initial commit

2024-09-25 07:15:38 +03:00
commit b3e063d79a
17 changed files with 970 additions and 0 deletions
--- a/scripts/apt-clean.sh
+++ b/scripts/apt-clean.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+set -f
+
+## apt
+find /var/cache/apt/ ! -type d ! -name 'lock' -delete
+find /var/lib/apt/ ! -type d -wholename '/var/lib/apt/listchanges*' -delete
+find /var/lib/apt/lists/ ! -type d ! -name 'lock' -delete
+find /var/log/ ! -type d -wholename '/var/log/apt/*' -delete
+find /var/log/ ! -type d -wholename '/var/log/aptitude*' -delete
+
+## dpkg
+: "${DPKG_ADMINDIR:=/var/lib/dpkg}"
+truncate -s 0 "${DPKG_ADMINDIR}/available"
+find "${DPKG_ADMINDIR}/" ! -type d -wholename "${DPKG_ADMINDIR}/*-old" -delete
+find /var/log/ ! -type d -wholename '/var/log/alternatives.log' -delete
+find /var/log/ ! -type d -wholename '/var/log/dpkg.log' -delete
+
+## DONT DO THIS AT HOME!
+find "${DPKG_ADMINDIR}/" ! -type d -wholename "${DPKG_ADMINDIR}/info/*.symbols" -delete
+
+## debconf
+find /var/cache/debconf/ ! -type d -wholename '/var/cache/debconf/*-old' -delete
+
+__t=$(mktemp) ; : "${__t:?}"
+debconf_trim_i18n() {
+    mawk 'BEGIN { m = 0 }
+    $0 == "" { print }
+    /^[^[:space:]]/ {
+        if ($1 ~ "\.[Uu][Tt][Ff]-?8:") { m = 1; next; }
+        m = 0; print $0;
+    }
+    /^[[:space:]]/ {
+        if (m == 1) next;
+        print $0;
+    }' < "$1" > "${__t}"
+    cat < "${__t}" > "$1"
+}
+
+debconf_trim_i18n /var/cache/debconf/templates.dat
+while read -r tmpl ; do
+    [ -n "${tmpl}" ] || continue
+    [ -s "${tmpl}" ] || continue
+    debconf_trim_i18n "${tmpl}"
+done <<EOF
+$(find "${DPKG_ADMINDIR}/info/" -type f -name '*.templates' | sort -V)
+EOF
+rm -f "${__t}" ; unset __t
+
+## misc
+rm -f /var/cache/ldconfig/aux-cache
+
+exit 0
--- a/scripts/apt-env.sh
+++ b/scripts/apt-env.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -a
+DEBCONF_NONINTERACTIVE_SEEN=true
+DEBIAN_FRONTEND=noninteractive
+DEBIAN_PRIORITY=critical
+TERM=linux
+set +a
+exec "$@"
--- a/scripts/apt-install.sh
+++ b/scripts/apt-install.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+set -ef
+
+find_fresh_ts() {
+	{
+		find "$@" -exec stat -c '%Y' '{}' '+' 2>/dev/null || :
+		# duck and cover!
+		echo 1
+	} | sort -rn | head -n 1
+}
+
+_apt_update() {
+	# update package lists; may fail sometimes,
+	# e.g. soon-to-release channels like Debian "bullseye" @ 22.04.2021
+
+	# (wannabe) smart package list update
+	ts_sources=$(find_fresh_ts /etc/apt/ -follow -regextype egrep -regex '.+\.(list|sources)$' -type f)
+	ts_lists=$(find_fresh_ts /var/lib/apt/lists/ -maxdepth 1 -regextype egrep -regex '.+_Packages(\.(bz2|gz|lz[4o]|xz|zstd?))?$' -type f)
+	if [ ${ts_sources} -gt ${ts_lists} ] ; then
+		apt-env.sh apt-get update
+	fi
+}
+
+_dpkg_avail_hack() {
+	VERSION_CODENAME=$(. /etc/os-release ; printf '%s' "${VERSION_CODENAME}") || :
+	f="${DPKG_ADMINDIR:-/var/lib/dpkg}/available"
+	# if ${VERSION_CODENAME} is empty then we're on Debian sid or so :)
+	case "${VERSION_CODENAME}" in
+	stretch | buster | bionic | focal )
+		# ref: https://unix.stackexchange.com/a/271387/49297
+		if [ -s "$f" ] ; then
+			return
+		fi
+		/usr/lib/dpkg/methods/apt/update "${DPKG_ADMINDIR:-/var/lib/dpkg}" apt apt
+	;;
+	* )
+		touch "$f"
+	;;
+	esac
+}
+
+_apt_update
+_dpkg_avail_hack
+exec apt-env.sh apt-get install -y --no-install-recommends --no-install-suggests "$@"
--- a/scripts/apt-remove.sh
+++ b/scripts/apt-remove.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -ef
+
+apt-env.sh apt-get purge -y --allow-remove-essential "$@"
+exec apt-env.sh apt-get autopurge -y
--- a/scripts/openssl-cert-auto-pem.sh
+++ b/scripts/openssl-cert-auto-pem.sh
@@ -0,0 +1,95 @@
+#!/bin/sh
+set -f
+
+[ $# -gt 0 ] || exit 0
+me=${0##*/}
+
+[ -n "$1" ] || exit 1
+[ -f "$1" ] || {
+	env printf '%s: not a file or does not exist: %q\n' "${me}" "$1" >&2
+	exit 1
+}
+[ -s "$1" ] || exit 0
+
+w=$(mktemp -d) || exit 1
+w_cleanup() {
+	[ -z "$w" ] || ls -lA "$w/" >&2
+	[ -z "$w" ] || rm -rf "$w"
+	unset w
+	exit "${1:-0}"
+}
+
+bundle_offsets() {
+	awk '
+	BEGIN { OFS = "," ; i_begin = 0 ; }
+	$0 == "-----BEGIN CERTIFICATE-----" { i_begin = NR ; }
+	$0 == "-----END CERTIFICATE-----"   { if (i_begin > 0) { print i_begin,NR ; i_begin = 0 ; } }
+	' "$1"
+}
+
+bundle_fingerprints() {
+	local x f
+	while read -r x ; do
+		[ -n "$x" ] || continue
+
+		f=$(sed -ne "${x}p" "$1" | openssl x509 -noout -fingerprint -sha256)
+		[ -n "$f" ] || f=$(sed -ne "${x}p" "$1" | openssl x509 -noout -fingerprint)
+		[ -n "$f" ] || continue
+
+		printf '%s\n' "$f" | tr '[:upper:]' '[:lower:]'
+	done < "$2"
+}
+
+openssl storeutl -certs "$1" > "$w/cert.pem" || w_cleanup 1
+[ -s "$w/cert.pem" ] || w_cleanup 1
+tr -s '\r\n' '\n' < "$w/cert.pem" > "$w/cert.txt"
+[ -s "$w/cert.txt" ] || w_cleanup 1
+rm -f "$w/cert.pem"
+
+bundle_offsets "$w/cert.txt" > "$w/cert.off"
+[ -s "$w/cert.off" ] || w_cleanup 1
+
+bundle_fingerprints "$w/cert.txt" "$w/cert.off" > "$w/cert.fp.all"
+[ -s "$w/cert.fp.all" ] || w_cleanup 1
+
+sort -uV < "$w/cert.fp.all" > "$w/cert.fp"
+while read -r fp ; do
+	[ -n "${fp}" ] || continue
+
+	n=$(grep -m1 -Fxn -e "${fp}" "$w/cert.fp.all" | cut -d : -f 1)
+	[ -n "$n" ] || continue
+
+	off=$(sed -ne "${n}p" "$w/cert.off")
+	[ -n "${off}" ] || continue
+
+	sed -ne "${off}p" "$w/cert.txt"
+done < "$w/cert.fp" > "$w/cert.pem"
+[ -s "$w/cert.pem" ] || w_cleanup 1
+rm -f "$w/cert.txt" "$w/cert.off" "$w/cert.fp.all"
+
+if [ -n "$2" ] ; then
+	while : ; do
+		if [ -e "$2" ] ; then
+			[ -f "$2" ] || break
+		fi
+		cat > "$2"
+	break ; done
+else
+	cat
+fi < "$w/cert.pem"
+
+while [ -n "$3" ] ; do
+	if [ -e "$3" ] ; then
+		[ -f "$3" ] || break
+	fi
+	cat "$w/cert.fp" > "$3"
+break ; done
+
+while [ -n "$4" ] ; do
+	if [ -e "$4" ] ; then
+		[ -f "$4" ] || break
+	fi
+	bundle_offsets "$w/cert.pem" > "$4"
+break ; done
+
+rm -rf "$w" ; unset w