Delegate 'portzap clone|pull' to the _portzap user (via doas)
This commit is contained in:
parent
b88947dbd1
commit
ea6a5e46e5
9 changed files with 73 additions and 31 deletions
11
Makefile
11
Makefile
|
@ -1,18 +1,21 @@
|
|||
PREFIX = /usr/local
|
||||
BINDIR = $(PREFIX)/bin
|
||||
LIBEXECDIR = $(PREFIX)/libexec/portzap
|
||||
MANDIR = $(PREFIX)/man/man8
|
||||
LIBEXECDIR = $(PREFIX)/libexec/portzap
|
||||
SHAREDIR = $(PREFIX)/share/portzap
|
||||
|
||||
install:
|
||||
install -d $(BINDIR) $(LIBEXECDIR) $(MANDIR)
|
||||
install -d $(BINDIR) $(LIBEXECDIR) $(SHAREDIR) $(MANDIR)
|
||||
install -m 0755 bin/portzap $(BINDIR)
|
||||
install -m 0755 libexec/portzap/* $(LIBEXECDIR)
|
||||
install -m 0644 share/portzap/* $(SHAREDIR)
|
||||
install -m 0644 man/man8/portzap.8 $(MANDIR)
|
||||
|
||||
deinstall:
|
||||
rm $(BINDIR)/portzap
|
||||
rm $(MANDIR)/portzap.8
|
||||
rm -rf $(LIBEXECDIR)
|
||||
rm -f $(BINDIR)/portzap
|
||||
rm -f $(MANDIR)/portzap.8
|
||||
rm -rf $(SHAREDIR)
|
||||
|
||||
shellcheck:
|
||||
shellcheck bin/portzap
|
||||
|
|
13
README.md
13
README.md
|
@ -8,16 +8,20 @@ portzap is a utility that manages a local copy of the
|
|||
**CLI**
|
||||
|
||||
# Clone the hardenedbsd ports tree into /home/_portzap/ports/.
|
||||
# This command is delegated to the '_portzap' user.
|
||||
$ portzap clone
|
||||
|
||||
# Pull updates into /home/_portzap/ports/.
|
||||
# This command is delegated to the '_portzap' user.
|
||||
$ portzap pull
|
||||
|
||||
# Install /home/_portzap/ports/ into /usr/ports/.
|
||||
# This command requires root privileges.
|
||||
# portzap install
|
||||
|
||||
# Add the portzap user, group and home directory.
|
||||
# portzap adduser
|
||||
# This command requires root privileges.
|
||||
# portzap setup
|
||||
|
||||
**ENVIRONMENT VARIABLES**
|
||||
|
||||
|
@ -34,9 +38,14 @@ portzap is a utility that manages a local copy of the
|
|||
$ git clone https://github.com/0x1eef/portzap.git
|
||||
$ cd portzap
|
||||
# make install
|
||||
# portzap adduser
|
||||
# portzap setup
|
||||
# pw groupmod -n _portzap -m <user>
|
||||
|
||||
## Requirements
|
||||
|
||||
* [doas](https://man.openbsd.org/doas) <br>
|
||||
pkg install doas
|
||||
|
||||
## Sources
|
||||
|
||||
* [GitHub](https://github.com/0x1eef/portzap)
|
||||
|
|
10
bin/portzap
10
bin/portzap
|
@ -43,21 +43,21 @@ case $1 in
|
|||
"clone")
|
||||
require_dependency git
|
||||
require_membership_of _portzap
|
||||
"${libexec}"/portzap-clone "${giturl}" "${gitdir}"
|
||||
doas -u _portzap "${libexec}"/portzap-clone "${giturl}" "${gitdir}"
|
||||
;;
|
||||
"pull")
|
||||
require_dependency git
|
||||
require_membership_of _portzap
|
||||
"${libexec}"/portzap-pull "${gitdir}"
|
||||
doas -u _portzap "${libexec}"/portzap-pull "${gitdir}"
|
||||
;;
|
||||
"install")
|
||||
require_root
|
||||
require_dependency git
|
||||
"${libexec}"/portzap-install "${gitdir}" "${installdir}" "${revision}"
|
||||
;;
|
||||
"adduser")
|
||||
"setup")
|
||||
require_root
|
||||
"${libexec}"/portzap-adduser
|
||||
"${libexec}"/portzap-setup
|
||||
;;
|
||||
*)
|
||||
printf "Usage: portzap COMMAND [OPTIONS]\n"
|
||||
|
@ -66,6 +66,6 @@ case $1 in
|
|||
printf " clone Clone the hardenedbsd ports tree.\n"
|
||||
printf " pull Pull updates from the hardenedbsd ports tree.\n"
|
||||
printf " install Install the ports tree into /usr/ports.\n"
|
||||
printf " adduser Add the portzap user, group and home directory.\n"
|
||||
printf " setup Add the _portzap user, group and home directory.\n"
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
##
|
||||
# main
|
||||
pw useradd -n _portzap \
|
||||
-c "portzap user" \
|
||||
-m \
|
||||
-s /sbin/nologin
|
||||
chmod -R u=rwX,g=rwX,o= /home/_portzap/
|
||||
echo OK
|
|
@ -12,6 +12,7 @@ if [ -e "${gitdir}/.git" ]; then
|
|||
echo "Try 'portzap pull' instead."
|
||||
exit 1
|
||||
fi
|
||||
umask u=rwX,g=rwX,o=
|
||||
umask u=rwX,g=rX,o=rX
|
||||
set -x
|
||||
git clone --depth 1 "${giturl}" "${gitdir}"
|
||||
cd "${gitdir}"
|
||||
|
|
|
@ -6,7 +6,7 @@ gitdir=$1
|
|||
|
||||
##
|
||||
# main
|
||||
umask u=rwX,g=rwX,o=
|
||||
umask u=rwX,g=rX,o=rX
|
||||
if [ -e "${gitdir}/.git" ]; then
|
||||
set -x
|
||||
cd "${gitdir}"
|
||||
|
|
22
libexec/portzap/portzap-setup
Executable file
22
libexec/portzap/portzap-setup
Executable file
|
@ -0,0 +1,22 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
##
|
||||
# variables
|
||||
conf=$(cat /usr/local/share/portzap/doas.conf)
|
||||
doas=/usr/local/etc/doas.conf
|
||||
|
||||
##
|
||||
# main
|
||||
if ! id -u _portzap > /dev/null 2>&1; then
|
||||
pw useradd -n _portzap \
|
||||
-c "portzap user" \
|
||||
-m \
|
||||
-s /sbin/nologin
|
||||
chmod u=rwX,g=rX,o= /home/_portzap/
|
||||
echo "[ok] add _portzap user, group and home directory"
|
||||
fi
|
||||
|
||||
if ! fgrep "${conf}" "${doas}" > /dev/null 2>&1; then
|
||||
echo "${conf}" >> "${doas}"
|
||||
echo "[ok] update ${doas}"
|
||||
fi
|
|
@ -12,35 +12,50 @@ portzap pull
|
|||
.br
|
||||
portzap install
|
||||
.br
|
||||
portzap adduser
|
||||
portzap setup
|
||||
.Sh DESCRIPTION
|
||||
.Nm portzap
|
||||
manages a copy of the hardenedbsd ports tree.
|
||||
.Sh EXAMPLES
|
||||
.Pp
|
||||
.sp
|
||||
.sp
|
||||
.Nm portzap clone
|
||||
.br
|
||||
Clone the hardenedbsd ports tree into /home/_portzap/ports/.
|
||||
.br
|
||||
This command is delegated to the '_portzap' user.
|
||||
.Pp
|
||||
.Nm portzap pull
|
||||
.br
|
||||
Pull updates into /home/_portzap/ports/.
|
||||
.br
|
||||
This command is delegated to the '_portzap' user.
|
||||
.Pp
|
||||
.Nm portzap install
|
||||
.br
|
||||
Install /home/_portzap/ports/ into /usr/ports/.
|
||||
.br
|
||||
This command requires root privileges.
|
||||
.Pp
|
||||
.Nm portzap adduser
|
||||
.Nm portzap setup
|
||||
.br
|
||||
Add the portzap user, group and home directory.
|
||||
.br
|
||||
This command requires root privileges.
|
||||
.Sh ENVIRONMENT VARIABLES
|
||||
.Pp
|
||||
.Bl -tag -width $PORTZAP_GITURL
|
||||
.It Ev PORTZAP_GITURL
|
||||
.sp
|
||||
.sp
|
||||
.Nm PORTZAP_GITURL
|
||||
.br
|
||||
The URL to a git repository.
|
||||
.br
|
||||
Default: https://git.hardenedbsd.org/hardenedbsd/ports.git
|
||||
.It Ev PORTZAP_INSTALLDIR
|
||||
The directory where the ports collection will be installed. Default: /usr/ports/.
|
||||
.sp
|
||||
.Nm PORTZAP_INSTALLDIR
|
||||
.br
|
||||
The directory where the ports collection will be installed.
|
||||
.br
|
||||
Default: /usr/ports/
|
||||
.Sh AUTHORS
|
||||
The
|
||||
.Nm portzap
|
||||
|
|
2
share/portzap/doas.conf
Normal file
2
share/portzap/doas.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-clone
|
||||
permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-pull
|
Loading…
Reference in a new issue