Add 'portzap [setup|teardown]'
And improve setup/setup-doas.
This commit is contained in:
parent
364d40c71f
commit
493eb51b68
7 changed files with 78 additions and 13 deletions
14
README.md
14
README.md
|
@ -8,15 +8,19 @@ can be installed into `/usr/ports/` by root.
|
||||||
|
|
||||||
## CLI
|
## CLI
|
||||||
|
|
||||||
### CLI: setup-portzap
|
### CLI: setup
|
||||||
|
|
||||||
`setup-portzap` should be run after installing portzap for
|
`portzap setup` should be run after installing portzap for
|
||||||
the first time. <br> There is no harm in running `setup-portzap`
|
the first time. <br> There is no harm in running `portzap setup`
|
||||||
multiple times:
|
multiple times:
|
||||||
|
|
||||||
# Add the '_portzap' user, group and home directory
|
# Add the '_portzap' user, group and home directory
|
||||||
# This command requires root privileges
|
# This command requires root privileges
|
||||||
root@localhost# setup-portzap
|
root@localhost# portzap setup
|
||||||
|
|
||||||
|
# Reverse the changes made by 'portzap setup'
|
||||||
|
# This command requires root privileges
|
||||||
|
root@localhost# portzap teardown
|
||||||
|
|
||||||
### CLI: group
|
### CLI: group
|
||||||
|
|
||||||
|
@ -72,7 +76,7 @@ recent version of portzap can be installed via git:
|
||||||
|
|
||||||
# Install
|
# Install
|
||||||
root@localhost# make install
|
root@localhost# make install
|
||||||
root@localhost# setup-portzap
|
root@localhost# portzap setup
|
||||||
|
|
||||||
# Add user to '_portzap' group
|
# Add user to '_portzap' group
|
||||||
root@localhost# pw groupmod -n _portzap -m <user>
|
root@localhost# pw groupmod -n _portzap -m <user>
|
||||||
|
|
12
bin/portzap
12
bin/portzap
|
@ -42,6 +42,12 @@ while [ "${i}" -le "$#" ]; do
|
||||||
done
|
done
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
|
"setup")
|
||||||
|
"${libexec}"/commands/portzap-setup
|
||||||
|
;;
|
||||||
|
"teardown")
|
||||||
|
"${libexec}"/commands/portzap-teardown
|
||||||
|
;;
|
||||||
"clone")
|
"clone")
|
||||||
require_dependency "git doas"
|
require_dependency "git doas"
|
||||||
"${libexec}"/commands/portzap-clone "${giturl}" "${gitdir}" "${defaultbranch}"
|
"${libexec}"/commands/portzap-clone "${giturl}" "${gitdir}" "${defaultbranch}"
|
||||||
|
@ -68,7 +74,11 @@ case $1 in
|
||||||
*)
|
*)
|
||||||
printf "Usage: portzap COMMAND [OPTIONS]\n"
|
printf "Usage: portzap COMMAND [OPTIONS]\n"
|
||||||
printf "\n"
|
printf "\n"
|
||||||
printf "Commands:\n"
|
printf "Setup\n"
|
||||||
|
printf " setup Setup portzap for the first time\n"
|
||||||
|
printf " teardown Reverse the changes made by 'portzap setup'\n"
|
||||||
|
printf "\n"
|
||||||
|
printf "General\n"
|
||||||
printf " clone Clone the hardenedbsd ports tree\n"
|
printf " clone Clone the hardenedbsd ports tree\n"
|
||||||
printf " pull Pull updates from the hardenedbsd ports tree\n"
|
printf " pull Pull updates from the hardenedbsd ports tree\n"
|
||||||
printf " checkout Checkout a branch other than the default\n"
|
printf " checkout Checkout a branch other than the default\n"
|
||||||
|
|
|
@ -3,7 +3,7 @@ set -e
|
||||||
|
|
||||||
##
|
##
|
||||||
# variables
|
# variables
|
||||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/..)}
|
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||||
libexec="${localbase}"/libexec/portzap
|
libexec="${localbase}"/libexec/portzap
|
||||||
|
|
||||||
##
|
##
|
25
libexec/portzap/commands/portzap-teardown
Executable file
25
libexec/portzap/commands/portzap-teardown
Executable file
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
|
||||||
|
##
|
||||||
|
# variables
|
||||||
|
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||||
|
libexec="${localbase}"/libexec/portzap
|
||||||
|
user=_portzap
|
||||||
|
|
||||||
|
##
|
||||||
|
# functions
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
. "${libexec}"/functions/print.sh
|
||||||
|
|
||||||
|
##
|
||||||
|
# main
|
||||||
|
if [ "$(id -u)" = "0" ]; then
|
||||||
|
pw userdel -n "${user}" || true
|
||||||
|
pw groupdel -n "${user}" || true
|
||||||
|
rm -rf /home/"${user}"/ || true
|
||||||
|
printok "done"
|
||||||
|
else
|
||||||
|
printerr "you must be root"
|
||||||
|
exit 1
|
||||||
|
fi
|
|
@ -16,9 +16,12 @@ sharedir="${localbase}"/share/portzap
|
||||||
# main
|
# main
|
||||||
src="${sharedir}"/doas.conf
|
src="${sharedir}"/doas.conf
|
||||||
dest="${localbase}"/etc/doas.conf
|
dest="${localbase}"/etc/doas.conf
|
||||||
if grep -Fq "$(cat "${src}")" "${dest}"; then
|
cat "${src}" |
|
||||||
printok "doas.conf is up to date"
|
while read -r line; do
|
||||||
else
|
if grep "${line}" "${dest}" > /dev/null 2>&1; then
|
||||||
cat "${src}" >> "${dest}"
|
continue
|
||||||
printok "${dest} updated"
|
|
||||||
fi
|
fi
|
||||||
|
cat "${src}" >> "${dest}"
|
||||||
|
printok "modified ${dest}"
|
||||||
|
break
|
||||||
|
done
|
||||||
|
|
|
@ -5,6 +5,8 @@
|
||||||
.Nm portzap
|
.Nm portzap
|
||||||
.Nd manages a copy of the HardenedBSD ports tree
|
.Nd manages a copy of the HardenedBSD ports tree
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
|
.Nm portzap setup
|
||||||
|
.Nm portzap teardown
|
||||||
.Nm portzap clone
|
.Nm portzap clone
|
||||||
.Nm portzap pull
|
.Nm portzap pull
|
||||||
.Nm portzap checkout
|
.Nm portzap checkout
|
||||||
|
@ -16,7 +18,22 @@ manages a copy of the HardenedBSD ports tree.
|
||||||
The copy of the ports tree is maintained by members of
|
The copy of the ports tree is maintained by members of
|
||||||
the '_portzap' group, and the copy of the ports tree
|
the '_portzap' group, and the copy of the ports tree
|
||||||
can be installed into /usr/ports/ by root.
|
can be installed into /usr/ports/ by root.
|
||||||
.Sh EXAMPLES
|
.Sh SETUP
|
||||||
|
.sp
|
||||||
|
.sp
|
||||||
|
.Nm portzap setup
|
||||||
|
.br
|
||||||
|
Setup portzap for the first time
|
||||||
|
.br
|
||||||
|
This command requires root privileges
|
||||||
|
.Pp
|
||||||
|
.Nm portzap teardown
|
||||||
|
.br
|
||||||
|
Reverse the changes made by 'portzap setup'
|
||||||
|
.br
|
||||||
|
This command requires root privileges
|
||||||
|
.Pp
|
||||||
|
.Sh GENERAL
|
||||||
.sp
|
.sp
|
||||||
.sp
|
.sp
|
||||||
.Nm portzap clone
|
.Nm portzap clone
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
* vNEXT
|
* vNEXT
|
||||||
|
|
||||||
|
** Add 'setup/setup-doas' improvements
|
||||||
|
More likely to do what's expected, but blind spots still exist
|
||||||
|
|
||||||
|
** Add 'portzap setup', 'portzap teardown'
|
||||||
|
Replaces and enhances 'setup-portzap'
|
||||||
|
|
||||||
** Add libexec/portzap/commands/portzap-sh
|
** Add libexec/portzap/commands/portzap-sh
|
||||||
Runs /bin/sh within /home/_portzap/ports as the '_portzap' user
|
Runs /bin/sh within /home/_portzap/ports as the '_portzap' user
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue