diff --git a/README.md b/README.md
index 09a0d4d..fea683c 100644
--- a/README.md
+++ b/README.md
@@ -8,15 +8,19 @@ can be installed into `/usr/ports/` by root.
## CLI
-### CLI: setup-portzap
+### CLI: setup
-`setup-portzap` should be run after installing portzap for
-the first time.
There is no harm in running `setup-portzap`
+`portzap setup` should be run after installing portzap for
+the first time.
There is no harm in running `portzap setup`
multiple times:
# Add the '_portzap' user, group and home directory
# This command requires root privileges
- root@localhost# setup-portzap
+ root@localhost# portzap setup
+
+ # Reverse the changes made by 'portzap setup'
+ # This command requires root privileges
+ root@localhost# portzap teardown
### CLI: group
@@ -72,7 +76,7 @@ recent version of portzap can be installed via git:
# Install
root@localhost# make install
- root@localhost# setup-portzap
+ root@localhost# portzap setup
# Add user to '_portzap' group
root@localhost# pw groupmod -n _portzap -m
diff --git a/bin/portzap b/bin/portzap
index 8258cf8..6aa26a5 100755
--- a/bin/portzap
+++ b/bin/portzap
@@ -42,6 +42,12 @@ while [ "${i}" -le "$#" ]; do
done
case $1 in
+ "setup")
+ "${libexec}"/commands/portzap-setup
+ ;;
+ "teardown")
+ "${libexec}"/commands/portzap-teardown
+ ;;
"clone")
require_dependency "git doas"
"${libexec}"/commands/portzap-clone "${giturl}" "${gitdir}" "${defaultbranch}"
@@ -68,7 +74,11 @@ case $1 in
*)
printf "Usage: portzap COMMAND [OPTIONS]\n"
printf "\n"
- printf "Commands:\n"
+ printf "Setup\n"
+ printf " setup Setup portzap for the first time\n"
+ printf " teardown Reverse the changes made by 'portzap setup'\n"
+ printf "\n"
+ printf "General\n"
printf " clone Clone the hardenedbsd ports tree\n"
printf " pull Pull updates from the hardenedbsd ports tree\n"
printf " checkout Checkout a branch other than the default\n"
diff --git a/bin/setup-portzap b/libexec/portzap/commands/portzap-setup
similarity index 83%
rename from bin/setup-portzap
rename to libexec/portzap/commands/portzap-setup
index 8b409c4..52a7e85 100755
--- a/bin/setup-portzap
+++ b/libexec/portzap/commands/portzap-setup
@@ -3,7 +3,7 @@ set -e
##
# variables
-localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/..)}
+localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
libexec="${localbase}"/libexec/portzap
##
diff --git a/libexec/portzap/commands/portzap-teardown b/libexec/portzap/commands/portzap-teardown
new file mode 100755
index 0000000..5bf6fef
--- /dev/null
+++ b/libexec/portzap/commands/portzap-teardown
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+##
+# variables
+localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
+libexec="${localbase}"/libexec/portzap
+user=_portzap
+
+##
+# functions
+# shellcheck source=/dev/null
+. "${libexec}"/functions/print.sh
+
+##
+# main
+if [ "$(id -u)" = "0" ]; then
+ pw userdel -n "${user}" || true
+ pw groupdel -n "${user}" || true
+ rm -rf /home/"${user}"/ || true
+ printok "done"
+else
+ printerr "you must be root"
+ exit 1
+fi
diff --git a/libexec/portzap/setup/setup-doas b/libexec/portzap/setup/setup-doas
index 7f4c1e4..3738784 100644
--- a/libexec/portzap/setup/setup-doas
+++ b/libexec/portzap/setup/setup-doas
@@ -16,9 +16,12 @@ sharedir="${localbase}"/share/portzap
# main
src="${sharedir}"/doas.conf
dest="${localbase}"/etc/doas.conf
-if grep -Fq "$(cat "${src}")" "${dest}"; then
- printok "doas.conf is up to date"
-else
+cat "${src}" |
+while read -r line; do
+ if grep "${line}" "${dest}" > /dev/null 2>&1; then
+ continue
+ fi
cat "${src}" >> "${dest}"
- printok "${dest} updated"
-fi
+ printok "modified ${dest}"
+ break
+done
diff --git a/man/man8/portzap.8 b/man/man8/portzap.8
index 8aa0a03..53722c6 100644
--- a/man/man8/portzap.8
+++ b/man/man8/portzap.8
@@ -5,6 +5,8 @@
.Nm portzap
.Nd manages a copy of the HardenedBSD ports tree
.Sh SYNOPSIS
+.Nm portzap setup
+.Nm portzap teardown
.Nm portzap clone
.Nm portzap pull
.Nm portzap checkout
@@ -16,7 +18,22 @@ manages a copy of the HardenedBSD ports tree.
The copy of the ports tree is maintained by members of
the '_portzap' group, and the copy of the ports tree
can be installed into /usr/ports/ by root.
-.Sh EXAMPLES
+.Sh SETUP
+.sp
+.sp
+.Nm portzap setup
+.br
+Setup portzap for the first time
+.br
+This command requires root privileges
+.Pp
+.Nm portzap teardown
+.br
+Reverse the changes made by 'portzap setup'
+.br
+This command requires root privileges
+.Pp
+.Sh GENERAL
.sp
.sp
.Nm portzap clone
diff --git a/share/portzap/CHANGELOG b/share/portzap/CHANGELOG
index 1d346d2..9beefe2 100644
--- a/share/portzap/CHANGELOG
+++ b/share/portzap/CHANGELOG
@@ -1,5 +1,11 @@
* vNEXT
+** Add 'setup/setup-doas' improvements
+More likely to do what's expected, but blind spots still exist
+
+** Add 'portzap setup', 'portzap teardown'
+Replaces and enhances 'setup-portzap'
+
** Add libexec/portzap/commands/portzap-sh
Runs /bin/sh within /home/_portzap/ports as the '_portzap' user