From f08ad32c909e37b329d87f0b029f50808d49cc15 Mon Sep 17 00:00:00 2001
From: 0x1eef <0x1eef@protonmail.com>
Date: Mon, 16 Jan 2023 20:54:03 -0300
Subject: [PATCH] Add portzap-install-port

Add a new script that is responsible for installing a new port
to /usr/ports with the correct permissions.
---
 bin/portzap              | 29 +++++++++++++++++------------
 bin/portzap-install-port | 15 +++++++++++++++
 2 files changed, 32 insertions(+), 12 deletions(-)
 create mode 100755 bin/portzap-install-port

diff --git a/bin/portzap b/bin/portzap
index 079028d..d6fe98b 100755
--- a/bin/portzap
+++ b/bin/portzap
@@ -4,16 +4,19 @@
 
 ##
 # Configuration
-source="https://git.hardenedbsd.org/hardenedbsd/ports.git"
+source_url="https://git.hardenedbsd.org/hardenedbsd/ports.git"
 transient_dir="/home/_portzap/ports"
-final_dir="/usr/ports/"
+rest_dir="/usr/ports/"
+
+##
+# Default masks
+init_mask=707
+clone_mask=007
+pull_mask=007
 
 ##
 # Default modes
-init_mode=707
-clone_mode=007
-pull_mode=007
-unpack_mode=022
+unpack_mode="u=rwX,g=rX,o=rX"
 
 ##
 # Utils
@@ -58,7 +61,7 @@ init() {
         echo "The init command should be run as root."
         exit 1
     fi;
-    umask $init_mode
+    umask $init_mask
     pw userdel _portzap -r
     pw useradd _portzap -m -s /sbin/nologin
 }
@@ -72,8 +75,8 @@ clone() {
             echo "Run 'portzap pull' instead."
             exit 1
         fi
-        umask $clone_mode
-        git clone --depth 1 $source $transient_dir
+        umask $clone_mask
+        git clone --depth 1 $source_url $transient_dir
     else
         echo "Permission denied."
     fi
@@ -84,7 +87,7 @@ pull() {
     then
         if [ -e "$transient_dir/.git" ];
         then
-            umask $pull_mode
+            umask $pull_mask
             cd $transient_dir
             git pull --rebase origin hardenedbsd/main
         else
@@ -103,8 +106,10 @@ unpack() {
         echo "The unpack command should be run as root."
         exit 1
     fi
-    umask $unpack_mode
-    cp -Rfv "$transient_dir/." $final_dir
+    cd $transient_dir
+    find . -maxdepth 1 -type f -exec install -m=$unpack_mode {} $rest_dir \;
+    find . -maxdepth 1 -type d -exec mkdir -p -m $unpack_mode $rest_dir/{} \;
+    find . -depth 2 -type d -exec portzap-install-port {} $rest_dir $unpack_mode \;
 }
 
 case $1 in
diff --git a/bin/portzap-install-port b/bin/portzap-install-port
new file mode 100755
index 0000000..189585c
--- /dev/null
+++ b/bin/portzap-install-port
@@ -0,0 +1,15 @@
+#!/bin/sh
+src=$1
+dest=$2/${src}
+mode=$3
+group=_portzap
+install_args="-m $mode"
+
+mkdir -m $mode -p $dest
+find $src -maxdepth 1 -type f -execdir install $install_args {} $dest/{} \;
+if [ -d "$src/files" ];
+then
+    mkdir -m $mode -p $dest/files
+    find $src/files -maxdepth 1 -type f -execdir install $install_args {} $dest/files \;
+fi
+echo Install $(realpath $dest)