#!/data/data/com.fufront.app/files/usr/bin/bash # Fufront apt repo bootstrap. # Run on Fufront (Android) once to enable apt install from apt.fufrontai.com. # # curl -fsSL https://apt.fufrontai.com/setup.sh | bash # set -eu REPO_HOST="https://apt.fufrontai.com" SUITE="fufront" COMPONENT="main" # Expected fingerprint of the signing key — refuse if downloaded key mismatches EXPECTED_FPR="5B83C1837A79DB6310A5ED816A011B3F8CA8A7DD" # Sanity: are we running inside Fufront? if [[ -z "${PREFIX:-}" || ! -d "$PREFIX/etc/apt" ]]; then echo "ERROR: \$PREFIX/etc/apt not found. Run this inside Fufront." >&2 exit 1 fi KEY_DST="$PREFIX/etc/apt/trusted.gpg.d/fufront-archive.gpg" SRC_LIST="$PREFIX/etc/apt/sources.list" echo "[1/4] Downloading signing key …" mkdir -p "$PREFIX/etc/apt/trusted.gpg.d" tmpkey="$(mktemp)" trap 'rm -f "$tmpkey"' EXIT curl -fsSL "$REPO_HOST/fufront-archive-keyring.gpg" -o "$tmpkey" echo "[2/4] Verifying key fingerprint …" if command -v gpg >/dev/null 2>&1; then got_fpr=$(gpg --with-colons --show-keys "$tmpkey" 2>/dev/null \ | awk -F: '/^fpr:/ {print $10; exit}') if [[ "$got_fpr" != "$EXPECTED_FPR" ]]; then echo "ERROR: fingerprint mismatch." >&2 echo " expected: $EXPECTED_FPR" >&2 echo " got: $got_fpr" >&2 exit 1 fi echo " OK: $got_fpr" else echo " [skip] gpg not installed yet — accepting key without local fingerprint check." echo " (server-side InRelease will still be signature-verified by apt.)" fi mv "$tmpkey" "$KEY_DST" chmod 644 "$KEY_DST" echo "[3/6] Writing sources.list …" cat > "$SRC_LIST" </dev/null \ | grep -qE 'half-installed|half-configured|unpacked'; then RESIDUE+=("$p") fi done if (( ${#RESIDUE[@]} > 0 )); then echo " removing broken: ${RESIDUE[*]}" dpkg --remove --force-remove-reinstreq "${RESIDUE[@]}" || true else echo " none, skipping" fi echo "[6/6] apt update + apt --fix-broken install" rm -rf "$PREFIX/var/lib/apt/lists/"* apt update apt --fix-broken install -y || true echo echo "Done. Try: apt install openssh tmux nano htop python nodejs-lts"