diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..99a4e47b --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +ports/*/*/*.pkgfile linguist-language=shell diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..fb4ea175 --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +bonsai +bonsai.db +bonsai.rc + +a.out +*~* +*bkup* +*.bk + +*rootfs.gz +*isolinux.bin +*isolinux.cfg + +old +tmp diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..950c56f4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,19 @@ +Copyright (c) 2020 Mitch Weaver + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 00d7bdd4..0dd33c47 100644 --- a/README.md +++ b/README.md @@ -1 +1,27 @@ -WIP +# bonsai + + + +A tiny Linux distribution based on musl-libc focused on simplicity and correctness. + +Linux done differently. + +For the idealists, for the hobbyists. + +### Achtung! +Bonsai is a hobby distro; a love affair. +It is still in active, early development. +There are bugs. There are snakes. + +### Thanks +* CRUX +* KISS Linux +* Alpine Linux +* Sabotage Linux +* OpenBSD + +Inspirations and patches have been taken from these wonderful projects. + +----- + +Designed by [Mitch Weaver](https://github.com/mitchweaver) diff --git a/makefile b/makefile new file mode 100644 index 00000000..7e5e4ddb --- /dev/null +++ b/makefile @@ -0,0 +1,18 @@ +BONSAI_ROOT = ${HOME}/env/bonsai + +PREFIX = ${HOME}/.local + +# 1090: file sourcing - we know, pkgfiles +# 2154: undeclared vars - vars inside pkgfiles +# 2046: word splitting - this is done sparingly and intentionally +SHELLCHECK = shellcheck -s sh -e 1090 -e 2154 -e 2046 + +all: + mkdir -p ${BONSAI_ROOT}/src + cp -rf ports ${BONSAI_ROOT}/src/ + install -Dm 0755 bonsai ${PREFIX}/bin/ + install -Dm 0755 tools/* ${PREFIX}/bin/ + +test: + ${SHELLCHECK} bonsai + ${SHELLCHECK} tools/mksum diff --git a/ports/core/@cfg/@cfg.pkgfile b/ports/core/@cfg/@cfg.pkgfile new file mode 100644 index 00000000..6c8e7fc9 --- /dev/null +++ b/ports/core/@cfg/@cfg.pkgfile @@ -0,0 +1,12 @@ +info='bonsai global configuration files' +link=false +build() { + for file in cfg/*.cfg ; do + if [ -f "$CONFIG"/${file#cfg/} ] ; then + warn "$CONFIG/${file#cfg/} exists, refusing to overwrite" + continue + fi + msg "installing ${file#cfg/} with mode 0644..." + install -D -m 0644 $file "$CONFIG"/${file#cfg/} + done +} diff --git a/ports/core/@cfg/@cfg.sums b/ports/core/@cfg/@cfg.sums new file mode 100644 index 00000000..71b16e08 --- /dev/null +++ b/ports/core/@cfg/@cfg.sums @@ -0,0 +1,2 @@ +5f5ee473e5309259a83288c9b1e2f488899ec10a07bb4f7f685d77e5183a2c94d28745bdb0031178049988fe1ab506c41330d5b18cbd2c1a4d6f24986d65f296 cfg/build.cfg +e5c01980c72b3d032564395289ad6bcca05360fa366c316243d74f68c316aaf40524a8ae698eb71502c697b843ebc8f2a792c22b459f33e299179d5aba533c2e cfg/autotools.cfg diff --git a/ports/core/@cfg/cfg/autotools.cfg b/ports/core/@cfg/cfg/autotools.cfg new file mode 100644 index 00000000..b9811c3e --- /dev/null +++ b/ports/core/@cfg/cfg/autotools.cfg @@ -0,0 +1,149 @@ +# -/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/- # +# # +# # # +# # O # +# ##, ,##,',##, ,## ,#, , # +# # # # # #''# #,, # # # # +# '#' '##' # # ,,# '##;, # # +# # +# # +# global autotool configure flags # +# # +# -/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/- # + +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# Paths +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +SET prefix / +SET bindir /bin +SET sbindir /bin +SET sysconfdir /etc +SET includedir /include +SET libexecdir /lib +SET libdir /lib +SET datadir /share +SET localstatedir /var +SET localedir /sucks +SET infodir /sucks +SET docdir /sucks +SET htmldir /sucks +SET pdfdir /sucks + +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# Enables +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# Hardening +YES pic +YES malloc0returnsnull +YES shared +YES shared-libs +YES host-shared +YES dynamic + +# Performance +YES fast-install +YES optimize +YES lto + +# Features / Plugins +YES wide-chars +YES xinerama + +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# Disables +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# General +NO imake +NO warnings +NO option-checking +NO dependency-tracking +NO largefile +NO libtool-lock +NO profiling +NO gprof +NO gprof-libc +NO mime +NO btrfs +NO selinux + +# Hardening +NO static +NO static-link +NO static-libs +NO host-static +NO gnu-ld +NO rpath + +# Sucks +NO nls +NO gnutls +NO pam +NO libpam +NO introspection +NO launchd +NO gnome +NO gnome-libs +NO kde +NO desktop +NO startup-notification +NO bash-completion +NO zsh-completion +NO fish-completion +NO valgrind +NO guile +NO ada + +# NO DOCS! +NO documentation +NO doc +NO docs +NO gtk-doc +NO gtk-doc-html +NO gtk-doc-pdf +NO gtk-docs +NO gtk-docs-html +NO gtk-docs-pdf +NO devel-docs +NO build-docs +NO install-doc +NO install-docs +NO asciidoc +NO specs +NO specifications +NO doxygen +NO doxygen-html +NO doxygen-doc +NO doxygen-dot +NO doxygen-man +NO doxygen-rtf +NO doxygen-xml +NO doxygen-chm +NO doxygen-chi +NO doxygen-pdf +NO doxygen-ps +NO xmlto +NO fop +NO xsltproc +NO gettext +NO help-builtin + +# NO TESTS! +NO tests +NO extratests +NO unit-tests +NO test-modules +NO install-test-programs +NO install-tests +NO gtktest +NO coverage +NO samples +NO examples +NO lint +NO lint-library +NO linting +NO debug +NO debugger +NO debug-mode +NO verbose-debug + +# vim:ft=config diff --git a/ports/core/@cfg/cfg/build.cfg b/ports/core/@cfg/cfg/build.cfg new file mode 100644 index 00000000..9b0b7f9e --- /dev/null +++ b/ports/core/@cfg/cfg/build.cfg @@ -0,0 +1,152 @@ +# -/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/- # +# # +# # # +# # O # +# ##, ,##,',##, ,## ,#, , # +# # # # # #''# #,, # # # # +# '#' '##' # # ,,# '##;, # # +# # +# # +# global build configuration file # +# # +# -/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/- # + +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# 1. Performance +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# Optimization level +# +# -O0: fastest compile times +# -O2: strong performance optimizations +# -Os: enable all -O2 optimizations except which would enlarge binary size +# -Og: add extra debugging symbols +# +# see: http://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html +CFLAGS="$CFLAGS -O2" + +# Use pipes over temporary files, (tends be faster than file I/O). +# +# see: http://wiki.gentoo.org/wiki/GCC_optimization#-pipe +CFLAGS="$CFLAGS -pipe" + +# Smaller binary sizes under musl-libc. +# +# see: http://landley.net/toybox/#17-09-2013 +CFLAGS="$CFLAGS -fasynchronous-unwind-tables" + +# You may also wish to add -march optimization for your specific architecture. +# +# Be aware however, this will make the resulting binaries unportable +# between machines. As such, this is commented out by default. +# +# see: http://wiki.gentoo.org/wiki/Safe_CFLAGS +#CFLAGS="$CFLAGS -march=native" + +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# 2. Hardening +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# Explicitly forbid execution on the stack. +# +# see: http://linux.die.net/man/8/execstack +CFLAGS="$CFLAGS -Wl,-z,noexecstack" + +# Generate Position-Independent-Code for libraries. +# GCC will automatically use PIE for executables. +CFLAGS="$CFLAGS -fpic" + +# Add stack canaries to functions. +# +# * protector: add to functions gcc believes to be vulnerable +# * protector-strong: add to all functions with arrays larger than 4 bytes +# * protector-all: add to ALL functions, regardless of arrays +# +# note: 'all' is generally considered a waste. +# see: http://wiki.osdev.org/Stack_Smashing_Protector +CFLAGS="$CFLAGS -fstack-protector-strong" + +# Prevent stack clash attacks. +# +# see: http://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html +CFLAGS="$CFLAGS -fstack-clash-protection" + +# Enable return trampolines to help mitigate some variants of Spectre V2. +# +# see: http://stackoverflow.com/q/48089426 +CFLAGS="$CFLAGS -mindirect-branch=thunk -mfunction-return=thunk" + +# Check that target addresses are valid before changing flow control. +# Helps protect against ROP attacks. +# +# * branch: only branching +# * return: only returns +# * full: both +# +# see: http://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html +CFLAGS="$CFLAGS -fcf-protection=full -mmitigate-rop" + +# Full Read-Only Relocation +# +# * disable lazy library binding +# * makes shared libraries read-only after ASLR relocation +# * '-z,now', ("full" RELRO), marks entire Global Offset Table as read-only +# * prevents an attacker from gaining execution control through the GOT +# +# see: http://redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro +# see: http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html +CFLAGS="$CFLAGS -Wl,-z,relro,-z,now" + +# Reject undefined symbols at link time and forbid underlinking. +# Many attacks rely on taking control of these undefined symbols. +# +# This also allows you to see errors during the build +# rather than pushing a bug to occur at run time. +# +# see: http://bugzilla.mozilla.org/show_bug.cgi?id=333640 +# see: http://wiki.rosalab.ru/ru/index.php/Underlinking#Why_underlinking_is_bad +CFLAGS="$CFLAGS -Wl,-z,defs" + +# Enable buffer overflow checks. +# +# see: http://access.redhat.com/blogs/766093/posts/1976213 +CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + +# Enable bounds checking for strings as well as null pointer checks. +# +# see: http://gcc.gnu.org/onlinedocs/libstdc++/manual/using_macros.html +CPPFLAGS="$CPPFLAGS -D_GLIBCXX_ASSERTIONS" + +# Error on exceeding of array boundaries +CFLAGS="$CFLAGS -Werror=array-bounds" + +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# 3. Warnings (can be replaced with -Werror if you wish) +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# Warn about format functions that present possible security vulnerabilities. +CFLAGS="$CFLAGS -Wformat -Wformat-security" + +# Warn about implicitly declared functions, can cause undefined behavior. +CFLAGS="$CFLAGS -Wimplicit-function-declaration" + +# Warn about signed<->unsigned conversion. +CFLAGS="$CFLAGS -Wconversion -Wsign-conversion" + +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# 4. Finishing up +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# Use same flags for C++ as for C +CXXFLAGS="$CFLAGS" + +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +# 5. Path variables - edit at your own risk +# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* +LIBRARY_PATH=".:$ROOT/lib:$ROOT/libexec" +LD_LIBRARY_PATH="$LIBRARY_PATH" +CPATH=".:$ROOT/include" +PKG_CONFIG_PATH="$ROOT/lib/pkgconfig:$ROOT/share/pkgconfig" +BINDIR="$PREFIX"/bin +LIBDIR="$PREFIX"/lib +MANDIR="$PREFIX"/share/man +SBINDIR="$BINDIR" +LIBEXECDIR="$LIBDIR" + +# vim:ft=config diff --git a/ports/core/hi/hi.pkgfile b/ports/core/hi/hi.pkgfile new file mode 100644 index 00000000..bf4aecdf --- /dev/null +++ b/ports/core/hi/hi.pkgfile @@ -0,0 +1,7 @@ +info='hello world test package' +url=https://wvr.sh/u/7NvK.tar.xz +ver=1.0 +build() { + bs_make + bs_make install +} diff --git a/ports/core/hi/hi.sums b/ports/core/hi/hi.sums new file mode 100644 index 00000000..0ed00e5a --- /dev/null +++ b/ports/core/hi/hi.sums @@ -0,0 +1 @@ +86fb5635d86537c6c11829325dd095cfc35fba554a4086cfc334e094e81a34e49bd9085b814712741b062de04999edf2dfb0fb3ec03c24b3e5c66cbeb483f3d5 hi#1.0.tar.xz diff --git a/tools/mksum b/tools/mksum new file mode 100755 index 00000000..b6b95329 --- /dev/null +++ b/tools/mksum @@ -0,0 +1,38 @@ +#!/bin/sh +# +# tool to quickly generate checksum files for ports +# +# http://github.com/bonsai-linux/bonsai +# + +# import bonsai functions +. "$(which bonsai)" + +pkgfile=$(printf '%s\n' ./*.pkgfile) + +[ -f "$pkgfile" ] || die "no pkgfile found in \$PWD" + +. "$pkgfile" + +name=${pkgfile%.pkgfile} +name=${name#./} + +# add checksums of all port's files, ex: patches, omitting leading './' +find . -type f ! -name . ! -name '*.pkgfile' ! -name '*.sums' | \ +while read -r file ; do + set -- $(sha512sum "$file") + printf '%s %s\n' "$1" "${2#./}" +done >"$name".sums + +if [ "$url" ] && [ "$ver" ] ; then + getext "$url" + pkg=$name\#$ver + + trap 'rm "$SOURCES/$pkg$ext" 2>/dev/null' EXIT INT TERM + + get + + # add checksum of tarball, omitting leading path + set -- $(sha512sum "$SOURCES/$pkg$ext") + printf '%s %s\n' "$1" "${2##*/}" >>"$name".sums +fi