Delegate 'portzap clone|pull' to the _portzap user (via doas)

This commit is contained in:
0x1eef 2024-04-07 20:27:18 -03:00
parent b88947dbd1
commit ea6a5e46e5
9 changed files with 73 additions and 31 deletions

View file

@ -1,18 +1,21 @@
PREFIX = /usr/local
BINDIR = $(PREFIX)/bin
LIBEXECDIR = $(PREFIX)/libexec/portzap
MANDIR = $(PREFIX)/man/man8
LIBEXECDIR = $(PREFIX)/libexec/portzap
SHAREDIR = $(PREFIX)/share/portzap
install:
install -d $(BINDIR) $(LIBEXECDIR) $(MANDIR)
install -d $(BINDIR) $(LIBEXECDIR) $(SHAREDIR) $(MANDIR)
install -m 0755 bin/portzap $(BINDIR)
install -m 0755 libexec/portzap/* $(LIBEXECDIR)
install -m 0644 share/portzap/* $(SHAREDIR)
install -m 0644 man/man8/portzap.8 $(MANDIR)
deinstall:
rm $(BINDIR)/portzap
rm $(MANDIR)/portzap.8
rm -rf $(LIBEXECDIR)
rm -f $(BINDIR)/portzap
rm -f $(MANDIR)/portzap.8
rm -rf $(SHAREDIR)
shellcheck:
shellcheck bin/portzap

View file

@ -8,16 +8,20 @@ portzap is a utility that manages a local copy of the
**CLI**
# Clone the hardenedbsd ports tree into /home/_portzap/ports/.
# This command is delegated to the '_portzap' user.
$ portzap clone
# Pull updates into /home/_portzap/ports/.
# This command is delegated to the '_portzap' user.
$ portzap pull
# Install /home/_portzap/ports/ into /usr/ports/.
# This command requires root privileges.
# portzap install
# Add the portzap user, group and home directory.
# portzap adduser
# This command requires root privileges.
# portzap setup
**ENVIRONMENT VARIABLES**
@ -34,9 +38,14 @@ portzap is a utility that manages a local copy of the
$ git clone https://github.com/0x1eef/portzap.git
$ cd portzap
# make install
# portzap adduser
# portzap setup
# pw groupmod -n _portzap -m <user>
## Requirements
* [doas](https://man.openbsd.org/doas) <br>
pkg install doas
## Sources
* [GitHub](https://github.com/0x1eef/portzap)

View file

@ -43,21 +43,21 @@ case $1 in
"clone")
require_dependency git
require_membership_of _portzap
"${libexec}"/portzap-clone "${giturl}" "${gitdir}"
doas -u _portzap "${libexec}"/portzap-clone "${giturl}" "${gitdir}"
;;
"pull")
require_dependency git
require_membership_of _portzap
"${libexec}"/portzap-pull "${gitdir}"
doas -u _portzap "${libexec}"/portzap-pull "${gitdir}"
;;
"install")
require_root
require_dependency git
"${libexec}"/portzap-install "${gitdir}" "${installdir}" "${revision}"
;;
"adduser")
"setup")
require_root
"${libexec}"/portzap-adduser
"${libexec}"/portzap-setup
;;
*)
printf "Usage: portzap COMMAND [OPTIONS]\n"
@ -66,6 +66,6 @@ case $1 in
printf " clone Clone the hardenedbsd ports tree.\n"
printf " pull Pull updates from the hardenedbsd ports tree.\n"
printf " install Install the ports tree into /usr/ports.\n"
printf " adduser Add the portzap user, group and home directory.\n"
printf " setup Add the _portzap user, group and home directory.\n"
;;
esac

View file

@ -1,10 +0,0 @@
#!/bin/sh -e
##
# main
pw useradd -n _portzap \
-c "portzap user" \
-m \
-s /sbin/nologin
chmod -R u=rwX,g=rwX,o= /home/_portzap/
echo OK

View file

@ -12,6 +12,7 @@ if [ -e "${gitdir}/.git" ]; then
echo "Try 'portzap pull' instead."
exit 1
fi
umask u=rwX,g=rwX,o=
umask u=rwX,g=rX,o=rX
set -x
git clone --depth 1 "${giturl}" "${gitdir}"
cd "${gitdir}"

View file

@ -6,7 +6,7 @@ gitdir=$1
##
# main
umask u=rwX,g=rwX,o=
umask u=rwX,g=rX,o=rX
if [ -e "${gitdir}/.git" ]; then
set -x
cd "${gitdir}"

22
libexec/portzap/portzap-setup Executable file
View file

@ -0,0 +1,22 @@
#!/bin/sh -e
##
# variables
conf=$(cat /usr/local/share/portzap/doas.conf)
doas=/usr/local/etc/doas.conf
##
# main
if ! id -u _portzap > /dev/null 2>&1; then
pw useradd -n _portzap \
-c "portzap user" \
-m \
-s /sbin/nologin
chmod u=rwX,g=rX,o= /home/_portzap/
echo "[ok] add _portzap user, group and home directory"
fi
if ! fgrep "${conf}" "${doas}" > /dev/null 2>&1; then
echo "${conf}" >> "${doas}"
echo "[ok] update ${doas}"
fi

View file

@ -12,35 +12,50 @@ portzap pull
.br
portzap install
.br
portzap adduser
portzap setup
.Sh DESCRIPTION
.Nm portzap
manages a copy of the hardenedbsd ports tree.
.Sh EXAMPLES
.Pp
.sp
.sp
.Nm portzap clone
.br
Clone the hardenedbsd ports tree into /home/_portzap/ports/.
.br
This command is delegated to the '_portzap' user.
.Pp
.Nm portzap pull
.br
Pull updates into /home/_portzap/ports/.
.br
This command is delegated to the '_portzap' user.
.Pp
.Nm portzap install
.br
Install /home/_portzap/ports/ into /usr/ports/.
.br
This command requires root privileges.
.Pp
.Nm portzap adduser
.Nm portzap setup
.br
Add the portzap user, group and home directory.
.br
This command requires root privileges.
.Sh ENVIRONMENT VARIABLES
.Pp
.Bl -tag -width $PORTZAP_GITURL
.It Ev PORTZAP_GITURL
.sp
.sp
.Nm PORTZAP_GITURL
.br
The URL to a git repository.
.br
Default: https://git.hardenedbsd.org/hardenedbsd/ports.git
.It Ev PORTZAP_INSTALLDIR
The directory where the ports collection will be installed. Default: /usr/ports/.
.sp
.Nm PORTZAP_INSTALLDIR
.br
The directory where the ports collection will be installed.
.br
Default: /usr/ports/
.Sh AUTHORS
The
.Nm portzap

2
share/portzap/doas.conf Normal file
View file

@ -0,0 +1,2 @@
permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-clone
permit nopass :_portzap as _portzap cmd /usr/local/libexec/portzap/portzap-pull