aboutsummaryrefslogtreecommitdiff
path: root/kiss
blob: 3c6524c4931aa7abb6d8973fb15563ae213cc724 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
#!/bin/sh -ef
#
# This is a simple package manager written in POSIX 'sh' for use
# in KISS Linux (https://getkiss.org).
#
# This script runs with '-ef' meaning:
# '-e': Abort on any non-zero exit code.
# '-f': Disable globbing globally.
#
# [1] Warnings related to word splitting and globbing are disabled.
# All word splitting in this script is *safe* and intentional.
#
# Dylan Araps.

log() {
    # Print a message prettily.
    #
    # All messages are printed to stderr to allow the user to hide build
    # output which is the only thing printed to stdout.
    #
    # '\033[1;32m'        Set text to color '2' and make it bold.
    # '\033[m':           Reset text formatting.
    # '${3:-->}':         If the 3rd argument is missing, set prefix to '->'.
    # '${2:+\033[1;3Xm}': If the 2nd argument exists, set text style of '$1'.
    # '${2:+\033[m}':     If the 2nd argument exists, reset text formatting.
    printf '\033[1;33m%s \033[m%b%s\033[m %s\n' \
           "${3:-->}" "${2:+\033[1;36m}" "$1" "$2" >&2
}

die() {
    # Print a message and exit with '1' (error).
    log "$1" "$2" "!>"
    exit 1
}

contains() {
    # Check if a "string list" contains a word.
    case " $1 " in *" $2 "*) return 0; esac; return 1
}

prompt() {
    # Ask the user for some input.
    log "Continue?: Press Enter to continue or Ctrl+C to abort here"

    # POSIX 'read' has none of the "nice" options like '-n', '-p'
    # etc etc. This is the most basic usage of 'read'.
    # '_' is used as 'dash' errors when no variable is given to 'read'.
    read -r _
}

root_cache() {
    # This function simply mimics a 'su' prompt to then store
    # the root password for the lifetime of the package manager.
    #
    # This function is called once when needed to cache the
    # password. The password is not accessible to any subprocesses
    # and should never leave the package manager's process.
    #
    # This behavior is needed as there is no POSIX shell method
    # of running a shell function as a different user. We can't
    # selectively lower or raise permissions in a seamless way
    # through "normal" means.
    #
    # Root is only needed when installing/removing packages whereas
    # non-root permissions are needed in countless places throughout.
    #
    # This is the only *workable* solution to 1) not run the entire
    # package manager as root and 2) avoid prompting for password
    # before, during and after builds numerous times.
    #
    # NOTE: Careful consideration has been taken in regards to this
    #       change and I would have loved an inconspicuous solution
    #       to this problem... but it doesn't exist.
    #
    # This change was needed as the existing behavior was not ideal
    # in any way and needed to be fixed.

    # Pointless running this function if the user has chosen to run
    # the package manager as root anyway.
    [ "$(id -u)" != 0 ] || return 0

    printf 'Password: '

    # Disable echoing to the terminal while the password is inputted
    # by the user. The below commands read from '/dev/tty' to ensure
    # they work when run from a subshell.
    #
    # The variable '$cached' is used to check if we've been here
    # before. We cannot check whether or not '$pass' is empty as the
    # '[' command may be external which would result in /proc leakage.
    stty -F /dev/tty -echo
    IFS= read -r pass < /dev/tty && cached=1
    stty -F /dev/tty echo

    printf '\n'

    # Validate the password now with a simple 'true' command as we
    # don't yet need to elevate permissions.
    dosu /bin/true
}

dosu() {
    [ "$cached" ] || root_cache

    # Declare this as a function to avoid repeating it twice
    # below. Great naming of functions all around.
    #
    # Run a command as root using the cached password. The 'su'
    # and 'sudo' commands allow you to input a password via stdin.
    # To hide the prompt, the command's output is sent to '/dev/tty'
    # and the output of 'su'/'sudo' is sent to '/dev/null'.
    dosudo() {
        if command -v sudo >/dev/null 2>&1; then
            sudo -SEk -- su "${drop_to:-root}" -c "$* >/dev/tty" 2>/dev/null
        else
            su "${drop_to:-root}" -c "$* >/dev/tty" >/dev/null
        fi
    }

    # The code below uses the most secure method of sending
    # data over stdin based on what is available in the system.
    #
    # The great debate: Use a heredoc or echo+pipe for password
    # input over stdin? Time to explain.
    #
    # 1) 'printf | cmd' is the most secure IF 'printf' is built
    #    into the shell and NOT an external command. When 'printf'
    #    is external, the password WILL be leaked over '/proc'.
    #
    #    Safe shells here are anything with a builtin 'printf',
    #    'ash', 'dash', 'bash' and most other shells.
    #
    # 2) Using a heredoc is as secure as the above method (when
    #    builtin) IF and only IF the user's shell implements
    #    heredocs WITHOUT the use of temporary files (See bash!).
    #
    #    When using heredocs and a temporary file the risk is a
    #    tiny window in which the input is available inside of
    #    a temporary file.
    #
    #    'ash' and 'dash' are safe here, 'bash' is not ('bash'
    #    falls under (1) however).
    #
    # Which is best? (order is best to worst)
    #
    # 1) builtin 'printf'.
    # 2) heredocs with no temporary file.
    # 3) heredocs with a temporary file.
    #
    # This code below follows the above ordering when deciding
    # which method to use. The '$heredocs' variable is declared
    # in 'main()' after a check to see if 'printf' is builtin.
    if [ "$heredocs" ]; then
        dosudo "$@" <<-EOF
			$pass
		EOF
    else
        printf '%s\n' "$pass" | dosudo "$@"
    fi
}

regex_escape() {
    # Escape all required characters in both the search and
    # replace portions of two strings for use in a 'sed' call
    # as "plain-text".
    sea=$(printf %s "$1" | sed 's/[]\/$*.^[]/\\&/g')
    rep=$(printf %s "$2" | sed 's/[\/&]/\\&/g')
}

pkg_lint() {
    # Check that each mandatory file in the package entry exists.
    log "$1" "Checking repository files"

    repo_dir=$(pkg_find "$1")

    cd "$repo_dir" || die "'$repo_dir' not accessible"
    [ -f sources ] || die "$1" "Sources file not found"
    [ -x build ]   || die "$1" "Build file not found or not executable"
    [ -s version ] || die "$1" "Version file not found or empty"

    read -r _ release < version
    [ "$release" ] || die "Release field not found in version file"
}

pkg_find() {
    # Figure out which repository a package belongs to by
    # searching for directories matching the package name
    # in $KISS_PATH/*.
    [ "$KISS_PATH" ] || die "\$KISS_PATH needs to be set"

    # Turn the argument list into variables as we reset
    # the list below.
    query=$1
    match=$2

    # This ugly mess appends '/.' to the end of each path in
    # '$KISS_PATH' as POSIX 'find' has no '-mindepth'/'-maxdepth'.
    # See: https://unix.stackexchange.com/a/330372
    IFS=:; set --
    for path in $KISS_PATH; do set "$@" "$path/."; done
    IFS=$old_ifs

    # Find the repository containing a package.
    # Searches installed packages if the package is absent
    # from the repositories.
    # See [1] at top of script.
    # shellcheck disable=2046,2086
    set -- $(find "$@" "$sys_db/." \( ! -name . -prune \) -name "$query")

    # A package may also not be found due to a repository not being
    # readable by the current user. Either way, we need to die here.
    [ "$1" ] || die "Package '$query' not in any repository"

    # Show all search results if called from 'kiss search', else
    # print only the first match.
    case $match in
        all) printf '%s\n' "$@" ;;
        *)   printf '%s\n' "$1" ;;
    esac
}

pkg_list() {
    # List installed packages. As the format is files and
    # directories, this just involves a simple for loop and
    # file read.

    # Change directories to the database. This allows us to
    # avoid having to 'basename' each path. If this fails,
    # set '$1' to mimic a failed glob which indicates that
    # nothing is installed.
    cd "$sys_db" 2>/dev/null || set -- "$sys_db/"\*

    # Optional arguments can be passed to check for specific
    # packages. If no arguments are passed, list all. As we
    # loop over '$@', if there aren't any arguments we can
    # just set the directory contents to the argument list.
    [ "$1" ] || { set +f; set -f -- *; }

    # If the 'glob' above failed, exit early as there are no
    # packages installed.
    [ "$1" = "$sys_db/"\* ] && return 1

    # Loop over each package and print its name and version.
    for pkg; do
        [ -d "$pkg" ] || {
            log "Package '$pkg' is not installed"
            return 1
        }

        read -r version 2>/dev/null < "$pkg/version" || version=null
        printf '%s\n' "$pkg $version"
    done
}

pkg_sources() {
    # Download any remote package sources. The existence of local
    # files is also checked.
    log "$1" "Downloading sources"

    # Store each downloaded source in a directory named after the
    # package it belongs to. This avoid conflicts between two packages
    # having a source of the same name.
    mkdir -p "$src_dir/$1" && cd "$src_dir/$1"

    repo_dir=$(pkg_find "$1")

    while read -r src dest || [ "$src" ]; do
        # Remote source (cached).
        if [ -f "${src##*/}" ]; then
            log "$1" "Found cached source '${src##*/}'"

        # Remote git repository.
        elif [ -z "${src##git+*}" ]; then
            # This is a checksums check, skip it.
            [ "$2" ] && continue

            mkdir -p "$mak_dir/$1/$dest"

            # Run in a subshell to keep variables local.
            (
                repo_src=${src##git+}

                [ "${src##*#*}" ] && shallow=--depth=1

                cd "$mak_dir/$1/$dest" &&
                    git clone "${shallow:---}" "${repo_src%#*}" .

            ) || die "$1" "Failed to clone $src"

        # Remote source.
        elif [ -z "${src##*://*}" ]; then
            curl "$src" -fLo "${src##*/}" || {
                rm -f "${src##*/}"
                die "$1" "Failed to download $src"
            }

        # Local source.
        elif [ -f "$repo_dir/$src" ]; then
            log "$1" "Found local file '$src'"

        else
            die "$1" "No local file '$src'"
        fi
    done < "$repo_dir/sources"
}

pkg_extract() {
    # Extract all source archives to the build directory and copy over
    # any local repository files.
    log "$1" "Extracting sources"

    repo_dir=$(pkg_find "$1")

    while read -r src dest || [ "$src" ]; do
        mkdir -p "$mak_dir/$1/$dest" && cd "$mak_dir/$1/$dest"

        case $src in
            # Git repository with supplied commit hash.
            git+*\#*)
                log "Checking out ${src##*#}"

                git reset --hard "${src##*#}" ||
                    die "Commit hash ${src##*#} doesn't exist"
            ;;

            # Git repository.
            git+*)
                continue
            ;;

            # Only 'tar' archives are currently supported for extraction.
            # Any other file-types are simply copied to '$mak_dir' which
            # allows for manual extraction.
            *://*.tar|*://*.tar.??|*://*.tar.???|*://*.tar.????|*://*.tgz)
                tar xf "$src_dir/$1/${src##*/}" --strip-components 1 ||
                    die "$1" "Couldn't extract ${src##*/}"
            ;;

            *)
                # Local file.
                if [ -f "$repo_dir/$src" ]; then
                    cp -f "$repo_dir/$src" .

                # Remote file.
                elif [ -f "$src_dir/$1/${src##*/}" ]; then
                    cp -f "$src_dir/$1/${src##*/}" .

                else
                    die "$1" "Local file $src not found"
                fi
            ;;
        esac
    done < "$repo_dir/sources"
}

pkg_depends() {
    # Resolve all dependencies and generate an ordered list.
    repo_dir=$(pkg_find "$1")

    # This does a depth-first search. The deepest dependencies are
    # listed first and then the parents in reverse order.
    contains "$deps" "$1" || {
        # Filter out non-explicit, aleady installed dependencies.
        # Only filter installed if called from 'pkg_build()'.
        [ "$pkg_build" ] && [ -z "$2" ] &&
            (pkg_list "$1" >/dev/null) && return

        # Recurse through the dependencies of the child packages.
        while read -r dep _ || [ "$dep" ]; do
            [ "${dep##\#*}" ] && pkg_depends "$dep"
        done 2>/dev/null < "$repo_dir/depends" ||:

        # After child dependencies are added to the list,
        # add the package which depends on them.
        [ "$2" = explicit ] || deps="$deps $1 "
    }
}

pkg_strip() {
    # Strip package binaries and libraries. This saves space on the
    # system as well as on the tar-balls we ship for installation.

    # Package has stripping disabled, stop here.
    [ -f "$mak_dir/$pkg/nostrip" ] && return

    log "$1" "Stripping binaries and libraries"

    # Strip only files matching the below ELF types.
    # NOTE: 'readelf' is used in place of 'file' as
    #       it allows us to remove 'file' from the
    #       core repositories altogether.
    find "$pkg_dir/$1" -type f | while read -r file; do
        case $(readelf -h "$file" 2>/dev/null) in
            *" DYN "*)  strip_opt=unneeded ;;
            *" EXEC "*) strip_opt=all ;;
            *" REL "*)  strip_opt=debug ;;
            *) continue
        esac

        # Suppress errors here as some binaries and libraries may
        # fail to strip. This is OK.
        strip "--strip-$strip_opt" "$file" 2>/dev/null ||:
    done
}

pkg_fixdeps() {
    # Dynamically look for missing runtime dependencies by checking
    # each binary and library with 'ldd'. This catches any extra
    # libraries and or dependencies pulled in by the package's
    # build suite.
    log "$1" "Checking for missing dependencies"

    # Go to the directory containing the built package to
    # simplify path building.
    cd "$pkg_dir/$1/$pkg_db/$1"

    # Make a copy of the depends file if it exists to have a
    # reference to 'diff' against.
    [ -f depends ] && cp -f depends depends-copy

    # Generate a list of all installed manifests.
    pkg_name=$1
    set +f
    set -f -- "$sys_db/"*/manifest

    # Get a list of binaries and libraries, false files
    # will be found, however it's faster to get 'ldd' to check
    # them anyway than to filter them out.
    find "$pkg_dir/$pkg_name/" -type f 2>/dev/null |

    while read -r file; do
        # Run 'ldd' on the file and parse each line. The code
        # then checks to see which packages own the linked
        # libraries and it prints the result.
        ldd "$file" 2>/dev/null | while read -r dep; do
            # Skip lines containing 'ldd'.
            [ "${dep##*ldd*}" ] || continue

            # Extract the file path from 'ldd' output.
            dep=${dep#* => }
            dep=${dep% *}

            # Figure out which package owns the file.
            dep=$("$grep" -lFx "${dep##$KISS_ROOT}" "$@")

            # Extract package name from 'grep' match.
            dep=${dep%/*}
            dep=${dep##*/}

            case $dep in
                # Skip listing these packages as dependencies.
                musl|gcc|${PWD##*/}|"") ;;
                *) printf '%s\n' "$dep" ;;
            esac
        done ||:
    done >> depends-copy

    # Remove duplicate entries from the new depends file.
    # This remove duplicate lines looking *only* at the
    # first column.
    sort -u -k1,1 depends-copy > depends-new

    # Display a 'diff' of the new dependencies agaisnt
    # the old ones. '-N' treats non-existent files as blank.
    diff -N depends depends-new ||:

    # Do some clean up as this required a few temporary files.
    mv -f depends-new depends
    rm -f depends-copy
}

pkg_junk() (
    # Optionally remove "junk" files from packages. This includes 'info'
    # files, 'man' pages, gettext files, etc. This is configurable by the
    # user.
    #
    # This function runs as a sub-shell to avoid having to 'cd' back to the
    # prior directory before being able to continue.
    cd "$pkg_dir/$1"

    # Default list of directories and their contents to be removed from
    # built packages. This default assumes a prefix of '/usr' though the
    # user can further configure it to search whatever paths they desire.
    #
    # TODO: This could be nicer as could the interface to it. Something
    #       which allows for the addition/subtraction from the list
    #       would be desirable.
    rm=usr/share/doc:usr/share/gtk-doc:usr/share/info:usr/share/polkit-1
    rm=$rm:usr/share/gettext:usr/share/locale:usr/share/bash-completion
    rm=$rm:etc/bash_completion.d:usr/share/applications
    rm=$rm:usr/share/zsh/site-functions:usr/share/zsh/vendor-completions

    # Split the environment variable on ':' and turn it into an argument
    # list. This works exactly like '$KISS_PATH'.
    #
    # Files which always conflict (such as usr/lib/charset.alias) and are
    # uneeded should be removed regardless.
    #
    # shellcheck disable=2046,2086
    { IFS=:; set -- ${KISS_RM:-$rm} usr/lib/charset.alias; IFS=$old_ifs; }

    # Loop over each junk entry and delete it if it exists.
    for junk; do
        [ -e "./$junk" ] && rm -rf "./$junk" &&
            log "${PWD##*/}" "Removed $junk"
    done ||:
)

pkg_manifest() (
    # Generate the package's manifest file. This is a list of each file
    # and directory inside the package. The file is used when uninstalling
    # packages, checking for package conflicts and for general debugging.
    log "$1" "Generating manifest"

    # This funcion runs as a sub-shell to avoid having to 'cd' back to the
    # prior directory before being able to continue.
    cd "$pkg_dir/$1"

    # find: Print all files and directories and append '/' to directories.
    # sort: Sort the output in *reverse*. Directories appear *after* their
    #       contents.
    # sed:  Remove the first character in each line (./dir -> /dir) and
    #       remove all lines which only contain '.'.
    find . -type d -exec printf '%s/\n' {} + -o -print |
        sort -r | sed '/^\.\/$/d;ss.ss' > "$pkg_dir/$1/$pkg_db/$1/manifest"
)

pkg_tar() {
    # Create a tar-ball from the built package's files.
    # This tar-ball also contains the package's database entry.
    log "$1" "Creating tar-ball"

    # Read the version information to name the package.
    read -r version release < "$(pkg_find "$1")/version"

    # Create a tar-ball from the contents of the built package.
    tar zpcf "$bin_dir/$1#$version-$release.tar.gz" -C "$pkg_dir/$1" . ||
        die "$1" "Failed to create tar-ball"

    log "$1" "Successfully created tar-ball"
}

pkg_build() {
    # Build packages and turn them into packaged tar-balls. This function
    # also checks checksums, downloads sources and ensure all dependencies
    # are installed.
    pkg_build=1

    log "Resolving dependencies"

    for pkg; do
        contains "$explicit" "$pkg" || {
            pkg_depends "$pkg" explicit

            # Mark packages passed on the command-line
            # separately from those detected as dependencies.
            explicit="$explicit $pkg "
        }
    done

    [ "$pkg_update" ] || explicit_build=$explicit

    # If an explicit package is a dependency of another explicit
    # package, remove it from the explicit list as it needs to be
    # installed as a dependency.
    for pkg; do
        # There's no better way to remove a word from a string in
        # POSIX 'sh' sadly.
        contains "$deps" "$pkg" &&
            explicit=$(printf %s "$explicit" | sed "s/ $pkg / /g")
    done

    # See [1] at top of script.
    # shellcheck disable=2046,2086
    set -- $deps $explicit

    log "Building: $*"

    # Only ask for confirmation if more than one package needs to be built.
    [ $# -gt 1 ] || [ "$pkg_update" ] && {
        prompt

        # Prompt for password prior to the build if more than one package
        # will be built and installed. No use in forcing the user to wait
        # for the first password prompt (before caching) if it may take a
        # long long while.
        [ "$cached" ] || root_cache
    }

    log "Checking to see if any dependencies have already been built"
    log "Installing any pre-built dependencies"

    # Install any pre-built dependencies if they exist in the binary
    # directory and are up to date.
    for pkg; do
        # Don't check for a pre-built package if it was passed
        # to KISS directly.
        contains "$explicit_build" "$pkg" || {
            # Figure out the version and release.
            read -r version release < "$(pkg_find "$pkg")/version"

            # Install any pre-built binaries if they exist.
            # This calls 'args' to inherit a root check
            # to 'su' to elevate permissions.
            [ -f "$bin_dir/$pkg#$version-$release.tar.gz" ] && {
                log "$pkg" "Found pre-built binary, installing"

                (KISS_FORCE=1 \
                    pkg_install "$bin_dir/$pkg#$version-$release.tar.gz")

                # Remove the now installed package from the build
                # list. No better way than using 'sed' in POSIX 'sh'.
                # See [1] at top of script.
                # shellcheck disable=2046,2086
                set -- $(printf %s " $* " | sed "s/ $pkg / /")
            }
        }
    done

    for pkg; do pkg_lint "$pkg"; done
    for pkg; do
        # Ensure that checksums exist prior to building the package.
        [ -f "$(pkg_find "$pkg")/checksums" ] || {
            log "$pkg" "Checksums are missing"

            # Instead of dying above, log it to the terminal. Also define a
            # variable so we *can* die after all checksum files have been
            # checked.
            no_sums="$no_sums$pkg "
        }
    done

    # Die here as packages without checksums were found above.
    [ "$no_sums" ] && die "Checksums missing, run 'kiss checksum ${no_sums% }'"

    for pkg; do pkg_sources "$pkg"; done

    # Verify all package checksums. This is achieved by generating
    # a new set of checksums and then comparing those with the old
    # set.
    for pkg; do
        pkg_checksums "$pkg" | cmp -s - "$(pkg_find "$pkg")/checksums" || {
            log "$pkg" "Checksum mismatch"

            # Instead of dying above, log it to the terminal. Also define a
            # variable so we *can* die after all checksum files have been
            # checked.
            mismatch="$mismatch$pkg "
        }
    done

    # Die here as packages with differing checksums were found above.
    [ "$mismatch" ] && die "Checksum mismatch with: ${mismatch% }"

    # Finally build and create tarballs for all passed packages and
    # dependencies.
    for pkg; do
        log "$pkg" "Building package ($((in = in + 1))/$#)"

        pkg_extract "$pkg"
        repo_dir=$(pkg_find "$pkg")

        # Install built packages to a directory under the package name
        # to avoid collisions with other packages.
        mkdir -p "$pkg_dir/$pkg/$pkg_db"

        # Move to the build directory.
        cd "$mak_dir/$pkg"

        log "$pkg" "Starting build"

        # Call the build script, log the output to the terminal
        # and to a file. There's no PIPEFAIL in POSIX shelll so
        # we must resort to tricks like killing the script ourselves.
        { "$repo_dir/build" "$pkg_dir/$pkg" || {
            log "$pkg" "Build failed"
            pkg_clean
            kill 0
        } } 2>&1 | tee "$log_dir/$pkg-$pid-$time" > /dev/tty

        # Delete the log file if the build succeeded to prevent
        # the directory from filling very quickly with useless logs.
        [ "$KISS_DEBUG" = 1 ] || rm -f "$log_dir/$pkg-$pid-$time"

        # Copy the repository files to the package directory.
        # This acts as the database entry.
        cp -LRf "$repo_dir" "$pkg_dir/$pkg/$pkg_db/"

        log "$pkg" "Successfully built package"

        # Create the manifest file early and make it empty.
        # This ensure that the manifest is added to the manifest...
        : > "$pkg_dir/$pkg/$pkg_db/$pkg/manifest"

        pkg_strip    "$pkg"
        pkg_fixdeps  "$pkg"
        pkg_junk     "$pkg"
        pkg_manifest "$pkg"
        pkg_tar      "$pkg"

        # Install only dependencies of passed packages.
        # Skip this check if this is a package update.
        contains "$explicit" "$pkg" && [ -z "$pkg_update" ] && continue

        log "$pkg" "Needed as a dependency or has an update, installing"

        (KISS_FORCE=1 \
            pkg_install "$bin_dir/$pkg#$version-$release.tar.gz")
    done

    # End here as this was a system update and all packages have been installed.
    [ "$pkg_update" ] && return

    log "Successfully built package(s)"

    # Turn the explicit packages into a 'list'.
    # See [1] at top of script.
    # shellcheck disable=2046,2086
    set -- $explicit

    # Only ask for confirmation if more than one package needs to be installed.
    [ $# -gt 1 ] && {
        log "Install built packages? [$*]"

        prompt && {
            args i "$@"
            return
        }
    }

    log "Run 'kiss i $*' to install the package(s)"
}

pkg_checksums() {
    # Generate checksums for packages.
    repo_dir=$(pkg_find "$1")

    while read -r src _ || [ "$src" ]; do
        # File is local to the package.
        if [ -f "$repo_dir/$src" ]; then
            src_path=$repo_dir/${src%/*}

        # File is remote and was downloaded.
        elif [ -f "$src_dir/$1/${src##*/}" ]; then
            src_path=$src_dir/$1

        # File is a git repository.
        elif [ -z "${src##git+*}" ]; then
            printf 'git  %s\n' "$src"
            continue

        # Die here if source for some reason, doesn't exist.
        else
            die "$1" "Couldn't find source '$src'"
        fi

        # An easy way to get 'sha256sum' to print with the 'basename'
        # of files is to 'cd' to the file's directory beforehand.
        (cd "$src_path" && sha256sum "${src##*/}") ||
            die "$1" "Failed to generate checksums"
    done < "$repo_dir/sources"
}

pkg_conflicts() {
    # Check to see if a package conflicts with another.
    log "$2" "Checking for package conflicts"

    # Filter the tarball's manifest and select only files
    # and any files they resolve to on the filesystem
    # (/bin/ls -> /usr/bin/ls).
    tar xf "$1" -O "./$pkg_db/$2/manifest" | while read -r file; do
        case $file in */) continue; esac

        printf '%s/%s\n' \
            "$(readlink -f "$KISS_ROOT/${file%/*}" 2>/dev/null)" \
            "${file##*/}"
    done > "$cac_dir/$pid-m"

    p_name=$2

    # Generate a list of all installed package manifests.
    set +f
    set -f -- "$sys_db"/*/manifest

    # Filter the manifest list and remove the previously
    # installed version of the package if it exists.
    for pkg; do
        i_name=${pkg%/*}
        i_name=${i_name##*/}

        shift "$(($# ? 1 : 0))"

        [ "$p_name" = "$i_name" ] && continue

        set -- "$@" "$pkg"
    done

    [ -s "$cac_dir/$pid-m" ] || return 0

    # Count the total conflicts to determine when to
    # automatically enable the alternatives feature.
    con_total=$("$grep" -Fxf "$cac_dir/$pid-m" -- "$@" | wc -l)

    # Use 'grep' to list matching lines between the to
    # be installed package's manifest and the above filtered
    # list.
    if [ "$KISS_CHOICE" = 1 ] || [ "$con_total" -le 10 ]; then
        "$grep" -Fxf "$cac_dir/$pid-m" -- "$@" |

        # This is a novel way of offering an "alternatives" system.
        # It is entirely dynamic and all "choices" are created and
        # destroyed on the fly.
        #
        # When a conflict is found between two packages, the file
        # is moved to a directory called "choices" and its name
        # changed to store its parent package and its intended
        # location.
        #
        # The package's manifest is then updated to reflect this
        # new location.
        #
        # The 'kiss choices' command parses this directory and
        # offers you the CHOICE of *swapping* entries in this
        # directory for those on the filesystem.
        #
        # The choices command does the same thing we do here,
        # it rewrites manifests and moves files around to make
        # this work.
        #
        # Pretty nifty huh?
        while IFS=: read -r pro con || [ "$pro" ]; do
            log "$p_name" "Found conflict ($con), adding choice"

            # Create the "choices" directory inside of the tarball.
            # This directory will store the conflicting file.
            mkdir -p "$tar_dir/$p_name/${cho_dir:=var/db/kiss/choices}"

            # Construct the file name of the "db" entry of the
            # conflicting file. (pkg_name>usr>bin>ls)
            con_name=$(printf %s "$con" | sed 's|/|>|g')

            # Move the conflicting file to the choices directory
            # and name it according to the format above.
            mv -f "$tar_dir/$p_name/$con" \
                  "$tar_dir/$p_name/$cho_dir/$p_name$con_name"

            regex_escape "$con" "/$cho_dir/$p_name$con_name"
            mani=$tar_dir/$p_name/$pkg_db/$p_name/manifest

            # Rewrite the package's manifest to update its location
            # to its new spot (and name) in the choices directory.
            sed "s/^$sea\$/$rep/" "$mani" > "$mani.1"
            mv -f "$mani.1" "$mani"
        done
    else
        if "$grep" -Fxf "$cac_dir/$pid-m" -- "$@"; then
            log "Package '$p_name' conflicts with another package" "" "!>"
            log "Run 'KISS_CHOICE=1 kiss i $p_name' to add conflicts" "" "!>"
            die "as alternatives."
        fi
    fi
}

pkg_swap() {
    # Swap between package alternatives.

    # Check to see if the package is installed. This
    # will exit with an error if it is not.
    pkg_list "$1" >/dev/null

    alt=$(printf %s "$1$2" | sed 's|/|>|g')
    cd "$sys_db/../choices"

    [ -f "$alt" ] || [ -h "$alt" ] ||
        die "Alternative '$1 $2' doesn't exist"

    if [ -f "$2" ]; then
        # Figure out which package owns the file we are going to
        # swap for another package's.
        #
        # Print the full path to the manifest file which contains
        # the match to our search.
        pkg_owns=$(set +f; "$grep" -lFx "$2" "$sys_db/"*/manifest) ||:

        # Extract the package name from the path above.
        pkg_owns=${pkg_owns%/*}
        pkg_owns=${pkg_owns##*/}

        [ "$pkg_owns" ] ||
            die "File '$2' exists on filesystem but isn't owned"

        log "Swapping '$2' from '$pkg_owns' to '$1'"

        regex_escape "$2" "$PWD/$pkg_owns>${alt#*>}"
        mani=${PWD%/*}/installed/$pkg_owns/manifest

        # Convert the current owner to an alternative and rewrite
        # its manifest file to reflect this.
        dosu cp  -f "'$2'" "'$pkg_owns>${alt#*>}'"
        dosu sed "'s/^$sea\$/$rep/'" \
            "'$mani' > '$mani.1' && mv -f '$mani.1' '$mani'"
    fi

    regex_escape "$PWD/$alt" "$2"
    mani=${PWD%/*}/installed/$1/manifest

    # Convert the desired alternative to a real file and rewrite
    # the manifest file to reflect this. The reverse of above.
    dosu mv  -f "'$alt'" "'$2'"
    dosu sed "'s/^$sea\$/$rep/'" \
        "'$mani' > '$mani.1' && mv -f '$mani.1' '$mani'"
}

pkg_remove() {
    # Remove a package and all of its files. The '/etc' directory
    # is handled differently and configuration files are *not*
    # overwritten.

    # The package is not installed, don't do anything.
    pkg_list "$1" >/dev/null || {
        log "$1" "Not installed"
        return
    }

    # Enable globbing.
    set +f

    # Make sure that nothing depends on this package.
    [ "$2" = check ] && for file in "$sys_db/"*; do
        # Check each depends file for the package and if it's
        # a run-time dependency, append to the $required_by string.
        "$grep" -qFx "$1" "$file/depends" 2>/dev/null &&
            required_by="$required_by'${file##*/}', "
    done

    # Disable globbing.
    set -f

    [ "$required_by" ] && die "$1" "Package is required by ${required_by%, }"

    # Block being able to abort the script with 'Ctrl+C' during removal.
    # Removes all risk of the user aborting a package removal leaving
    # an incomplete package installed.
    trap '' INT

    while read -r file; do
        # The file is in '/etc' skip it. This prevents the package
        # manager from removing user edited configuration files.
        [ "${file##/etc/*}" ] || continue

        if [ -d "$KISS_ROOT/$file" ]; then
            dosu rmdir "'$KISS_ROOT/$file'" 2>/dev/null || continue
        else
            dosu rm -f "'$KISS_ROOT/$file'"
        fi
    done < "$sys_db/$1/manifest"

    # Reset 'trap' to its original value. Removal is done so
    # we no longer need to block 'Ctrl+C'.
    trap pkg_clean EXIT INT

    log "$1" "Removed successfully"
}

pkg_install() {
    # Install a built package tar-ball.

    # Install can also take the full path to a tar-ball.
    # We don't need to check the repository if this is the case.
    if [ -f "$1" ] && [ -z "${1%%*.tar.gz}" ] ; then
        tar_file=$1

    else
        # Read the version information to name the package.
        read -r version release < "$(pkg_find "$1")/version"

        # Construct the name of the package tarball.
        tar_name=$1\#$version-$release.tar.gz

        [ -f "$bin_dir/$tar_name" ] ||
            die "Package '$1' has not been built, run 'kiss build $1'"

        tar_file=$bin_dir/$tar_name
    fi

    # Figure out which package the tar-ball installs by checking for
    # a database entry inside the tar-ball. If no database entry exists,
    # exit here as the tar-ball is *most likely* not a KISS package.
    pkg_name=$(tar tf "$tar_file" | "$grep" -x "\./$pkg_db/.*/version") ||
        die "'${tar_file##*/}' is not a valid KISS package"

    pkg_name=${pkg_name%/*}
    pkg_name=${pkg_name##*/}

    mkdir -p "$tar_dir/$pkg_name"

    # Extract the tar-ball to catch any errors before installation begins.
    dosu tar pxf "'$tar_file'" -C "'$tar_dir/$pkg_name'" ||
        die "$pkg_name" "Failed to extract tar-ball"

    log "$pkg_name" "Checking that all dependencies are installed"

    # Make sure that all run-time dependencies are installed prior to
    # installing the package.
    [ -f "$tar_dir/$pkg_name/$pkg_db/$pkg_name/depends" ] &&
    [ -z "$KISS_FORCE" ] &&
        while read -r dep dep_type || [ "$dep" ]; do
            [ "${dep##\#*}" ] || continue
            [ "$dep_type" ]   || pkg_list "$dep" >/dev/null ||
                install_dep="$install_dep'$dep', "
        done < "$tar_dir/$pkg_name/$pkg_db/$pkg_name/depends"

    [ "$install_dep" ] && die "$1" "Package requires ${install_dep%, }"

    pkg_conflicts "$tar_file" "$pkg_name"

    log "$pkg_name" "Installing package incrementally"

    # Block being able to abort the script with Ctrl+C during installation.
    # Removes all risk of the user aborting a package installation leaving
    # an incomplete package installed.
    trap '' INT

    # If the package is already installed (and this is an upgrade) make a
    # backup of the manifest file.
    old_manifest=$(cat "$sys_db/$pkg_name/manifest" 2>/dev/null ||:)

    # This is repeated multiple times. Better to make it a function.
    pkg_rsync() {
        dosu rsync --chown=root:root --chmod=Du-s,Dg-s,Do-s \
              -WhHKa --no-compress "$1" --exclude /etc \
              "'$tar_dir/$pkg_name/'" "'$KISS_ROOT/'"
    }

    # Install the package by using 'rsync' and overwrite any existing files
    # (excluding '/etc/').
    pkg_rsync --info=progress2

    # If '/etc/' exists in the package, install it but don't overwrite.
    [ -d "$tar_dir/$pkg_name/etc" ] &&
        dosu rsync --chown=root:root -WhHKa --no-compress --ignore-existing \
            "'$tar_dir/$pkg_name/etc'" "'$KISS_ROOT/'"

    # Remove any leftover files if this is an upgrade.
    [ "$old_manifest" ] && {
        printf '%s\n' "$old_manifest" |
        "$grep" -vFxf "$sys_db/$pkg_name/manifest" - |

        while read -r file; do
            # Skip deleting some leftover files.
            case $file in
                /etc/*|*bin/rm|*bin/busybox|*bin/rsync) continue
            esac

            file=$KISS_ROOT/$file

            # Remove files.
            if [ -f "$file" ] && [ ! -L "$file" ]; then
                dosu rm -f "'$file'"

            # Remove file symlinks.
            elif [ -L "$file" ] && [ ! -d "$file" ]; then
                dosu unlink "'$file'" ||:

            # Skip directory symlinks.
            elif [ -L "$file" ] && [ -d "$file" ]; then :

            # Remove directories if empty.
            elif [ -d "$file" ]; then
                dosu rmdir "'$file'" 2>/dev/null ||:
            fi
        done ||:
    }

    # Install the package again to fix any non-leftover files being
    # removed above.
    pkg_rsync -v ||:
    pkg_rsync -v ||:

    # Reset 'trap' to its original value. Installation is done so
    # we no longer need to block 'Ctrl+C'.
    trap pkg_clean EXIT INT

    if [ -x "$sys_db/$pkg_name/post-install" ]; then
        log "$pkg_name" "Running post-install script"
        dosu "'$sys_db/$pkg_name/post-install'" ||:
    fi

    log "$pkg_name" "Installed successfully"
}

pkg_updates() {
    # Check all installed packages for updates. So long as the installed
    # version and the version in the repositories differ, it's considered
    # an update.

    log "Updating repositories"

    # Create a list of all repositories.
    # See [1] at top of script.
    # shellcheck disable=2046,2086
    { IFS=:; set -- $KISS_PATH; IFS=$old_ifs; }

    # Update each repository in '$KISS_PATH'. It is assumed that
    # each repository is 'git' tracked.
    for repo; do
        cd "$repo"

        # Go to the root of the repository (if it exists).
        cd "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null ||:

        [ -d .git ] || {
            log "$repo" " "
            printf '%s\n' "Not a git repository, skipping."
            continue
        }

        [ "$(git remote 2>/dev/null)" ] || {
            log "$repo" " "
            printf '%s\n' "No remote, skipping."
            continue
        }

        contains "$repos" "$PWD" || {
            repos="$repos $PWD "

            # Display a tick if signing is enabled for this
            # repository.
            case $(git config merge.verifySignatures) in
                true) signed='[signed ✓]' ;;
                *)    signed=  ;;
            esac

            log "$PWD" "$signed "

            if [ -w "$PWD" ]; then
                git fetch
                git merge

            else
                log "$PWD" "Need root to update"

                # Find out the owner of the repository and spawn
                # git as this user below.
                #
                # This prevents 'git' from changing the original
                # ownership of files and directories in the rare
                # case that the repository is owned by a 3rd user.
                (drop_to=$(stat -c %U "$PWD")

                dosu git fetch
                dosu git merge)
            fi
        }
    done

    log "Checking for new package versions"

    # Enable globbing.
    set +f

    for pkg in "$sys_db/"*; do
        pkg_name=${pkg##*/}

        # Read version and release information from the installed packages
        # and repository.
        read -r db_ver db_rel < "$pkg/version"
        read -r re_ver re_rel < "$(pkg_find "$pkg_name")/version"

        # Compare installed packages to repository packages.
        [ "$db_ver-$db_rel" != "$re_ver-$re_rel" ] && {
            printf '%s\n' "$pkg_name $db_ver-$db_rel ==> $re_ver-$re_rel"
            outdated="$outdated$pkg_name "
        }
    done

    # If the package manager has an update, handle it first.
    contains "$outdated" kiss && {
        log "Detected package manager update"
        log "The package manager will be updated first"

        prompt

        pkg_build   kiss
        pkg_install kiss

        log "Updated the package manager"
        log "Re-run 'kiss update' to update your system"

        exit 0
    }

    # Disable globbing.
    set -f

    # End here if no packages have an update.
    [ "$outdated" ] || {
        log "Everything is up to date"
        return
    }

    log "Packages to update: ${outdated% }"

    # Tell 'pkg_build' to always prompt before build.
    pkg_update=1

    # Build all packages requiring an update.
    # See [1] at top of script.
    # shellcheck disable=2046,2086
    pkg_build $outdated

    log "Updated all packages"
}

pkg_clean() {
    # Clean up on exit or error. This removes everything related
    # to the build.
    stty -F /dev/tty echo 2>/dev/null

    # Block 'Ctrl+C' while cache is being cleaned.
    trap '' INT

    # Remove temporary items.
    rm -rf -- "$mak_dir" "$pkg_dir" "$tar_dir" "$cac_dir/$pid-m"
}

args() {
    # Parse script arguments manually. POSIX 'sh' has no 'getopts'
    # or equivalent built in. This is rather easy to do in our case
    # since the first argument is always an "action" and the arguments
    # that follow are all package names.
    action=$1

    # 'dash' exits on error here if 'shift' is used and there are zero
    # arguments despite trapping the error ('|| :').
    shift "$(($# > 0 ? 1 : 0))"

    # Unless this is a search, sanitize the user's input. The call to
    # 'pkg_find()' supports basic globbing, ensure input doesn't expand
    # to anything except for when this behavior is needed.
    #
    # This handles the globbing characters '*', '!', '[' and ']' as per:
    # https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html
    case $action in
        a|alternatives|s|search) ;;

        *)
            case $@ in
                *'*'*|*'!'*|*'['*|*']'*)
                    die "Arguments contain invalid characters: '!*[]'"
                ;;
            esac
    esac

    # Parse some arguments earlier to remove the need to duplicate code.
    case $action in
        c|checksum|s|search|i|install|r|remove)
            [ "$1" ] || die "'kiss $action' requires an argument"
        ;;
    esac

    # Actions can be abbreviated to their first letter. This saves
    # keystrokes once you memorize the commands.
    case $action in
        a|alternatives)
            if [ "$1" = - ]; then
                while read -r pkg path; do
                    pkg_swap "$pkg" "$path"
                done

            elif [ "$1" ]; then
                pkg_swap "$@"

            else
                log "Alternatives:"

                # Go to the choices directory and hide errors
                # as there is nothing to list if the directory
                # doesn't exist.
                cd "$sys_db/../choices" 2>/dev/null
                set +f

                # Go over each alternative and format the file
                # name for listing. (pkg_name>usr>bin>ls)
                for pkg in *; do
                    [ "$pkg" = '*' ] || printf '%s\n' "$pkg"
                done | sed 's|>| /|;s|>|/|g'
            fi
        ;;

        b|build)
            # If no arguments were passed, rebuild all packages.
            [ "$1" ] || {
                cd "$sys_db" || die "Failed to find package db"

                # Use a glob after 'cd' to generate a list of all installed
                # packages based on directory names.
                set +f; set -f -- *

                # Undo the above 'cd' to ensure we stay in the same location.
                cd - >/dev/null
            }

            pkg_build "$@"
        ;;

        c|checksum)
            for pkg; do pkg_lint    "$pkg"; done
            for pkg; do pkg_sources "$pkg" c; done
            for pkg; do
                pkg_checksums "$pkg" > "$(pkg_find "$pkg")/checksums"

                log "$pkg" "Generated checksums"
            done
        ;;

        i|install)
            # Create a list of each package's dependencies.
            for pkg; do
                case $pkg in
                    *.tar.gz) deps="$deps $pkg " ;;
                    *)        pkg_depends "$pkg" install
                esac
            done

            # Filter the list, only installing explicit packages.
            # The purpose of these two loops is to order the
            # argument list based on dependence.
            for pkg in $deps; do
                ! contains "$*" "$pkg" || pkg_install "$pkg"
            done
        ;;

        r|remove)
            log "Removing packages"

            # Create a list of each package's dependencies.
            for pkg; do pkg_depends "$pkg" remove; done

            # Reverse the list of dependencies filtering out anything
            # not explicitly set for removal.
            for pkg in $deps; do
                contains "$*" "$pkg" && remove_pkgs="$pkg $remove_pkgs"
            done

            for pkg in $remove_pkgs; do
                pkg_list "$pkg" >/dev/null ||
                    die "$pkg" "Not installed"

                pkg_remove "$pkg" "${KISS_FORCE:-check}"
            done
        ;;

        l|list)
            pkg_list "$@"
        ;;

        u|update)
            pkg_updates
        ;;

        s|search)
            for pkg; do pkg_find "$pkg" all; done
        ;;

        v|version|-v|--version)
            log kiss 1.0.5
        ;;

        h|help|-h|--help|'')
            log 'kiss [a|b|c|i|l|r|s|u|v] [pkg] [pkg] [pkg]'
            log 'alternatives: List and swap to alternatives'
            log 'build:        Build a package'
            log 'checksum:     Generate checksums'
            log 'install:      Install a package'
            log 'list:         List installed packages'
            log 'remove:       Remove a package'
            log 'search:       Search for a package'
            log 'update:       Check for updates'
            log 'version:      Package manager version'
        ;;

        *) die "'kiss $action' is not a valid command" ;;
    esac
}

main() {
    # Ensure that debug mode is never enabled to prevent internal
    # package manager information from leaking to stdout.
    set +x

    # Prevent the package manager from running as root. The package
    # manager will elevate permissions where needed.
    [ "$(id -u)" != 0 ] || [ "$KISS_ASROOT" ] || {
        log "kiss must be run as a normal user" "" "!>"
        die "(Run with KISS_ASROOT=1 to ignore this warning)"
    }

    # Use the most secure method of sending data over stdin based on
    # whether or not the 'printf' command is built into the shell.
    [ "$(command -v printf)" = printf ] || heredocs=1

    # Set the location to the repository and package database.
    pkg_db=var/db/kiss/installed

    # The PID of the current shell process is used to isolate directories
    # to each specific KISS instance. This allows multiple package manager
    # instances to be run at once. Store the value in another variable so
    # that it doesn't change beneath us.
    pid=${KISS_PID:-$$}

    # Store the original value of IFS so we can revert back to it if the
    # variable is ever changed.
    old_ifs=$IFS

    # Catch errors and ensure that build files and directories are cleaned
    # up before we die. This occurs on 'Ctrl+C' as well as success and error.
    trap pkg_clean EXIT INT

    # Prefer GNU grep if installed as it is much much faster than busybox's
    # implementation. Very much worth it if you value performance over
    # POSIX correctness.
    grep=$(command -v ggrep) || grep='grep'

    # Store the date and time of script invocation to be used as the name
    # of the log files the package manager creates uring builds.
    time=$(date '+%d-%m-%Y-%H:%M')

    # This allows for automatic setup of a KISS chroot and will
    # do nothing on a normal system.
    mkdir -p "${sys_db:=$KISS_ROOT/$pkg_db}" 2>/dev/null ||:

    # Create the required temporary directories and set the variables
    # which point to them.
    mkdir -p "${cac_dir:=$KISS_ROOT${XDG_CACHE_HOME:-$HOME/.cache}/kiss}" \
             "${mak_dir:=$cac_dir/build-$pid}" \
             "${pkg_dir:=$cac_dir/pkg-$pid}" \
             "${tar_dir:=$cac_dir/extract-$pid}" \
             "${src_dir:=$cac_dir/sources}" \
             "${log_dir:=$cac_dir/logs}" \
             "${bin_dir:=$cac_dir/bin}" \
        || die "Couldn't create cache directories"

    args "$@"
}

main "$@"