raison d'Γͺtre
What? & Why?How does it all actually work?Request a new PKG/Toolπ¦ Frontend Package ManagersNotes On BuildingTypos, Grammatical Errors & Bad DocumentationAdditional Build Targets($ARCH-$OS)How To Contribute/DonateWhy NOT Host On GitHubWhy RESET ALL GIT CommitsWhere can I find the code for bin.ajam.dev?UPX Binaries β¬ποΈ GUI PKGs πCaching & RebuildsCurrent Problems & SetbacksDMCA & CopyrightContact Me
Loonix () Telegram
βΌhttps://t.me/official_loonix/63949Loonix (βΌhttps://matrix.to/#/#loonix:matrix.orgABANDONED & NOT ACTIVE
| π§° Architecture π§° | π¦ Total Binaries π¦ | π¨π WorkFlows π¨π | π§ΎLogs |
|---|---|---|---|
Android arm64-v8a |
161 |  |
BUILD.log |
Linux aarch64 // arm64 |
2438 |  |
BUILD.log |
Linux amd // x86_64 |
2507 |  |
BUILD.log |
Windows x64 // AMD64 |
157 |  |
BUILD.log |
- A Trello-Board informing the Build Status is at: https://trello.com/b/rxIHO8Zj/toolpacks-status
- Raw
metadatacontaining info for sources etc is available as JSON on bin.ajam.dev/METADATA.json & also as YAML.- See: Parse METADATA.json to learn how to parse using
jq
- Visit bin.ajam.dev
Note: The dir listing may not list everything. Make sure to check
METADATA.json
βΉοΈ Recommended βΉοΈ : Use
dbinif you want to skip everything below, sincedbinalready uses this repo as it's Source.
- It's also possible to use
"$(uname -m)"|$env:PROCESSOR_ARCHITECTURE|adb shell getprop ro.product.cpu.abivariationsSEE: https://github.com/Azathothas/Toolpacks/blob/main/Docs/METADATA.md#url-redirects
!# curl needs the `-L, --location` flag to Follow redirects !# wget works without any flags !# Example on Android curl -qfsSLO "https://bin.ajam.dev/$(getprop ro.product.cpu.abi)/$BIN_OR_PATH_TO_BIN" !# Example on Linux curl -qfsSLO "https://bin.ajam.dev/$(uname -m)/$BIN_OR_PATH_TO_BIN" !# Example on Windows Invoke-WebRequest -Uri "https://bin.ajam.dev/$env:PROCESSOR_ARCHITECTURE/$BIN_OR_PATH_TO_BIN.exe" -OutFile "$BIN.exe"Install
eget#--------------------------------------------------------------------------------------------# β― amd || x86_64 (Linux) !# As $USER mkdir -p "$HOME/bin" ; export PATH="$HOME/bin:$PATH" curl -qfsSL "https://bin.ajam.dev/x86_64_Linux/eget" -o "$HOME/bin/eget" && chmod +xwr "$HOME/bin/eget" wget -q "https://bin.ajam.dev/x86_64_Linux/eget" -O "$HOME/bin/eget" && chmod +xwr "$HOME/bin/eget" !# As ROOT sudo curl -qfsSL "https://bin.ajam.dev/x86_64_Linux/eget" -o "/usr/local/bin/eget" && sudo chmod +xwr "/usr/local/bin/eget" sudo wget -q "https://bin.ajam.dev/x86_64_Linux/eget" -O "/usr/local/bin/eget" && sudo chmod +xwr "/usr/local/bin/eget" #--------------------------------------------------------------------------------------------# #--------------------------------------------------------------------------------------------# β― arm64 || aarch64 (Linux) !# As $USER mkdir -p "$HOME/bin" ; export PATH="$HOME/bin:$PATH" curl -qfsSL "https://bin.ajam.dev/aarch64_arm64_Linux/eget" -o "$HOME/bin/eget" && chmod +xwr "$HOME/bin/eget" wget -q "https://bin.ajam.dev/aarch64_arm64_Linux/eget" -O "$HOME/bin/eget" && chmod +xwr "$HOME/bin/eget" !# As ROOT sudo curl -qfsSL "https://bin.ajam.dev/aarch64_arm64_Linux/eget" -o "/usr/local/bin/eget" && sudo chmod +xwr "/usr/local/bin/eget" sudo wget -q "https://bin.ajam.dev/aarch64_arm64_Linux/eget" -O "/usr/local/bin/eget" && sudo chmod +xwr "/usr/local/bin/eget" #--------------------------------------------------------------------------------------------# #--------------------------------------------------------------------------------------------# β― arm64-v8a (Android) !# As $USER (TERMUX) # $PREFIX:/data/data/com.termux/files/usr curl -qfSL "https://bin.ajam.dev/arm64_v8a_Android/eget" -o "$PREFIX/bin/eget" && chmod +xwr "$PREFIX/bin/eget" wget -q "https://bin.ajam.dev/arm64_v8a_Android/eget" -O "$PREFIX/bin/eget" && chmod +xwr "$PREFIX/bin/eget" !# Root requires remounting /system/bin as RWR (NOT RECOMMENDED) #--------------------------------------------------------------------------------------------#Install
7z#--------------------------------------------------------------------------------------------# β― amd || x86_64 (Linux) !# As $USER eget "https://bin.ajam.dev/x86_64_Linux/7z" --to "$HOME/bin/7z" !# As ROOT sudo eget "https://bin.ajam.dev/x86_64_Linux/7z" --to "/usr/local/bin/7z" #--------------------------------------------------------------------------------------------# #--------------------------------------------------------------------------------------------# β― arm64 || aarch64 (Linux) !# As $USER eget "https://bin.ajam.dev/aarch64_arm64_Linux/7z" --to "$HOME/bin/7z" !# As ROOT sudo eget "https://bin.ajam.dev/aarch64_arm64_Linux/7z" --to "/usr/local/bin/7z"
Info
(amd | x86_64) Linux#--------------------------------------------------------------------------------------------# β― Single/Individual Binaries !# $USER eget "https://bin.ajam.dev/x86_64_Linux/$BINARY_NAME" --to "$HOME/bin" !# ROOT sudo eget "https://bin.ajam.dev/x86_64_Linux/$BINARY_NAME" --to "/usr/local/bin" #--------------------------------------------------------------------------------------------# β― Everything All at once !# $USER !#Download .7z archive wget --quiet --show-progress --progress="dot:giga" "https://bin.ajam.dev/x86_64_Linux/_toolpack_x86_64.7z" -O "./toolpack_x86_64.7z" !# $USER mkdir -p "$HOME/bin" ; 7z e "./toolpack_x86_64.7z" -o"$HOME/bin" -y ; rm -rf "$HOME/bin/toolpack_x86_64" 2>/dev/null ; rm -rf "./toolpack_x86_64.7z" ; chmod +xwr $HOME/bin/* !# ROOT [NOT-RECOMMENDED] sudo 7z e "./toolpack_x86_64.7z" -o"/usr/local/bin" -y ; sudo rm -rf "/usr/local/bin/toolpack_x86_64" 2>/dev/null ; rm -rf "./toolpack_x86_64.7z" ; sudo chmod +xwr /usr/local/bin/* 2>/dev/null #--------------------------------------------------------------------------------------------#
Info
(aarch64 | arm64) Linux#--------------------------------------------------------------------------------------------# β― Single/Individual Binaries !# $USER eget "https://bin.ajam.dev/aarch64_arm64_Linux/$BINARY_NAME" --to "$HOME/bin" !# ROOT sudo eget "https://bin.ajam.dev/aarch64_arm64_Linux/$BINARY_NAME" --to "/usr/local/bin" #--------------------------------------------------------------------------------------------# β― Everything All at once !# $USER !#Download .7z archive wget --quiet --show-progress --progress="dot:giga" "https://bin.ajam.dev/aarch64_arm64_Linux/_toolpack_aarch64_arm64.7z" -O "./toolpack_aarch64_arm64.7z" !# $USER mkdir -p "$HOME/bin" ; 7z e "./toolpack_aarch64_arm64.7z" -o"$HOME/bin" -y ; rm -rf "$HOME/bin/toolpack_aarch64_arm64" 2>/dev/null ; rm -rf "./toolpack_aarch64_arm64.7z" ; chmod +xwr $HOME/bin/* !# ROOT [NOT-RECOMMENDED] sudo 7z e "./toolpack_aarch64_arm64.7z" -o"/usr/local/bin" -y ; sudo rm -rf "/usr/local/bin/toolpack_aarch64_arm64" 2>/dev/null ; rm -rf "./toolpack_aarch64_arm64.7z" ; sudo chmod +xwr /usr/local/bin/* 2>/dev/null #--------------------------------------------------------------------------------------------#
Info
(arm64-v8a) Android#--------------------------------------------------------------------------------------------# β― Single/Individual Binaries eget "https://bin.ajam.dev/arm64_v8a_Android/$BINARY_NAME" --to "$PREFIX/bin/$BINARY_NAME" #--------------------------------------------------------------------------------------------# β― Everything All at once !# Create tmp dir pushd "$(mktemp -d)" !# Download all bins for url in $(curl -qfsSL "https://bin.ajam.dev/arm64_v8a_Android/METADATA.json" | jq -r '.[].Source' | grep -v "BLAKE3SUM\|FILE\.txt\|METADATA.json\|README\.md\|SHA256SUM"); do echo -e "\n[+] $url\n" && curl -qfLJO "$url"; done !# Move all to "$PREFIX/bin" # $PREFIX=/data/data/com.termux/files/usr find . -maxdepth 1 -type f ! -name '*.md' -exec mv {} "$PREFIX/bin/" \; 2>/dev/null #chmod chmod +xwr $PREFIX/bin/* #list ls "$PREFIX/bin" | column -t ; popd #--------------------------------------------------------------------------------------------#
It is never a good idea to install random binaries from random sources.
- Check these
HackerNews Discussions
- A cautionary tale from the decline of SourceForge
- Downloading PuTTY Safely Is Nearly Impossible (2014)
- Post-xz backdoor, how to know when to trust niche-distro binaries?
- A number of FAQs were also answered when Hysp (Frontend PKG Manager) was featured on HN: https://news.ycombinator.com/item?id=38457926
The amount of work and the near impossibility to ensure that every source used, provide reproducibility, is infeasibly impractical. Even if it were practical, not every
pkg/toolprovides source code, so this is impractical.
- Reasons to Trust this Repo
- All the Build Scripts & workflows are completely open-source. You are free to audit & scrutinize everything.
# Everything is automated via Github Actions & Build Scripts WorkFlows --> https://github.com/Azathothas/Toolpacks/tree/main/.github/workflows Build Scripts --> https://github.com/Azathothas/Toolpacks/tree/main/.github/scripts # Build LOGS (BUILD.log] are generated at Build Time & Pushed both to Github & R2
- Complete
RAWBuild Logs is made available with the exception ofPersonal Access Tokenseverytime the Workflows are run.- Both
SHA256SUM&BLAKE3SUMare automatically generated right after build script finishes.- If it still doesn't inspire confidence, there's a Docker Image you can Configure to Run & Reproduce any Binary/Build Script on your own Secure System.
- Dockerfiles: https://github.com/Azathothas/Toolpacks/tree/main/.github/runners
- Note: Checksums may not be reproduced reliably (See Reason Below)
- Reasons NOT to trust this Repo
- Repos that already publish pre-compiled static binaries, nothing is changed (Other than stripping Debug Symbols & Comments). You can compare checksums.
- However, for repos that don't publish releases or at least not statically linked binaries, there is no way for you to end up with the same binary even when you use the same build scripts. In this case,
checksumsare meaningless as each build will produce different checksums. Your only option is totrust me broor:
- Fork this repo : https://github.com/Azathothas/Toolpacks/fork
- Read & Verify everything : Scripts & Workflows
- Read the DOCS & Setup your own Infrastructure.
- You may contact me at: https://ajam.dev/contact if you need help setting up your own.
- First, it's important to verify that the alert is NOT a False Positive and truly confirm that indeed the Binary is Malicious
- Second, check the affected Binary's Build Script, the latest BUILD.log & finally CHECKSUMS
- Third, if you find everything is as it should be, create an Issue & attach Verifiable and Reproducible Proof.
- It's important to NOTE that I DO NOT WRITE/OWN the binaries I compile and CAN NOT BE HELD RESPONSIBLE if the
Devloperhas DELIBERATELY made it Malicious. If that's the case, it's best to Notify Me (Create an Issue OR Contact Me) & also Report To Github the Original Repo like here: https://github.com/orgs/community/discussions/63603- All of the Build Servers follow Standard Security Hardening to mitigate Supply Chain Attacks, so a single Malicious Binary is more probable than ALL of the binaries being Infected.
- Once again to reiterate, the source code of the packages or tools compiled here is not controlled in anyway.
- The process involves fetching the code and following standard build procedures which are well documented and the scripts available to audit.
- In the case of binaries, whose upstream developers do not provide source code (ngrok, Twingate, etc.) OR themselves provide a pre-compiled static binary (Github Releases), the binary is simply fetched AS-IS (Other than stripping Debug Symbols).
- It cannot be guaranteed that the upstream source is entirely safe or legitimate. It's upto you to exercise basic common sense and vigilance when using these binaries.