2024-07-29 17:15:40 +02:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< title > TootInstall | Paul' s Site of Stuff< / title >
< meta http-equiv = "content-type" content = "text/html; charset=utf-8" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0, maximum-scale=1" >
< meta name = "robots" content = "noodp" / >
< link rel = "stylesheet" href = "https://paulwilde.uk/style.css" >
< link rel = "stylesheet" href = "https://paulwilde.uk/color/orange.css" >
< link rel = "stylesheet" href = "https://paulwilde.uk/color/background_blue.css" >
< link rel = "stylesheet" href = "https://paulwilde.uk/font-hack-subset.css" >
< meta name = "description" content = "" >
< meta property = "og:description" content = "" >
< meta property = "og:title" content = "TootInstall | Paul's Site of Stuff" >
< meta property = "og:type" content = "article" >
2024-07-29 17:16:51 +02:00
< meta property = "og:url" content = "https://paulwilde.uk/ponderings/tootinstall-concept/" >
2024-07-29 17:15:40 +02:00
< meta name = "twitter:card" content = "summary_large_image" >
< meta name = "twitter:description" content = "" >
< meta name = "twitter:title" content = "TootInstall | Paul's Site of Stuff" >
< meta property = "twitter:domain" content = "paulwilde.uk" >
2024-07-29 17:16:51 +02:00
< meta property = "twitter:url" content = "https://paulwilde.uk/ponderings/tootinstall-concept/" >
2024-07-29 17:15:40 +02:00
< link rel = "alternate" type = "application/atom+xml" title = "RSS" href = "https://paulwilde.uk/atom.xml" >
< link rel = "shortcut icon" type = "image/png" href = "/favicon.png" >
< / head >
< body class = "" >
< div class = "container" >
< header class = "header" >
< div class = "header__inner" >
< div class = "header__logo" >
< a href = "https://paulwilde.uk" style = "text-decoration: none;" >
< div class = "logo" >
Hello, I' m Paul
< / div >
< / a >
< / div >
< / div >
< nav class = "menu" >
< ul class = "menu__inner" >
< li > < a href = "/" > home< / a > < / li >
< li > < a href = "/aboutme" > about me< / a > < / li >
< li > < a href = "/ponderings" > ponderings< / a > < / li >
< li > < a href = "/iuse" > i use …< / a > < / li >
< li > < a href = "/tags" > tags< / a > < / li >
< li > < a href = "/atom.xml" > rss< / a > < / li >
< / ul >
< / nav >
< / header >
< div class = "post" >
2024-07-29 17:16:51 +02:00
< h1 class = "post-title" > < a href = "https://paulwilde.uk/ponderings/tootinstall-concept/" > TootInstall< / a > < / h1 >
2024-07-29 17:15:40 +02:00
< div class = "post-meta-inline" >
< span class = "post-date" >
2024-07-29
< / span >
< / div >
< span class = "post-tags-inline" >
:: tags:
< a class = "post-tag" href = "https://paulwilde.uk/tags/concept/" > #concept< / a >
< a class = "post-tag" href = "https://paulwilde.uk/tags/humour/" > #humour< / a >
< a class = "post-tag" href = "https://paulwilde.uk/tags/parody/" > #parody< / a >
< a class = "post-tag" href = "https://paulwilde.uk/tags/protocols/" > #protocols< / a >
< a class = "post-tag" href = "https://paulwilde.uk/tags/rfc/" > #rfc< / a >
< a class = "post-tag" href = "https://paulwilde.uk/tags/tech/" > #tech< / a > < / span >
< div class = "post-content" >
< h2 id = "tootinstall-concept" > TootInstall Concept< / h2 >
< h3 id = "status-of-this-memo" > Status of this Memo< / h3 >
< p > This memo defines a conceptual protocol for software build and install scripts
for varying platforms published via Fediverse (ActivityPub i.e Mastodon, et al) posts.< / p >
< span id = "continue-reading" > < / span > < h3 id = "overview" > Overview< / h3 >
< p > These days, the options for software build and install processes are many,
and jumping through the hoops required for some operating systems can be
troublesome and sometimes impossible.< br / >
Additionally, having to maintain many published packages for varying platforms
is laborious, and sometimes means packages in some platforms become out of date
and unmaintained.< br / >
The TootInstall concept aims to bypass many of these requirements in an effort
to have build and install scripts available for any application available on a
decentralized, federated, all-accessible platform.< / p >
< h4 id = "usage-by-developers" > Usage - by Developers< / h4 >
< p > A software developer or package maintainer would post their script using their
preferred federated ActivityPub service, and mention a < code > tootinstall bot< / code >
(i.e. < code > @tootinstall_bot@tootinstall.example< / code > ). The < code > tootinstall bot< / code > would then
parse the script and re-post it, giving attribution to the original poster.< / p >
< p > It would be in everyone's best interests if all package requirements are listed
to ensure all dependencies are satisfied before attempting the install.< / p >
< p > For example, a simple < code > tootinstall< / code > script may look like the following:< / p >
< pre data-lang = "ini" style = "background-color:#212121;color:#eeffff;" class = "language-ini " > < code class = "language-ini" data-lang = "ini" > < span > @tootinstall_bot@tootinstall< / span > < span style = "color:#89ddff;" > .< / span > < span > example
< / span > < span style = "color:#89ddff;" > +++
< / span > < span style = "color:#f78c6c;" > name < / span > < span style = "color:#89ddff;" > = < / span > < span style = "color:#c3e88d;" > " my_package"
< / span > < span style = "color:#f78c6c;" > targets < / span > < span style = "color:#89ddff;" > =< / span > < span > [< / span > < span style = "color:#c3e88d;" > " linux+amd64" < / span > < span style = "color:#89ddff;" > , < / span > < span style = "color:#c3e88d;" > " linux+arm" < / span > < span style = "color:#89ddff;" > , < / span > < span style = "color:#c3e88d;" > " freebsd+amd64" < / span > < span > ]
< / span > < span style = "color:#f78c6c;" > dependencies < / span > < span style = "color:#89ddff;" > =< / span > < span > [< / span > < span style = "color:#c3e88d;" > " bash" < / span > < span style = "color:#89ddff;" > ,< / span > < span style = "color:#c3e88d;" > " git" < / span > < span > ]
< / span > < span style = "color:#89ddff;" > +++
< / span > < span style = "font-style:italic;color:#4a4a4a;" > #!/usr/bin/env bash
< / span > < span style = "color:#f78c6c;" > git < / span > < span > clone https://gitrepo.example/me/my_package < / span > < span style = "color:#89ddff;" > /< / span > < span > tmp< / span > < span style = "color:#89ddff;" > /< / span > < span > my_package
< / span > < span style = "color:#f78c6c;" > cd < / span > < span style = "color:#89ddff;" > /< / span > < span > tmp< / span > < span style = "color:#89ddff;" > /< / span > < span > my_package
< / span > < span style = "color:#f78c6c;" > cp < / span > < span style = "color:#89ddff;" > ./< / span > < span > my_package < / span > < span style = "color:#89ddff;" > /< / span > < span > usr< / span > < span style = "color:#89ddff;" > /< / span > < span > local< / span > < span style = "color:#89ddff;" > /< / span > < span > bin< / span > < span style = "color:#89ddff;" > /< / span > < span > my_package
< / span > < / code > < / pre >
< p > which the bot would receive, and re-post like so:< / p >
< pre data-lang = "ini" style = "background-color:#212121;color:#eeffff;" class = "language-ini " > < code class = "language-ini" data-lang = "ini" > < span style = "color:#89ddff;" > +++
< / span > < span style = "color:#f78c6c;" > name < / span > < span style = "color:#89ddff;" > = < / span > < span style = "color:#c3e88d;" > " my_package"
< / span > < span style = "color:#f78c6c;" > targets < / span > < span style = "color:#89ddff;" > =< / span > < span > [< / span > < span style = "color:#c3e88d;" > " linux+amd64" < / span > < span style = "color:#89ddff;" > , < / span > < span style = "color:#c3e88d;" > " linux+arm" < / span > < span style = "color:#89ddff;" > , < / span > < span style = "color:#c3e88d;" > " freebsd+amd64" < / span > < span > ]
< / span > < span style = "color:#f78c6c;" > dependencies < / span > < span style = "color:#89ddff;" > =< / span > < span > [< / span > < span style = "color:#c3e88d;" > " bash" < / span > < span style = "color:#89ddff;" > ,< / span > < span style = "color:#c3e88d;" > " git" < / span > < span > ]
< / span > < span style = "color:#f78c6c;" > author < / span > < span style = "color:#89ddff;" > = < / span > < span style = "color:#c3e88d;" > " @you@a_mastodon_instance.example"
< / span > < span style = "color:#f78c6c;" > date < / span > < span style = "color:#89ddff;" > = < / span > < span style = "color:#c3e88d;" > " 2024-29-07T14:48:00"
< / span > < span style = "color:#f78c6c;" > status < / span > < span style = "color:#89ddff;" > = < / span > < span style = "color:#c3e88d;" > " pending approval"
< / span > < span style = "color:#f78c6c;" > tootinstall_host < / span > < span style = "color:#89ddff;" > = < / span > < span style = "color:#c3e88d;" > " packages.tootinstall.example"
< / span > < span style = "color:#89ddff;" > +++
< / span > < span style = "font-style:italic;color:#4a4a4a;" > #!/usr/bin/env bash
< / span > < span style = "color:#f78c6c;" > git < / span > < span > clone https://gitrepo.example/me/my_package < / span > < span style = "color:#89ddff;" > /< / span > < span > tmp< / span > < span style = "color:#89ddff;" > /< / span > < span > my_package
< / span > < span style = "color:#f78c6c;" > cd < / span > < span style = "color:#89ddff;" > /< / span > < span > tmp< / span > < span style = "color:#89ddff;" > /< / span > < span > my_package
< / span > < span style = "color:#f78c6c;" > cp < / span > < span style = "color:#89ddff;" > ./< / span > < span > my_package< / span > < span style = "color:#89ddff;" > .< / span > < span > bash < / span > < span style = "color:#89ddff;" > /< / span > < span > usr< / span > < span style = "color:#89ddff;" > /< / span > < span > local< / span > < span style = "color:#89ddff;" > /< / span > < span > bin< / span > < span style = "color:#89ddff;" > /< / span > < span > my_package
< / span > < / code > < / pre >
< p > The < code > tootinstall bot< / code > should have RSS enabled for their posts, which is then
parsed by a < code > tootinstall helper< / code > and collated into a < code > tootinstall database< / code > and
published on a < code > tootinstall host< / code > .< / p >
< h4 id = "usage-by-end-users" > Usage - by End Users< / h4 >
< p > An end user only requires a simple portable < code > tootinstall< / code > binary which can be
used as follows:< / p >
< pre data-lang = "sh" style = "background-color:#212121;color:#eeffff;" class = "language-sh " > < code class = "language-sh" data-lang = "sh" > < span style = "color:#82aaff;" > tootinstall install my_package @packages.tootinstall.example
< / span > < / code > < / pre >
< h3 id = "tootinstall-bot" > TootInstall Bot< / h3 >
< p > A < code > tootinstall bot< / code > is a ActivityPub account that is able to read posts it is
mentioned in, adapt incoming information and create new posts with correctly
formatted < code > tootinstall script< / code > text.< / p >
< p > It must:< / p >
< ul >
< li > be able to publish their ActivityPub feed via RSS so a
< code > tootinstall helper< / code > is able to easily read posts it sends for new
< code > tootinstall scripts< / code > .< / li >
< li > post a < code > tootinstall script< / code > as a new post,
not a reply, nor a boost, nor a quote boost, nor anything similar,
to simplify RSS feed handling.< / li >
< li > create 'author', 'date', 'status', and
'tootinstall_host' tags in the < code > tootinstall script< / code > and ignore those in the
original post to prevent information poisoning.< / li >
< li > be able to operate a blacklist of accounts/instances to prevent spamming< / li >
< / ul >
< p > It may also be useful if it could:< / p >
< ul >
< li > receive boosts/favourites and forward these on to a < code > tootinstall helper< / code >
for approval and scoring purposes (see Approvals and Scoring).< / li >
< / ul >
< h3 id = "tootinstall-helper" > TootInstall Helper< / h3 >
< p > A < code > tootinstall helper< / code > is a background service that can read RSS feeds provided
by configured < code > tootinstall bots< / code > collating all new < code > tootinstall scripts< / code > it
has posted, store them in a database, and be able to search and return
information about them as requested by a < code > tootinstall< / code > user binary.< / p >
< p > It must:< / p >
< ul >
< li > be able to be configured to check multiple < code > tootinstall bot< / code > RSS feeds to
allow for a more federated and decentralised service.< / li >
< li > be able to write to a persistent database< / li >
< li > be able to return a script by name< / li >
< li > NOT allow anyone other than the original author or maintainers to update a script< / li >
< li > be able to operate a blacklist of accounts/instances to prevent spamming< / li >
< / ul >
< p > It would also be useful if it could:< / p >
< ul >
< li > increment a version number of a < code > tootinstall script< / code > automatically. Incoming version numbers
should be ignored.< / li >
< / ul >
< h3 id = "tootinstall-host" > TootInstall Host< / h3 >
< p > A < code > tootinstall host< / code > is a web frontend used by < code > tootinstall< / code > user binary
that is able to utilise the < code > tootinstall helper< / code > to return < code > tootinstall scripts< / code > .< / p >
< p > It must:< / p >
< ul >
< li > be accessible on the internet< / li >
< li > be able to search and return a list of packages in < code > json< / code > format< / li >
< li > be able to return a specific package script by name in < code > toml< / code > format< / li >
< / ul >
< p > Endpoint URLs should be as follows:< / p >
< ul >
< li > /search?q=package_name< / li >
< li > /install?p=package_name< / li >
< / ul >
< h4 id = "the-tootinstall-bot-helper-and-host-can-all-be-the-same-system-and-do-not-necessarily-need-to-be-separate-services" > The TootInstall Bot, Helper and Host can all be the same system and do not necessarily need to be separate services< / h4 >
< h3 id = "tootinstall-script" > TootInstall Script< / h3 >
< p > A < code > tootinstall script< / code > is a < code > toml< / code > document describing the dependencies and
build/install process of a package.< br / >
It has the following parameters:< / p >
< ul >
< li > Editable:< / li >
< / ul >
< pre data-lang = "sh" style = "background-color:#212121;color:#eeffff;" class = "language-sh " > < code class = "language-sh" data-lang = "sh" > < span style = "color:#82aaff;" > name : string : the package name (not editable after the first post< / span > < span > )
< / span > < span style = "color:#82aaff;" > targets : array< / span > < span style = "font-style:italic;color:#c792ea;" > [< / span > < span style = "color:#82aaff;" > string< / span > < span style = "font-style:italic;color:#c792ea;" > ]< / span > < span style = "color:#82aaff;" > : a list of os+arch targets
< / span > < span style = "color:#82aaff;" > dependencies : array< / span > < span style = "font-style:italic;color:#c792ea;" > [< / span > < span style = "color:#82aaff;" > string< / span > < span style = "font-style:italic;color:#c792ea;" > ]< / span > < span style = "color:#82aaff;" > : a list of software dependencies required
< / span > < span style = "color:#82aaff;" > maintainers : array< / span > < span style = "font-style:italic;color:#c792ea;" > [< / span > < span style = "color:#82aaff;" > string< / span > < span style = "font-style:italic;color:#c792ea;" > ]< / span > < span style = "color:#82aaff;" > : a list of ActivityPub accounts who can update a script
< / span > < / code > < / pre >
< ul >
< li > Non-Editable:< / li >
< / ul >
< pre data-lang = "sh" style = "background-color:#212121;color:#eeffff;" class = "language-sh " > < code class = "language-sh" data-lang = "sh" > < span style = "color:#82aaff;" > author : string : the original author of the script
< / span > < span style = "color:#82aaff;" > date : datetime : the date and time the script was last updated (RFC3339< / span > < span > )
< / span > < span style = "color:#82aaff;" > status : string : the status of the script (pending approval, approved, archived< / span > < span > )
< / span > < span style = "color:#82aaff;" > tootinstall_host : string : the host on which this package has been published
< / span > < / code > < / pre >
< p > The Editable parameters are enclosed in < code > +++< / code > 's to define separation between the
parameters and the main script.< br / >
A < code > tootinstall script< / code > should also include a < code > shebang< / code > to ensure the script runs
as expected.< / p >
< h3 id = "tootinstall-binary" > TootInstall Binary< / h3 >
< p > A < code > tootinstall binary< / code > is a simple portable binary that anyone can download and
run to get < code > TootInstall< / code > functionality.< / p >
< p > A guideline for usage is as below:< / p >
< pre data-lang = "sh" style = "background-color:#212121;color:#eeffff;" class = "language-sh " > < code class = "language-sh" data-lang = "sh" > < span style = "color:#82aaff;" > tootinstall < / span > < span style = "font-style:italic;color:#c792ea;" > [< / span > < span style = "color:#82aaff;" > mode< / span > < span style = "font-style:italic;color:#c792ea;" > ]< / span > < span style = "color:#82aaff;" > package_name @< / span > < span style = "font-style:italic;color:#c792ea;" > [< / span > < span style = "color:#82aaff;" > tootinstall_host< / span > < span style = "font-style:italic;color:#c792ea;" > ]
< / span > < span > < / span > < span style = "color:#82aaff;" > modes:
< / span > < span > < / span > < span style = "color:#82aaff;" > install - builds and installs the package as per the script
< / span > < span > < / span > < span style = "color:#82aaff;" > download - downloads a script but does not run it
< / span > < span > < / span > < span style = "color:#82aaff;" > search - searches the tootinstall url for a package name
< / span > < span > < / span > < span style = "color:#82aaff;" > inspect - finds and displays the tootinstall script
< / span > < span >
< / span > < span > < / span > < span style = "color:#82aaff;" > parameters:
< / span > < span > < / span > < span style = "color:#82aaff;" > package_name - Required. the package name to install or
< / span > < span > < / span > < span style = "color:#82aaff;" > search or inspect
< / span > < span > < / span > < span style = "color:#82aaff;" > @[tootinstall host] - Required. the host on which a tootinstall
< / span > < span > < / span > < span style = "color:#82aaff;" > database is running
< / span > < / code > < / pre >
< p > It must:< / p >
< ul >
< li > be able to access the internet< / li >
< li > be able to search and download < code > tootinstall scripts< / code > from multiple < code > tootinstall hosts< / code > < / li >
< li > be able to run the downloaded script< / li >
< li > allow the user to inspect the script< / li >
< / ul >
< h3 id = "verification" > Verification< / h3 >
< p > The various < code > tootinstall< / code > bots and helpers should be configured to do some
basic verification of the script poster.< / p >
< p > Good examples of some basic checks are:< / p >
< ul >
< li > does the poster have a bio?< / li >
< li > does the poster have an image?< / li >
< li > has the poster been active on the fediverse for a reasonable amount of time< / li >
< li > has the poster been interacting with people of the fediverse for a reasonable
amount of time?< / li >
< li > does the poster have some other people following them?< / li >
< li > has the poster ever been boosted and/or favourited by somebody else a few times?< / li >
< / ul >
< h3 id = "scoring" > Scoring< / h3 >
< p > As a popularity/rating service, we can utilise ActivityPub boosts and favourites
as a scoring platform for < code > tootinstall scripts< / code > .< / p >
< ul >
< li > < code > favourite< / code > = "I like this" = 1 point< / li >
< li > < code > boost< / code > = "I want other people to see this" = 1 points< / li >
< / ul >
< p > A favourite and a boost from one account can give a script 2 points.< / p >
< h3 id = "approvals" > Approvals< / h3 >
< p > It < strong > would not< / strong > be sensible to publish a script immediately after posting as
doing so massively increases the risk of distributing malware.< br / >
Instead, it would be wise to implement an approval concept whereby authorised
accounts could authorise a script by replying to the < code > tootinstall bot< / code > 's post
with an approval state i.e. "approved" or "denied". A < code > tootinstall bot< / code > could
also actively seek out approval from a list of configured accounts, and post the
script privately to them before actually posting the published script.< br / >
Secondary to this, we could implement a form of crowdsourced approval whereby if
a script score reaches a certain level, it is automatically approved.< / p >
< h1 id = "written-by-paul-wilde-29th-july-2024" > Written by Paul Wilde - 29th July 2024< / h1 >
< h2 id = "paul-notnull-space" > < a href = "https://notnull.space/@paul" > @paul@notnull.space< / a > < / h2 >
< h2 id = "final-notes" > Final Notes< / h2 >
< p > OK… let's address the elephant in the room. I am < em > < strong > very< / strong > < / em > aware this is incredibly
dangerous and < em > you< / em > should be very aware this is a parody concept.
Please, everyone, PLEASE, do not implement any of this!! It is just meant as a
humorous thought experiment and is in no way intended to make it to production.< / p >
< / div >
< div class = "pagination" >
< div class = "pagination__title" >
< span class = "pagination__title-h" > Thanks for reading! Read other posts?< / span >
< hr / >
< / div >
< div class = "pagination__buttons" >
< span class = "button previous" >
< a href = "https://paulwilde.uk/ponderings/errors/" >
< span class = "button__icon" > ←< / span >
< span class = "button__text" > Wholesome Errors< / span >
< / a >
< / span >
< / div >
< / div >
< / div >
< footer class = "footer" >
< div class = "footer__inner" >
< a href = "https://notnull.space/@paul" rel = "me" > fediverse (gts)< / a >
< a href = "https://snac.notnull.space/paul" rel = "me" > fediverse (snac)< / a >
< a href = "https://codeberg.org/pswilde" rel = "me" > codeberg< / a >
< a href = "https://keyoxide.org/85633E30514CC1932E4268460ED12CF710BC42CA" rel = "me" > keyoxide< / a >
< / div >
< div class = "footer__inner" >
< div class = "copyright" >
< span > ©
2024
Paul Wilde< / span >
< span class = "copyright-theme" >
< span class = "copyright-theme-sep" > :: < / span >
Theme: < a href = "https://github.com/pawroman/zola-theme-terminimal/" > Terminimal< / a >
< / span >
< / div >
< / div >
< / footer >
< / div >
< / body >
< / html >