#!/bin/sh # A shell script that takes care of keeping up to date with # the HardenedBSD ports collection. ## # Configuration source_url="https://git.hardenedbsd.org/hardenedbsd/ports.git" portzap_dir="/home/_portzap/ports" ports_dir="/usr/ports/" libexec_dir=$(realpath $(dirname $0)/../libexec/portzap/) ## # Default masks init_mask=707 clone_mask=007 pull_mask=007 ## # Utils exit_on_missing_deps() { deps=$1 for dep in $deps; do which -s $dep if [ $? -ne 0 ]; then echo $dep is missing exit 1 fi done } has_portzap_access() { groups=$(id -Gn) in_group=1 for g in $groups; do if [ $g="_portzap" ]; then in_group=0 fi done return $in_group } user_is_not_root() { user_id=$(id -u) result=$(test $user_id -ne "0") return $result } ## # Commands help() { echo "Usage: portzap init|clone|pull|install" } init() { if user_is_not_root; then echo "The init command should be run as root." exit 1 fi; umask $init_mask pw userdel _portzap -r pw useradd _portzap -m -s /sbin/nologin } clone() { if has_portzap_access; then if [ -e "$portzap_dir/.git" ]; then echo "$portzap_dir has already been cloned." echo "Run 'portzap pull' instead." exit 1 fi umask $clone_mask git clone --depth 1 $source_url $portzap_dir else echo "Permission denied." fi } pull() { if has_portzap_access; then if [ -e "$portzap_dir/.git" ]; then umask $pull_mask cd $portzap_dir git pull --rebase origin hardenedbsd/main else echo "Run 'portzap clone' first." exit 1 fi else echo "Permission denied." exit 1 fi } install() { if user_is_not_root; then echo "The install command should be run as root." exit 1 fi cd $portzap_dir find -s . -maxdepth 1 -type d -exec $libexec_dir/install-directory $ports_dir $libexec_dir {} + } case $1 in "init") init break ;; "clone") exit_on_missing_deps "git" clone break ;; "pull") exit_on_missing_deps "git" pull break ;; "install") install break ;; *) help break ;; esac