09/02/2020: This week in KISS (#10)

More package manager goodies this week.

dylan-scrot

Package Manager build hooks

It is now possible to hook into specific "events" in the package manager with a script. Right now only pre-build and post-build are supported though I expect to see this list expand as users need them.

The KISS_HOOK environment variable takes the path to a shellscript which is then executed with three additional environment variables defined. Rather than needing a separate script per event, a single script is all that is required.

The following three environment variables are defined:

A simple script to set different CFLAGS for specific flags could look as follows.

#!/bin/sh

case $TYPE in
    pre-build)
        case $PKG in
           zlib) export CFLAGS="-Os -static" ;;
           curl) export CFLAGS="-O3" ;;
        esac
    ;;

    post-build)
        # post-build code here.
    ;;
esac

This paves the way for finer tuning of compilation settings for LTO and more aggressive compiler options. See: /r/kisslinux post

Smarter /etc/ handling

The package manager now performs a 3-way "handshake" to determine how it should handle the installation of files in /etc. In short, when a file cannot be overwritten due to user modifications it is installed as $file.new.

This is very similar to how Arch Linux handles /etc and it's a really nice way of doing things.

KISS_AUDIT

A new opt-in feature has been added which will open a scrollable diff of every modified file for a system update. This was implemented to allow users to easily get a deeper insight as to what will happen during updates.

The repositories themselves aregit repositories so this is simply a git diff call post-fetch.

To enable this feature set KISS_AUDIT to 1.

GCC static-pie fix

Our GCC builds enable PIE by default though this wasn't applied when compiling statically. A patch was submitted by Owen Rafferty which fixes this issue.

To revert to the previous behavior the following $CFLAGS can be used -fno-pie -no-pie.

Changes to non-root Xorg

Our default non-root Xorg configuration required the user be in the input group to function correctly. This is no longer a requirement and you may now remove yourself from the group.

Instead, our Xorg is now setgidinput which limits the permissions to /dev/input solely to Xorg. Any applications spawned under Xorg will not be able to read /dev/input.

This is a nicer and more secure default configuration.

GNU tar and BSD tar (libarchive) support added to the package manager

These two tar implementations are now supported in the package manager further reducing the dependence on busybox. I have found these to be faster than busybox's tar for those large source tarballs.

Official Repositories

Community