Compare commits
10 commits
3b0c29711c
...
ffca5c161d
Author | SHA1 | Date | |
---|---|---|---|
ffca5c161d | |||
3e76bda8bd | |||
a0988e1463 | |||
c69b357a36 | |||
0b08ff046b | |||
cb04ac7531 | |||
af917c0649 | |||
c2a3578a55 | |||
ec0fa2f93e | |||
640f2b53d6 |
24 changed files with 110 additions and 307 deletions
16
Makefile
16
Makefile
|
@ -5,14 +5,9 @@ LIBEXECDIR = $(PREFIX)/libexec/portzap
|
|||
SHAREDIR = $(PREFIX)/share/portzap
|
||||
|
||||
install:
|
||||
install -d $(BINDIR) $(LIBEXECDIR) $(LIBEXECDIR)/commands $(LIBEXECDIR)/utils $(LIBEXECDIR)/setup $(SHAREDIR) $(MANDIR)
|
||||
install -m 0755 bin/portzap $(BINDIR)
|
||||
install -m 0755 bin/setup-portzap $(BINDIR)
|
||||
install -m 0755 libexec/portzap/commands/* $(LIBEXECDIR)/commands
|
||||
install -m 0755 libexec/portzap/utils/* $(LIBEXECDIR)/utils
|
||||
install -m 0755 libexec/portzap/setup/* $(LIBEXECDIR)/setup
|
||||
install -m 0644 share/portzap/* $(SHAREDIR)
|
||||
install -m 0644 man/man8/portzap.8 $(MANDIR)
|
||||
@find bin/ libexec/ share/ man/ -type d -exec install -v -d $(PREFIX)/"{}" \;
|
||||
@find bin/ libexec/ -type f -exec install -v -m 0755 "{}" $(PREFIX)/"{}" \;
|
||||
@find share/ man/ -type f -exec install -v -m 0644 "{}" $(PREFIX)/"{}" \;
|
||||
|
||||
deinstall:
|
||||
rm $(BINDIR)/portzap
|
||||
|
@ -22,7 +17,4 @@ deinstall:
|
|||
rm -rf $(SHAREDIR)
|
||||
|
||||
shellcheck:
|
||||
shellcheck bin/*
|
||||
shellcheck libexec/portzap/utils/*
|
||||
shellcheck libexec/portzap/commands/*
|
||||
shellcheck libexec/portzap/setup/*
|
||||
find bin/ libexec/ -type f -exec shellcheck "{}" \;
|
||||
|
|
|
@ -61,10 +61,15 @@ portzap is available
|
|||
|
||||
The most recent version of portzap can be installed via git:
|
||||
|
||||
# Clone
|
||||
user@localhost$ git clone https://git.hardenedbsd.org/0x1eef/portzap.git
|
||||
user@localhost$ cd portzap
|
||||
|
||||
# Install
|
||||
root@localhost# make install
|
||||
root@localhost# setup-portzap
|
||||
|
||||
# Add user to '_portzap' group
|
||||
root@localhost# pw groupmod -n _portzap -m <user>
|
||||
|
||||
## Requirements
|
||||
|
|
|
@ -13,10 +13,7 @@ revfile="${installdir}"/.portzap
|
|||
|
||||
##
|
||||
# functions
|
||||
printerr()
|
||||
{
|
||||
"${libexec}"/utils/printerr "$1"
|
||||
}
|
||||
. "${libexec}"/functions/print.sh
|
||||
|
||||
require_dependency()
|
||||
{
|
||||
|
|
|
@ -8,37 +8,23 @@ libexec="${localbase}"/libexec/portzap
|
|||
|
||||
##
|
||||
# functions
|
||||
printok()
|
||||
{
|
||||
"${libexec}"/utils/printok "$1"
|
||||
}
|
||||
|
||||
printerr()
|
||||
{
|
||||
"${libexec}"/utils/printerr "$1"
|
||||
}
|
||||
. "${libexec}"/functions/print.sh
|
||||
|
||||
##
|
||||
# main
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
if [ "$(id -u)" = "0" ]; then
|
||||
if id -u _portzap > /dev/null 2>&1; then
|
||||
printok "_portzap user exists"
|
||||
else
|
||||
pw useradd -n _portzap \
|
||||
-c "portzap user" \
|
||||
-m \
|
||||
-s /sbin/nologin
|
||||
chmod u=rwX,g=rX,o= /home/_portzap/
|
||||
printok "_portzap user created"
|
||||
fi
|
||||
"${libexec}"/setup/setup-doas
|
||||
else
|
||||
printerr "you must be root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if id -u _portzap > /dev/null 2>&1; then
|
||||
printok "_portzap user exists"
|
||||
else
|
||||
pw useradd -n _portzap \
|
||||
-c "portzap user" \
|
||||
-m \
|
||||
-s /sbin/nologin
|
||||
chmod u=rwX,g=rX,o= /home/_portzap/
|
||||
printok "_portzap user created"
|
||||
fi
|
||||
|
||||
"${libexec}"/setup/setup-doas
|
||||
"${libexec}"/setup/setup-cron
|
||||
echo
|
||||
echo "If you haven't already, add users to the _portzap group: "
|
||||
echo "root@$(hostname)# pw groupmod -n _portzap -m user1,user2"
|
||||
echo
|
||||
|
|
|
@ -5,23 +5,13 @@ set -e
|
|||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
git="${libexec}"/utils/git/run
|
||||
gitdir=$1
|
||||
branch=$2
|
||||
|
||||
##
|
||||
# functions
|
||||
gitexec()
|
||||
{
|
||||
"${libexec}"/utils/gitexec "${1}"
|
||||
}
|
||||
|
||||
printok() {
|
||||
"${libexec}"/utils/printok "${1}"
|
||||
}
|
||||
|
||||
printerr() {
|
||||
"${libexec}"/utils/printerr "${1}"
|
||||
}
|
||||
. "${libexec}"/functions/print.sh
|
||||
|
||||
##
|
||||
# main
|
||||
|
@ -40,10 +30,8 @@ if [ ! -e "${gitdir}/.git" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
set -x
|
||||
cd "${gitdir}"
|
||||
gitexec "fetch origin"
|
||||
gitexec "checkout ${branch}" ||
|
||||
gitexec "checkout -t origin/${branch}"
|
||||
set +x
|
||||
"${git}" fetch origin
|
||||
"${git}" checkout "${branch}" ||
|
||||
"${git}" checkout -t origin/"${branch}"
|
||||
printok "${branch} checked out"
|
||||
|
|
|
@ -5,24 +5,14 @@ set -e
|
|||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
git="${libexec}"/utils/git/run
|
||||
giturl=$1
|
||||
gitdir=$2
|
||||
branch=$3
|
||||
|
||||
##
|
||||
# functions
|
||||
gitexec()
|
||||
{
|
||||
"${libexec}"/utils/gitexec "${1}"
|
||||
}
|
||||
|
||||
printok() {
|
||||
"${libexec}"/utils/printok "${1}"
|
||||
}
|
||||
|
||||
printerr() {
|
||||
"${libexec}"/utils/printerr "${1}"
|
||||
}
|
||||
. "${libexec}"/functions/print.sh
|
||||
|
||||
##
|
||||
# main
|
||||
|
@ -41,11 +31,8 @@ if [ -e "${gitdir}/.git" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
set -x
|
||||
gitexec "clone ${giturl} ${gitdir}"
|
||||
"${git}" clone "${giturl}" "${gitdir}"
|
||||
cd "${gitdir}"
|
||||
gitexec "config core.filemode off"
|
||||
set +x
|
||||
set +e
|
||||
gitexec "checkout -t origin/${branch} > /dev/null 2>&1"
|
||||
"${git}" config core.filemode off
|
||||
"${git}" checkout -t origin/"${branch}"
|
||||
printok "clone complete"
|
||||
|
|
|
@ -6,17 +6,20 @@ set -e
|
|||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
mode=u=rwX,g=rX,o=
|
||||
git="${libexec}"/utils/git/run
|
||||
gitdir=$1
|
||||
installdir=$2
|
||||
revfile=$3
|
||||
|
||||
##
|
||||
# functions
|
||||
. "${libexec}"/functions/print.sh
|
||||
|
||||
perform_update()
|
||||
{
|
||||
rev=$(cat "${revfile}")
|
||||
add=$("${libexec}"/utils/git-changed-files "${gitdir}" "${rev}")
|
||||
del=$("${libexec}"/utils/git-removed-files "${gitdir}" "${rev}")
|
||||
add=$("${libexec}"/utils/git/get-changed-files "${gitdir}" "${rev}")
|
||||
del=$("${libexec}"/utils/git/get-removed-files "${gitdir}" "${rev}")
|
||||
for file in ${del}; do
|
||||
target="${installdir}/${file}"
|
||||
parent=$(dirname "${target}")
|
||||
|
@ -49,8 +52,7 @@ perform_install()
|
|||
! -name ".hooks" \
|
||||
! -name ".arcconfig" \
|
||||
-exec cp -Rpv {} "${installdir}" \;
|
||||
set -x
|
||||
chown -R root "${installdir}"
|
||||
chown -Rv root "${installdir}"
|
||||
}
|
||||
|
||||
run_install()
|
||||
|
@ -58,14 +60,6 @@ run_install()
|
|||
install -o root -g _portzap -m "${mode}" -v "${@}"
|
||||
}
|
||||
|
||||
printok() {
|
||||
"${libexec}"/utils/printok "${1}"
|
||||
}
|
||||
|
||||
printerr() {
|
||||
"${libexec}"/utils/printerr "${1}"
|
||||
}
|
||||
|
||||
##
|
||||
# main
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
|
@ -73,10 +67,8 @@ if [ "$(id -u)" != "0" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
set -x
|
||||
umask ${mode}
|
||||
umask "${mode}"
|
||||
cd "${gitdir}"
|
||||
set +x
|
||||
run_install "-d" "${installdir}"
|
||||
chmod ${mode} "${installdir}"
|
||||
if [ -e "${revfile}" ]; then
|
||||
|
@ -84,6 +76,5 @@ if [ -e "${revfile}" ]; then
|
|||
else
|
||||
perform_install
|
||||
fi
|
||||
"${libexec}"/utils/git-rev "${gitdir}" > "${revfile}"
|
||||
set +x
|
||||
"${git}" rev-parse HEAD > "${revfile}"
|
||||
printok "install complete"
|
||||
|
|
|
@ -5,22 +5,12 @@ set -e
|
|||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
git="${libexec}"/utils/git/run
|
||||
gitdir=$1
|
||||
|
||||
##
|
||||
# functions
|
||||
gitexec()
|
||||
{
|
||||
"${libexec}"/utils/gitexec "${1}"
|
||||
}
|
||||
|
||||
printok() {
|
||||
"${libexec}"/utils/printok "${1}"
|
||||
}
|
||||
|
||||
printerr() {
|
||||
"${libexec}"/utils/printerr "${1}"
|
||||
}
|
||||
. "${libexec}"/functions/print.sh
|
||||
|
||||
##
|
||||
# main
|
||||
|
@ -39,9 +29,7 @@ if [ ! -e "${gitdir}/.git" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
set -x
|
||||
cd "${gitdir}"
|
||||
branch=$(gitexec "branch --show-current")
|
||||
gitexec "pull --rebase origin ${branch}"
|
||||
set +x
|
||||
branch=$("${git}" branch --show-current)
|
||||
"${git}" pull --rebase origin "${branch}"
|
||||
printok "pull complete"
|
||||
|
|
|
@ -10,6 +10,8 @@ installdir=$2
|
|||
|
||||
##
|
||||
# functions
|
||||
. "${libexec}"/functions/print.sh
|
||||
|
||||
erase()
|
||||
{
|
||||
dir="${1}"
|
||||
|
@ -24,10 +26,6 @@ erase()
|
|||
echo
|
||||
}
|
||||
|
||||
printerr() {
|
||||
"${libexec}"/utils/printerr "${1}"
|
||||
}
|
||||
|
||||
##
|
||||
# main
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
|
|
11
libexec/portzap/functions/print.sh
Normal file
11
libexec/portzap/functions/print.sh
Normal file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
printok()
|
||||
{
|
||||
printf "ok: %s\n" "${1}" > /dev/stdout
|
||||
}
|
||||
|
||||
printerr()
|
||||
{
|
||||
printf "error: %s\n" "${1}" > /dev/stderr
|
||||
}
|
|
@ -1,84 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
user="_portzap"
|
||||
localbase=$(realpath "$(dirname "$0")"/../../..)
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
sharedir="${localbase}"/share/portzap
|
||||
|
||||
##
|
||||
# functions
|
||||
printok()
|
||||
{
|
||||
"${libexec}"/utils/printok "$1"
|
||||
}
|
||||
|
||||
printerr()
|
||||
{
|
||||
"${libexec}"/utils/printerr "$1"
|
||||
}
|
||||
|
||||
verify_allowfile()
|
||||
{
|
||||
allowfile="/var/cron/allow"
|
||||
if [ -e "${allowfile}" ]; then
|
||||
if grep -Eqe "^${user}$" "${allowfile}"; then
|
||||
printok "${user} found in ${allowfile}"
|
||||
else
|
||||
printerr "add ${user} to ${allowfile} in order to proceed"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
printok "${allowfile} not found"
|
||||
fi
|
||||
}
|
||||
|
||||
verify_denyfile()
|
||||
{
|
||||
denyfile="/var/cron/deny"
|
||||
if [ -e "${denyfile}" ]; then
|
||||
if grep -Eqe "^${user}$" "${denyfile}"; then
|
||||
printerr "remove ${user} from ${denyfile} in order to proceed"
|
||||
exit 1
|
||||
else
|
||||
printok "${user} not found in ${denyfile}"
|
||||
fi
|
||||
else
|
||||
printok "${denyfile} not found"
|
||||
fi
|
||||
}
|
||||
|
||||
install_crontab()
|
||||
{
|
||||
src="${sharedir}/crontab"
|
||||
dest="/var/cron/tabs/${user}"
|
||||
if [ -e "${dest}" ]; then
|
||||
yes | crontab -u "${user}" -r
|
||||
printok "crontab removed (${dest})"
|
||||
fi
|
||||
crontab -u "${user}" "${src}"
|
||||
chmod u=rw,g=,o= "${dest}"
|
||||
printok "crontab installed (${dest})"
|
||||
}
|
||||
|
||||
##
|
||||
# main
|
||||
echo -n "configure portzap to run via cron(8) ? yes or no: "
|
||||
while read -r r; do
|
||||
case "${r}" in
|
||||
yes|YES)
|
||||
verify_allowfile
|
||||
verify_denyfile
|
||||
install_crontab
|
||||
break
|
||||
;;
|
||||
no|NO)
|
||||
break
|
||||
;;
|
||||
*)
|
||||
echo -n "yes or no: "
|
||||
;;
|
||||
esac
|
||||
done
|
|
@ -9,25 +9,17 @@ sharedir="${localbase}/share/portzap"
|
|||
|
||||
##
|
||||
# functions
|
||||
printok()
|
||||
{
|
||||
"${libexec}"/utils/printok "$1"
|
||||
}
|
||||
|
||||
printerr()
|
||||
{
|
||||
"${libexec}"/utils/printerr "$1"
|
||||
}
|
||||
. "${libexec}"/functions/print.sh
|
||||
|
||||
install_doasconf()
|
||||
{
|
||||
src="${sharedir}/doas.conf"
|
||||
dest="${localbase}/etc/doas.conf"
|
||||
if grep -Fq "$(cat "${src}")" "${dest}"; then
|
||||
printok "doas.conf looks up to date"
|
||||
printok "doas.conf is up to date"
|
||||
else
|
||||
cat "${src}" >> "${dest}"
|
||||
printok "${dest} has been updated"
|
||||
printok "${dest} updated"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
gitdir=$1
|
||||
commit=$2
|
||||
|
||||
##
|
||||
# functions
|
||||
diff()
|
||||
{
|
||||
"${libexec}"/utils/gitdiff ${@}
|
||||
}
|
||||
|
||||
##
|
||||
# main
|
||||
cd "${gitdir}"
|
||||
diff "--name-only" "--diff-filter=A" "${commit}" "HEAD"
|
||||
diff "--name-only" "--diff-filter=M" "${commit}" "HEAD"
|
|
@ -1,21 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
gitdir=$1
|
||||
commit=$2
|
||||
|
||||
##
|
||||
# functions
|
||||
diff()
|
||||
{
|
||||
"${libexec}"/utils/gitdiff ${@}
|
||||
}
|
||||
|
||||
##
|
||||
# main
|
||||
cd "${gitdir}"
|
||||
diff "--name-only" "--diff-filter=D" "${commit}" "HEAD"
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
gitdir=$1
|
||||
|
||||
##
|
||||
# functions
|
||||
gitexec()
|
||||
{
|
||||
"${libexec}"/utils/gitexec "${1}"
|
||||
}
|
||||
|
||||
##
|
||||
# main
|
||||
cd "${gitdir}"
|
||||
gitexec "rev-parse HEAD"
|
16
libexec/portzap/utils/git/get-changed-files
Normal file
16
libexec/portzap/utils/git/get-changed-files
Normal file
|
@ -0,0 +1,16 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
git="${libexec}"/utils/git/run
|
||||
gitdir=$1
|
||||
commit=$2
|
||||
|
||||
##
|
||||
# main
|
||||
cd "${gitdir}"
|
||||
"${git}" diff -l0 --name-only --diff-filter=A "${commit}" "HEAD"
|
||||
"${git}" diff -l0 --name-only --diff-filter=M "${commit}" "HEAD"
|
15
libexec/portzap/utils/git/get-removed-files
Normal file
15
libexec/portzap/utils/git/get-removed-files
Normal file
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
git="${libexec}"/utils/git/run
|
||||
gitdir=$1
|
||||
commit=$2
|
||||
|
||||
##
|
||||
# main
|
||||
cd "${gitdir}"
|
||||
"${git}" diff -l0 --name-only --diff-filter=D "${commit}" "HEAD"
|
|
@ -10,4 +10,4 @@ mode=u=rwX,g=rX,o=
|
|||
# main
|
||||
doas -n \
|
||||
-u _portzap \
|
||||
/bin/sh -c "umask ${mode}; ${git} ${1}"
|
||||
/bin/sh -c "umask ${mode}; ${git} ${*}"
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
|
||||
libexec="${localbase}"/libexec/portzap
|
||||
|
||||
##
|
||||
# main
|
||||
"${libexec}"/utils/gitexec diff -l0 ${@}
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
err="${1}"
|
||||
|
||||
##
|
||||
# main
|
||||
printf "error: %s\n" "${err}" > /dev/stderr
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
##
|
||||
# variables
|
||||
msg="${1}"
|
||||
|
||||
##
|
||||
# main
|
||||
printf "ok: %s\n" "${msg}" > /dev/stdout
|
16
share/portzap/RELNOTES
Normal file
16
share/portzap/RELNOTES
Normal file
|
@ -0,0 +1,16 @@
|
|||
v?.?.?
|
||||
|
||||
| Set "diff.renameLimit" to unlimited
|
||||
After this change, sourcezap forwards "-l0" to "git diff"
|
||||
|
||||
| Replace utils/gitexec with utils/git/run
|
||||
After this change, we talk to git via utils/git/run
|
||||
|
||||
| Add utils/git
|
||||
A dedicated directory for git-related scripts
|
||||
|
||||
| Remove "set -x"
|
||||
After this change, portzap emits less output
|
||||
|
||||
| Remove scripts
|
||||
Remove "utils/printok", "utils/printerr", and "utils/git-rev"
|
|
@ -1 +0,0 @@
|
|||
0 0 * * * /usr/local/bin/portzap pull
|
Loading…
Reference in a new issue