svn commit: r245969 - projects/portbuild/admin/tools

Mark Linimon linimon at FreeBSD.org
Sun Jan 27 07:09:30 UTC 2013 

Author: linimon (doc,ports committer)
Date: Sun Jan 27 07:09:29 2013
New Revision: 245969
URL: http://svnweb.freebsd.org/changeset/base/245969

Log:
  Moved from its former home in portbuild/tools/.  This script now needs
  to not be modifiable by user portbuild, for security reasons.

Added:
  projects/portbuild/admin/tools/mkportbuild
     - copied unchanged from r245968, projects/portbuild/tools/mkportbuild

Copied: projects/portbuild/admin/tools/mkportbuild (from r245968, projects/portbuild/tools/mkportbuild)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ projects/portbuild/admin/tools/mkportbuild	Sun Jan 27 07:09:29 2013	(r245969, copy of r245968, projects/portbuild/tools/mkportbuild)
@@ -0,0 +1,101 @@
+#!/bin/sh
+#
+# server-side script to setup the portbuild ZFS volume, delegate its
+#    administration, and check out the repository.  Must be run as root.
+#
+# Designed to be run before anything else.
+#
+
+DEFAULT_PORTBUILD_USER="portbuild"
+DEFAULT_VCS_CHECKOUT_COMMAND="svn checkout"
+DEFAULT_VCS_REPOSITORY="svn://svn.FreeBSD.org"
+DEFAULT_ZFS_VOLUME="a"
+DEFAULT_ZFS_PERMISSIONSET="clone,create,destroy,mount,promote,rename,rollback,send,share,snapshot"
+
+if [ `id -u` != 0 ]; then
+  echo "$0 must be run as root."
+  exit 1
+fi
+
+if [ -z "${PORTBUILD_USER}" ]; then
+  echo "You must export PORTBUILD_USER, for example, export PORTBUILD_USER=${DEFAULT_PORTBUILD_USER}."
+  exit 1
+fi
+if [ -z "${VCS_CHECKOUT_COMMAND}" ]; then
+  VCS_CHECKOUT_COMMAND="${DEFAULT_VCS_CHECKOUT_COMMAND}"
+fi
+if [ -z "${VCS_PORTBUILD_REPOSITORY}" ]; then
+  echo "You have not set VCS_PORTBUILD_REPOSITORY.  I will try to set it from VCS_REPOSITORY."
+  if [ -z "${VCS_REPOSITORY}" ]; then
+    echo "You have not set VCS_REPOSITORY.  I will use the default, ${DEFAULT_VCS_REPOSITORY}."
+    VCS_REPOSITORY=${DEFAULT_VCS_REPOSITORY}
+  fi
+  VCS_PORTBUILD_REPOSITORY="${VCS_REPOSITORY}/base/projects/portbuild"
+fi
+if [ -z "${ZFS_VOLUME}" ]; then
+  echo "You must export ZFS_VOLUME, for example, export ZFS_VOLUME=${DEFAULT_ZFS_VOLUME}."
+  exit 1
+fi
+ZFS_MOUNTPOINT="/${ZFS_VOLUME}"
+if [ -z "${ZFS_PERMISSIONSET}" ]; then
+  echo "You have not set ZFS_PERMISSIONSET.  I will use the default, ${DEFAULT_ZFS_PERMISSIONSET}."
+  ZFS_PERMISSIONSET="${DEFAULT_ZFS_PERMISSIONSET}"
+fi
+
+# sprinkle magic fairy dust to help delegate zfs permissions
+sysctl vfs.usermount=1
+sysctl vfs.zfs.super_owner=1
+
+name=`zfs list -H -t filesystem -o name ${ZFS_VOLUME}`
+if [ -z "${name}" ]; then
+  echo "ZFS volume ${ZFS_VOLUME} does not exist.  You must create it first."
+  exit 1
+fi
+
+mountpoint=`zfs list -H -t filesystem -o mountpoint ${ZFS_VOLUME}`
+if [ ! -z "${mountpoint}" ]; then
+  echo "ZFS volume ${ZFS_VOLUME} is mounted.  I'll unmount it for you then remount it later."
+  zfs umount ${ZFS_VOLUME} || exit 1
+fi
+
+# reset the "zfsadmin" permission set if it already exists. 
+zfs unallow -s @zfsadmin ${ZFS_VOLUME} 2> /dev/null   
+zfs unallow -u ${PORTBUILD_USER} ${ZFS_VOLUME} 2> /dev/null
+
+# create the "zfsadmin" permission set.
+zfs allow -s @zfsadmin ${ZFS_PERMISSIONSET} ${ZFS_VOLUME} || exit 1
+
+# delegate the "zfsadmin" permission set to the PORTBUILD_USER. 
+zfs allow -du ${PORTBUILD_USER} @zfsadmin ${ZFS_VOLUME} || exit 1
+zfs allow -lu ${PORTBUILD_USER} @zfsadmin ${ZFS_VOLUME} || exit 1
+
+echo "results of ZFS operations:"
+zfs list ${ZFS_VOLUME}
+zfs allow ${ZFS_VOLUME}
+
+chown ${PORTBUILD_USER}:${PORTBUILD_USER} ${ZFS_MOUNTPOINT} || exit 1
+mountpoint=`zfs list -H -t filesystem -o mountpoint ${ZFS_VOLUME}`
+if [ -z "${mountpoint}" ]; then
+  echo "ZFS volume ${ZFS_VOLUME} is not mounted.  I'll remount it for you."
+  su -m ${PORTBUILD_USER} -c "zfs mount ${ZFS_VOLUME}" || exit 1
+fi
+
+# create a place to hold the repository
+if [ ! -d ${ZFS_MOUNTPOINT}/portbuild ]; then
+  su -m ${PORTBUILD_USER} -c "zfs create ${ZFS_VOLUME}/portbuild" || exit 1
+fi
+
+echo "checking out the repository ..."
+su -m ${PORTBUILD_USER} -c "${VCS_CHECKOUT_COMMAND} ${VCS_PORTBUILD_REPOSITORY} ${ZFS_MOUNTPOINT}/portbuild" || exit 1
+
+echo "$0: you should now be able to edit files in ${ZFS_MOUNTPOINT}/portbuild/conf."
+
+# create convenience directories.  failure is annoying but non-fatal.
+extra_dirs="lockfiles log"
+for extra_dir in ${extra_dirs}; do
+  if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} ]; then
+    su -m ${PORTBUILD_USER} -c "mkdir ${ZFS_MOUNTPOINT}/portbuild/${extra_dir}"
+  fi
+done
+
+echo "$0: done."

More information about the svn-src-projects mailing list