From owner-svn-src-projects@FreeBSD.ORG Sun Jan 27 07:09:30 2013 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 85E65749; Sun, 27 Jan 2013 07:09:30 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 775B12AC; Sun, 27 Jan 2013 07:09:30 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0R79Ufw032400; Sun, 27 Jan 2013 07:09:30 GMT (envelope-from linimon@svn.freebsd.org) Received: (from linimon@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0R79UqM032399; Sun, 27 Jan 2013 07:09:30 GMT (envelope-from linimon@svn.freebsd.org) Message-Id: <201301270709.r0R79UqM032399@svn.freebsd.org> From: Mark Linimon Date: Sun, 27 Jan 2013 07:09:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r245969 - projects/portbuild/admin/tools X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jan 2013 07:09:30 -0000 Author: linimon (doc,ports committer) Date: Sun Jan 27 07:09:29 2013 New Revision: 245969 URL: http://svnweb.freebsd.org/changeset/base/245969 Log: Moved from its former home in portbuild/tools/. This script now needs to not be modifiable by user portbuild, for security reasons. Added: projects/portbuild/admin/tools/mkportbuild - copied unchanged from r245968, projects/portbuild/tools/mkportbuild Copied: projects/portbuild/admin/tools/mkportbuild (from r245968, projects/portbuild/tools/mkportbuild) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/portbuild/admin/tools/mkportbuild Sun Jan 27 07:09:29 2013 (r245969, copy of r245968, projects/portbuild/tools/mkportbuild) @@ -0,0 +1,101 @@ +#!/bin/sh +# +# server-side script to setup the portbuild ZFS volume, delegate its +# administration, and check out the repository. Must be run as root. +# +# Designed to be run before anything else. +# + +DEFAULT_PORTBUILD_USER="portbuild" +DEFAULT_VCS_CHECKOUT_COMMAND="svn checkout" +DEFAULT_VCS_REPOSITORY="svn://svn.FreeBSD.org" +DEFAULT_ZFS_VOLUME="a" +DEFAULT_ZFS_PERMISSIONSET="clone,create,destroy,mount,promote,rename,rollback,send,share,snapshot" + +if [ `id -u` != 0 ]; then + echo "$0 must be run as root." + exit 1 +fi + +if [ -z "${PORTBUILD_USER}" ]; then + echo "You must export PORTBUILD_USER, for example, export PORTBUILD_USER=${DEFAULT_PORTBUILD_USER}." + exit 1 +fi +if [ -z "${VCS_CHECKOUT_COMMAND}" ]; then + VCS_CHECKOUT_COMMAND="${DEFAULT_VCS_CHECKOUT_COMMAND}" +fi +if [ -z "${VCS_PORTBUILD_REPOSITORY}" ]; then + echo "You have not set VCS_PORTBUILD_REPOSITORY. I will try to set it from VCS_REPOSITORY." + if [ -z "${VCS_REPOSITORY}" ]; then + echo "You have not set VCS_REPOSITORY. I will use the default, ${DEFAULT_VCS_REPOSITORY}." + VCS_REPOSITORY=${DEFAULT_VCS_REPOSITORY} + fi + VCS_PORTBUILD_REPOSITORY="${VCS_REPOSITORY}/base/projects/portbuild" +fi +if [ -z "${ZFS_VOLUME}" ]; then + echo "You must export ZFS_VOLUME, for example, export ZFS_VOLUME=${DEFAULT_ZFS_VOLUME}." + exit 1 +fi +ZFS_MOUNTPOINT="/${ZFS_VOLUME}" +if [ -z "${ZFS_PERMISSIONSET}" ]; then + echo "You have not set ZFS_PERMISSIONSET. I will use the default, ${DEFAULT_ZFS_PERMISSIONSET}." + ZFS_PERMISSIONSET="${DEFAULT_ZFS_PERMISSIONSET}" +fi + +# sprinkle magic fairy dust to help delegate zfs permissions +sysctl vfs.usermount=1 +sysctl vfs.zfs.super_owner=1 + +name=`zfs list -H -t filesystem -o name ${ZFS_VOLUME}` +if [ -z "${name}" ]; then + echo "ZFS volume ${ZFS_VOLUME} does not exist. You must create it first." + exit 1 +fi + +mountpoint=`zfs list -H -t filesystem -o mountpoint ${ZFS_VOLUME}` +if [ ! -z "${mountpoint}" ]; then + echo "ZFS volume ${ZFS_VOLUME} is mounted. I'll unmount it for you then remount it later." + zfs umount ${ZFS_VOLUME} || exit 1 +fi + +# reset the "zfsadmin" permission set if it already exists. +zfs unallow -s @zfsadmin ${ZFS_VOLUME} 2> /dev/null +zfs unallow -u ${PORTBUILD_USER} ${ZFS_VOLUME} 2> /dev/null + +# create the "zfsadmin" permission set. +zfs allow -s @zfsadmin ${ZFS_PERMISSIONSET} ${ZFS_VOLUME} || exit 1 + +# delegate the "zfsadmin" permission set to the PORTBUILD_USER. +zfs allow -du ${PORTBUILD_USER} @zfsadmin ${ZFS_VOLUME} || exit 1 +zfs allow -lu ${PORTBUILD_USER} @zfsadmin ${ZFS_VOLUME} || exit 1 + +echo "results of ZFS operations:" +zfs list ${ZFS_VOLUME} +zfs allow ${ZFS_VOLUME} + +chown ${PORTBUILD_USER}:${PORTBUILD_USER} ${ZFS_MOUNTPOINT} || exit 1 +mountpoint=`zfs list -H -t filesystem -o mountpoint ${ZFS_VOLUME}` +if [ -z "${mountpoint}" ]; then + echo "ZFS volume ${ZFS_VOLUME} is not mounted. I'll remount it for you." + su -m ${PORTBUILD_USER} -c "zfs mount ${ZFS_VOLUME}" || exit 1 +fi + +# create a place to hold the repository +if [ ! -d ${ZFS_MOUNTPOINT}/portbuild ]; then + su -m ${PORTBUILD_USER} -c "zfs create ${ZFS_VOLUME}/portbuild" || exit 1 +fi + +echo "checking out the repository ..." +su -m ${PORTBUILD_USER} -c "${VCS_CHECKOUT_COMMAND} ${VCS_PORTBUILD_REPOSITORY} ${ZFS_MOUNTPOINT}/portbuild" || exit 1 + +echo "$0: you should now be able to edit files in ${ZFS_MOUNTPOINT}/portbuild/conf." + +# create convenience directories. failure is annoying but non-fatal. +extra_dirs="lockfiles log" +for extra_dir in ${extra_dirs}; do + if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} ]; then + su -m ${PORTBUILD_USER} -c "mkdir ${ZFS_MOUNTPOINT}/portbuild/${extra_dir}" + fi +done + +echo "$0: done."