365 lines
21 KiB
HTML
365 lines
21 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
|
|
<head>
|
|
<title>TootInstall | Paul's Site of Stuff</title>
|
|
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1">
|
|
<meta name="robots" content="noodp"/>
|
|
|
|
<link rel="stylesheet" href="https://paulwilde.uk/style.css">
|
|
<link rel="stylesheet" href="https://paulwilde.uk/color/orange.css">
|
|
|
|
<link rel="stylesheet" href="https://paulwilde.uk/color/background_blue.css">
|
|
|
|
<link rel="stylesheet" href="https://paulwilde.uk/font-hack-subset.css">
|
|
|
|
<meta name="description" content="">
|
|
|
|
<meta property="og:description" content="">
|
|
<meta property="og:title" content="TootInstall | Paul's Site of Stuff">
|
|
<meta property="og:type" content="article">
|
|
<meta property="og:url" content="https://paulwilde.uk/ponderings/tootinstall-concept/">
|
|
|
|
<meta name="twitter:card" content="summary_large_image">
|
|
<meta name="twitter:description" content="">
|
|
<meta name="twitter:title" content="TootInstall | Paul's Site of Stuff">
|
|
<meta property="twitter:domain" content="paulwilde.uk">
|
|
<meta property="twitter:url" content="https://paulwilde.uk/ponderings/tootinstall-concept/">
|
|
|
|
|
|
|
|
<link rel="alternate" type="application/atom+xml" title="RSS" href="https://paulwilde.uk/atom.xml">
|
|
|
|
|
|
<link rel="shortcut icon" type="image/png" href="/favicon.png">
|
|
|
|
</head>
|
|
<body class="">
|
|
<div class="container">
|
|
|
|
<header class="header">
|
|
<div class="header__inner">
|
|
<div class="header__logo">
|
|
|
|
<a href="https://paulwilde.uk" style="text-decoration: none;">
|
|
<div class="logo">
|
|
|
|
Hello, I'm Paul
|
|
|
|
</div>
|
|
</a>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<nav class="menu">
|
|
<ul class="menu__inner">
|
|
<li><a href="/">home</a></li>
|
|
|
|
<li><a href="/aboutme">about me</a></li>
|
|
|
|
<li><a href="/ponderings">ponderings</a></li>
|
|
|
|
<li><a href="/iuse">i use …</a></li>
|
|
|
|
<li><a href="/tags">tags</a></li>
|
|
|
|
<li><a href="/atom.xml">rss</a></li>
|
|
</ul>
|
|
</nav>
|
|
|
|
|
|
|
|
</header>
|
|
|
|
|
|
<div class="post">
|
|
|
|
<h1 class="post-title"><a href="https://paulwilde.uk/ponderings/tootinstall-concept/">TootInstall</a></h1>
|
|
<div class="post-meta-inline">
|
|
|
|
<span class="post-date">
|
|
2024-07-29
|
|
</span>
|
|
|
|
</div>
|
|
|
|
|
|
<span class="post-tags-inline">
|
|
:: tags:
|
|
<a class="post-tag" href="https://paulwilde.uk/tags/concept/">#concept</a>
|
|
<a class="post-tag" href="https://paulwilde.uk/tags/humour/">#humour</a>
|
|
<a class="post-tag" href="https://paulwilde.uk/tags/parody/">#parody</a>
|
|
<a class="post-tag" href="https://paulwilde.uk/tags/protocols/">#protocols</a>
|
|
<a class="post-tag" href="https://paulwilde.uk/tags/rfc/">#rfc</a>
|
|
<a class="post-tag" href="https://paulwilde.uk/tags/tech/">#tech</a></span>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="post-content">
|
|
<h2 id="tootinstall-concept">TootInstall Concept</h2>
|
|
<h3 id="status-of-this-memo">Status of this Memo</h3>
|
|
<p>This memo defines a conceptual protocol for software build and install scripts
|
|
for varying platforms published via Fediverse (ActivityPub i.e Mastodon, et al) posts.</p>
|
|
<span id="continue-reading"></span><h3 id="overview">Overview</h3>
|
|
<p>These days, the options for software build and install processes are many,
|
|
and jumping through the hoops required for some operating systems can be
|
|
troublesome and sometimes impossible.<br />
|
|
Additionally, having to maintain many published packages for varying platforms
|
|
is laborious, and sometimes means packages in some platforms become out of date
|
|
and unmaintained.<br />
|
|
The TootInstall concept aims to bypass many of these requirements in an effort
|
|
to have build and install scripts available for any application available on a
|
|
decentralized, federated, all-accessible platform.</p>
|
|
<h4 id="usage-by-developers">Usage - by Developers</h4>
|
|
<p>A software developer or package maintainer would post their script using their
|
|
preferred federated ActivityPub service, and mention a <code>tootinstall bot</code>
|
|
(i.e. <code>@tootinstall_bot@tootinstall.example</code>). The <code>tootinstall bot</code> would then
|
|
parse the script and re-post it, giving attribution to the original poster.</p>
|
|
<p>It would be in everyone's best interests if all package requirements are listed
|
|
to ensure all dependencies are satisfied before attempting the install.</p>
|
|
<p>For example, a simple <code>tootinstall</code> script may look like the following:</p>
|
|
<pre data-lang="ini" style="background-color:#212121;color:#eeffff;" class="language-ini "><code class="language-ini" data-lang="ini"><span>@tootinstall_bot@tootinstall</span><span style="color:#89ddff;">.</span><span>example
|
|
</span><span style="color:#89ddff;">+++
|
|
</span><span style="color:#f78c6c;">name </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">"my_package"
|
|
</span><span style="color:#f78c6c;">targets </span><span style="color:#89ddff;">=</span><span> [</span><span style="color:#c3e88d;">"linux+amd64"</span><span style="color:#89ddff;">, </span><span style="color:#c3e88d;">"linux+arm"</span><span style="color:#89ddff;">, </span><span style="color:#c3e88d;">"freebsd+amd64"</span><span>]
|
|
</span><span style="color:#f78c6c;">dependencies </span><span style="color:#89ddff;">=</span><span> [</span><span style="color:#c3e88d;">"bash"</span><span style="color:#89ddff;">,</span><span style="color:#c3e88d;">"git"</span><span>]
|
|
</span><span style="color:#89ddff;">+++
|
|
</span><span style="font-style:italic;color:#4a4a4a;">#!/usr/bin/env bash
|
|
</span><span style="color:#f78c6c;">git </span><span>clone https://gitrepo.example/me/my_package </span><span style="color:#89ddff;">/</span><span>tmp</span><span style="color:#89ddff;">/</span><span>my_package
|
|
</span><span style="color:#f78c6c;">cd </span><span style="color:#89ddff;">/</span><span>tmp</span><span style="color:#89ddff;">/</span><span>my_package
|
|
</span><span style="color:#f78c6c;">cp </span><span style="color:#89ddff;">./</span><span>my_package </span><span style="color:#89ddff;">/</span><span>usr</span><span style="color:#89ddff;">/</span><span>local</span><span style="color:#89ddff;">/</span><span>bin</span><span style="color:#89ddff;">/</span><span>my_package
|
|
</span></code></pre>
|
|
<p>which the bot would receive, and re-post like so:</p>
|
|
<pre data-lang="ini" style="background-color:#212121;color:#eeffff;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#89ddff;">+++
|
|
</span><span style="color:#f78c6c;">name </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">"my_package"
|
|
</span><span style="color:#f78c6c;">targets </span><span style="color:#89ddff;">=</span><span> [</span><span style="color:#c3e88d;">"linux+amd64"</span><span style="color:#89ddff;">, </span><span style="color:#c3e88d;">"linux+arm"</span><span style="color:#89ddff;">, </span><span style="color:#c3e88d;">"freebsd+amd64"</span><span>]
|
|
</span><span style="color:#f78c6c;">dependencies </span><span style="color:#89ddff;">=</span><span> [</span><span style="color:#c3e88d;">"bash"</span><span style="color:#89ddff;">,</span><span style="color:#c3e88d;">"git"</span><span>]
|
|
</span><span style="color:#f78c6c;">author </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">"@you@a_mastodon_instance.example"
|
|
</span><span style="color:#f78c6c;">date </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">"2024-29-07T14:48:00"
|
|
</span><span style="color:#f78c6c;">status </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">"pending approval"
|
|
</span><span style="color:#f78c6c;">tootinstall_host </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">"packages.tootinstall.example"
|
|
</span><span style="color:#89ddff;">+++
|
|
</span><span style="font-style:italic;color:#4a4a4a;">#!/usr/bin/env bash
|
|
</span><span style="color:#f78c6c;">git </span><span>clone https://gitrepo.example/me/my_package </span><span style="color:#89ddff;">/</span><span>tmp</span><span style="color:#89ddff;">/</span><span>my_package
|
|
</span><span style="color:#f78c6c;">cd </span><span style="color:#89ddff;">/</span><span>tmp</span><span style="color:#89ddff;">/</span><span>my_package
|
|
</span><span style="color:#f78c6c;">cp </span><span style="color:#89ddff;">./</span><span>my_package</span><span style="color:#89ddff;">.</span><span>bash </span><span style="color:#89ddff;">/</span><span>usr</span><span style="color:#89ddff;">/</span><span>local</span><span style="color:#89ddff;">/</span><span>bin</span><span style="color:#89ddff;">/</span><span>my_package
|
|
</span></code></pre>
|
|
<p>The <code>tootinstall bot</code> should have RSS enabled for their posts, which is then
|
|
parsed by a <code>tootinstall helper</code> and collated into a <code>tootinstall database</code> and
|
|
published on a <code>tootinstall host</code>.</p>
|
|
<h4 id="usage-by-end-users">Usage - by End Users</h4>
|
|
<p>An end user only requires a simple portable <code>tootinstall</code> binary which can be
|
|
used as follows:</p>
|
|
<pre data-lang="sh" style="background-color:#212121;color:#eeffff;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#82aaff;">tootinstall install my_package @packages.tootinstall.example
|
|
</span></code></pre>
|
|
<h3 id="tootinstall-bot">TootInstall Bot</h3>
|
|
<p>A <code>tootinstall bot</code> is a ActivityPub account that is able to read posts it is
|
|
mentioned in, adapt incoming information and create new posts with correctly
|
|
formatted <code>tootinstall script</code> text.</p>
|
|
<p>It must:</p>
|
|
<ul>
|
|
<li>be able to publish their ActivityPub feed via RSS so a
|
|
<code>tootinstall helper</code> is able to easily read posts it sends for new
|
|
<code>tootinstall scripts</code>.</li>
|
|
<li>post a <code>tootinstall script</code> as a new post,
|
|
not a reply, nor a boost, nor a quote boost, nor anything similar,
|
|
to simplify RSS feed handling.</li>
|
|
<li>create 'author', 'date', 'status', and
|
|
'tootinstall_host' tags in the <code>tootinstall script</code> and ignore those in the
|
|
original post to prevent information poisoning.</li>
|
|
<li>be able to operate a blacklist of accounts/instances to prevent spamming</li>
|
|
</ul>
|
|
<p>It may also be useful if it could:</p>
|
|
<ul>
|
|
<li>receive boosts/favourites and forward these on to a <code>tootinstall helper</code>
|
|
for approval and scoring purposes (see Approvals and Scoring).</li>
|
|
</ul>
|
|
<h3 id="tootinstall-helper">TootInstall Helper</h3>
|
|
<p>A <code>tootinstall helper</code> is a background service that can read RSS feeds provided
|
|
by configured <code>tootinstall bots</code> collating all new <code>tootinstall scripts</code> it
|
|
has posted, store them in a database, and be able to search and return
|
|
information about them as requested by a <code>tootinstall</code> user binary.</p>
|
|
<p>It must:</p>
|
|
<ul>
|
|
<li>be able to be configured to check multiple <code>tootinstall bot</code> RSS feeds to
|
|
allow for a more federated and decentralised service.</li>
|
|
<li>be able to write to a persistent database</li>
|
|
<li>be able to return a script by name</li>
|
|
<li>NOT allow anyone other than the original author or maintainers to update a script</li>
|
|
<li>be able to operate a blacklist of accounts/instances to prevent spamming</li>
|
|
</ul>
|
|
<p>It would also be useful if it could:</p>
|
|
<ul>
|
|
<li>increment a version number of a <code>tootinstall script</code> automatically. Incoming version numbers
|
|
should be ignored.</li>
|
|
</ul>
|
|
<h3 id="tootinstall-host">TootInstall Host</h3>
|
|
<p>A <code>tootinstall host</code> is a web frontend used by <code>tootinstall</code> user binary
|
|
that is able to utilise the <code>tootinstall helper</code> to return <code>tootinstall scripts</code>.</p>
|
|
<p>It must:</p>
|
|
<ul>
|
|
<li>be accessible on the internet</li>
|
|
<li>be able to search and return a list of packages in <code>json</code> format</li>
|
|
<li>be able to return a specific package script by name in <code>toml</code> format</li>
|
|
</ul>
|
|
<p>Endpoint URLs should be as follows:</p>
|
|
<ul>
|
|
<li>/search?q=package_name</li>
|
|
<li>/install?p=package_name</li>
|
|
</ul>
|
|
<h4 id="the-tootinstall-bot-helper-and-host-can-all-be-the-same-system-and-do-not-necessarily-need-to-be-separate-services">The TootInstall Bot, Helper and Host can all be the same system and do not necessarily need to be separate services</h4>
|
|
<h3 id="tootinstall-script">TootInstall Script</h3>
|
|
<p>A <code>tootinstall script</code> is a <code>toml</code> document describing the dependencies and
|
|
build/install process of a package.<br />
|
|
It has the following parameters:</p>
|
|
<ul>
|
|
<li>Editable:</li>
|
|
</ul>
|
|
<pre data-lang="sh" style="background-color:#212121;color:#eeffff;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#82aaff;">name : string : the package name (not editable after the first post</span><span>)
|
|
</span><span style="color:#82aaff;">targets : array</span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">string</span><span style="font-style:italic;color:#c792ea;">]</span><span style="color:#82aaff;"> : a list of os+arch targets
|
|
</span><span style="color:#82aaff;">dependencies : array</span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">string</span><span style="font-style:italic;color:#c792ea;">]</span><span style="color:#82aaff;"> : a list of software dependencies required
|
|
</span><span style="color:#82aaff;">maintainers : array</span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">string</span><span style="font-style:italic;color:#c792ea;">]</span><span style="color:#82aaff;"> : a list of ActivityPub accounts who can update a script
|
|
</span></code></pre>
|
|
<ul>
|
|
<li>Non-Editable:</li>
|
|
</ul>
|
|
<pre data-lang="sh" style="background-color:#212121;color:#eeffff;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#82aaff;">author : string : the original author of the script
|
|
</span><span style="color:#82aaff;">date : datetime : the date and time the script was last updated (RFC3339</span><span>)
|
|
</span><span style="color:#82aaff;">status : string : the status of the script (pending approval, approved, archived</span><span>)
|
|
</span><span style="color:#82aaff;">tootinstall_host : string : the host on which this package has been published
|
|
</span></code></pre>
|
|
<p>The Editable parameters are enclosed in <code>+++</code>'s to define separation between the
|
|
parameters and the main script.<br />
|
|
A <code>tootinstall script</code> should also include a <code>shebang</code> to ensure the script runs
|
|
as expected.</p>
|
|
<h3 id="tootinstall-binary">TootInstall Binary</h3>
|
|
<p>A <code>tootinstall binary</code> is a simple portable binary that anyone can download and
|
|
run to get <code>TootInstall</code> functionality.</p>
|
|
<p>A guideline for usage is as below:</p>
|
|
<pre data-lang="sh" style="background-color:#212121;color:#eeffff;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#82aaff;">tootinstall </span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">mode</span><span style="font-style:italic;color:#c792ea;">]</span><span style="color:#82aaff;"> package_name @</span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">tootinstall_host</span><span style="font-style:italic;color:#c792ea;">]
|
|
</span><span> </span><span style="color:#82aaff;">modes:
|
|
</span><span> </span><span style="color:#82aaff;">install - builds and installs the package as per the script
|
|
</span><span> </span><span style="color:#82aaff;">download - downloads a script but does not run it
|
|
</span><span> </span><span style="color:#82aaff;">search - searches the tootinstall url for a package name
|
|
</span><span> </span><span style="color:#82aaff;">inspect - finds and displays the tootinstall script
|
|
</span><span>
|
|
</span><span> </span><span style="color:#82aaff;">parameters:
|
|
</span><span> </span><span style="color:#82aaff;">package_name - Required. the package name to install or
|
|
</span><span> </span><span style="color:#82aaff;">search or inspect
|
|
</span><span> </span><span style="color:#82aaff;">@[tootinstall host] - Required. the host on which a tootinstall
|
|
</span><span> </span><span style="color:#82aaff;">database is running
|
|
</span></code></pre>
|
|
<p>It must:</p>
|
|
<ul>
|
|
<li>be able to access the internet</li>
|
|
<li>be able to search and download <code>tootinstall scripts</code> from multiple <code>tootinstall hosts</code></li>
|
|
<li>be able to run the downloaded script</li>
|
|
<li>allow the user to inspect the script</li>
|
|
</ul>
|
|
<h3 id="verification">Verification</h3>
|
|
<p>The various <code>tootinstall</code> bots and helpers should be configured to do some
|
|
basic verification of the script poster.</p>
|
|
<p>Good examples of some basic checks are:</p>
|
|
<ul>
|
|
<li>does the poster have a bio?</li>
|
|
<li>does the poster have an image?</li>
|
|
<li>has the poster been active on the fediverse for a reasonable amount of time</li>
|
|
<li>has the poster been interacting with people of the fediverse for a reasonable
|
|
amount of time?</li>
|
|
<li>does the poster have some other people following them?</li>
|
|
<li>has the poster ever been boosted and/or favourited by somebody else a few times?</li>
|
|
</ul>
|
|
<h3 id="scoring">Scoring</h3>
|
|
<p>As a popularity/rating service, we can utilise ActivityPub boosts and favourites
|
|
as a scoring platform for <code>tootinstall scripts</code>.</p>
|
|
<ul>
|
|
<li><code>favourite</code> = "I like this" = 1 point</li>
|
|
<li><code>boost</code> = "I want other people to see this" = 1 points</li>
|
|
</ul>
|
|
<p>A favourite and a boost from one account can give a script 2 points.</p>
|
|
<h3 id="approvals">Approvals</h3>
|
|
<p>It <strong>would not</strong> be sensible to publish a script immediately after posting as
|
|
doing so massively increases the risk of distributing malware.<br />
|
|
Instead, it would be wise to implement an approval concept whereby authorised
|
|
accounts could authorise a script by replying to the <code>tootinstall bot</code>'s post
|
|
with an approval state i.e. "approved" or "denied". A <code>tootinstall bot</code> could
|
|
also actively seek out approval from a list of configured accounts, and post the
|
|
script privately to them before actually posting the published script.<br />
|
|
Secondary to this, we could implement a form of crowdsourced approval whereby if
|
|
a script score reaches a certain level, it is automatically approved.</p>
|
|
<h1 id="written-by-paul-wilde-29th-july-2024">Written by Paul Wilde - 29th July 2024</h1>
|
|
<h2 id="paul-notnull-space"><a href="https://notnull.space/@paul">@paul@notnull.space</a></h2>
|
|
<h2 id="final-notes">Final Notes</h2>
|
|
<p>OK… let's address the elephant in the room. I am <em><strong>very</strong></em> aware this is incredibly
|
|
dangerous and <em>you</em> should be very aware this is a parody concept.
|
|
Please, everyone, PLEASE, do not implement any of this!! It is just meant as a
|
|
humorous thought experiment and is in no way intended to make it to production.</p>
|
|
|
|
</div>
|
|
|
|
|
|
<div class="pagination">
|
|
<div class="pagination__title">
|
|
<span class="pagination__title-h">Thanks for reading! Read other posts?</span>
|
|
<hr />
|
|
</div>
|
|
<div class="pagination__buttons">
|
|
<span class="button previous">
|
|
<a href="https://paulwilde.uk/ponderings/errors/">
|
|
<span class="button__icon">←</span>
|
|
<span class="button__text">Wholesome Errors</span>
|
|
</a>
|
|
</span>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<footer class="footer">
|
|
<div class="footer__inner">
|
|
|
|
<a href="https://notnull.space/@paul" rel="me">fediverse (gts)</a>
|
|
|
|
<a href="https://snac.notnull.space/paul" rel="me">fediverse (snac)</a>
|
|
|
|
<a href="https://codeberg.org/pswilde" rel="me">codeberg</a>
|
|
|
|
<a href="https://keyoxide.org/85633E30514CC1932E4268460ED12CF710BC42CA" rel="me">keyoxide</a>
|
|
|
|
</div>
|
|
<div class="footer__inner">
|
|
<div class="copyright">
|
|
<span>©
|
|
2024
|
|
Paul Wilde</span>
|
|
<span class="copyright-theme">
|
|
<span class="copyright-theme-sep">:: </span>
|
|
Theme: <a href="https://github.com/pawroman/zola-theme-terminimal/">Terminimal</a>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
</footer>
|
|
|
|
</div>
|
|
</body>
|
|
|
|
</html>
|