Kicksecure Coding Style

From Kicksecure
< Dev
Jump to navigation Jump to search

Simplicity, Brevity, Sparingly Forking Upstream Projects, Feature Removability


Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.


For lack of better term, Kicksecure is simple. It does not fork or re-compile software packages by upstream projects.

Examples of software where it is often assumed that it is being modified by Kicksecure or being asked in that is the case:

  • No good examples yet.

This has the advantage that questions and issues caused by upstream projects can be redirected upstream as per Self Support First Policy. This reduces the maintenance load at Kicksecure project.

Issues which cannot be caused by a Linux distribution are sometimes mistakenly attributed to that Linux distribution. Examples:

Related: Relationship With Upstream


In most cases goals should be reached by using 1 implementation. For example to remount /run etc. with more secure mount options an implementation should do this - if possible - either entirely in initramfs or entirely using systemd. It shouldn't do the exact same things twice in initramfs and systemd.

There’s a huge amount of things which users might potentially do which won’t make sense from Kicksecure developers point of view. For example there is the package which most users won’t know and won’t install. I am using it as an example here. No need to pick on that particular contributor of that Debian package. Why allow installation of that package? What if that contributor turned evil and somehow included a backdoor in the hello package? To prevent such a backdoor from doing damage, there could be an apt wrapper that prevents installation of that and other packages which most users will probably never need. I am not supposing to invent an apt wrapper for this hypothetical scenario. It would be worse having that code than having that risk.

Feature Removability[edit]

In case a feature becomes unmaintainable there needs to be a possiblity to remove the feature for users who use upgrade their system using apt.

Default Application Policy[edit]

See Default Application Policy.

No Trailing Whitespaces[edit]

Get a decent editor and don’t leave whitespace at the end of lines.


Do not use too deep levels of if and similar.

Bad example:

machine_id() {
   if ! test -f /etc/machine-id ; then
      existing_machine_id="$(cat /etc/machine-id)"
      ## ...

In above example there is need need to put everything under the if. This is specifically important when there are several levels of conditionals.

Example good:

machine_id() {
   if ! test -f /etc/machine-id ; then
      return 0

   existing_machine_id="$(cat /etc/machine-id)"
   ## ....

Shell Scripts[edit]

avoid sed awk whenever possible[edit]

There might be some older code (before introduction of str_replace) that uses sed / awk. Patches welcome to port to str_replace.

use str_replace whenever possible[edit] is installed in Kicksecure by default. (man [1]

use type -P instead of which[edit]

Please do not use which. Please use type -P instead.

Proper Whitespace Handling[edit]

See Dev/bash.

See Also[edit]

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!