About
The portzap utility manages a local copy of the
HardenedBSD ports tree.
The copy of the ports tree is maintained by members of
the _portzap group, and the copy of the ports tree
can be installed into /usr/ports/ by root.
Roles
User
The following commands are restricted to members of the _portzap group.
The commands are delegated to the
_portzap user via the doas(1) command:
-
portzap clone
Clone the HardenedBSD ports tree into/home/_portzap/ports/ -
portzap pull
Pull updates into/home/_portzap/ports/ -
portzap sh
Run /bin/sh within/home/_portzap/ports/
Superuser
The following commands are restricted to root, or user id 0.
Permission to run the following commands is denied for any other user:
-
portzap rm
Remove the contents of/usr/ports/and/home/_portzap/ports/ -
portzap install
Install/home/_portzap/ports/into/usr/ports/
Configuration
Superuser
After installation is complete the portzap environment should be setup.
That includes the creation of the _portzap user and group, as well as
the creation of /home/_portzap. A user should also be added to the
_portzap group. The process is mostly automated, and the following
commands should be run as a superuser:
-
portzap setup
Creates the_portzapuser and group -
portzap teardown
Tears down the_portzapuser and group -
pw groupmod _portzap -m
<user>
Add a user to the_portzapgroup.
Install
Package
portzap is available
from the HardenedBSD src tree.
“pkg install portzap” should work too but expect slower updates.
Source
The first step is to clone the repository.
Afterwards portzap can be installed (and deinstalled) through make:
git clone https://github.com/0x1eef/portzap
cd portzap
doas -u root -- make install
doas -u root -- make deinstall