Add 'sourcezap sh'
Some checks failed
sourcezap / shellcheck (push) Has been cancelled

This commit is contained in:
0x1eef 2024-08-07 03:45:25 -03:00
parent 8ac2237576
commit 1aa19782c1
5 changed files with 88 additions and 34 deletions

View file

@ -6,42 +6,49 @@ The copy of the source tree is maintained by members of
the `_sourcezap` group, and a copy of the source tree the `_sourcezap` group, and a copy of the source tree
can be installed into `/usr/src/` by root. can be installed into `/usr/src/` by root.
## Examples ## CLI
#### CLI: setup-sourcezap ### CLI: setup-sourcezap
`setup-sourcezap` should be run after installing `setup-sourcezap` should be run after installing sourcezap for
sourcezap for the first time. <br> There is no harm in the first time. <br> There is no harm in running `setup-sourcezap`
running `setup-sourcezap` multiple times: multiple times:
# Add the '_sourcezap' user, group and home directory # Add the '_sourcezap' user, group and home directory
# This command requires root privileges # This command requires root privileges
root@localhost# setup-sourcezap root@localhost# setup-sourcezap
#### CLI: sourcezap ### CLI: group
# Clone the HardenedBSD source tree into /home/_sourcezap/src/ The following commands are delegated to the `_sourcezap` user and
# This command is delegated to the '_sourcezap' user restricted to members of the `_sourcezap` group. The restrictions
user@localhost$ sourcezap clone are enforced by sourcezap and to a lesser extent by
[doas(1)](https://man.openbsd.org/doas):
# Pull updates into /home/_sourcezap/src/ * **sourcezap clone** <br>
# This command is delegated to the '_sourcezap' user Clone the HardenedBSD ports tree into `/home/_sourcezap/src/` <br>
user@localhost$ sourcezap pull
# Checkout a branch other than the default: hardened/14-stable/master * **sourcezap pull** <br>
# This command is delegated to the '_sourcezap' user Pull updates into `/home/_sourcezap/src/` <br>
user@localhost$ sourcezap checkout hardened/13-stable/master
# Install /home/_sourcezap/src/ into /usr/src/ * **sourcezap checkout** <br>
# This command requires root privileges Checkout a branch other than the default: `hardened/14-stable/master` <br>
root@localhost# sourcezap install
# Remove the contents of /usr/src/ and /home/_sourcezap/src/ * **sourcezap sh** <br>
# This command requires root privileges Run `/bin/sh` within `/home/_sourcezap/src/` <br>
root@localhost# sourcezap rm
### CLI: superuser
#### Environment The following commands are restricted to root. <br>
The restrictions are enforced by sourcezap:
* **sourcezap rm** <br>
Remove the contents of `/usr/src/` and `/home/_sourcezap/src/` <br>
* **sourcezap install** <br>
Install `/home/_sourcezap/src/` into `/usr/src/` <br>
## Environment
* __$SOURCEZAP\_CLONEURL__ <br> * __$SOURCEZAP\_CLONEURL__ <br>
The URL of a git repository <br> The URL of a git repository <br>
@ -53,15 +60,10 @@ running `setup-sourcezap` multiple times:
## Install ## Install
#### Package
sourcezap is available sourcezap is available
[from the HardenedBSD ports tree](https://git.HardenedBSD.org/HardenedBSD/ports/-/tree/HardenedBSD/main/hardenedbsd/sourcezap). <br> [from the HardenedBSD ports tree](https://git.HardenedBSD.org/HardenedBSD/ports/-/tree/HardenedBSD/main/hardenedbsd/sourcezap).
`pkg install sourcezap` should work too but expect slower updates. `pkg install sourcezap` should work too but expect slower updates. The most
recent version of sourcezap can be installed via git:
#### Git
The most recent version of sourcezap can be installed via git:
# Clone # Clone
user@localhost$ git clone https://git.hardenedbsd.org/0x1eef/sourcezap.git user@localhost$ git clone https://git.hardenedbsd.org/0x1eef/sourcezap.git

View file

@ -54,6 +54,10 @@ case $1 in
require_dependency "git doas" require_dependency "git doas"
"${libexec}"/commands/sourcezap-checkout "${gitdir}" "${2}" "${libexec}"/commands/sourcezap-checkout "${gitdir}" "${2}"
;; ;;
"sh")
require_dependency "doas"
"${libexec}"/commands/sourcezap-sh "${gitdir}"
;;
"rm") "rm")
"${libexec}"/commands/sourcezap-rm "${gitdir}" "${installdir}" "${libexec}"/commands/sourcezap-rm "${gitdir}" "${installdir}"
;; ;;
@ -68,7 +72,8 @@ case $1 in
printf " clone Clone the HardenedBSD source tree\n" printf " clone Clone the HardenedBSD source tree\n"
printf " pull Pull source tree updates\n" printf " pull Pull source tree updates\n"
printf " checkout Checkout a branch other than the default\n" printf " checkout Checkout a branch other than the default\n"
printf " install Install the source tree into /usr/src/\n" printf " sh Run /bin/sh within /home/_sourcezap/src/\n"
printf " rm Remove /usr/src/ and /home/_sourcezap/src/\n" printf " rm Remove /usr/src/ and /home/_sourcezap/src/\n"
printf " install Install the source tree into /usr/src/\n"
;; ;;
esac esac

View file

@ -0,0 +1,35 @@
#!/bin/sh
set -e
##
# variables
localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
libexec="${localbase}"/libexec/sourcezap
user=_sourcezap
gitdir="${1}"
##
# functions
# shellcheck source=/dev/null
. "${libexec}"/functions/print.sh
##
# main
if [ "$(id -u)" = "0" ]; then
printerr "you must be a user other than root"
exit 1
fi
if [ ! -e "${gitdir}" ]; then
printerr "try 'sourcezap clone' instead"
exit 1
fi
if ! "${libexec}"/utils/issourcezap-member; then
printerr "$(id -un) is not a member of _sourcezap"
fi
cd "${gitdir}"
doas -n \
-u "${user}" \
/bin/sh

View file

@ -38,17 +38,24 @@ Checkout a branch other than the default: hardened/14-stable/master
.br .br
This command is delegated to the '_sourcezap' user This command is delegated to the '_sourcezap' user
.Pp .Pp
.Nm sourcezap install .Nm sourcezap sh
.br .br
Install /home/_sourcezap/src/ into /usr/src/ Run /bin/sh within /home/_sourcezap/src/
.br .br
This command requires root privileges This command is delegated to the '_sourcezap' user and
limited to members of the '_sourcezap' group
.Pp .Pp
.Nm sourcezap rm .Nm sourcezap rm
.br .br
Remove the contents of /usr/src/ and /home/_sourcezap/src/ Remove the contents of /usr/src/ and /home/_sourcezap/src/
.br .br
This command requires root privileges This command requires root privileges
.Pp
.Nm sourcezap install
.br
Install /home/_sourcezap/src/ into /usr/src/
.br
This command requires root privileges
.br .br
.Sh ENVIRONMENT .Sh ENVIRONMENT
.sp .sp

View file

@ -1,3 +1,8 @@
* vNEXT
** Add libexec/sourcezap/commands/sourcezap-sh
Runs /bin/sh within /home/_sourcezap/ports as the '_sourcezap' user
* v1.0.0 * v1.0.0
** Add libexec/sourcezap/setup/setup-user ** Add libexec/sourcezap/setup/setup-user