Switch branch in 'portzap pull'

This commit covers a few changes: * The 'portzap pull' command now switches to '$PORTZAP_BRANCH' if 'git branch --show-current' returns a different branch. * The 'portzap pull' command fixes permissions and ownership on '/home/_portzap/ports/.git' before running any git commands. The owner and permissions can change by interacting with the git repository directly, as a user other than '_portzap'. * doas.conf has been changed to be slightly more strict
2024-04-19 04:00:14 -03:00 · 2024-04-19 04:00:14 -03:00 · 4aaa685b3d
commit 4aaa685b3d
parent 3bd40e36c2
7 changed files with 50 additions and 17 deletions
--- a/libexec/portzap/git-changed-files
+++ b/libexec/portzap/git-changed-files
@ -2,13 +2,14 @@

 ##
 # variables
+git=/usr/local/bin/git
 gitdir=$1
 commit=$2

 ##
 # main
 cd "${gitdir}"
-add=$(git diff --name-only --diff-filter=A "${commit}" HEAD)
-mod=$(git diff --name-only --diff-filter=M "${commit}" HEAD)
+add=$(doas -u _portzap "${git}" diff --name-only --diff-filter=A "${commit}" HEAD)
+mod=$(doas -u _portzap "${git}" diff --name-only --diff-filter=M "${commit}" HEAD)
 echo "${add}"
 echo "${mod}"
--- a/libexec/portzap/git-removed-files
+++ b/libexec/portzap/git-removed-files
@ -2,10 +2,11 @@

 ##
 # variables
+git=/usr/local/bin/git
 gitdir=$1
 commit=$2

 ##
 # main
 cd "${gitdir}"
-git diff --name-only --diff-filter=D "${commit}" HEAD
+doas -u _portzap "${git}" diff --name-only --diff-filter=D "${commit}" HEAD
--- a/libexec/portzap/git-rev
+++ b/libexec/portzap/git-rev
@ -2,9 +2,10 @@

 ##
 # variables
+git=/usr/local/bin/git
 gitdir=$1

 ##
 # main
 cd "${gitdir}"
-git rev-parse HEAD
+doas -u _portzap "${git}" rev-parse HEAD
--- a/libexec/portzap/portzap-clone
+++ b/libexec/portzap/portzap-clone
@ -2,6 +2,7 @@

 ##
 # variables
+git=/usr/local/bin/git
 giturl=$1
 gitdir=$2
 branch=$3
@ -15,9 +16,9 @@ if [ -e "${gitdir}/.git" ]; then
 fi
 set -x
 umask u=rwX,g=rwX,o=
-git clone "${giturl}" "${gitdir}"
+"${git}" clone "${giturl}" "${gitdir}"
 cd "${gitdir}"
 set +x +e
 echo "[-] Checkout ${branch}"
-git checkout -t origin/"${branch}" > /dev/null 2>&1;
+"${git}" checkout -t origin/"${branch}" > /dev/null 2>&1;
 echo "[-] Done"
--- a/libexec/portzap/portzap-install
+++ b/libexec/portzap/portzap-install
@ -5,16 +5,15 @@
 gitdir=$1
 installdir=$2
 revfile=$3
-localbase="${LOCALBASE:-/usr/local}"
-libexec="${localbase}/libexec/portzap"
+libexec=$(dirname $0)

 ##
 # functions
 perform_update()
 {
    rev=$(cat "${revfile}")
-    add=$(doas -u _portzap "${libexec}"/git-changed-files "${gitdir}" "${rev}")
-    del=$(doas -u _portzap "${libexec}"/git-removed-files "${gitdir}" "${rev}")
+    add=$("${libexec}"/git-changed-files "${gitdir}" "${rev}")
+    del=$("${libexec}"/git-removed-files "${gitdir}" "${rev}")
    for file in ${del}; do
        target="${installdir}/${file}"
        parent=$(dirname "${target}")
@ -69,4 +68,4 @@ if [ -e "${revfile}" ]; then
 else
    perform_install
 fi
-doas -u _portzap "${libexec}"/git-rev "${gitdir}" > "${revfile}"
+"${libexec}"/git-rev "${gitdir}" > "${revfile}"
--- a/libexec/portzap/portzap-pull
+++ b/libexec/portzap/portzap-pull
@ -2,16 +2,46 @@

 ##
 # variables
+git=/usr/local/bin/git
 gitdir=$1
 branch=$2
+libexec=$(dirname "$0")
+
+##
+# functions
+set_repository_permissions()
+{
+    gitdir=$1
+    doas -u root /bin/chmod -R u=rwX,g=rwX,o= "${gitdir}/.git"
+    doas -u root /usr/sbin/chown -R _portzap:_portzap "${gitdir}/.git"
+}
+
+change_branch()
+{
+    set +e
+    remote=$1
+    branch=$2
+    echo "[-] Attempt to change branch: ${branch}"
+    "${git}" fetch "${remote}" > /dev/null 2>&1
+    "${git}" checkout "${branch}" > /dev/null 2>&1 ||
+    "${git}" checkout -t "${remote}"/"${branch}" > /dev/null 2>&1
+    "${git}" reset HEAD --hard > /dev/null 2>&1
+    echo "[-] Done"
+    set -e
+}

 ##
 # main
-set -x
-umask u=rwX,g=rwX,o=
 if [ -e "${gitdir}/.git" ]; then
+    umask u=rwX,g=rwX,o=
+    set_repository_permissions "${gitdir}"
    cd "${gitdir}"
-    git pull --rebase origin "${branch}"
+    remote=$("${git}" remote | head -n1)
+    if [ $(git branch --show-current) != "${branch}" ]; then
+        change_branch "${remote}" "${branch}"
+    fi
+    set -x
+    "${git}" pull --rebase "${remote}" "${branch}"
 else
    set +x
    echo "[-] ${gitdir} is not a valid git repository."
--- a/share/portzap/doas.conf
+++ b/share/portzap/doas.conf
@ -3,6 +3,6 @@
 permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-clone
 permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-pull
 permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-erase
-permit nopass root as _portzap cmd /usr/local/libexec/portzap/git-changed-files
-permit nopass root as _portzap cmd /usr/local/libexec/portzap/git-removed-files
-permit nopass root as _portzap cmd /usr/local/libexec/portzap/git-rev
+permit nopass root as _portzap cmd /usr/local/bin/git
+permit nopass _portzap as root cmd /bin/chmod args -R u=rwX,g=rwX,o= /home/_portzap/ports/.git
+permit nopass _portzap as root cmd /usr/sbin/chown args -R _portzap:_portzap /home/_portzap/ports/.git