svn commit: r246735 - projects/portbuild/admin/tools
Mark Linimon
linimon at FreeBSD.org
Wed Feb 13 03:00:12 UTC 2013
Author: linimon (doc,ports committer)
Date: Wed Feb 13 03:00:12 2013
New Revision: 246735
URL: http://svnweb.freebsd.org/changeset/base/246735
Log:
newmkportbuild replaces mkportbuild.
Replaced:
projects/portbuild/admin/tools/mkportbuild
- copied unchanged from r246731, projects/portbuild/admin/tools/newmkportbuild
Deleted:
projects/portbuild/admin/tools/newmkportbuild
Copied: projects/portbuild/admin/tools/mkportbuild (from r246731, projects/portbuild/admin/tools/newmkportbuild)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ projects/portbuild/admin/tools/mkportbuild Wed Feb 13 03:00:12 2013 (r246735, copy of r246731, projects/portbuild/admin/tools/newmkportbuild)
@@ -0,0 +1,217 @@
+#!/bin/sh
+#
+# server-side script to setup the portbuild ZFS volume, delegate its
+# administration, and check out the repository. Must be run as root.
+#
+# Designed to be run before anything else.
+#
+
+DEFAULT_PORTBUILD_USER="portbuild"
+DEFAULT_SRCBUILD_USER="srcbuild"
+DEFAULT_VCS_CHECKOUT_COMMAND="svn checkout"
+DEFAULT_VCS_REPOSITORY="svn://svn.FreeBSD.org"
+DEFAULT_ZFS_VOLUME="a"
+DEFAULT_ZFS_PERMISSIONSET="clone,create,destroy,mount,promote,rename,rollback,send,share,snapshot"
+DEFAULT_ZFS_PERMISSIONSET_SNAPS="clone,snapshot"
+SNAP_DIRECTORY=snap
+
+# define ownership of subdirectories of DEFAULT_ZFS_VOLUME/
+SRCBUILD_OWNED_SUBDIRS="pxeroot ${SNAP_DIRECTORY} worlddir"
+PORTBUILD_OWNED_SUBDIRS="portbuild"
+
+# define ownership of subdirectories of DEFAULT_ZFS_VOLUME/portbuild/
+SRCBUILD_OWNED_VCS_SUBDIRS="admin docs"
+PORTBUILD_OWNED_VCS_SUBDIRS="conf errorlogs qmanager scripts sources tools"
+PORTBUILD_OWNED_CONVENIENCE_SUBDIRS="lockfiles log"
+
+if [ `id -u` != 0 ]; then
+ echo "$0 must be run as root."
+ exit 1
+fi
+
+if [ -z "${PORTBUILD_USER}" ]; then
+ echo "You must export PORTBUILD_USER, for example, export PORTBUILD_USER=${DEFAULT_PORTBUILD_USER}."
+ exit 1
+fi
+if [ ! `id -u ${PORTBUILD_USER} 2> /dev/null` ]; then
+ echo "User ${PORTBUILD_USER} must exist."
+ exit 1
+fi
+if [ -z "${SRCBUILD_USER}" ]; then
+ echo "You must export SRCBUILD_USER, for example, export SRCBUILD_USER=${DEFAULT_SRCBUILD_USER}."
+ exit 1
+fi
+if [ ! `id -u ${SRCBUILD_USER} 2> /dev/null` ]; then
+ echo "User ${SRCBUILD_USER} must exist."
+ exit 1
+fi
+
+if [ -z "${VCS_CHECKOUT_COMMAND}" ]; then
+ VCS_CHECKOUT_COMMAND="${DEFAULT_VCS_CHECKOUT_COMMAND}"
+fi
+if [ -z "${VCS_PORTBUILD_REPOSITORY}" ]; then
+ echo "You have not set VCS_PORTBUILD_REPOSITORY. I will try to set it from VCS_REPOSITORY."
+ if [ -z "${VCS_REPOSITORY}" ]; then
+ echo "You have not set VCS_REPOSITORY. I will use the default: ${DEFAULT_VCS_REPOSITORY}."
+ VCS_REPOSITORY=${DEFAULT_VCS_REPOSITORY}
+ fi
+ VCS_PORTBUILD_REPOSITORY="${VCS_REPOSITORY}/base/projects/portbuild"
+fi
+
+if [ -z "${ZFS_VOLUME}" ]; then
+ echo "You must export ZFS_VOLUME, for example, export ZFS_VOLUME=${DEFAULT_ZFS_VOLUME}."
+ exit 1
+fi
+ZFS_MOUNTPOINT="/${ZFS_VOLUME}"
+
+if [ -z "${ZFS_PERMISSIONSET}" ]; then
+ echo "You have not set ZFS_PERMISSIONSET. I will use the default: ${DEFAULT_ZFS_PERMISSIONSET}."
+ ZFS_PERMISSIONSET="${DEFAULT_ZFS_PERMISSIONSET}"
+fi
+if [ -z "${ZFS_PERMISSIONSET_SNAPS}" ]; then
+ echo "You have not set ZFS_PERMISSIONSET_SNAPS. I will use the default: ${DEFAULT_ZFS_PERMISSIONSET_SNAPS}."
+ ZFS_PERMISSIONSET_SNAPS="${DEFAULT_ZFS_PERMISSIONSET_SNAPS}"
+fi
+
+# sprinkle magic fairy dust to help delegate zfs permissions
+sysctl vfs.usermount=1
+sysctl vfs.zfs.super_owner=1
+
+name=`zfs list -H -t filesystem -o name ${ZFS_VOLUME}`
+if [ -z "${name}" ]; then
+ echo "ZFS volume ${ZFS_VOLUME} does not exist. You must create it first."
+ exit 1
+fi
+
+mounted=`zfs list -H -t filesystem -o mounted ${ZFS_VOLUME}`
+if [ ! -z "${mounted}" -a "${mounted}" != "no" ]; then
+ echo "ZFS volume ${ZFS_VOLUME} is mounted. I'll unmount it for you then remount it later."
+ zfs umount ${ZFS_VOLUME} 2> /dev/null
+fi
+
+# create subdirectories for portbuild-managed files. All other ZFS_VOLUME
+# subdirectories are managed by srcbuild.
+for subdir in ${PORTBUILD_OWNED_SUBDIRS}; do
+ name=`zfs list -H -t filesystem -o name ${ZFS_VOLUME}/${subdir}`
+ if [ -z "${name}" ]; then
+ echo "ZFS volume ${ZFS_VOLUME}/${subdir} does not exist. I'll create it for you."
+ zfs create ${ZFS_VOLUME}/${subdir} || exit 1
+ fi
+done
+
+# create subdirectories for srcbuild-managed files.
+for subdir in ${SRCBUILD_OWNED_SUBDIRS}; do
+ name=`zfs list -H -t filesystem -o name ${ZFS_VOLUME}/${subdir}`
+ if [ -z "${name}" ]; then
+ echo "ZFS volume ${ZFS_VOLUME}/${subdir} does not exist. I'll create it for you."
+ zfs create ${ZFS_VOLUME}/${subdir} || exit 1
+ fi
+done
+
+# reset the "zfsalladmin" permission set if it already exists.
+zfs unallow -s @zfsalladmin ${ZFS_VOLUME} 2> /dev/null
+zfs unallow -u ${SRCBUILD_USER} ${ZFS_VOLUME} 2> /dev/null
+
+# reset the "zfsportbuildadmin" permission set if it already exists.
+zfs unallow -s @zfsportbuildadmin ${ZFS_VOLUME} 2> /dev/null
+
+# reset the "zfssnapadmin" permission set if it already exists.
+zfs unallow -s @zfssnapadmin ${ZFS_VOLUME} 2> /dev/null
+zfs unallow -u ${PORTBUILD_USER} ${ZFS_VOLUME} 2> /dev/null
+
+# create the "zfsalladmin" permission set.
+zfs allow -s @zfsalladmin ${ZFS_PERMISSIONSET} ${ZFS_VOLUME} || exit 1
+
+# create the "zfsportbuildadmin" permission set.
+zfs allow -s @zfsportbuildadmin ${ZFS_PERMISSIONSET} ${ZFS_VOLUME}/portbuild || exit 1
+
+# create the "zfssnapadmin" permission set.
+zfs allow -s @zfssnapadmin ${ZFS_PERMISSIONSET_SNAPS} ${ZFS_VOLUME}/${SNAP_DIRECTORY} || exit 1
+
+# delegate the "zfsalladmin" permission set to the SRCBUILD_USER.
+zfs allow -du ${SRCBUILD_USER} @zfsalladmin ${ZFS_VOLUME} || exit 1
+zfs allow -lu ${SRCBUILD_USER} @zfsalladmin ${ZFS_VOLUME} || exit 1
+
+# after (possibly) modifying permissions, now it's permissable to remount.
+mounted=`zfs list -H -t filesystem -o mounted ${ZFS_VOLUME}`
+if [ -z "${mounted}" -o "${mounted}" = "no" ]; then
+ echo "ZFS volume ${ZFS_VOLUME} is not mounted. I'll remount it for you."
+ zfs mount ${ZFS_VOLUME} || exit 1
+fi
+chown ${SRCBUILD_USER} ${ZFS_MOUNTPOINT} 2> /dev/null
+
+# delegate the "zfsportbuildadmin" permission set to the PORTBUILD_USER.
+zfs allow -du ${PORTBUILD_USER} @zfsportbuildadmin ${ZFS_VOLUME}/portbuild || exit 1
+
+# delegate the "zfssnapadmin" permission set to the PORTBUILD_USER.
+zfs allow -du ${PORTBUILD_USER} @zfssnapadmin ${ZFS_VOLUME}/${SNAP_DIRECTORY} || exit 1
+
+# (re)mount various subdirectories to be managed by portbuild.
+for subdir in ${PORTBUILD_OWNED_SUBDIRS}; do
+ mounted=`zfs list -H -t filesystem -o mounted ${ZFS_VOLUME}/${subdir}`
+ if [ -z "${mounted}" -o "${mounted}" = "no" ]; then
+ echo "ZFS volume ${ZFS_VOLUME}/${subdir} is not mounted. I'll (re)mount it for you."
+ zfs mount ${ZFS_VOLUME}/${subdir} || exit 1
+ fi
+ chown ${PORTBUILD_USER} ${ZFS_MOUNTPOINT}/${subdir} 2> /dev/null
+done
+
+# (re)mount various subdirectories to be managed by srcbuild.
+for subdir in ${SRCBUILD_OWNED_SUBDIRS}; do
+ mounted=`zfs list -H -t filesystem -o mounted ${ZFS_VOLUME}/${subdir}`
+ if [ -z "${mounted}" -o "${mounted}" = "no" ]; then
+ echo "ZFS volume ${ZFS_VOLUME}/${subdir} is not mounted. I'll (re)mount it for you."
+ zfs mount ${ZFS_VOLUME}/${subdir} || exit 1
+ fi
+ chown ${SRCBUILD_USER} ${ZFS_MOUNTPOINT}/${subdir} 2> /dev/null
+done
+
+echo "results of ZFS operations:"
+zfs list ${ZFS_VOLUME}
+zfs allow ${ZFS_VOLUME}
+
+# perform the repository magic to allow SRCBUILD_USER to edit everything,
+# but PORTBUILD_USER to only edit files under its own responsibility.
+chown ${SRCBUILD_USER}:${PORTBUILD_USER} ${ZFS_MOUNTPOINT}/portbuild
+chmod 775 ${ZFS_MOUNTPOINT}/portbuild
+
+PORTBUILD_OWNED_VCS_SUBDIRS="conf errorlogs qmanager scripts sources tools"
+SRCBUILD_OWNED_VCS_SUBDIRS="admin docs"
+
+for subdir in ${PORTBUILD_OWNED_VCS_SUBDIRS}; do
+ echo "checking out the ${subdir} repository as user ${PORTBUILD_USER} ..."
+ if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${subdir} ]; then
+ mkdir ${ZFS_MOUNTPOINT}/portbuild/${subdir} 2> /dev/null || exit 1
+ fi
+ chown ${PORTBUILD_USER}:${PORTBUILD_USER} ${ZFS_MOUNTPOINT}/portbuild/${subdir}
+ chmod 755 ${ZFS_MOUNTPOINT}/portbuild/${subdir}
+ echo "su -m ${PORTBUILD_USER} -c \"svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_MOUNTPOINT}/portbuild/${subdir}\""
+ su -m ${PORTBUILD_USER} -c "svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_MOUNTPOINT}/portbuild/${subdir}"
+done
+
+for subdir in ${SRCBUILD_OWNED_VCS_SUBDIRS}; do
+ echo "checking out the ${subdir} repository as user ${SRCBUILD_USER} ..."
+ if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${subdir} ]; then
+ mkdir ${ZFS_MOUNTPOINT}/portbuild/${subdir} 2> /dev/null || exit 1
+ fi
+ chown ${SRCBUILD_USER}:${SRCBUILD_USER} ${ZFS_MOUNTPOINT}/portbuild/${subdir}
+ chmod 755 ${ZFS_MOUNTPOINT}/portbuild/${subdir}
+ echo "su -m ${SRCBUILD_USER} -c \"svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_MOUNTPOINT}/portbuild/${subdir}\""
+ su -m ${SRCBUILD_USER} -c "svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_MOUNTPOINT}/portbuild/${subdir}"
+done
+
+echo "$0: you should now be able to edit files in the following directories:"
+echo "$0: in ${ZFS_MOUNTPOINT}/portbuild/admin/conf as ${SRCBUILD_USER}, and"
+echo "$0: in ${ZFS_MOUNTPOINT}/portbuild/conf as ${PORTBUILD_USER}."
+
+# create convenience directories for PORTBUILD_USER. failure is annoying
+# but non-fatal.
+PORTBUILD_OWNED_CONVENIENCE_SUBDIRS="lockfiles log"
+for extra_dir in ${PORTBUILD_OWNED_CONVENIENCE_SUBDIRS}; do
+ if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} ]; then
+ su -m ${PORTBUILD_USER} -c "mkdir ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} 2> /dev/null" || exit 1
+ fi
+ chgrp ${PORTBUILD_USER} ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} 2> /dev/null
+done
+
+echo "$0: done."
More information about the svn-src-projects
mailing list