From owner-svn-src-projects@FreeBSD.ORG Wed Feb 13 01:54:07 2013 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 540C3E07; Wed, 13 Feb 2013 01:54:07 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 423DA1F8; Wed, 13 Feb 2013 01:54:07 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1D1s7Te070665; Wed, 13 Feb 2013 01:54:07 GMT (envelope-from linimon@svn.freebsd.org) Received: (from linimon@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1D1s7B5070664; Wed, 13 Feb 2013 01:54:07 GMT (envelope-from linimon@svn.freebsd.org) Message-Id: <201302130154.r1D1s7B5070664@svn.freebsd.org> From: Mark Linimon Date: Wed, 13 Feb 2013 01:54:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r246729 - projects/portbuild/admin/tools X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2013 01:54:07 -0000 Author: linimon (doc,ports committer) Date: Wed Feb 13 01:54:06 2013 New Revision: 246729 URL: http://svnweb.freebsd.org/changeset/base/246729 Log: Checkpoint of separation of powers for SVN-owned directories. Modified: projects/portbuild/admin/tools/newmkportbuild Modified: projects/portbuild/admin/tools/newmkportbuild ============================================================================== --- projects/portbuild/admin/tools/newmkportbuild Wed Feb 13 01:30:35 2013 (r246728) +++ projects/portbuild/admin/tools/newmkportbuild Wed Feb 13 01:54:06 2013 (r246729) @@ -15,10 +15,14 @@ DEFAULT_ZFS_PERMISSIONSET="clone,create, DEFAULT_ZFS_PERMISSIONSET_SNAPS="clone,snapshot" SNAP_DIRECTORY=snap -# define ownership of direct subdirectories of DEFAULT_ZFS_VOLUME +# define ownership of subdirectories of DEFAULT_ZFS_VOLUME/ SRCBUILD_OWNED_SUBDIRS="pxeroot ${SNAP_DIRECTORY} worlddir" PORTBUILD_OWNED_SUBDIRS="portbuild" -PORTBUILD_OWNED_SUBSUBDIRS="lockfiles log" + +# define ownership of subdirectories of DEFAULT_ZFS_VOLUME/portbuild/ +SRCBUILD_OWNED_VCS_SUBDIRS="admin docs" +PORTBUILD_OWNED_VCS_SUBDIRS="conf errorlogs qmanager scripts sources tools" +PORTBUILD_OWNED_CONVENIENCE_SUBDIRS="lockfiles log" if [ `id -u` != 0 ]; then echo "$0 must be run as root." @@ -166,11 +170,31 @@ echo "results of ZFS operations:" zfs list ${ZFS_VOLUME} zfs allow ${ZFS_VOLUME} -echo "checking out the repository as user ${PORTBUILD_USER} ..." -su -m ${PORTBUILD_USER} -c "${VCS_CHECKOUT_COMMAND} ${VCS_PORTBUILD_REPOSITORY} ${ZFS_MOUNTPOINT}/portbuild" || exit 1 +# perform the repository magic to allow SRCBUILD_USER to edit everything, +# but PORTBUILD_USER to only edit files under its own responsibility. +chown ${SRCBUILD_USER}:${PORTBUILD_USER} ${ZFS_VOLUME}/portbuild +chmod 775 ${ZFS_VOLUME}/portbuild + +PORTBUILD_OWNED_VCS_SUBDIRS="conf errorlogs qmanager scripts sources tools" +SRCBUILD_OWNED_VCS_SUBDIRS="admin docs" + +for subdir in ${PORTBUILD_OWNED_VCS_SUBDIRS}; do + echo "checking out the ${subdir} repository as user ${PORTBUILD_USER} ..." + mkdir ${ZFS_VOLUME}/portbuild/${subdir} + chown ${PORTBUILD_USER}:${PORTBUILD_USER} ${ZFS_VOLUME}/portbuild/${subdir} + chmod 755 ${ZFS_VOLUME}/portbuild/${subdir} + echo "su -m ${PORTBUILD_USER} -c \"svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_VOLUME}/portbuild/${subdir}\"" + su -m ${PORTBUILD_USER} -c "svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_VOLUME}/portbuild/${subdir}" +done -# XXX MCL now have to move some directories over, create different -# XXX MCL ownerships, and so forth. +for subdir in ${SRCBUILD_OWNED_VCS_SUBDIRS}; do + echo "checking out the ${subdir} repository as user ${SRCBUILD_USER} ..." + mkdir ${ZFS_VOLUME}/portbuild/${subdir} + chown ${SRCBUILD_USER}:${SRCBUILD_USER} ${ZFS_VOLUME}/portbuild/${subdir} + chmod 755 ${ZFS_VOLUME}/portbuild/${subdir} + echo "su -m ${SRCBUILD_USER} -c \"svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_VOLUME}/portbuild/${subdir}\"" + su -m ${SRCBUILD_USER} -c "svn checkout ${VCS_REPOSITORY}/base/projects/portbuild/${subdir} ${ZFS_VOLUME}/portbuild/${subdir}" +done echo "$0: you should now be able to edit files in the following directories:" echo "$0: in ${ZFS_MOUNTPOINT}/portbuild/admin/conf as ${SRCBUILD_USER}, and" @@ -178,8 +202,8 @@ echo "$0: in ${ZFS_MOUNTPOINT}/portbuild # create convenience directories for PORTBUILD_USER. failure is annoying # but non-fatal. -PORTBUILD_OWNED_SUBSUBDIRS="lockfiles log" -for extra_dir in ${PORTBUILD_OWNED_SUBSUBDIRS}; do +PORTBUILD_OWNED_CONVENIENCE_SUBDIRS="lockfiles log" +for extra_dir in ${PORTBUILD_OWNED_CONVENIENCE_SUBDIRS}; do if [ ! -d ${ZFS_MOUNTPOINT}/portbuild/${extra_dir} ]; then su -m ${PORTBUILD_USER} -c "mkdir ${ZFS_MOUNTPOINT}/portbuild/${extra_dir}" fi