Kicksecure Coding Style
Donate
Simplicity, Brevity, Sparingly Forking Upstream Projects, Feature Removability
stub
Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.
Simplicity
For lack of a better term, Kicksecure is simple. It does not fork or recompile software packages from upstream projects.
Examples of software where it is often assumed that it is being modified by Kicksecure, or questions arise about whether that is the case:
- No good examples yet.
This has the advantage that questions and issues caused by upstream projects can be redirected upstream, as per the Self Support First Policy. This reduces the maintenance load on the Kicksecure project.
Issues that cannot be caused by a Linux distribution are sometimes mistakenly attributed to that distribution. Examples:
- https://www.mail-archive.com/qubes-users@googlegroups.com/msg29899.html
- https://www.mail-archive.com/qubes-users@googlegroups.com/msg29573.html
- https://forums.whonix.org/t/monero-and-whonix-15-0-1-5-1-bug/10532
Related: Relationship With Upstream
Brevity
In most cases, goals should be achieved using a single implementation. For example, if remounting /run with more secure mount options is required, the implementation should do this, if possible, either entirely in initramfs / dracut or entirely using systemd. It should not duplicate the same functionality in both.
There are numerous things that users might potentially do, which may not align with Kicksecure developers' perspectives. For instance, there is the hello package, which most users are unaware of and unlikely to install. This is merely an example, and no criticism is intended toward the contributor of that Debian package.
Why allow the installation of that package? What if that contributor turned malicious and included a backdoor in the hello package? To prevent such a backdoor from causing harm, an apt wrapper could be implemented to prevent the installation of such unnecessary packages. However, introducing such a wrapper would likely be worse than the hypothetical risk itself.
Feature Removability
If a feature becomes unmaintainable, there must be a way to remove it for users who upgrade their system using apt.
No Trailing Whitespaces
Use a proper editor and ensure no trailing whitespace is left at the end of lines.
Indentation
Avoid excessive levels of if conditions and similar constructs.
- Bad example:**
machine_id() {
if ! test -f /etc/machine-id ; then
existing_machine_id="$(cat /etc/machine-id)"
## ...
fi
}
In the above example, there is no need to nest everything inside the if block. This is especially important when dealing with multiple levels of conditionals.
- Good example:**
machine_id() {
if ! test -f /etc/machine-id ; then
return 0
fi
existing_machine_id="$(cat /etc/machine-id)"
## ....
}
Shell Scripts
Avoid sed and awk whenever possible
There may be older code (from before the introduction of str_replace) that uses sed or awk. Patches are welcome to migrate such cases to str_replace.
Use str_replace whenever possible
str_replace is installed by default in Kicksecure (man page). [1]
Use type -P instead of which
Do not use which. Instead, use type -P.
https://mywiki.wooledge.org/BashFAQ/081
Proper Whitespace Handling
See Dev/bash.
See Also
A secure by default operating system with the latest security research in place.
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!