portzap is a utility that manages a local copy of the
HardenedBSD ports tree.
The copy of the ports tree is maintained by members of
the _portzap
group, and the copy of the ports tree
can be installed into /usr/ports/
by root.
portzap setup
should be run after installing portzap for
the first time.
There is no harm in running portzap setup
multiple times:
# Add the '_portzap' user, group and home directory
# This command requires root privileges
root@localhost# portzap setup
# Reverse the changes made by 'portzap setup'
# This command requires root privileges
root@localhost# portzap teardown
The following commands are delegated to the _portzap
user and
restricted to members of the _portzap
group. The restrictions
are enforced by portzap and to a lesser extent by
doas(1):
-
portzap clone
Clone the HardenedBSD ports tree into/home/_portzap/ports/
-
portzap pull
Pull updates into/home/_portzap/ports/
-
portzap checkout
Checkout a branch other than the default:hardenedbsd/main
-
portzap sh
Run/bin/sh
within/home/_portzap/ports/
The following commands are restricted to root.
The restrictions are enforced by portzap:
-
portzap rm
Remove the contents of/usr/ports/
and/home/_portzap/ports/
-
portzap install
Install/home/_portzap/ports/
into/usr/ports/
-
$PORTZAP_CLONEURL
The URL of a git repository
Default: https://github.com/HardenedBSD/ports -
$PORTZAP_INSTALLDIR
The directory where the ports collection will be installed
Default: /usr/ports/
portzap is available
from the HardenedBSD ports tree.
pkg install portzap
should work too but expect slower updates. The most
recent version of portzap can be installed via git:
# Clone
user@localhost$ git clone https://git.hardenedbsd.org/0x1eef/portzap.git
user@localhost$ cd portzap
# Install
root@localhost# make install
root@localhost# portzap setup
# Add user to '_portzap' group
root@localhost# pw groupmod -n _portzap -m <user>