f "$repo_dir/$src" .

                # Remote file.
                elif [ -f "$src_dir/$1/${src##*/}" ]; then
                    cp -f "$src_dir/$1/${src##*/}" .

                else
                    die "[$1] Local file $src not found"
                fi
            ;;
        esac
    done < "$repo_dir/sources"
}

pkg_depends() {
    # Resolve all dependencies and generate an ordered list.

    repo_dir=$(pkg_find "$1")

    # This does a depth-first search. The deepest dependencies are
    # listed first and then the parents in reverse order.
    contains "$deps" "$1" || {
        # Filter out non-explicit, aleady installed dependencies.
        # Only filter installed if called from 'pkg_build()'.
        [ -z "${action##b*}" ] && [ -z "$2" ] &&
            (pkg_list "$1" >/dev/null) && return

        # Recurse through the dependencies of the child packages.
        while read -r dep _; do
            [ "${dep##\#*}" ] && pkg_depends "$dep"
        done 2>/dev/null < "$repo_dir/depends" ||:

        # After child dependencies are added to the list,
        # add the package which depends on them.
        [ "$2" = explicit ] || deps="$deps $1 "
    }
}

pkg_strip() {
    # Strip package binaries and libraries. This saves space on the
    # system as well as on the tar-balls we ship for installation.

    # Package has stripping disabled, stop here.
    [ -f "$(pkg_find "$1")/nostrip" ] && return

    log "[$1] Stripping binaries and libraries"

    # Strip only files matching the below ELF types.
    find "$pkg_dir/$1" -type f | while read -r file; do
        case "$(readelf -h "$file" 2>/dev/null)" in
            *" DYN "*)
                strip_opt=--strip-unneeded
            ;;

            *" REL "*)
                strip_opt=--strip-debug
            ;;

            *" EXEC "*)
                strip_opt=--strip-all
            ;;

            *) continue ;;
        esac

        # Suppress errors here as some binaries and libraries may
        # fail to strip. This is OK.
        strip "$strip_opt" "$file" 2>/dev/null ||:
    done
}

pkg_fixdeps() {
    # Dynamically look for missing runtime dependencies by checking
    # each binary and library with 'ldd'. This catches any extra
    # libraries and or dependencies pulled in by the package's
    # build suite.
    log "[$1] Checking for missing dependencies"

    # Go to the directory containing the built package to
    # simplify path building.
    cd "$pkg_dir/$1/$pkg_db/$1"

    # Make a copy of the depends file if it exists to have a
    # reference to 'diff' against.
    [ -f depends ] && cp -f depends depends-copy

    # Get a list of binaries and libraries, false files
    # will be found, however it's faster to get 'ldd' to check
    # them anyway than to filter them out.
    find "$pkg_dir/$1" -type f 2>/dev/null | while read -r file; do
        # Run 'ldd' on the file and parse each line. The code
        # then checks to see which packages own the linked
        # libraries and it prints the result.
        ldd "$file" 2>/dev/null | while read -r dep; do
            # Skip lines containing 'ldd'.
            [ "${dep##*ldd*}" ] || continue

            # Extract the file path from 'ldd' output.
            dep=${dep#* => }
            dep=${dep% *}

            # Traverse symlinks to get the true path to the file.
            dep=$(readlink -f "$KISS_ROOT/${dep##$KISS_ROOT}")

            # Figure out which package owns the file.
            dep=$(set +f; grep -lFx "${dep##$KISS_ROOT}" "$sys_db/"*/manifest)

            # Extract package name from 'grep' match.
            dep=${dep%/*}
            dep=${dep##*/}

            case $dep in
                # Skip listing these packages as dependencies.
                musl|gcc|${PWD##*/}) ;;
                *) printf '%s\n' "$dep" ;;
            esac
        done ||:
    done >> depends-copy

    # Remove duplicate entries from the new depends file.
    # This remove duplicate lines looking *only* at the
    # first column.
    sort -u -k1,1 depends-copy > depends-new

    # Display a 'diff' of the new dependencies agaisnt
    # the old ones. '-N' treats non-existent files as blank.
    diff -N depends depends-new ||:

    # Do some clean up as this required a few temporary files.
    mv -f depends-new depends
    rm -f depends-copy
}

pkg_manifest() (
    # Generate the package's manifest file. This is a list of each file
    # and directory inside the package. The file is used when uninstalling
    # packages, checking for package conflicts and for general debugging.
    log "[$1] Generating manifest"

    # This funcion runs as a sub-shell to avoid having to 'cd' back to the
    # prior directory before being able to continue.
    cd "$pkg_dir/$1"

    # Find all files and directories in the package. Directories are printed
    # with a trailing forward slash '/'. The list is then reversed with
    # directories appearing *after* their contents.
    find . -mindepth 1 -type d -exec printf '%s/\n' {} + -or -print |
        sort -r | sed ss.ss > "$pkg_dir/$1/$pkg_db/$1/manifest"
)

pkg_tar() {
    # Create a tar-ball from the built package's files.
    # This tar-ball also contains the package's database entry.
    log "[$1] Creating tar-ball"

    # Read the version information to name the package.
    read -r version release < "$(pkg_find "$1")/version"

    # Create a tar-ball from the contents of the built package.
    tar zpcf "$bin_dir/$1#$version-$release.tar.gz" -C "$pkg_dir/$1" . ||
        die "[$1] Failed to create tar-ball"

    log "[$1] Successfully created tar-ball"
}

pkg_build() {
    # Build packages and turn them into packaged tar-balls. This function
    # also checks checksums, downloads sources and ensure all dependencies
    # are installed.

    log "Resolving dependencies"

    for pkg; do
        contains "$explicit" "$pkg" || {
            pkg_depends "$pkg" explicit

            # Mark packages passed on the command-line
            # separately from those detected as dependencies.
            explicit="$explicit $pkg "
        }
    done

    explicit_build=$explicit

    # If an explicit package is a dependency of another explicit
    # package, remove it from the explicit list as it needs to be
    # installed as a dependency.
    for pkg; do
        # There's no better way to remove a word from a string in
        # POSIX 'sh' sadly.
        contains "$deps" "$pkg" &&
            explicit=$(echo "$explicit" | sed "s/ $pkg / /g")
    done

    set -- $deps $explicit
    log "Building: $*"

    # Only ask for confirmation if more than one package needs to be built.
    [ $# -gt 1 ] || [ "$pkg_update" ] && {
        log "Continue?: Press Enter to continue or Ctrl+C to abort here"

        # POSIX 'read' has none of the "nice" options like '-n', '-p'
        # etc etc. This is the most basic usage of 'read'.
        # '_' is used as 'dash' errors when no variable is given to 'read'.
        read -r _ || exit
    }

    log "Checking to see if any dependencies have already been built"
    log "Installing any pre-built dependencies"

    # Install any pre-built dependencies if they exist in the binary
    # directory and are up to date.
    for pkg; do
        # Don't check for a pre-built package if it was passed
        # to KISS directly.
        contains "$explicit_build" "$pkg" || {
            # Figure out the version and release.
            read -r version release < "$(pkg_find "$pkg")/version"

            # Install any pre-built binaries if they exist.
            # This calls 'args' to inherit a root check and call
            # to 'sudo' to elevate permissions.
            [ -f "$bin_dir/$pkg#$version-$release.tar.gz" ] && {
                log "[$pkg] Found pre-built binary, installing"
                (KISS_FORCE=1 args i "$bin_dir/$pkg#$version-$release.tar.gz")

                # Remove the now installed package from the build
                # list. No better way than using 'sed' in POSIX 'sh'.
                set -- $(echo " $* " | sed "s/ $pkg / /")
            }
        }
    done

    for pkg; do pkg_lint "$pkg"; done
    for pkg; do
        # Ensure that checksums exist prior to building the package.
        [ -f "$(pkg_find "$pkg")/checksums" ] || {
            log "[$pkg] Checksums are missing"

            # Instead of dying above, log it to the terminal. Also define a
            # variable so we *can* die after all checksum files have been
            # checked.
            no_sums="$no_sums$pkg "
        }
    done

    # Die here as packages without checksums were found above.
    [ "$no_sums" ] && die "Checksums missing, run 'kiss checksum ${no_sums% }'"

    for pkg; do pkg_sources "$pkg"; done

    # Verify all package checksums. This is achieved by generating
    # a new set of checksums and then comparing those with the old
    # set.
    for pkg; do
        pkg_checksums "$pkg" | cmp -s - "$(pkg_find "$pkg")/checksums" || {
            log "[$pkg] Checksum mismatch"

            # Instead of dying above, log it to the terminal. Also define a
            # variable so we *can* die after all checksum files have been
            # checked.
            mismatch="$mismatch$pkg "
        }
    done

    # Die here as packages with differing checksums were found above.
    [ "$mismatch" ] && die "Checksum mismatch with: ${mismatch% }"

    # Extract all packages before build to catch any extraction
    # errors early.
    for pkg; do pkg_extract "$pkg"; done

    # Finally build and create tarballs for all passed packages and
    # dependencies.
    for pkg; do
        log "[$pkg] Starting build"
        repo_dir=$(pkg_find "$pkg")

        # Install built packages to a directory under the package name
        # to avoid collisions with other packages.
        mkdir -p "$pkg_dir/$pkg/$pkg_db"

        # Move to the build directory.
        cd "$mak_dir/$pkg"

        # Call the build script.
        "$repo_dir/build" "$pkg_dir/$pkg" || die "[$pkg] Build failed"

        # Copy the repository files to the package directory.
        # This acts as the database entry.
        cp -Rf "$repo_dir" "$pkg_dir/$pkg/$pkg_db/"

        log "[$pkg] Successfully built package"

        # Create the manifest file early and make it empty.
        # This ensure that the manifest is added to the manifest...
        : > "$pkg_dir/$pkg/$pkg_db/$pkg/manifest"

        pkg_strip    "$pkg"
        pkg_fixdeps  "$pkg"
        pkg_manifest "$pkg"
        pkg_tar      "$pkg"

        # Install only dependencies of passed packages.
        # Skip this check if this is a package update.
        contains "$explicit" "$pkg" && [ -z "$pkg_update" ] && continue

        log "[$pkg] Needed as a dependency or has an update, installing"
        (KISS_FORCE=1 args i "$pkg")
    done

    # End here as this was a system update and all packages have been installed.
    [ "$pkg_update" ] && return

    log "Successfully built package(s)"

    # Turn the explicit packages into a 'list'.
    set -- $explicit

    # Only ask for confirmation if more than one package needs to be installed.
    [ $# -gt 1 ] && {
        log "Install built packages? [$*]" \
            "Press Enter to continue or Ctrl+C to abort here"

        # POSIX 'read' has none of the "nice" options like '-n', '-p'
        # etc etc. This is the most basic usage of 'read'.
        # '_' is used as 'dash' errors when no variable is given to 'read'.
        read -r _ && {
            args i "$@"
            return
        }
    }

    log "Run 'kiss i $*' to install the built package(s)"
}

pkg_checksums() {
    # Generate checksums for packages.

    repo_dir=$(pkg_find "$1")

    while read -r src _; do
        # File is local to the package.
        if [ -f "$repo_dir/$src" ]; then
            src_path=$repo_dir/${src%/*}

        # File is remote and was downloaded.
        elif [ -f "$src_dir/$1/${src##*/}" ]; then
            src_path=$src_dir/$1

        # Die here if source for some reason, doesn't exist.
        else
            die "[$1] Couldn't find source '$src'"
        fi

        # An easy way to get 'sha256sum' to print with the 'basename'
        # of files is to 'cd' to the file's directory beforehand.
        (cd "$src_path" && sha256sum "${src##*/}") ||
            die "[$1] Failed to generate checksums"
    done < "$repo_dir/sources"
}

pkg_conflicts() {
    # Check to see if a package conflicts with another.
    log "[$2] Checking for package conflicts"

    set +ef

    # Extract manifest from tarball and only print files which
    # exist in the filesystem. It's pointless to check for conflicts
    # with files which don't presently exist.
    tar xf "$1" -O "./$pkg_db/$2/manifest" | while read -r file; do
        [ -f "$KISS_ROOT/$file" ] && printf '%s\n' "$file"
    done |

    # Filter the existing file list through the manifest of the
    # presently installed version of the package (if it exists).
    grep -svFxf "$sys_db/$2/manifest" - 2>/dev/null > "$cac_dir/$pid-m"

    # If the generated manifest contains matches, check the
    # contents for conflicts.
    [ -s "$cac_dir/$pid-m" ] &&
        grep -Fxf "$cac_dir/$pid-m" -- "$sys_db"/*/manifest &&
            die "Package '$2' conflicts with another package"

    set -ef
}

pkg_remove() {
    # Remove a package and all of its files. The '/etc' directory
    # is handled differently and configuration files are *not*
    # overwritten.

    # The package is not installed, don't do anything.
    pkg_list "$1" >/dev/null || {
        log "[$1] Not installed"
        return
    }

    # Enable globbing.
    set +f

    # Make sure that nothing depends on this package.
    [ "$2" = check ] && for file in "$sys_db/"*; do
        # Check each depends file for the package and if it's
        # a run-time dependency, append to the $required_by string.
        grep -qFx "$1" "$file/depends" 2>/dev/null &&
            required_by="$required_by'${file##*/}', "
    done

    # Disable globbing.
    set -f

    [ "$required_by" ] &&
        die "[$1] Package is required by ${required_by%, }" \
            "[$1] Aborting here..."

    # Block being able to abort the script with 'Ctrl+C' during removal.
    # Removes all risk of the user aborting a package removal leaving
    # an incomplete package installed.
    trap '' INT

    while read -r file; do
        # The file is in '/etc' skip it. This prevents the package
        # manager from removing user edited configuration files.
        [ "${file##/etc/*}" ] || continue

        if [ -d "$KISS_ROOT/$file" ]; then
            rmdir "$KISS_ROOT/$file" 2>/dev/null || continue
        else
            rm -f "$KISS_ROOT/$file"
        fi
    done < "$sys_db/$1/manifest"

    # Reset 'trap' to its original value. Removal is done so
    # we no longer need to block 'Ctrl+C'.
    trap pkg_clean EXIT INT

    log "[$1] Removed successfully"
}

pkg_install() {
    # Install a built package tar-ball.

    # Install can also take the full path to a tar-ball.
    # We don't need to check the repository if this is the case.
    if [ -f "$1" ] && [ -z "${1%%*.tar.gz}" ] ; then
        tar_file=$1

    else
        # Read the version information to name the package.
        read -r version release < "$(pkg_find "$1")/version"

        # Construct the name of the package tarball.
        tar_name=$1\#$version-$release.tar.gz

        [ -f "$bin_dir/$tar_name" ] ||
            die "Package '$1' has not been built" \
                "Run 'kiss build $1'"

        tar_file=$bin_dir/$tar_name
    fi

    # Figure out which package the tar-ball installs by checking for
    # a database entry inside the tar-ball. If no database entry exists,
    # exit here as the tar-ball is *most likely* not a KISS package.
    pkg_name=$(tar tf "$tar_file" | grep -x "\./$pkg_db/.*/version") ||
        die "'${tar_file##*/}' is not a valid KISS package"

    pkg_name=${pkg_name%/*}
    pkg_name=${pkg_name##*/}

    pkg_conflicts "$tar_file" "$pkg_name"

    mkdir -p "$tar_dir/$pkg_name"

    # Extract the tar-ball to catch any errors before installation begins.
    tar pxf "$tar_file" -C "$tar_dir/$pkg_name" ||
        die "[$pkg_name] Failed to extract tar-ball"

    log "[$pkg_name] Checking that all dependencies are installed"

    # Make sure that all run-time dependencies are installed prior to
    # installing the package.
    [ -f "$tar_dir/$pkg_name/$pkg_db/$pkg_name/depends" ] &&
    [ -z "$KISS_FORCE" ] &&
        while read -r dep dep_type; do
            [ "${dep##\#*}" ] || continue
            [ "$dep_type" ]   || pkg_list "$dep" >/dev/null ||
                install_dep="$install_dep'$dep', "
        done < "$tar_dir/$pkg_name/$pkg_db/$pkg_name/depends"

    [ "$install_dep" ] && die "[$1] Package requires ${install_dep%, }"

    log "[$pkg_name] Installing package incrementally"

    # Block being able to abort the script with Ctrl+C during installation.
    # Removes all risk of the user aborting a package installation leaving
    # an incomplete package installed.
    trap '' INT

    # If the package is already installed (and this is an upgrade) make a
    # backup of the manifest file.
    old_manifest=$(cat "$sys_db/$pkg_name/manifest" 2>/dev/null ||:)

    # This is repeated multiple times. Better to make it a function.
    pkg_rsync() {
        rsync --chown=root:root -WhHKa --no-compress "$1" --exclude etc \
            "$tar_dir/$pkg_name/" "$KISS_ROOT/"
    }

    # Install the package by using 'rsync' and overwrite any existing files
    # (excluding '/etc/').
    pkg_rsync --info=progress2

    # If '/etc/' exists in the package, install it but don't overwrite.
    [ -d "$tar_dir/$pkg_name/etc" ] &&
        rsync --chown=root:root -WhHKa --no-compress --ignore-existing \
            "$tar_dir/$pkg_name/etc" "$KISS_ROOT/"

    # Remove any leftover files if this is an upgrade.
    [ "$old_manifest" ] && {
        printf '%s\n' "$old_manifest" |
        grep -vFxf "$sys_db/$pkg_name/manifest" - |

        while read -r file; do
            # Skip deleting some leftover files.
            case $file in
                /etc/*|*bin/rm|*bin/busybox|*bin/rsync) continue
            esac

            file=$KISS_ROOT/$file

            # Remove files.
            if [ -f "$file" ] && [ ! -L "$file" ]; then
                rm -f "$file"

            # Remove file symlinks.
            elif [ -L "$file" ] && [ ! -d "$file" ]; then
                unlink "$file" ||:

            # Skip directory symlinks.
            elif [ -L "$file" ] && [ -d "$file" ]; then :

            # Remove directories if empty.
            elif [ -d "$file" ]; then
                rmdir "$file" 2>/dev/null ||:
            fi
        done ||:
    }

    # Install the package again to fix any non-leftover files being
    # removed above.
    pkg_rsync -v ||:
    pkg_rsync -v ||:

    # Reset 'trap' to its original value. Installation is done so
    # we no longer need to block 'Ctrl+C'.
    trap pkg_clean EXIT INT

    [ -x "$sys_db/$pkg_name/post-install" ] && {
        log "[$pkg_name] Running post-install script"
        "$sys_db/$pkg_name/post-install" ||:
    }

    log "[$pkg_name] Installed successfully"
}

pkg_updates() {
    # Check all installed packages for updates. So long as the installed
    # version and the version in the repositories differ, it's considered
    # an update.

    log "Updating repositories"

    # Create a list of all repositories.
    IFS=:; set -- $KISS_PATH; IFS=$old_ifs

    # Update each repository in '$KISS_PATH'. It is assumed that
    # each repository is 'git' tracked.
    for repo; do
        cd "$repo"

        # Go to the root of the repository (if it exists).
        cd "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null ||:

        [ -d .git ] || {
            log "[$repo] Not a git repository, skipping"
            continue
        }

        [ "$(git remote 2>/dev/null)" ] || {
            log "[$repo] No remote, skipping"
            continue
        }

        contains "$repos" "$PWD" || {
            repos="$repos $PWD "

            log "[$PWD] Updating repository"

            if [ -w "$PWD" ]; then
                git pull
            else
                log "[$PWD] Need root to update"
                sudo git pull
            fi
        }
    done

    log "Checking for new package versions"

    # Enable globbing.
    set +f

    for pkg in "$sys_db/"*; do
        pkg_name=${pkg##*/}

        # Read version and release information from the installed packages
        # and repository.
        read -r db_ver db_rel < "$pkg/version"
        read -r re_ver re_rel < "$(pkg_find "$pkg_name")/version"

        # Compare installed packages to repository packages.
        [ "$db_ver-$db_rel" != "$re_ver-$re_rel" ] && {
            printf '%s\n' "$pkg_name $db_ver-$db_rel ==> $re_ver-$re_rel"
            outdated="$outdated$pkg_name "
        }
    done

    # If the package manager has an update, handle it first.
    contains "$outdated" kiss && {
        log "Detected package manager update" \
            "The package manager will be updated first" \
            "Continue?: Press Enter to continue or Ctrl+C to abort here"

        # POSIX 'read' has none of the "nice" options like '-n', '-p'
        # etc etc. This is the most basic usage of 'read'.
        # '_' is used as 'dash' errors when no variable is given to 'read'.
        read -r _ || exit

        pkg_build kiss
        args i kiss

        log "Updated the package manager" \
            "Re-run 'kiss update' to update your system"

        exit 0
    }

    # Disable globbing.
    set -f

    # End here if no packages have an update.
    [ "$outdated" ] || {
        log "Everything is up to date"
        return
    }

    log "Packages to update: ${outdated% }"

    # Tell 'pkg_build' to always prompt before build.
    pkg_update=1

    # Build all packages requiring an update.
    pkg_build $outdated
    log "Updated all packages"
}

pkg_clean() {
    # Clean up on exit or error. This removes everything related
    # to the build.
    [ "$KISS_DEBUG" = 1 ] && return

    # Block 'Ctrl+C' while cache is being cleaned.
    trap '' INT

    # Remove temporary items.
    rm -rf -- "$mak_dir" "$pkg_dir" "$tar_dir" "$cac_dir/$pid-m"
}

args() {
    # Parse script arguments manually. POSIX 'sh' has no 'getopts'
    # or equivalent built in. This is rather easy to do in our case
    # since the first argument is always an "action" and the arguments
    # that follow are all package names.
    action=$1

    # 'dash' exits on error here if 'shift' is used and there are zero
    # arguments despite trapping the error ('|| :').
    shift "$(($# > 0 ? 1 : 0))"

    # Parse some arguments earlier to remove the need to duplicate code.
    case $action in
        c|checksum|s|search)
            [ "$1" ] || die "'kiss $action' requires an argument"
        ;;

        i|install|r|remove)
            [ "$1" ] || die "'kiss $action' requires an argument"

            # Rerun the script with 'sudo' if the user isn't root.
            # Cheeky but 'sudo' can't be used on shell functions themselves.
            [ "$(id -u)" = 0 ] || {
                sudo -E KISS_FORCE="$KISS_FORCE" kiss "$action" "$@"
                return
            }
        ;;
    esac

    # Actions can be abbreviated to their first letter. This saves
    # keystrokes once you memorize the commands.
    case $action in
        b|build)
            # If no arguments were passed, rebuild all packages.
            [ "$1" ] || {
                cd "$sys_db" || die "Failed to find package db"

                # Use a glob after 'cd' to generate a list of all installed
                # packages based on directory names.
                set +f; set -f -- *

                # Undo the above 'cd' to ensure we stay in the same location.
                cd - >/dev/null
            }

            pkg_build "$@"
        ;;

        c|checksum)
            for pkg; do pkg_lint    "$pkg"; done
            for pkg; do pkg_sources "$pkg"; done
            for pkg; do
                pkg_checksums "$pkg" > "$(pkg_find "$pkg")/checksums"

                log "[$pkg] Generated checksums"
            done
        ;;

        i|install)
            # Create a list of each package's dependencies.
            for pkg; do
                case $pkg in
                    *.tar.gz) deps="$deps $pkg " ;;
                    *)        pkg_depends "$pkg" install
                esac
            done

            # Filter the list, only installing explicit packages.
            # The purpose of these two loops is to order the
            # argument list based on dependence.
            for pkg in $deps; do
                contains "$*" "$pkg" && pkg_install "$pkg"
            done
        ;;

        r|remove)
            log "Removing packages"

            # Create a list of each package's dependencies.
            for pkg; do pkg_depends "$pkg" remove; done

            # Reverse the list of dependencies filtering out anything
            # not explicitly set for removal.
            for pkg in $deps; do
                contains "$*" "$pkg" && remove_pkgs="$pkg $remove_pkgs"
            done

            for pkg in $remove_pkgs; do
                pkg_list "$pkg" >/dev/null ||
                    die "[$pkg] Not installed"

                pkg_remove "$pkg" "${KISS_FORCE:-check}"
            done
        ;;

        l|list)
            pkg_list "$@"
        ;;

        u|update)
            pkg_updates
        ;;

        s|search)
            for pkg; do pkg_find "$pkg"; done
        ;;

        v|version|-v|--version)
            printf 'kiss 0.30.0\n'
        ;;

        h|help|-h|--help|'')
            log 'kiss [b|c|i|l|r|s|u] [pkg] [pkg] [pkg]' \
                'build:     Build a package' \
                'checksum:  Generate checksums' \
                'install:   Install a package' \
                'list:      List installed packages' \
                'remove:    Remove a package' \
                'search:    Search for a package' \
                'update:    Check for updates'
        ;;

        *) die "'kiss $action' is not a valid command" ;;
    esac
}

main() {
    # Set the location to the repository and package database.
    pkg_db=var/db/kiss/installed

    # The PID of the current shell process is used to isolate directories
    # to each specific KISS instance. This allows multiple package manager
    # instances to be run at once. Store the value in another variable so
    # that it doesn't change beneath us.
    pid=${KISS_PID:-$$}

    # Store the original value of IFS so we can revert back to it if the
    # variable is ever changed.
    old_ifs=$IFS

    # Catch errors and ensure that build files and directories are cleaned
    # up before we die. This occurs on 'Ctrl+C' as well as success and error.
    trap pkg_clean EXIT INT

    # This allows for automatic setup of a KISS chroot and will
    # do nothing on a normal system.
    mkdir -p "${sys_db:=$KISS_ROOT/$pkg_db}" 2>/dev/null ||:

    # Create the required temporary directories and set the variables
    # which point to them.
    mkdir -p "${cac_dir:=$KISS_ROOT${XDG_CACHE_HOME:-$HOME/.cache}/kiss}" \
             "${mak_dir:=$cac_dir/build-$pid}" \
             "${pkg_dir:=$cac_dir/pkg-$pid}" \
             "${tar_dir:=$cac_dir/extract-$pid}" \
             "${src_dir:=$cac_dir/sources}" \
             "${bin_dir:=$cac_dir/bin}" \
        || die "Couldn't create cache directories"

    args "$@"
}

main "$@"