Refactor the script

.gitignore

@@ -0,0 +1,16 @@
+/*.html
+/*.css
+/*.cache
+/*.1
+/*.1.gz
+/*.tgz
+/*.md5
+/*.sha256
+/*.sig
+/logo.svg
+/update-passwd.sed
+/update-passwd
+/AUTHORS
+/AUTHORS.txt
+/passwd-fink.conf
+/group-fink.conf

.mailmap

@@ -0,0 +1 @@
+Alexander Hansen <[email protected]> <[email protected]>

Makefile

@@ -0,0 +1,159 @@
+# Makefile for the passwd project
+
+# `a2x / asciidoc` is required to generate the Man page.
+# `markdown` is required for the `docs` target, though it is not
+# strictly necessary for packaging since unless you are planning on
+# serving the docs on a web site they are more readable not as html.
+# `shipper` and `gpg` are required for the `release` target, which
+# should only be used if you are shipping tarballs (you probably are
+# not).
+
+# Get the version number
+VERS := $(shell autorevision -s VCS_TAG -o ./passwd.cache | sed -e 's:v/::')
+# Date for documentation
+DOCDATE := $(shell autorevision -s VCS_DATE -o ./passwd.cache -f | sed -e 's:T.*::')
+
+# Find a md5 program
+MD5 := $(shell if command -v "md5" > /dev/null 2>&1; then echo "md5 -q"; elif command -v "md5sum" > /dev/null 2>&1; then echo "md5sum"; fi)
+
+.SUFFIXES: .md .html
+
+.md.html:
+	markdown $< > $@
+
+
+# `prefix`, `mandir` & `DESTDIR` can and should be set on the command line to control installation locations
+prefix ?= /usr/local
+mandir ?= /share/man
+target = $(DESTDIR)$(prefix)
+
+
+DOCS = \
+	NEWS \
+	NEWS.passwd-configs \
+	update-passwd.asciidoc \
+	README.md \
+	README.passwd-configs.md \
+	README.removing-users.md
+
+SOURCES = \
+	$(DOCS) \
+	update-passwd.tool \
+	Makefile \
+	group-fink.conf.txt \
+	passwd-fink.conf.txt
+
+EXTRA_DIST = \
+	passwd.conf \
+	AUTHORS.txt \
+	passwd.cache
+
+TEXT_PRODUCTS = \
+	update-passwd.1
+
+all : cmd man conf
+
+# The config files
+conf: group-fink.conf passwd-fink.conf
+
+# The script
+cmd: update-passwd
+
+# Set up the config files
+group-fink.conf: group-fink.conf.txt
+	sed -e 's:&&PRFIX&&:$(prefix):' $< > $@
+
+passwd-fink.conf: passwd-fink.conf.txt
+	sed -e 's:&&PRFIX&&:$(prefix):' $< > $@
+
+# Insert the version number
+update-passwd: update-passwd.tool
+	sed -e 's:&&UPVERSION&&:$(VERS):g' -e 's:&&PRFIX&&:$(prefix):' update-passwd.tool > update-passwd
+	chmod +x update-passwd
+
+# The Man Page
+man: update-passwd.1.gz
+
+update-passwd.1.gz: update-passwd.1
+	gzip --no-name < update-passwd.1 > update-passwd.1.gz
+
+update-passwd.1: update-passwd.asciidoc
+	a2x --attribute="revdate=$(DOCDATE)" --attribute="revnumber=$(VERS)" -f manpage update-passwd.asciidoc
+
+# HTML representation of the man page
+update-passwd.html: update-passwd.asciidoc
+	asciidoc --attribute="revdate=$(DOCDATE)" --attribute="footer-style=revdate" --attribute="revnumber=$(VERS)" --doctype=manpage --backend=xhtml11 update-passwd.asciidoc
+
+# Authors
+auth: AUTHORS.txt
+
+AUTHORS.txt: .mailmap passwd.cache
+	git log --format='%aN <%aE>' | sort -f | uniq -c | sort -rn | sed 's:^ *[0-9]* *::' > AUTHORS.txt
+
+passwd.sed: passwd.cache
+	autorevision -f -t sed -o $< > $@
+
+# The tarball signed and sealed
+dist: tarball passwd-$(VERS).tgz.md5 passwd-$(VERS).tgz.sha256 passwd-$(VERS).tgz.sig
+
+# The tarball
+tarball: passwd-$(VERS).tgz
+
+# Make an md5 checksum
+passwd-$(VERS).tgz.md5: tarball
+	$(MD5) passwd-$(VERS).tgz > passwd-$(VERS).tgz.md5
+
+# Make an sha256 checksum
+passwd-$(VERS).tgz.sha256: tarball
+	shasum -a 256 passwd-$(VERS).tgz > passwd-$(VERS).tgz.sha256
+	cat passwd-$(VERS).tgz.sha256
+
+# Make a detached gpg sig
+passwd-$(VERS).tgz.sig: tarball
+	gpg --armour --detach-sign --output "passwd-$(VERS).tgz.sig" "passwd-$(VERS).tgz"
+
+# The actual tarball
+passwd-$(VERS).tgz: $(SOURCES) all auth
+	mkdir passwd-$(VERS)
+	cp -pR $(SOURCES) $(EXTRA_DIST) $(TEXT_PRODUCTS) passwd-$(VERS)/
+	@COPYFILE_DISABLE=1 GZIP=-n9 tar -czf passwd-$(VERS).tgz --exclude=".DS_Store" passwd-$(VERS)
+	rm -fr passwd-$(VERS)
+
+install: all
+	install -d "$(target)/sbin"
+	install -m 755 update-passwd "$(target)/sbin/update-passwd"
+	install -d "$(target)$(mandir)/man1"
+	install -m 644 update-passwd.1.gz "$(target)$(mandir)/man1/update-passwd.1.gz"
+	install -d "$(target)/etc"
+	install -m 644 group-fink.conf "$(target)/etc/group-fink.conf"
+	install -m 644 passwd-fink.conf "$(target)/etc/passwd-fink.conf"
+	install -m 644 passwd.conf "$(target)/etc/passwd.conf"
+
+uninstall:
+	rm -f "$(target)/sbin/update-passwd" "$(target)$(mandir)/man1/update-passwd.1.gz" "$(target)/etc/group-fink.conf" "$(target)/etc/passwd-fink.conf" "$(target)/etc/passwd.conf"
+
+clean:
+	rm -f update-passwd update-passwd.html update-passwd.1 update-passwd.1.gz
+	rm -f update-passwd.sed logo.svg passwd-fink.conf group-fink.conf
+	rm -f *.tgz *.md5 *.sig *.sha256
+	rm -f docbook-xsl.css
+	rm -f README.removing-users.html README.passwd-configs.html README.html
+	rm -f *~ index.html
+
+# Not safe to run in a tarball
+devclean: clean
+	rm -f passwd.cache
+	rm -f AUTHORS AUTHORS.txt
+	rm -f *.orig ./*/*.orig
+
+# HTML versions of doc files suitable for use on a website
+docs: \
+	update-passwd.html \
+	README.html \
+	README.passwd-configs.html \
+	README.removing-users.html
+
+# Tag with `git tag -s <number>` before running this.
+release: docs dist
+	git tag -v "$(VERS)"
+#	shipper version=$(VERS) | sh -e -x

NEWS

@@ -1,6 +1,16 @@
 For a more comprehensive changelog of the latest experimental code, see:
         https://github.com/fink/passwd/commits/
 
+Next
+	* Refactor the script from the ground up.
+		* Use sysadminctl on newer systems to create users.
+		* Use dseditgroup on newer systems to create groups.
+		* Reuse existing users more often (including ones that differ only by
+		starting with _).
+		* Eliminate blocking for input.
+	* Add a Make file to control build, install and make tarballs.
+	* Add a Man page
+
 20160421
 	* Add entries for quagga and redis to avoid forcing people to set their UIDs/GIDs 
 	  manually.

README → README.md

@@ -13,12 +13,12 @@ USAGE:
 This package installs the "update-passwd" script, which takes arguments in the 
 following format:
 
-/sw/sbin/update-passwd [<user name> <description> <home directory> <shell>] <group name> <group membership>
+/usr/local/sbin/update-passwd [<user name> <description> <home directory> <shell>] <group name> <group membership>
 
 In addition, during the install process the package will check whether fink is
 using an automatic ID range (the default as of fink-0.33.0) and set itself to 
 match, or will query the user whether automatic or manual allocation is 
-desired.  This setting is saved in /sw/etc/passwd.conf.   
+desired.  This setting is saved in /usr/local/etc/passwd.conf.   
 
 UID and GID entries for users can be assigned in several ways:
 
@@ -29,9 +29,9 @@ packages, or deployed via a central directory service.  No action is needed.
 
 2)  If there is no matching user, then the UID and GID will be either 
 generated dynamically or via the administrator's design, depending on whether 
-the AutoUid entry in /sw/etc/passwd.conf is "true" or "false".  
+the AutoUid entry in /usr/local/etc/passwd.conf is "true" or "false".  
 
-In the latter case, the files /sw/etc/passwd-fink and /sw/etc/group-fink
+In the latter case, the files /usr/local/etc/passwd-fink and /usr/local/etc/group-fink
 from the 'passwd-configs' package will first be queried for UID and GID values.
 The administrator may edit these files to set up desired UID and GID values for
 the system.  If the user is not present in those files (e.g. a new user package
@@ -45,7 +45,7 @@ administrator to resolve the situation to make sure the user/group exists via on
 of these methods:
 * Change the dynamic allocation range and run 'fink reinstall passwd-<user>' if
   dynamic UID/GID allocation is in use.
-* Edit /sw/etc/passwd-fink and /sw/etc/group-fink to include the desired UID/GID
+* Edit /usr/local/etc/passwd-fink and /usr/local/etc/group-fink to include the desired UID/GID
   values and run 'fink reinstall passwd-<user>' if dynamic allocation isn't being
   used.  
 * Get the user/group from a central directory server.

README.passwd-configs → README.passwd-configs.md

@@ -4,11 +4,15 @@ as follows.
 
 passwd-fink:
 
+```
 <username>:*:<uid>:<gid>::0:0:<description>:<home directory>:<shell>
+```
 
 group-fink:
 
+```
 <groupname>:*:<gid>:<comma-separated-list-of-users>
+```
 
-<field> denotes a field which can be set by the administrator, and everything
+`<field>` denotes a field which can be set by the administrator, and everything
 else is mandatory.

README.removing-users → README.removing-users.md

@@ -5,18 +5,23 @@ pacakge, since these might have been deployed on the system by some other method
 If you want to remove them, for example to change the legacy UID/GID from older 
 passwd-* packages, the following commands should suffice:
 
+```
 sudo dscl . -delete /Users/<username>
 sudo dscl . -delete /Groups/<groupname>
+```
 
 For example:
 
+```
 sudo dscl . -delete /Users/news
 sudo dscl . -delete /Groups/news
+```
 
 to remove the "news" user installed by "passwd-news", or if installed manually. 
 Then, to get a new UID/GID using dynamic allocation in a safe range, you could
 just do
 
+```
 fink reinstall passwd-news
+```
 
-.

passwd-fink.in → passwd-fink.conf.txt

@@ -25,23 +25,23 @@ news:*:601:601::0:0:News Server:/dev/null:/dev/null
 postgres:*:602:602::0:0:PostgreSQL Database Server:/var/empty:/dev/null
 games:*:603:603::0:0:Game Files Owner:/dev/null:/dev/null
 canna:*:604:604::0:0:Canna Japanese Input Server:/dev/null:/dev/null
-tomcat:*:607:607::0:0:Tomcat Servlet Engine:@PREFIX@/var/empty:/usr/bin/false
-opennms:*:609:609::0:0:OpenNMS Network Management:@PREFIX@/var/opennms:/dev/null
-distcc:*:612:612::0:0:distcc daemon,,,:@PREFIX@/var/spool/distcc:/dev/null
-messagebus:*:613:613::0:0:messagebus (dbus) daemon,,,:@PREFIX@/var/run/dbus:/dev/null
+tomcat:*:607:607::0:0:Tomcat Servlet Engine:&&PRFIX&&/var/empty:/usr/bin/false
+opennms:*:609:609::0:0:OpenNMS Network Management:&&PRFIX&&/var/opennms:/dev/null
+distcc:*:612:612::0:0:distcc daemon,,,:&&PRFIX&&/var/spool/distcc:/dev/null
+messagebus:*:613:613::0:0:messagebus (dbus) daemon,,,:&&PRFIX&&/var/run/dbus:/dev/null
 icecast:*:614:614::0:0:Icecast Server:/var/empty:/usr/bin/false
 gdm:*:615:615::0:0:gdm Login GUI priv-sep:/var/empty:/usr/bin/false
-ossec:*:617:617::0:0:OSSec HIDS Monitor Daemon:@PREFIX@/var/ossec:/usr/bin/false
-ossecm:*:618:617::0:0:OSSec HIDS Mail Daemon:@PREFIX@/var/ossec:/usr/bin/false
-ossece:*:619:617::0:0:OSSec HIDS Daemon:@PREFIX@/var/ossec:/usr/bin/false
-ossecr:*:620:617::0:0:OSSec HIDS Remote Daemon:@PREFIX@/var/ossec:/usr/bin/false
+ossec:*:617:617::0:0:OSSec HIDS Monitor Daemon:&&PRFIX&&/var/ossec:/usr/bin/false
+ossecm:*:618:617::0:0:OSSec HIDS Mail Daemon:&&PRFIX&&/var/ossec:/usr/bin/false
+ossece:*:619:617::0:0:OSSec HIDS Daemon:&&PRFIX&&/var/ossec:/usr/bin/false
+ossecr:*:620:617::0:0:OSSec HIDS Remote Daemon:&&PRFIX&&/var/ossec:/usr/bin/false
 rt:*:621:621::0:0:Request Tracker:/dev/null:/dev/null
 haldaemon:*:623:623::0:0:Hardware Abstraction Layer Daemon:/dev/null:/dev/null
 avahi:*:624:624::0:0:Service Discovery Daemon:/dev/null:/dev/null
 nagios:*:625:625::0:0:Nagios and Icinga Monitoring Daemon:/dev/null:/dev/null
 amqp:*:626:626::0:0:AMQP Messaging Daemon:/dev/null:/dev/null
 # On 10.5:
 dovecot:*:622:622::0:0:Dovecot IMAP Server Daemon:/dev/null:/dev/null
-quagga:*:627:627::0:0:Quagga Daemon:@PREFIX@/var/quagga:/usr/bin/false
-redis:*:628:628::0:0:Redis Key-Value Store Server:@PREFIX@/var/db/redis:/dev/null
-man:*:629:629::0:0:man:@PREFIX@/var/cache/man:/sbin/nologin
+quagga:*:627:627::0:0:Quagga Daemon:&&PRFIX&&/var/quagga:/usr/bin/false
+redis:*:628:628::0:0:Redis Key-Value Store Server:&&PRFIX&&/var/db/redis:/dev/null
+man:*:629:629::0:0:man:&&PRFIX&&/var/cache/man:/sbin/nologin

passwd.conf.in → passwd.conf

@@ -6,3 +6,9 @@
 # Set AutoUidMin and AutoUidMax to change the range from which UIDs and GIDs will
 # be allocated.
 #
+
+
+AutoUid: true
+
+AutoUidMin: 600
+AutoUidMax: 699