Fix shellcheck errors

Co-authored-by: 0x1eef <0x1eef@protonmail.com>
Reviewed-on: http://git.bastion.home.network/0x1eef/sourcezap/pulls/5

README.md

@@ -8,15 +8,19 @@ can be installed into `/usr/src/` by root.
 
 ## CLI
 
-### CLI: setup-sourcezap
+### CLI: setup
 
-`setup-sourcezap` should be run after installing sourcezap for
-the first time. <br> There is no harm in running `setup-sourcezap`
+`sourcezap setup` should be run after installing sourcezap for
+the first time. <br> There is no harm in running `sourcezap setup`
 multiple times:
 
     # Add the '_sourcezap' user, group and home directory
     # This command requires root privileges
-    root@localhost# setup-sourcezap
+    root@localhost# sourcezap setup
+
+    # Reverse the changes made by 'sourcezap setup'
+    # This command requires root privileges
+    root@localhost# sourcezap teardown
 
 ### CLI: group
 
@@ -71,7 +75,7 @@ recent version of sourcezap can be installed via git:
 
     # Install
     root@localhost# make install
-    root@localhost# setup-sourcezap
+    root@localhost# sourcezap setup
 
     # Add user to '_sourcezap' group
     root@localhost# pw groupmod -n _sourcezap -m <user>

bin/sourcezap

@@ -42,6 +42,12 @@ while [ "${i}" -le "$#" ]; do
 done
 
 case $1 in
+    "setup")
+        "${libexec}"/commands/sourcezap-setup
+        ;;
+    "teardown")
+        "${libexec}"/commands/sourcezap-teardown
+        ;;
     "clone")
         require_dependency "git doas"
         "${libexec}"/commands/sourcezap-clone "${giturl}" "${gitdir}" "${defaultbranch}"
@@ -68,7 +74,11 @@ case $1 in
     *)
         printf "Usage: sourcezap COMMAND [OPTIONS]\n"
         printf "\n"
-        printf "Commands:\n"
+        printf "Setup\n"
+        printf "  setup       Setup sourcezap for the first time\n"
+        printf "  teardown    Reverse the changes made by 'sourcezap setup'\n"
+        printf "\n"
+        printf "General\n"
         printf "  clone       Clone the HardenedBSD source tree\n"
         printf "  pull        Pull source tree updates\n"
         printf "  checkout    Checkout a branch other than the default\n"

libexec/sourcezap/commands/sourcezap-setup

@@ -3,7 +3,7 @@ set -e
 
 ##
 # variables
-localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/..)}
+localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
 libexec="${localbase}"/libexec/sourcezap
 
 ##

libexec/sourcezap/commands/sourcezap-teardown

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+##
+# variables
+localbase=${LOCALBASE:-$(realpath "$(dirname "$0")"/../../..)}
+libexec="${localbase}"/libexec/sourcezap
+user=_sourcezap
+
+##
+# functions
+# shellcheck source=/dev/null
+. "${libexec}"/functions/print.sh
+
+##
+# main
+if [ "$(id -u)" = "0" ]; then
+    pw userdel  -n "${user}"  || true
+    pw groupdel -n "${user}"  || true
+    rm -rf /home/"${user:?}"/ || true
+    printok "done"
+else
+    printerr "you must be root"
+    exit 1
+fi

libexec/sourcezap/setup/setup-doas

@@ -16,9 +16,11 @@ sharedir="${localbase}"/share/sourcezap
 # main
 src="${sharedir}"/doas.conf
 dest="${localbase}"/etc/doas.conf
-if grep -Fq "$(cat "${src}")" "${dest}"; then
-    printok "doas.conf is up to date"
-else
-    cat "${src}" >> "${dest}"
-    printok "${dest} updated"
+while read -r line < "${src}"; do
+    if grep -q "${line}" "${dest}"; then
+        continue
     fi
+    cat "${src}" >> "${dest}"
+    printok "modified ${dest}"
+    break
+done

libexec/sourcezap/utils/issourcezap-member

@@ -5,5 +5,5 @@ set -e
 # main
 group="_sourcezap"
 mygroups=$(id -Gn | tr ' ' '\n')
-echo "${mygroups}" | grep -e "^${group}$" > /dev/null 2>&1
+echo "${mygroups}" | grep -qe "^${group}$"
 exit "${?}"

man/man8/sourcezap.8

@@ -6,6 +6,8 @@
 .Nd manages a copy of the HardenedBSD source tree
 .Sh SYNOPSIS
 .br
+.Nm sourcezap setup
+.Nm sourcezap teardown
 .Nm sourcezap clone
 .Nm sourcezap pull
 .Nm sourcezap checkout
@@ -17,7 +19,22 @@ manages a copy of the HardenedBSD source tree.
 The copy of the source tree is maintained by members of
 the '_sourcezap' group, and a copy of the source tree
 can be installed into /usr/src/ by root.
-.Sh EXAMPLES
+.Sh SETUP
+.sp
+.sp
+.Nm sourcezap setup
+.br
+Setup sourcezap for the first time
+.br
+This command requires root privileges
+.Pp
+.Nm sourcezap teardown
+.br
+Reverse the changes made by 'sourcezap setup'
+.br
+This command requires root privileges
+.Pp
+.Sh GENERAL
 .sp
 .sp
 .Nm sourcezap clone

share/sourcezap/CHANGELOG

@@ -1,5 +1,11 @@
 * vNEXT
 
+** Add 'setup/setup-doas' improvements
+More likely to do what's expected, but blind spots still exist
+
+** Add 'sourcezap setup', 'sourcezap teardown'
+Replaces and enhances 'setup-sourcezap'
+
 ** Add libexec/sourcezap/commands/sourcezap-sh
 Runs /bin/sh within /home/_sourcezap/src/ as the '_sourcezap' user