From bd84f7f1346c870e74c1e02a811594801e2dedba Mon Sep 17 00:00:00 2001 From: 0x1eef <0x1eef@protonmail.com> Date: Sat, 20 Apr 2024 05:21:19 -0300 Subject: [PATCH] Honor umask This change is a revert of previous commits that worked around the umask not being honored. This commit runs git with the correct umask, and avoids any need to run chmod manually. The number of doas.conf rules has been reduced to 2. --- libexec/portzap/git-changed-files | 12 ++++++++++-- libexec/portzap/git-removed-files | 10 +++++++++- libexec/portzap/git-rev | 10 +++++++++- libexec/portzap/portzap-clone | 22 ++++++++++++---------- libexec/portzap/portzap-pull | 25 +++++++++++++------------ share/portzap/doas.conf | 7 ++----- 6 files changed, 55 insertions(+), 31 deletions(-) diff --git a/libexec/portzap/git-changed-files b/libexec/portzap/git-changed-files index 63e41af..88f9cea 100644 --- a/libexec/portzap/git-changed-files +++ b/libexec/portzap/git-changed-files @@ -7,10 +7,18 @@ git="${localbase}"/bin/git gitdir=$1 commit=$2 +## +# functions +gitexec() +{ + doas -n -u _portzap \ + /bin/sh -c "umask ${mode}; ${git} ${1}" +} + ## # main cd "${gitdir}" -add=$(doas -u _portzap "${git}" diff --name-only --diff-filter=A "${commit}" HEAD) -mod=$(doas -u _portzap "${git}" diff --name-only --diff-filter=M "${commit}" HEAD) +add=$(gitexec "diff --name-only --diff-filter=A ${commit} HEAD") +mod=$(gitexec "diff --name-only --diff-filter=M ${commit} HEAD") echo "${add}" echo "${mod}" diff --git a/libexec/portzap/git-removed-files b/libexec/portzap/git-removed-files index 7a4d09c..178abf3 100644 --- a/libexec/portzap/git-removed-files +++ b/libexec/portzap/git-removed-files @@ -7,7 +7,15 @@ git="${localbase}"/bin/git gitdir=$1 commit=$2 +## +# functions +gitexec() +{ + doas -n -u _portzap \ + /bin/sh -c "umask ${mode}; ${git} ${1}" +} + ## # main cd "${gitdir}" -doas -u _portzap "${git}" diff --name-only --diff-filter=D "${commit}" HEAD +gitexec "diff --name-only --diff-filter=D ${commit} HEAD" diff --git a/libexec/portzap/git-rev b/libexec/portzap/git-rev index 6d167db..4698ea1 100644 --- a/libexec/portzap/git-rev +++ b/libexec/portzap/git-rev @@ -5,7 +5,15 @@ git=/usr/local/bin/git gitdir=$1 +## +# functions +gitexec() +{ + doas -n -u _portzap \ + /bin/sh -c "umask ${mode}; ${git} ${1}" +} + ## # main cd "${gitdir}" -doas -u _portzap "${git}" rev-parse HEAD +gitexec "rev-parse HEAD" diff --git a/libexec/portzap/portzap-clone b/libexec/portzap/portzap-clone index ca86647..715f326 100755 --- a/libexec/portzap/portzap-clone +++ b/libexec/portzap/portzap-clone @@ -8,7 +8,15 @@ git="${localbase}"/bin/git giturl=$1 gitdir=$2 branch=$3 -mode="u=rwX,g=rX,o=" +mode=u=rwX,g=rX,o= + +## +# functions +gitexec() +{ + doas -n -u _portzap \ + /bin/sh -c "umask ${mode}; ${git} ${1}" +} ## # main @@ -24,16 +32,10 @@ if [ -e "${gitdir}/.git" ]; then fi set -x -umask ${mode} -doas -u _portzap "${git}" clone "${giturl}" "${gitdir}" +gitexec "clone ${giturl} ${gitdir}" cd "${gitdir}" +gitexec "config core.filemode off" set +x -echo "[-] Adjust filemode. This might take a while" -doas -u _portzap "${git}" config core.filemode off -doas -u root /bin/chmod -R ${mode} "${gitdir}" echo "[-] git checkout ${branch}" -doas -u _portzap "${git}" \ - checkout -t \ - origin/"${branch}" \ - > /dev/null 2>&1 +gitexec "checkout -t origin/${branch} > /dev/null 2>&1" echo "[-] Done" diff --git a/libexec/portzap/portzap-pull b/libexec/portzap/portzap-pull index a02b72f..0b3b9ba 100755 --- a/libexec/portzap/portzap-pull +++ b/libexec/portzap/portzap-pull @@ -12,15 +12,21 @@ owner="_portzap:_portzap" ## # functions +gitexec() +{ + doas -n -u _portzap \ + /bin/sh -c "umask ${mode}; ${git} ${1}" +} + change_branch() { set +e remote=$1 branch=$2 echo "[-] Attempt to change branch: ${branch}" - doas -u _portzap "${git}" fetch "${remote}" > /dev/null 2>&1 - if ! doas -u _portzap "${git}" checkout "${branch}" > /dev/null 2>&1 || - doas -u _portzap "${git}" checkout -t "${remote}"/"${branch}" > /dev/null 2>&1; then + gitexec "fetch ${remote} > /dev/null 2>&1" + if ! gitexec "checkout ${branch} > /dev/null 2>&1" || + gitexec "checkout -t ${remote}/${branch} > /dev/null 2>&1"; then r="${?}" echo "[-] 'git checkout' exited with an error" exit "${r}" @@ -45,15 +51,10 @@ if [ ! -e "${gitdir}/.git" ]; then fi umask ${mode} -doas -u root /bin/chmod -R "${mode}" "${gitdir}/.git" -doas -u root /usr/sbin/chown -R "${owner}" "${gitdir}/.git" cd "${gitdir}" -remote=$("${git}" remote | head -n1) -if [ "$(git branch --show-current)" != "${branch}" ]; then +remote=$(gitexec "remote" | head -n1) +cbranch=$(gitexec "branch --show-current") +if [ "${cbranch}" != "${branch}" ]; then change_branch "${remote}" "${branch}" fi -set -x -doas -u _portzap "${git}" pull --rebase "${remote}" "${branch}" -set +x -echo "[-] Adjust filemode. This might take a while" -doas -u root /bin/chmod -R "${mode}" "${gitdir}" +gitexec "pull --rebase ${remote} ${branch}" diff --git a/share/portzap/doas.conf b/share/portzap/doas.conf index 685df47..63b6d28 100644 --- a/share/portzap/doas.conf +++ b/share/portzap/doas.conf @@ -1,7 +1,4 @@ ## # portzap -permit nopass root as _portzap cmd /usr/local/bin/git -permit nopass :_portzap as _portzap cmd /usr/local/bin/git -permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports -permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports/.git -permit nopass :_portzap as root cmd /usr/sbin/chown args -R _portzap:_portzap /home/_portzap/ports/.git +permit nopass root as _portzap cmd /bin/sh +permit nopass :_portzap as _portzap cmd /bin/sh