Statically Compiled Binaries (Packages) for Hysp🌷

---

• 📦 Status

🧰 Architecture 🧰	📦 Total Packages 📦	📝 Detailed List 📝	⏬ Upstream Source ⏬	🇨🇭 WorkFlows 🇨🇭
Linux amd // x86_64	1017	x86_64.md	Azathothas/Toolpacks/x86_64
Linux aarch64 // arm64	753	aarch64_arm64.md	Azathothas/Toolpacks/aarch64_arm64
Windows x64 // AMD64	158	x64_Windows.md	Azathothas/Toolpacks/x64_Windows

• Raw metadata containing info for all packages is available as json & toml
• ./pkgs only contains a couple of test packages. Everything is hosted at : Azathothas/Toolpacks

---

• 🚧 Security ⚙️

It is never a good idea to install random binaries from random sources.

• Check these HackerNews Discussions

• A cautionary tale from the decline of SourceForge
• Downloading PuTTY Safely Is Nearly Impossible (2014)

Hysp offers the following sane-defaults:

• CheckSums

Hysp requires either blake3sum / sha256sum in $BINARY_SOURCE.toml & always verifies them to ensure nothing has been tampered with.

• Transparency

Hysp is completely open-source. And so is the default pkg-source. The upstream repos that it uses as source are also completely open-source. You are free to audit & scrutinize everything.

!# PKG Metadata
# Everything is automated via Github Actions & Scripts
Repo --> https://github.com/metis-os/hysp-pkgs
WorkFlows --> https://github.com/metis-os/hysp-pkgs/tree/main/.github/workflows
Scripts --> https://github.com/metis-os/hysp-pkgs/tree/main/.github/scripts

!# Upstream Source
# Everything is automated via Github Actions & Build Scripts
Repo --> https://github.com/Azathothas/Toolpacks
WorkFlows --> https://github.com/Azathothas/Toolpacks/tree/main/.github/workflows
Build Scripts --> https://github.com/Azathothas/Toolpacks/tree/main/.github/scripts

• Self-Hostable : Hysp offers you to completely self-host the backend from where it fetches the binaries. If you do not trust the default pkg-source, you can configure hysp to only use your source, hosted on your own servers.

• A note on hysp allowing http-only sources

• Hysp will allow you to host your pkg-source repo anywhere & doesn't require http as it uses the checksums to verify the hashes.
• However, this decision to allow http-only sources is enabled for legacy compatibility reasons or in case you want hysp to use a HTTP_PROXY.
• Never host both your data/*.toml & source binaries on http-only server. This will expose you to MITM as an attacker could tamper with both the checksums & binaries. Hysp will not be resposible for where you host your binaries or what kind of binaries you run.
• You hold all responsibilities if you host the PKG Sources yourself.
• Check this hacker-news discussion: https://news.ycombinator.com/item?id=38457926#38473604

---

• 📟 @pwnwriter 📟

Support 💌

I am a student currently attending university. I like working for Open Source in my free time. If you find my tool or work beneficial, please consider supporting me via KO-FI or ESEWA* (Nepal only), Or by leaving a star ⭐ ; I'll appreciate your action :)

• License ㊙️

Everything is license under the MIT except for the packages... They hold their own livess :oOO

Copyright © 2023 pwnwriter xyz ☘️