# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0
PortGroup           codeberg 1.0
PortGroup           makefile 1.0

codeberg.setup      thejessesmith doas 6.3p13
revision            1
checksums           rmd160  7584ac777c09e07bbeb153f28be1f750963713a8 \
                    sha256  2cca9003856e92ec0a50b3e559b7f3132bf8293dc8302613933f8ed06c8c7fc5 \
                    size    34883

categories          sysutils
maintainers         {ryandesign @ryandesign} openmaintainer
license             BSD

description         a utility that lets a user run a command as another user

long_description    ${name} allows a user to run a command as though they \
                    were another user. Typically doas is used to allow \
                    non-privileged users to run commands as though they were \
                    the root user. ${name} offers two benefits over sudo: its \
                    configuration file has a simple syntax and it is smaller, \
                    requiring less effort to audit the code. This makes it \
                    harder for both admins and coders to make mistakes that \
                    potentially open security holes in the system.

depends_build       port:bison

build.env           "OPT=${configure.optflags}"

post-destroot {
    xinstall -m 0644 ${worksrcpath}/doas.conf.sample ${destroot}${prefix}/etc
    set docdir ${prefix}/share/doc/${subport}
    xinstall -d ${destroot}${docdir}
    xinstall -W ${worksrcpath} -m 0644 \
        LICENSE \
        README.md \
        ${destroot}${docdir}
    # The following can be removed after MacPorts 2.12.2 has been
    # available for a while. See https://trac.macports.org/ticket/73516
    if {[vercmp [macports_version] < "2.12.2"] && [getuid] == 0} {
        set macports_uid [name_to_uid $macportsuser]
        set macports_gid [uname_to_gid $macportsuser]
        fs-traverse -depth fullpath [list $destroot] {
            file lstat $fullpath statinfo
            # Ensure installed files are not owned by the unprivileged account
            if {$statinfo(uid) == $macports_uid || $statinfo(gid) == $macports_gid} {
                if {$statinfo(uid) == $macports_uid} {
                    ui_debug "Changing owner to ${install.user} for $fullpath"
                    set new_owner ${install.user}
                } else {
                    # only group needs to be changed
                    set new_owner [name_to_uid $statinfo(uid)]
                }
                if {$statinfo(gid) == $macports_gid} {
                    ui_debug "Changing group to ${install.group} for $fullpath"
                    set new_group ${install.group}
                } else {
                    # only owner needs to be changed
                    set new_group [name_to_gid $statinfo(gid)]
                }
                # Changing owner may also change permissions, so we restore
                # them afterwards. 'file attributes' doesn't work on links
                # (it operates on the link target instead) but links should
                # not have setuid/setgid bits set anyway.
                if {$statinfo(type) ne "link"} {
                    set saved_perms [file attributes $fullpath -permissions]
                }
                lchown $fullpath $new_owner $new_group
                if {$statinfo(type) ne "link"} {
                    file attributes $fullpath -permissions $saved_perms
                }
            }
        }
    }
}
