From 50d648f06adec0de56250c984e8ad3474121747e Mon Sep 17 00:00:00 2001
From: 0x1eef <0x1eef@protonmail.com>
Date: Wed, 17 Apr 2024 20:21:34 -0300
Subject: [PATCH] Add "portzap erase"

I haven't decided whether or not only root can do this (leaning towards
not), and we might want to be more flexible and let the user choose to
delete one of the two directories. For now it works.
---
 bin/portzap                     |  5 +++++
 libexec/portzap/portzap-erase   | 38 +++++++++++++++++++++++++++++++++
 libexec/portzap/portzap-install |  1 +
 share/portzap/doas.conf         |  1 +
 4 files changed, 45 insertions(+)
 create mode 100644 libexec/portzap/portzap-erase

diff --git a/bin/portzap b/bin/portzap
index 0918a13..f69b78c 100755
--- a/bin/portzap
+++ b/bin/portzap
@@ -51,6 +51,10 @@ case $1 in
         require_membership_of _portzap
         doas -u _portzap "${libexec}"/portzap-pull "${gitdir}" "${branch}"
         ;;
+    "erase")
+        require_membership_of _portzap
+        doas -u _portzap "${libexec}"/portzap-erase "${gitdir}" "${installdir}"
+        ;;
     "install")
         require_root
         require_dependency "git doas"
@@ -67,6 +71,7 @@ case $1 in
         printf "  clone    Clone the hardenedbsd ports tree.\n"
         printf "  pull     Pull updates from the hardenedbsd ports tree.\n"
         printf "  install  Install the ports tree into /usr/ports.\n"
+        printf "  erase    Erase /usr/ports/ and /home/_portzap/ports/.\n"
         printf "  setup    Add the _portzap user, group and home directory.\n"
         ;;
 esac
diff --git a/libexec/portzap/portzap-erase b/libexec/portzap/portzap-erase
new file mode 100644
index 0000000..a5eb15b
--- /dev/null
+++ b/libexec/portzap/portzap-erase
@@ -0,0 +1,38 @@
+#!/bin/sh -e
+
+##
+# variables
+gitdir=$1
+installdir=$2
+
+##
+# main
+printf "[-] Are you sure ? \n"
+printf "[-] These directories will be erased:\n"
+printf "    [*] ${gitdir}\n"
+printf "    [*] ${installdir}\n"
+printf "[y|n] "
+while true; do
+    read r
+    if [ "${r}" = "y" ]; then
+        break
+    elif [ "${r}" = "n" ]; then
+        printf "[-] Nothing to do\n"
+        exit
+    else
+        printf "[-] '${r}' is not a valid option.\n"
+        printf "[y|n] "
+    fi
+done
+for dir in "${gitdir}" "${installdir}"; do
+    printf "${dir}  "
+    find "${dir}" \
+        -maxdepth 1 \
+        \! -name "." \
+        \! -name ".." \
+        \! -name "ports" \
+        -exec printf . \; \
+        -exec rm -rf "{}" \;
+    echo
+done
+printf "[-] Done\n"
diff --git a/libexec/portzap/portzap-install b/libexec/portzap/portzap-install
index ccf1190..234cbfa 100755
--- a/libexec/portzap/portzap-install
+++ b/libexec/portzap/portzap-install
@@ -58,6 +58,7 @@ umask u=rwX,g=rwX,o=
 cd "${gitdir}"
 set +x
 run_install "-d" "${installdir}"
+chmod u=rwx,g=rwx,o= "${installdir}"
 if [ -e "${revfile}" ]; then
     perform_update
 else
diff --git a/share/portzap/doas.conf b/share/portzap/doas.conf
index 73e1193..189aa83 100644
--- a/share/portzap/doas.conf
+++ b/share/portzap/doas.conf
@@ -2,6 +2,7 @@
 # portzap
 permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-clone
 permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-pull
+permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-erase
 permit nopass root as _portzap cmd /usr/local/libexec/portzap/git-changed-files
 permit nopass root as _portzap cmd /usr/local/libexec/portzap/git-removed-files
 permit nopass root as _portzap cmd /usr/local/libexec/portzap/git-rev