web/ponderings/tootinstall-concept/index.html

375 lines
22 KiB
HTML
Raw Permalink Normal View History

2024-07-29 22:20:39 +02:00
<!DOCTYPE html>
<html lang="en">
<head>
<title>TootInstall | Paul&#x27;s Site of Stuff</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1">
<meta name="robots" content="noodp"/>
<link rel="stylesheet" href="https://paulwilde.uk/style.css">
<link rel="stylesheet" href="https://paulwilde.uk/color/orange.css">
<link rel="stylesheet" href="https://paulwilde.uk/color/background_blue.css">
<link rel="stylesheet" href="https://paulwilde.uk/font-hack-subset.css">
<meta name="description" content="">
<meta property="og:description" content="">
<meta property="og:title" content="TootInstall | Paul's Site of Stuff">
<meta property="og:type" content="article">
<meta property="og:url" content="https://paulwilde.uk/ponderings/tootinstall-concept/">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:description" content="">
<meta name="twitter:title" content="TootInstall | Paul's Site of Stuff">
<meta property="twitter:domain" content="paulwilde.uk">
<meta property="twitter:url" content="https://paulwilde.uk/ponderings/tootinstall-concept/">
<link rel="alternate" type="application/atom+xml" title="RSS" href="https://paulwilde.uk/atom.xml">
<link rel="shortcut icon" type="image/png" href="/favicon.png">
<script defer data-domain="paulwilde.uk" src="https://plausible.io/js/script.js"></script>
</head>
<body class="">
<div class="container">
<header class="header">
<div class="header__inner">
<div class="header__logo">
<a href="https://paulwilde.uk" style="text-decoration: none;">
<div class="logo">
Hello, I&#x27;m Paul
</div>
</a>
</div>
</div>
<nav class="menu">
<ul class="menu__inner">
<li><a href="/">home</a></li>
<li><a href="/aboutme">about me</a></li>
<li><a href="/ponderings">ponderings</a></li>
<li><a href="/iuse">i use …</a></li>
<li><a href="/tags">tags</a></li>
<li><a href="/atom.xml">rss</a></li>
</ul>
</nav>
</header>
<div class="post">
<h1 class="post-title"><a href="https://paulwilde.uk/ponderings/tootinstall-concept/">TootInstall</a></h1>
<div class="post-meta-inline">
<span class="post-date">
2024-07-29
</span>
</div>
<span class="post-tags-inline">
:: tags:&nbsp;
<a class="post-tag" href="https://paulwilde.uk/tags/concept/">#concept</a>&nbsp;
<a class="post-tag" href="https://paulwilde.uk/tags/humour/">#humour</a>&nbsp;
<a class="post-tag" href="https://paulwilde.uk/tags/parody/">#parody</a>&nbsp;
<a class="post-tag" href="https://paulwilde.uk/tags/protocols/">#protocols</a>&nbsp;
<a class="post-tag" href="https://paulwilde.uk/tags/rfc/">#rfc</a>&nbsp;
<a class="post-tag" href="https://paulwilde.uk/tags/tech/">#tech</a></span>
<div class="post-content">
<h2 id="tootinstall-concept">TootInstall Concept</h2>
<h3 id="status-of-this-memo">Status of this Memo</h3>
<p>This memo defines a conceptual protocol for software build and install scripts
for varying platforms published via Fediverse (ActivityPub i.e Mastodon, et al) posts.</p>
<span id="continue-reading"></span><h3 id="overview">Overview</h3>
<p>These days, the options for software build and install processes are many,
and jumping through the hoops required for some operating systems can be
troublesome and sometimes impossible.<br />
Additionally, having to maintain many published packages for varying platforms
is laborious, and sometimes means packages in some platforms become out of date
and unmaintained.<br />
The TootInstall concept aims to bypass many of these requirements in an effort
to have build and install scripts available for any application available on a
decentralized, federated, all-accessible platform.</p>
<h4 id="usage-by-developers">Usage - by Developers</h4>
<p>A software developer or package maintainer would post their script using their
preferred federated ActivityPub service, and mention a <code>tootinstall bot</code>
(i.e. <code>@tootinstall_bot@tootinstall.example</code>). The <code>tootinstall bot</code> would then
parse the script and re-post it, giving attribution to the original poster.</p>
<p>It would be in everyone's best interests if all package requirements are listed
to ensure all dependencies are satisfied before attempting the install.</p>
<p>For example, a simple <code>tootinstall</code> script may look like the following:</p>
<pre data-lang="ini" style="background-color:#212121;color:#eeffff;" class="language-ini "><code class="language-ini" data-lang="ini"><span>@tootinstall_bot@tootinstall</span><span style="color:#89ddff;">.</span><span>example
</span><span style="color:#89ddff;">+++
</span><span style="color:#f78c6c;">name </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">&quot;my_package&quot;
</span><span style="color:#f78c6c;">targets </span><span style="color:#89ddff;">=</span><span> [</span><span style="color:#c3e88d;">&quot;linux+amd64&quot;</span><span style="color:#89ddff;">, </span><span style="color:#c3e88d;">&quot;linux+arm&quot;</span><span style="color:#89ddff;">, </span><span style="color:#c3e88d;">&quot;freebsd+amd64&quot;</span><span>]
</span><span style="color:#f78c6c;">dependencies </span><span style="color:#89ddff;">=</span><span> [</span><span style="color:#c3e88d;">&quot;bash&quot;</span><span style="color:#89ddff;">,</span><span style="color:#c3e88d;">&quot;git&quot;</span><span>]
</span><span style="color:#89ddff;">+++
</span><span style="font-style:italic;color:#4a4a4a;">#!/usr/bin/env bash
</span><span style="color:#f78c6c;">git </span><span>clone https://gitrepo.example/me/my_package </span><span style="color:#89ddff;">/</span><span>tmp</span><span style="color:#89ddff;">/</span><span>my_package
</span><span style="color:#f78c6c;">cd </span><span style="color:#89ddff;">/</span><span>tmp</span><span style="color:#89ddff;">/</span><span>my_package
</span><span style="color:#f78c6c;">cp </span><span style="color:#89ddff;">./</span><span>my_package </span><span style="color:#89ddff;">/</span><span>usr</span><span style="color:#89ddff;">/</span><span>local</span><span style="color:#89ddff;">/</span><span>bin</span><span style="color:#89ddff;">/</span><span>my_package
</span></code></pre>
<p>which the bot would receive, and re-post like so:</p>
<pre data-lang="ini" style="background-color:#212121;color:#eeffff;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#89ddff;">+++
</span><span style="color:#f78c6c;">name </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">&quot;my_package&quot;
</span><span style="color:#f78c6c;">targets </span><span style="color:#89ddff;">=</span><span> [</span><span style="color:#c3e88d;">&quot;linux+amd64&quot;</span><span style="color:#89ddff;">, </span><span style="color:#c3e88d;">&quot;linux+arm&quot;</span><span style="color:#89ddff;">, </span><span style="color:#c3e88d;">&quot;freebsd+amd64&quot;</span><span>]
</span><span style="color:#f78c6c;">dependencies </span><span style="color:#89ddff;">=</span><span> [</span><span style="color:#c3e88d;">&quot;bash&quot;</span><span style="color:#89ddff;">,</span><span style="color:#c3e88d;">&quot;git&quot;</span><span>]
</span><span style="color:#f78c6c;">author </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">&quot;@you@a_mastodon_instance.example&quot;
</span><span style="color:#f78c6c;">date </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">&quot;2024-29-07T14:48:00&quot;
</span><span style="color:#f78c6c;">status </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">&quot;pending approval&quot;
</span><span style="color:#f78c6c;">tootinstall_host </span><span style="color:#89ddff;">= </span><span style="color:#c3e88d;">&quot;packages.tootinstall.example&quot;
</span><span style="color:#89ddff;">+++
</span><span style="font-style:italic;color:#4a4a4a;">#!/usr/bin/env bash
</span><span style="color:#f78c6c;">git </span><span>clone https://gitrepo.example/me/my_package </span><span style="color:#89ddff;">/</span><span>tmp</span><span style="color:#89ddff;">/</span><span>my_package
</span><span style="color:#f78c6c;">cd </span><span style="color:#89ddff;">/</span><span>tmp</span><span style="color:#89ddff;">/</span><span>my_package
</span><span style="color:#f78c6c;">cp </span><span style="color:#89ddff;">./</span><span>my_package</span><span style="color:#89ddff;">.</span><span>bash </span><span style="color:#89ddff;">/</span><span>usr</span><span style="color:#89ddff;">/</span><span>local</span><span style="color:#89ddff;">/</span><span>bin</span><span style="color:#89ddff;">/</span><span>my_package
</span></code></pre>
<p>The <code>tootinstall bot</code> should have RSS enabled for their posts, which is then
parsed by a <code>tootinstall helper</code> and collated into a <code>tootinstall database</code> and
published on a <code>tootinstall host</code>.</p>
<h4 id="usage-by-end-users">Usage - by End Users</h4>
<p>An end user only requires a simple portable <code>tootinstall</code> binary which can be
used as follows:</p>
<pre data-lang="sh" style="background-color:#212121;color:#eeffff;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#82aaff;">tootinstall install my_package @packages.tootinstall.example
</span></code></pre>
<h3 id="tootinstall-bot">TootInstall Bot</h3>
<p>A <code>tootinstall bot</code> is a ActivityPub account that is able to read posts it is
mentioned in, adapt incoming information and create new posts with correctly
formatted <code>tootinstall script</code> text.</p>
<p>It must:</p>
<ul>
<li>be able to publish their ActivityPub feed via RSS so a
<code>tootinstall helper</code> is able to easily read posts it sends for new
<code>tootinstall scripts</code>.</li>
<li>post a <code>tootinstall script</code> as a new post,
not a reply, nor a boost, nor a quote boost, nor anything similar,
to simplify RSS feed handling.</li>
<li>create 'author', 'date', 'status', and
'tootinstall_host' tags in the <code>tootinstall script</code> and ignore those in the
original post to prevent information poisoning.</li>
<li>be able to operate a blacklist of accounts/instances to prevent spamming</li>
</ul>
<p>It may also be useful if it could:</p>
<ul>
<li>receive boosts/favourites and forward these on to a <code>tootinstall helper</code>
for approval and scoring purposes (see Approvals and Scoring).</li>
</ul>
<h3 id="tootinstall-helper">TootInstall Helper</h3>
<p>A <code>tootinstall helper</code> is a background service that can read RSS feeds provided
by configured <code>tootinstall bots</code> collating all new <code>tootinstall scripts</code> it
has posted, store them in a database, and be able to search and return
information about them as requested by a <code>tootinstall</code> user binary.</p>
<p>It must:</p>
<ul>
<li>be able to be configured to check multiple <code>tootinstall bot</code> RSS feeds to
allow for a more federated and decentralised service.</li>
<li>be able to write to a persistent database</li>
<li>be able to return a script by name</li>
<li>NOT allow anyone other than the original author or maintainers to update a script</li>
<li>be able to operate a blacklist of accounts/instances to prevent spamming</li>
</ul>
<p>It would also be useful if it could:</p>
<ul>
<li>increment a version number of a <code>tootinstall script</code> automatically. Incoming version numbers
should be ignored.</li>
</ul>
<h3 id="tootinstall-host">TootInstall Host</h3>
<p>A <code>tootinstall host</code> is a web frontend used by <code>tootinstall</code> user binary
that is able to utilise the <code>tootinstall helper</code> to return <code>tootinstall scripts</code>.</p>
<p>It must:</p>
<ul>
<li>be accessible on the internet</li>
<li>be able to search and return a list of packages in <code>json</code> format</li>
<li>be able to return a specific package script by name in <code>toml</code> format</li>
</ul>
<p>Endpoint URLs should be as follows:</p>
<ul>
<li>/search?q=package_name</li>
<li>/install?p=package_name</li>
</ul>
<h4 id="the-tootinstall-bot-helper-and-host-can-all-be-the-same-system-and-do-not-necessarily-need-to-be-separate-services">The TootInstall Bot, Helper and Host can all be the same system and do not necessarily need to be separate services</h4>
<h3 id="tootinstall-script">TootInstall Script</h3>
<p>A <code>tootinstall script</code> is a <code>toml</code> document describing the dependencies and
build/install process of a package.<br />
It has the following parameters:</p>
<ul>
<li>Editable:</li>
</ul>
<pre data-lang="sh" style="background-color:#212121;color:#eeffff;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#82aaff;">name : string : the package name (not editable after the first post</span><span>)
</span><span style="color:#82aaff;">targets : array</span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">string</span><span style="font-style:italic;color:#c792ea;">]</span><span style="color:#82aaff;"> : a list of os+arch targets
</span><span style="color:#82aaff;">dependencies : array</span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">string</span><span style="font-style:italic;color:#c792ea;">]</span><span style="color:#82aaff;"> : a list of software dependencies required
</span><span style="color:#82aaff;">maintainers : array</span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">string</span><span style="font-style:italic;color:#c792ea;">]</span><span style="color:#82aaff;"> : a list of ActivityPub accounts who can update a script
</span></code></pre>
<ul>
<li>Non-Editable:</li>
</ul>
<pre data-lang="sh" style="background-color:#212121;color:#eeffff;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#82aaff;">author : string : the original author of the script
</span><span style="color:#82aaff;">date : datetime : the date and time the script was last updated (RFC3339</span><span>)
</span><span style="color:#82aaff;">status : string : the status of the script (pending approval, approved, archived</span><span>)
</span><span style="color:#82aaff;">tootinstall_host : string : the host on which this package has been published
</span></code></pre>
<p>The Editable parameters are enclosed in <code>+++</code>'s to define separation between the
parameters and the main script.<br />
A <code>tootinstall script</code> should also include a <code>shebang</code> to ensure the script runs
as expected.</p>
<h3 id="tootinstall-binary">TootInstall Binary</h3>
<p>A <code>tootinstall binary</code> is a simple portable binary that anyone can download and
run to get <code>TootInstall</code> functionality.</p>
<p>A guideline for usage is as below:</p>
<pre data-lang="sh" style="background-color:#212121;color:#eeffff;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#82aaff;">tootinstall </span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">mode</span><span style="font-style:italic;color:#c792ea;">]</span><span style="color:#82aaff;"> package_name @</span><span style="font-style:italic;color:#c792ea;">[</span><span style="color:#82aaff;">tootinstall_host</span><span style="font-style:italic;color:#c792ea;">]
</span><span> </span><span style="color:#82aaff;">modes:
</span><span> </span><span style="color:#82aaff;">install - builds and installs the package as per the script
</span><span> </span><span style="color:#82aaff;">download - downloads a script but does not run it
</span><span> </span><span style="color:#82aaff;">search - searches the tootinstall url for a package name
</span><span> </span><span style="color:#82aaff;">inspect - finds and displays the tootinstall script
</span><span>
</span><span> </span><span style="color:#82aaff;">parameters:
</span><span> </span><span style="color:#82aaff;">package_name - Required. the package name to install or
</span><span> </span><span style="color:#82aaff;">search or inspect
</span><span> </span><span style="color:#82aaff;">@[tootinstall host] - Required. the host on which a tootinstall
</span><span> </span><span style="color:#82aaff;">database is running
</span></code></pre>
<p>It must:</p>
<ul>
<li>be able to access the internet</li>
<li>be able to search and download <code>tootinstall scripts</code> from multiple <code>tootinstall hosts</code></li>
<li>be able to run the downloaded script</li>
<li>allow the user to inspect the script</li>
</ul>
<h3 id="verification">Verification</h3>
<p>The various <code>tootinstall</code> bots and helpers should be configured to do some
basic verification of the script poster.</p>
<p>Good examples of some basic checks are:</p>
<ul>
<li>does the poster have a bio?</li>
<li>does the poster have an image?</li>
<li>has the poster been active on the fediverse for a reasonable amount of time</li>
<li>has the poster been interacting with people of the fediverse for a reasonable
amount of time?</li>
<li>does the poster have some other people following them?</li>
<li>has the poster ever been boosted and/or favourited by somebody else a few times?</li>
</ul>
<h3 id="scoring">Scoring</h3>
<p>As a popularity/rating service, we can utilise ActivityPub boosts and favourites
as a scoring platform for <code>tootinstall scripts</code>.</p>
<ul>
<li><code>favourite</code> = "I like this" = 1 point</li>
<li><code>boost</code> = "I want other people to see this" = 1 point</li>
</ul>
<p>A favourite and a boost from one account can give a script 2 points.</p>
<h3 id="approvals">Approvals</h3>
<p>It <strong>would not</strong> be sensible to publish a script immediately after posting as
doing so massively increases the risk of distributing malware.<br />
Instead, it would be wise to implement an approval concept whereby authorised
accounts could authorise a script by replying to the <code>tootinstall bot</code>'s post
with an approval state i.e. "approved" or "denied". A <code>tootinstall bot</code> could
also actively seek out approval from a list of configured accounts, and post the
script privately to them before actually posting the published script.<br />
Secondary to this, we could implement a form of crowdsourced approval whereby if
a script score reaches a certain level, it is automatically approved.</p>
<h1 id="written-by-paul-wilde-29th-july-2024">Written by Paul Wilde - 29th July 2024</h1>
<h2 id="paul-notnull-space"><a href="https://notnull.space/@paul">@paul@notnull.space</a></h2>
<h2 id="final-notes">Final Notes</h2>
<p>OK… let's address the elephant in the room. I am <em><strong>very</strong></em> aware this is incredibly
dangerous and <em>you</em> should be very aware this is a parody concept.
Please, everyone, PLEASE, do not implement any of this!! It is just meant as a
humorous thought experiment and is in no way intended to make it to production.</p>
</div>
<div class="pagination">
<div class="pagination__title">
<span class="pagination__title-h">Thanks for reading! Read other posts?</span>
<hr />
</div>
<div class="pagination__buttons">
<span class="button previous">
<a href="https://paulwilde.uk/ponderings/errors/">
<span class="button__icon"></span>&nbsp;
<span class="button__text">Wholesome Errors</span>
</a>
</span>
<span class="button next">
<a href="https://paulwilde.uk/ponderings/batmon/">
<span class="button__text">BatMon</span>&nbsp;
<span class="button__icon"></span>
</a>
</span>
</div>
</div>
</div>
<footer class="footer">
<div class="footer__inner">
<a href="https:&#x2F;&#x2F;notnull.space&#x2F;@paul" rel="me">fediverse (gts)</a>
<a href="https:&#x2F;&#x2F;snac.notnull.space&#x2F;paul" rel="me">fediverse (snac)</a>
<a href="https:&#x2F;&#x2F;codeberg.org&#x2F;pswilde" rel="me">codeberg</a>
<a href="https:&#x2F;&#x2F;keyoxide.org&#x2F;85633E30514CC1932E4268460ED12CF710BC42CA" rel="me">keyoxide</a>
</div>
<div class="footer__inner">
<div class="copyright">
<span>©
2024
Paul Wilde</span>
<span class="copyright-theme">
<span class="copyright-theme-sep">:: </span>
Theme: <a href="https://github.com/pawroman/zola-theme-terminimal/">Terminimal</a>
</span>
</div>
</div>
</footer>
</div>
</body>
</html>