Fix shellcheck errors

And improve setup/setup-doas.

README.md

@@ -8,15 +8,19 @@ can be installed into `/usr/ports/` by root.
 
 ## CLI
 
-### CLI: setup-portzap
+### CLI: setup
 
-`setup-portzap` should be run after installing portzap for
-the first time. <br> There is no harm in running `setup-portzap`
+`portzap setup` should be run after installing portzap for
+the first time. <br> There is no harm in running `portzap setup`
 multiple times:
 
     # Add the '_portzap' user, group and home directory
     # This command requires root privileges
-    root@localhost# setup-portzap
+    root@localhost# portzap setup
+
+    # Reverse the changes made by 'portzap setup'
+    # This command requires root privileges
+    root@localhost# portzap teardown
 
 ### CLI: group
 
@@ -72,7 +76,7 @@ recent version of portzap can be installed via git:
 
     # Install
     root@localhost# make install
-    root@localhost# setup-portzap
+    root@localhost# portzap setup
 
     # Add user to '_portzap' group
     root@localhost# pw groupmod -n _portzap -m <user>

bin/portzap

@@ -42,6 +42,12 @@ while [ "${i}" -le "$#" ]; do
 done
 
 case $1 in
+    "setup")
+        "${libexec}"/commands/portzap-setup
+        ;;
+    "teardown")
+        "${libexec}"/commands/portzap-teardown
+        ;;
     "clone")
         require_dependency "git doas"
         "${libexec}"/commands/portzap-clone "${giturl}" "${gitdir}" "${defaultbranch}"
@@ -68,7 +74,11 @@ case $1 in
     *)
         printf "Usage: portzap COMMAND [OPTIONS]\n"
         printf "\n"
-        printf "Commands:\n"
+        printf "Setup\n"
+        printf "  setup       Setup portzap for the first time\n"
+        printf "  teardown    Reverse the changes made by 'portzap setup'\n"
+        printf "\n"
+        printf "General\n"
         printf "  clone       Clone the hardenedbsd ports tree\n"
         printf "  pull        Pull updates from the hardenedbsd ports tree\n"
         printf "  checkout    Checkout a branch other than the default\n"

libexec/portzap/commands/portzap-setup

@@ -3,7 +3,7 @@ set -e
 
 ##
 # variables
-localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/..)}
+localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
 libexec="${localbase}"/libexec/portzap
 
 ##

libexec/portzap/commands/portzap-teardown

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+##
+# variables
+localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
+libexec="${localbase}"/libexec/portzap
+user=_portzap
+
+##
+# functions
+# shellcheck source=/dev/null
+. "${libexec}"/functions/print.sh
+
+##
+# main
+if [ "$(id -u)" = "0" ]; then
+    pw userdel  -n "${user}"  || true
+    pw groupdel -n "${user}"  || true
+    rm -rf /home/"${user:?}"/ || true
+    printok "done"
+else
+    printerr "you must be root"
+    exit 1
+fi

libexec/portzap/setup/setup-doas

@@ -16,9 +16,11 @@ sharedir="${localbase}"/share/portzap
 # main
 src="${sharedir}"/doas.conf
 dest="${localbase}"/etc/doas.conf
-if grep -Fq "$(cat "${src}")" "${dest}"; then
-    printok "doas.conf is up to date"
-else
-    cat "${src}" >> "${dest}"
-    printok "${dest} updated"
+while read -r line < "${src}"; do
+    if grep -q "${line}" "${dest}"; then
+        continue
     fi
+    cat "${src}" >> "${dest}"
+    printok "modified ${dest}"
+    break
+done

libexec/portzap/utils/isportzap-member

@@ -5,5 +5,5 @@ set -e
 # main
 group="_portzap"
 mygroups=$(id -Gn | tr ' ' '\n')
-echo "${mygroups}" | grep -e "^${group}$" > /dev/null 2>&1
+echo "${mygroups}" | grep -qe "^${group}$"
 exit "${?}"

man/man8/portzap.8

@@ -5,6 +5,8 @@
 .Nm portzap
 .Nd manages a copy of the HardenedBSD ports tree
 .Sh SYNOPSIS
+.Nm portzap setup
+.Nm portzap teardown
 .Nm portzap clone
 .Nm portzap pull
 .Nm portzap checkout
@@ -16,7 +18,22 @@ manages a copy of the HardenedBSD ports tree.
 The copy of the ports tree is maintained by members of
 the '_portzap' group, and the copy of the ports tree
 can be installed into /usr/ports/ by root.
-.Sh EXAMPLES
+.Sh SETUP
+.sp
+.sp
+.Nm portzap setup
+.br
+Setup portzap for the first time
+.br
+This command requires root privileges
+.Pp
+.Nm portzap teardown
+.br
+Reverse the changes made by 'portzap setup'
+.br
+This command requires root privileges
+.Pp
+.Sh GENERAL
 .sp
 .sp
 .Nm portzap clone

share/portzap/CHANGELOG

@@ -1,5 +1,11 @@
 * vNEXT
 
+** Add 'setup/setup-doas' improvements
+More likely to do what's expected, but blind spots still exist
+
+** Add 'portzap setup', 'portzap teardown'
+Replaces and enhances 'setup-portzap'
+
 ** Add libexec/portzap/commands/portzap-sh
 Runs /bin/sh within /home/_portzap/ports as the '_portzap' user