Add 'portzap [setup|teardown]'

And improve setup/setup-doas.
This commit is contained in:
0x1eef 2024-08-17 17:15:30 -03:00
parent 364d40c71f
commit 493eb51b68
7 changed files with 78 additions and 13 deletions

View file

@ -8,15 +8,19 @@ can be installed into `/usr/ports/` by root.
## CLI ## CLI
### CLI: setup-portzap ### CLI: setup
`setup-portzap` should be run after installing portzap for `portzap setup` should be run after installing portzap for
the first time. <br> There is no harm in running `setup-portzap` the first time. <br> There is no harm in running `portzap setup`
multiple times: multiple times:
# Add the '_portzap' user, group and home directory # Add the '_portzap' user, group and home directory
# This command requires root privileges # This command requires root privileges
root@localhost# setup-portzap root@localhost# portzap setup
# Reverse the changes made by 'portzap setup'
# This command requires root privileges
root@localhost# portzap teardown
### CLI: group ### CLI: group
@ -72,7 +76,7 @@ recent version of portzap can be installed via git:
# Install # Install
root@localhost# make install root@localhost# make install
root@localhost# setup-portzap root@localhost# portzap setup
# Add user to '_portzap' group # Add user to '_portzap' group
root@localhost# pw groupmod -n _portzap -m <user> root@localhost# pw groupmod -n _portzap -m <user>

View file

@ -42,6 +42,12 @@ while [ "${i}" -le "$#" ]; do
done done
case $1 in case $1 in
"setup")
"${libexec}"/commands/portzap-setup
;;
"teardown")
"${libexec}"/commands/portzap-teardown
;;
"clone") "clone")
require_dependency "git doas" require_dependency "git doas"
"${libexec}"/commands/portzap-clone "${giturl}" "${gitdir}" "${defaultbranch}" "${libexec}"/commands/portzap-clone "${giturl}" "${gitdir}" "${defaultbranch}"
@ -68,7 +74,11 @@ case $1 in
*) *)
printf "Usage: portzap COMMAND [OPTIONS]\n" printf "Usage: portzap COMMAND [OPTIONS]\n"
printf "\n" printf "\n"
printf "Commands:\n" printf "Setup\n"
printf " setup Setup portzap for the first time\n"
printf " teardown Reverse the changes made by 'portzap setup'\n"
printf "\n"
printf "General\n"
printf " clone Clone the hardenedbsd ports tree\n" printf " clone Clone the hardenedbsd ports tree\n"
printf " pull Pull updates from the hardenedbsd ports tree\n" printf " pull Pull updates from the hardenedbsd ports tree\n"
printf " checkout Checkout a branch other than the default\n" printf " checkout Checkout a branch other than the default\n"

View file

@ -3,7 +3,7 @@ set -e
## ##
# variables # variables
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/..)} localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
libexec="${localbase}"/libexec/portzap libexec="${localbase}"/libexec/portzap
## ##

View file

@ -0,0 +1,25 @@
#!/bin/sh
set -e
##
# variables
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
libexec="${localbase}"/libexec/portzap
user=_portzap
##
# functions
# shellcheck source=/dev/null
. "${libexec}"/functions/print.sh
##
# main
if [ "$(id -u)" = "0" ]; then
pw userdel -n "${user}" || true
pw groupdel -n "${user}" || true
rm -rf /home/"${user}"/ || true
printok "done"
else
printerr "you must be root"
exit 1
fi

View file

@ -16,9 +16,12 @@ sharedir="${localbase}"/share/portzap
# main # main
src="${sharedir}"/doas.conf src="${sharedir}"/doas.conf
dest="${localbase}"/etc/doas.conf dest="${localbase}"/etc/doas.conf
if grep -Fq "$(cat "${src}")" "${dest}"; then cat "${src}" |
printok "doas.conf is up to date" while read -r line; do
else if grep "${line}" "${dest}" > /dev/null 2>&1; then
cat "${src}" >> "${dest}" continue
printok "${dest} updated"
fi fi
cat "${src}" >> "${dest}"
printok "modified ${dest}"
break
done

View file

@ -5,6 +5,8 @@
.Nm portzap .Nm portzap
.Nd manages a copy of the HardenedBSD ports tree .Nd manages a copy of the HardenedBSD ports tree
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm portzap setup
.Nm portzap teardown
.Nm portzap clone .Nm portzap clone
.Nm portzap pull .Nm portzap pull
.Nm portzap checkout .Nm portzap checkout
@ -16,7 +18,22 @@ manages a copy of the HardenedBSD ports tree.
The copy of the ports tree is maintained by members of The copy of the ports tree is maintained by members of
the '_portzap' group, and the copy of the ports tree the '_portzap' group, and the copy of the ports tree
can be installed into /usr/ports/ by root. can be installed into /usr/ports/ by root.
.Sh EXAMPLES .Sh SETUP
.sp
.sp
.Nm portzap setup
.br
Setup portzap for the first time
.br
This command requires root privileges
.Pp
.Nm portzap teardown
.br
Reverse the changes made by 'portzap setup'
.br
This command requires root privileges
.Pp
.Sh GENERAL
.sp .sp
.sp .sp
.Nm portzap clone .Nm portzap clone

View file

@ -1,5 +1,11 @@
* vNEXT * vNEXT
** Add 'setup/setup-doas' improvements
More likely to do what's expected, but blind spots still exist
** Add 'portzap setup', 'portzap teardown'
Replaces and enhances 'setup-portzap'
** Add libexec/portzap/commands/portzap-sh ** Add libexec/portzap/commands/portzap-sh
Runs /bin/sh within /home/_portzap/ports as the '_portzap' user Runs /bin/sh within /home/_portzap/ports as the '_portzap' user