An independent package manager for unix and linux🌷

Table of contents 📔

• Why
• Installation
• Hysp usages
• Hosting custom repo
• Packages
• Security
• Support
• License

Why?? 🚩

1. Agnostic

Hysp will work Wherever (OS || Architecture) & However (Dependencies) you want it to work. Read how to configure hysp to your needs

2. No Prerequistes/Dependencies

Neither Hysp nor hysp-pkgs require any prerequistes. You just install Hysp as a single binary & that's all. This means you do not need go or rust or anything else installed to install something. No dependencies whatsoever. This saves enormous space, storage & time.

3. Self Hostable

Pkg-Source can be self-hosted by anyone and hysp can be configured to use that instead of the default source.

4. Statically Compiled/Linked Binaries by Default

The default pkgs contain only statically linked binaries that will run anywhere. You can always host dynamic or whatever you want, but Hysp will always ship portable statically linked binaries only.

5. No Special Perms/Privileges

Hysp requires no special perms or privileges. It can run completely in userspace with all of it's features.

6. Large Collection of PKGs

hysp-pkgs contains hundreds of pre-compiled (all statically linked) packages. Check the complete lists: amd ||x86_64 Linux | aarch64 || arm64 Linux

Installation 📩

🪄 Binary

 

• Manual : You can directly download the binary of your arch and run it.
• One liner : Run this script, requires jq,curl, tar & wget

wget -qO- "$(curl -qfsSL "https://api.github.com/repos/pwnwriter/hysp/releases/latest" | jq -r '.assets[].browser_download_url' | grep -Ei "$(uname -m).*$(uname -s).*musl" | grep -v "\.sha")" | tar -xzf - --strip-components=1
./hysp -h

🌼 Source

 

git clone --depth=1 https://github.com/pwnwriter/hysp --branch=main
cd hysp
cargo build --release 

Then go to release dir and ./hysp or move the binary to your any $PATH for instant access from anywhere.

🎠 Cargo

• Using crates.io

  cargo install hysp

• Using binstall

  cargo binstall hysp

  Note ⚠️ This requires a working setup of rust/cargo & binstall.

🚩 METIS Linux

 

sudo/doas pacman -Sy hysp

💢 Arch user repository

 

paru/yay -S hysp-git

Hysp usages 🎠

Firstly, if you intend to access the binaries installed via hysp over the system, you may want to...

🏵️ Setup path for hysp bin

• Add the following line to your shellrc. [ zshrc, bashrc etc. ]

  export PATH="$HOME/.local/share/hysp/bin/:$PATH"

🐤 Help menu

 

hysp |install|uninstall|search| -h # check for help menu

🔻 Installing a pkg

 

hysp install -p <pkg> # use --force to overwrite already installed binary 

🧁 Removing a pkg

 

hysp remove -p <pkg> 

🔭 Search for available pkgs

 

hysp search -p <pkg> # use --silent to strip down the console i/o

⚕️ Checking configuration health

 

hysp health

Hosting custom repo 💾

• Hysp provies the following configuration, which can be overwritten by defining a config file. Default config

    [source]
    remote = "https://raw.githubusercontent.com/metis-os/hysp-pkgs/main/data/"
    aarch = "Architecture"
  
    [local]
    home="/home/user/.local/share/hysp"
    bin="/home/user/.local/share/hysp/bin/" 
    data="/home/user/.local/share/hysp/data/Architecture/" 

• Explanation

Name	Description	Default
remote	Package repository	metis-os/hysp-pkgs
home	Home for hysp	hysp
bin	Directory to save the binaries	~/.local/share/hysp/bin
data	Directory to save pkg data	~/.local/share/hysp/data/Architecture
aarch	Your system Architecture	Only supported X86_64,aarch64

🎄 Tree view of the repo

 

.
├── available.toml # Storing available pkgs info (Optional)
├── data
│   └── x86_64 # Your cpu Architecture (aarch64 and x86_64) supported for now
│       └── foo.toml # where the package data are stored (needed)

📂 Sample pkg

 

[bin]
name = "$BIN" # Name of the pkg to be installed as

[package]
architecture = "x86_64" # Your aarchitecture 
name = "$BIN" # Your package name
description = "$DESCRIPTION" # Description
author = "$AUTHOR" # Author 
repo = "$REPO_URL" 
stars = "${STARS}"
version = "$PKG_VERSION"
updated = "$PKG_RELEASED"
size = "$SIZE"
sha = "$SHA" 
source = "$SOURCE_URL" # Source of the binary wherever it's hosted
language = "$LANGUAGE"
license = "$LICENSE"

[package.conditions]
conflicts  = ["$BIN"] # Conflictions 
requires = [] # Dependencies 

[package.metadata]
keywords = $TOPICS
categories = ["Utilities"]

Security

It is never a good idea to install random binaries from random sources. Check these HackerNews Discussions

• A cautionary tale from the decline of SourceForge
• Downloading PuTTY Safely Is Nearly Impossible (2014)

Hysp offers the following sane-defaults:

• CheckSums

Hysp requires either blake3sum / sha256sum in $BINARY_SOURCE.toml & always verifies them to ensure nothing has been tampered with.

• Transparency

Hysp is completely open-source. And so is the default pkg-source. The upstream repos that it uses as source are also completely open-source. You are free to audit & scrutinize everything.

!# PKG Metadata
# Everything is automated via Github Actions & Scripts
Repo --> https://github.com/metis-os/hysp-pkgs
WorkFlows --> https://github.com/metis-os/hysp-pkgs/tree/main/.github/workflows
Scripts --> https://github.com/metis-os/hysp-pkgs/tree/main/.github/scripts

!# Upstream Source
# Everything is automated via Github Actions & Build Scripts
Repo --> https://github.com/Azathothas/Toolpacks
WorkFlows --> https://github.com/Azathothas/Toolpacks/tree/main/.github/workflows
Build Scripts --> https://github.com/Azathothas/Toolpacks/tree/main/.github/scripts

• Self-Hostable : Hysp offers you to completely self-host the backend from where it fetches the binaries. If you do not trust the default pkg-source, you can configure hysp to only use your source, hosted on your own servers.

• A note on hysp allowing http-only sources

• Hysp will allow you to host your pkg-source repo anywhere & doesn't require http as it uses the checksums to verify the hashes.
• However, this decision to allow http-only sources is enabled for legacy compatibility reasons or in case you want hysp to use a HTTP_PROXY.
• Never host both your data/*.toml & source binaries on http-only server. This will expose you to MITM as an attacker could tamper with both the checksums & binaries. Hysp will not be resposible for where you host your binaries or what kind of binaries you run.
• You hold all responsibilities if you host the PKG Sources yourself.
• Check this hacker-news discussion: https://news.ycombinator.com/item?id=38457926#38473604

Packages whuat?? 📦

There is a list of packages available in metis-os/hysp-pkgs . You can confidently utilize the default configuration without any hesitation. However, if you prefer to host your own packages, you have the option to do so by creating your own custom configuration file under ~/.config/hysp/config.toml. See #repo

Support 💌

I am a student currently attending university. I like working for Open Source in my free time. If you find my tool or work beneficial, please consider supporting me via KO-FI or ESEWA* (Nepal only), Or by leaving a star ⭐ ; I'll appreciate your action :)

License ㊙️

Everything is license under the MIT except for the packages... They hold their own livess :oOO

Copyright © 2023 pwnwriter xyz ☘️