Date: Wed, 13 Feb 2013 03:00:12 +0000 (UTC) From: Mark Linimon <linimon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r246735 - projects/portbuild/admin/tools Message-ID: <201302130300.r1D30CIR090261@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: linimon (doc,ports committer) Date: Wed Feb 13 03:00:12 2013 New Revision: 246735 URL: http://svnweb.freebsd.org/changeset/base/246735 Log: newmkportbuild replaces mkportbuild. Replaced: projects/portbuild/admin/tools/mkportbuild - copied unchanged from r246731, projects/portbuild/admin/tools/newmkportbuild Deleted: projects/portbuild/admin/tools/newmkportbuild Copied: projects/portbuild/admin/tools/mkportbuild (from r246731, projects/portbuild/admin/tools/newmkportbuild) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/portbuild/admin/tools/mkportbuild Wed Feb 13 03:00:12 2013 (r246735, copy of r246731, projects/portbuild/admin/tools/newmkportbuild) @@ -0,0 +1,217 @@ +#!/bin/sh +# +# server-side script to setup the portbuild ZFS volume, delegate its +# administration, and check out the repository. Must be run as root. +# +# Designed to be run before anything else. +# + +DEFAULT_PORTBUILD_USER="portbuild" +DEFAULT_SRCBUILD_USER="srcbuild" +DEFAULT_VCS_CHECKOUT_COMMAND="svn checkout" +DEFAULT_VCS_REPOSITORY="svn://svn.FreeBSD.org" +DEFAULT_ZFS_VOLUME="a" +DEFAULT_ZFS_PERMISSIONSET="clone,create,destroy,mount,promote,rename,rollback,send,share,snapshot" +DEFAULT_ZFS_PERMISSIONSET_SNAPS="clone,snapshot" +SNAP_DIRECTORY=snap + +# define ownership of subdirectories of DEFAULT_ZFS_VOLUME/ +SRCBUILD_OWNED_SUBDIRS="pxeroot ${SNAP_DIRECTORY} worlddir" +PORTBUILD_OWNED_SUBDIRS="portbuild" + +# define ownership of subdirectories of DEFAULT_ZFS_VOLUME/portbuild/ +SRCBUILD_OWNED_VCS_SUBDIRS="admin docs" +PORTBUILD_OWNED_VCS_SUBDIRS="conf errorlogs qmanager scripts sources tools" +PORTBUILD_OWNED_CONVENIENCE_SUBDIRS="lockfiles log" + +if [ `id -u` != 0 ]; then + echo "$0 must be run as root." + exit 1 +fi + +if [ -z "${PORTBUILD_USER}" ]; then + echo "You must export PORTBUILD_USER, for example, export PORTBUILD_USER=${DEFAULT_PORTBUILD_USER}." + exit 1 +fi +if [ ! `id -u ${PORTBUILD_USER} 2> /dev/null` ]; then + echo "User ${PORTBUILD_USER} must exist." + exit 1 +fi +if [ -z "${SRCBUILD_USER}" ]; then + echo "You must export SRCBUILD_USER, for example, export SRCBUILD_USER=${DEFAULT_SRCBUILD_USER}." + exit 1 +fi +if [ ! `id -u ${SRCBUILD_USER} 2> /dev/null` ]; then + echo "User ${SRCBUILD_USER} must exist." + exit 1 +fi + +if [ -z "${VCS_CHECKOUT_COMMAND}" ]; then + VCS_CHECKOUT_COMMAND="${DEFAULT_VCS_CHECKOUT_COMMAND}" +fi +if [ -z "${VCS_PORTBUILD_REPOSITORY}" ]; then + echo "You have not set VCS_PORTBUILD_REPOSITORY. I will try to set it from VCS_REPOSITORY." + if [ -z "${VCS_REPOSITORY}" ]; then + echo "You have not set VCS_REPOSITORY. I will use the default: ${DEFAULT_VCS_REPOSITORY}." + VCS_REPOSITORY=${DEFAULT_VCS_REPOSITORY} + fi + VCS_PORTBUILD_REPOSITORY="${VCS_REPOSITORY}/base/projects/portbuild" +fi + +if [ -z "${ZFS_VOLUME}" ]; then + echo "You must export ZFS_VOLUME, for example, export ZFS_VOLUME=${DEFAULT_ZFS_VOLUME}." + exit 1 +fi +ZFS_MOUNTPOINT="/${ZFS_VOLUME}" + +if [ -z "${ZFS_PERMISSIONSET}" ]; then + echo "You have not set ZFS_PERMISSIONSET. I will use the default: ${DEFAULT_ZFS_PERMISSIONSET}." + ZFS_PERMISSIONSET="${DEFAULT_ZFS_PERMISSIONSET}" +fi +if [ -z "${ZFS_PERMISSIONSET_SNAPS}" ]; then + echo "You have not set ZFS_PERMISSIONSET_SNAPS. I will use the default: ${DEFAULT_ZFS_PERMISSIONSET_SNAPS}." + ZFS_PERMISSIONSET_SNAPS="${DEFAULT_ZFS_PERMISSIONSET_SNAPS}" +fi + +# sprinkle magic fairy dust to help delegate zfs permissions +sysctl vfs.usermount=1 +sysctl vfs.zfs.super_owner=1 + +name=`zfs list -H -t filesystem -o name ${ZFS_VOLUME}` +if [ -z "${name}" ]; then + echo "ZFS volume ${ZFS_VOLUME} does not exist. You must create it first." + exit 1 +fi + +mounted=`zfs list -H -t filesystem -o mounted ${ZFS_VOLUME}` +if [ ! -z "${mounted}" -a "${mounted}" != "no" ]; then + echo "ZFS volume ${ZFS_VOLUME} is mounted. I'll unmount it for you then remount it later." + zfs umount ${ZFS_VOLUME} 2> /dev/null +fi + +# create subdirectories for portbuild-managed files. All other ZFS_VOLUME +# subdirectories are managed by srcbuild. +for subdir in ${PORTBUILD_OWNED_SUBDIRS}; do + name=`zfs list -H -t filesystem -o name ${ZFS_VOLUME}/${subdir}` + if [ -z "${name}" ]; then + echo "ZFS volume ${ZFS_VOLUME}/${subdir} does not exist. I'll create it for you." + zfs create ${ZFS_VOLUME}/${subdir} || exit 1 + fi +done + +# create subdirectories for srcbuild-managed files. +for subdir in ${SRCBUILD_OWNED_SUBDIRS}; do + name=`zfs list -H -t filesystem -o name ${ZFS_VOLUME}/${subdir}` + if [ -z "${name}" ]; then + echo "ZFS volume ${ZFS_VOLUME}/${subdir} does not exist. I'll create it for you." + zfs create ${ZFS_VOLUME}/${subdir} || exit 1 + fi +done + +# reset the "zfsalladmin" permission set if it already exists. +zfs unallow -s @zfsalladmin ${ZFS_VOLUME} 2> /dev/null +zfs unallow -u ${SRCBUILD_USER} ${ZFS_VOLUME} 2> /dev/null + +# reset the "zfsportbuildadmin" permission set if it already exists. +zfs unallow -s @zfsportbuildadmin ${ZFS_VOLUME} 2> /dev/null + +# reset the "zfssnapadmin" permission set if it already exists. +zfs unallow -s @zfssnapadmin ${ZFS_VOLUME} 2> /dev/null +zfs unallow -u ${PORTBUILD_USER} ${ZFS_VOLUME} 2> /dev/null + +# create the "zfsalladmin" permission set. +zfs allow -s @zfsalladmin ${ZFS_PERMISSIONSET} ${ZFS_VOLUME} || exit 1 + +# create the "zfsportbuildadmin" permission set. +zfs allow -s @zfsportbuildadmin ${ZFS_PERMISSIONSET} ${ZFS_VOLUME}/portbuild || exit 1 + +# create the "zfssnapadmin" permission set. +zfs allow -s @zfssnapadmin ${ZFS_PERMISSIONSET_SNAPS} ${ZFS_VOLUME}/${SNAP_DIRECTORY} || exit 1 + +# delegate the "zfsalladmin" permission set to the SRCBUILD_USER. +zfs allow -du ${SRCBUILD_USER} @zfsalladmin ${ZFS_VOLUME} || exit 1 +zfs allow -lu ${SRCBUILD_USER} @zfsalladmin ${ZFS_VOLUME} || exit 1 + +# after (possibly) modifying permissions, now it's permissable to remount. +mounted=`zfs list -H -t filesystem -o mounted ${ZFS_VOLUME}` +if [ -z "${mounted}" -o "${mounted}" = "no" ]; then + echo "ZFS volume ${ZFS_VOLUME} is not mounted. I'll remount it for you." + zfs mount ${ZFS_VOLUME} || exit 1 +fi +chown ${SRCBUILD_USER} ${ZFS_MOUNTPOINT} 2> /dev/null + +# delegate the "zfsportbuildadmin" permission set to the PORTBUILD_USER. +zfs allow -du ${PORTBUILD_USER} @zfsportbuildadmin ${ZFS_VOLUME}/portbuild || exit 1 + +# delegate the "zfssnapadmin" permission set to the PORTBUILD_USER. +zfs allow -du ${PORTBUILD_USER} @zfssnapadmin ${ZFS_VOLUME}/${SNAP_DIRECTORY} || exit 1 + +# (re)mount various subdirectories to be managed by portbuild. +for subdir in ${PORTBUILD_OWNED_SUBDIRS}; do + mounted=`zfs list -H -t filesystem -o mounted ${ZFS_VOLUME}/${subdir}` + if [ -z "${mounted}" -o "${mounted}" = "no" ]; then + echo "ZFS volume ${ZFS_VOLUME}/${subdir} is not mounted. I'll (re)mount it for you." + zfs mount ${ZFS_VOLUME}/${subdir} || exit 1 + fi + chown ${PORTBUILD_USER} ${ZFS_MOUNTPOINT}/${subdir} 2> /dev/null +done + +# (re)mount various subdirectories to be managed by srcbuild. +for subdir in ${SRCBUILD_OWNED_SUBDIRS}; do + mounted=`zfs list -H -t filesystem -o mounted ${ZFS_VOLUME}/${subdir}` + if [ -z "${mounted}" -o "${mounted}" = "no" ]; then + echo "ZFS volume ${ZFS_VOLUME}/${subdir} is not mounted. I'll (re)mount it for you." + zfs mount ${ZFS_VOLUME}/${subdir} || exit 1 + fi + chown ${SRCBUILD_USER} ${ZFS_MOUNTPOINT}/${subdir} 2> /dev/null +done + +echo "results of ZFS operations:" +zfs list ${ZFS_VOLUME} +zfs allow ${ZFS_VOLUME} + +# perform the repository magic to allow SRCBUILD_USER to edit everything, +# but PORTBUILD_USER to only edit files under its own responsibility. +chown ${SRCBUILD_USER}:${PORTBUILD_USER} ${ZFS_MOUNTPOINT}/portbuild +chmod 775 ${ZFS_MOUNTPOINT}/portbuild + +PORTBUILD_OWNED_VCS_SUBDIRS="conf errorlogs qmanager scripts sources tools" +SRCBUILD_OWNED_VCS_SUBDIRS="admin docs" + +for subdir in ${PORTBUILD_OWNED_VCS_SUBDIRS}; do + echo "checking out the ${subdir} repository as user ${PORTBUILD_USER} ..." + if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${subdir} ]; then + mkdir ${ZFS_MOUNTPOINT}/portbuild/${subdir} 2> /dev/null || exit 1 + fi + chown ${PORTBUILD_USER}:${PORTBUILD_USER} ${ZFS_MOUNTPOINT}/portbuild/${subdir} + chmod 755 ${ZFS_MOUNTPOINT}/portbuild/${subdir} + echo "su -m ${PORTBUILD_USER} -c \"svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_MOUNTPOINT}/portbuild/${subdir}\"" + su -m ${PORTBUILD_USER} -c "svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_MOUNTPOINT}/portbuild/${subdir}" +done + +for subdir in ${SRCBUILD_OWNED_VCS_SUBDIRS}; do + echo "checking out the ${subdir} repository as user ${SRCBUILD_USER} ..." + if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${subdir} ]; then + mkdir ${ZFS_MOUNTPOINT}/portbuild/${subdir} 2> /dev/null || exit 1 + fi + chown ${SRCBUILD_USER}:${SRCBUILD_USER} ${ZFS_MOUNTPOINT}/portbuild/${subdir} + chmod 755 ${ZFS_MOUNTPOINT}/portbuild/${subdir} + echo "su -m ${SRCBUILD_USER} -c \"svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_MOUNTPOINT}/portbuild/${subdir}\"" + su -m ${SRCBUILD_USER} -c "svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_MOUNTPOINT}/portbuild/${subdir}" +done + +echo "$0: you should now be able to edit files in the following directories:" +echo "$0: in ${ZFS_MOUNTPOINT}/portbuild/admin/conf as ${SRCBUILD_USER}, and" +echo "$0: in ${ZFS_MOUNTPOINT}/portbuild/conf as ${PORTBUILD_USER}." + +# create convenience directories for PORTBUILD_USER. failure is annoying +# but non-fatal. +PORTBUILD_OWNED_CONVENIENCE_SUBDIRS="lockfiles log" +for extra_dir in ${PORTBUILD_OWNED_CONVENIENCE_SUBDIRS}; do + if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} ]; then + su -m ${PORTBUILD_USER} -c "mkdir ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} 2> /dev/null" || exit 1 + fi + chgrp ${PORTBUILD_USER} ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} 2> /dev/null +done + +echo "$0: done."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302130300.r1D30CIR090261>