Add 'portzap [setup|teardown]'

And improve setup/setup-doas.
This commit is contained in:
0x1eef 2024-08-17 17:15:30 -03:00
parent 364d40c71f
commit 493eb51b68
7 changed files with 78 additions and 13 deletions

View file

@ -8,15 +8,19 @@ can be installed into `/usr/ports/` by root.
## CLI
### CLI: setup-portzap
### CLI: setup
`setup-portzap` should be run after installing portzap for
the first time. <br> There is no harm in running `setup-portzap`
`portzap setup` should be run after installing portzap for
the first time. <br> There is no harm in running `portzap setup`
multiple times:
# Add the '_portzap' user, group and home directory
# This command requires root privileges
root@localhost# setup-portzap
root@localhost# portzap setup
# Reverse the changes made by 'portzap setup'
# This command requires root privileges
root@localhost# portzap teardown
### CLI: group
@ -72,7 +76,7 @@ recent version of portzap can be installed via git:
# Install
root@localhost# make install
root@localhost# setup-portzap
root@localhost# portzap setup
# Add user to '_portzap' group
root@localhost# pw groupmod -n _portzap -m <user>

View file

@ -42,6 +42,12 @@ while [ "${i}" -le "$#" ]; do
done
case $1 in
"setup")
"${libexec}"/commands/portzap-setup
;;
"teardown")
"${libexec}"/commands/portzap-teardown
;;
"clone")
require_dependency "git doas"
"${libexec}"/commands/portzap-clone "${giturl}" "${gitdir}" "${defaultbranch}"
@ -68,7 +74,11 @@ case $1 in
*)
printf "Usage: portzap COMMAND [OPTIONS]\n"
printf "\n"
printf "Commands:\n"
printf "Setup\n"
printf " setup Setup portzap for the first time\n"
printf " teardown Reverse the changes made by 'portzap setup'\n"
printf "\n"
printf "General\n"
printf " clone Clone the hardenedbsd ports tree\n"
printf " pull Pull updates from the hardenedbsd ports tree\n"
printf " checkout Checkout a branch other than the default\n"

View file

@ -3,7 +3,7 @@ set -e
##
# variables
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/..)}
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
libexec="${localbase}"/libexec/portzap
##

View file

@ -0,0 +1,25 @@
#!/bin/sh
set -e
##
# variables
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
libexec="${localbase}"/libexec/portzap
user=_portzap
##
# functions
# shellcheck source=/dev/null
. "${libexec}"/functions/print.sh
##
# main
if [ "$(id -u)" = "0" ]; then
pw userdel -n "${user}" || true
pw groupdel -n "${user}" || true
rm -rf /home/"${user}"/ || true
printok "done"
else
printerr "you must be root"
exit 1
fi

View file

@ -16,9 +16,12 @@ sharedir="${localbase}"/share/portzap
# main
src="${sharedir}"/doas.conf
dest="${localbase}"/etc/doas.conf
if grep -Fq "$(cat "${src}")" "${dest}"; then
printok "doas.conf is up to date"
else
cat "${src}" >> "${dest}"
printok "${dest} updated"
cat "${src}" |
while read -r line; do
if grep "${line}" "${dest}" > /dev/null 2>&1; then
continue
fi
cat "${src}" >> "${dest}"
printok "modified ${dest}"
break
done

View file

@ -5,6 +5,8 @@
.Nm portzap
.Nd manages a copy of the HardenedBSD ports tree
.Sh SYNOPSIS
.Nm portzap setup
.Nm portzap teardown
.Nm portzap clone
.Nm portzap pull
.Nm portzap checkout
@ -16,7 +18,22 @@ manages a copy of the HardenedBSD ports tree.
The copy of the ports tree is maintained by members of
the '_portzap' group, and the copy of the ports tree
can be installed into /usr/ports/ by root.
.Sh EXAMPLES
.Sh SETUP
.sp
.sp
.Nm portzap setup
.br
Setup portzap for the first time
.br
This command requires root privileges
.Pp
.Nm portzap teardown
.br
Reverse the changes made by 'portzap setup'
.br
This command requires root privileges
.Pp
.Sh GENERAL
.sp
.sp
.Nm portzap clone

View file

@ -1,5 +1,11 @@
* vNEXT
** Add 'setup/setup-doas' improvements
More likely to do what's expected, but blind spots still exist
** Add 'portzap setup', 'portzap teardown'
Replaces and enhances 'setup-portzap'
** Add libexec/portzap/commands/portzap-sh
Runs /bin/sh within /home/_portzap/ports as the '_portzap' user