1 |
From: Julian Ospald <hasufell@g.o> |
2 |
Date: Thu Nov 20 17:04:20 UTC 2014 |
3 |
Subject: Allow to disable games permissions wrt #467386 |
4 |
|
5 |
This also removes unnecessary exports of games |
6 |
variables. |
7 |
|
8 |
--- eclass/games.eclass |
9 |
+++ eclass/games.eclass |
10 |
@@ -19,25 +19,46 @@ |
11 |
*) die "no support for EAPI=${EAPI} yet" ;; |
12 |
esac |
13 |
|
14 |
+# Set to 0 to disable file permission modifications. |
15 |
+GAMES_PERMISSIONS=${GAMES_PERMISSIONS:-1} |
16 |
+ |
17 |
+# Set to 0 to set the games variables like GAMES_PREFIX to |
18 |
+# match regular ebuilds if you don't want to micromanage them. |
19 |
+GAMES_VARIABLES=${GAMES_VARIABLES:-1} |
20 |
+ |
21 |
if [[ ${CATEGORY}/${PN} != "games-misc/games-envd" ]] ; then |
22 |
# environment file |
23 |
RDEPEND="games-misc/games-envd" |
24 |
fi |
25 |
|
26 |
-export GAMES_PREFIX=${GAMES_PREFIX:-/usr/games} |
27 |
-export GAMES_PREFIX_OPT=${GAMES_PREFIX_OPT:-/opt} |
28 |
-export GAMES_DATADIR=${GAMES_DATADIR:-/usr/share/games} |
29 |
-export GAMES_DATADIR_BASE=${GAMES_DATADIR_BASE:-/usr/share} # some packages auto append 'games' |
30 |
-export GAMES_SYSCONFDIR=${GAMES_SYSCONFDIR:-/etc/games} |
31 |
-export GAMES_STATEDIR=${GAMES_STATEDIR:-/var/games} |
32 |
-export GAMES_LOGDIR=${GAMES_LOGDIR:-/var/log/games} |
33 |
-export GAMES_BINDIR=${GAMES_BINDIR:-${GAMES_PREFIX}/bin} |
34 |
-export GAMES_ENVD="90games" |
35 |
+if [[ ${GAMES_VARIABLES} != 1 ]] ; then |
36 |
+ GAMES_PREFIX=/usr |
37 |
+ GAMES_PREFIX_OPT=/opt |
38 |
+ GAMES_DATADIR=/usr/share |
39 |
+ GAMES_DATADIR_BASE=/usr/share |
40 |
+ GAMES_SYSCONFDIR=/etc |
41 |
+ GAMES_STATEDIR=/var/lib |
42 |
+ GAMES_LOGDIR=/var/log |
43 |
+ GAMES_BINDIR=${GAMES_PREFIX}/bin |
44 |
+ GAMES_USER=root |
45 |
+ GAMES_USER_DED=root |
46 |
+ GAMES_GROUP=root |
47 |
+fi |
48 |
+ |
49 |
+GAMES_PREFIX=${GAMES_PREFIX:-/usr/games} |
50 |
+GAMES_PREFIX_OPT=${GAMES_PREFIX_OPT:-/opt} |
51 |
+GAMES_DATADIR=${GAMES_DATADIR:-/usr/share/games} |
52 |
+GAMES_DATADIR_BASE=${GAMES_DATADIR_BASE:-/usr/share} # some packages auto append 'games' |
53 |
+GAMES_SYSCONFDIR=${GAMES_SYSCONFDIR:-/etc/games} |
54 |
+GAMES_STATEDIR=${GAMES_STATEDIR:-/var/games} |
55 |
+GAMES_LOGDIR=${GAMES_LOGDIR:-/var/log/games} |
56 |
+GAMES_BINDIR=${GAMES_BINDIR:-${GAMES_PREFIX}/bin} |
57 |
+GAMES_ENVD="90games" |
58 |
# if you want to use a different user/group than games.games, |
59 |
# just add these two variables to your environment (aka /etc/profile) |
60 |
-export GAMES_USER=${GAMES_USER:-root} |
61 |
-export GAMES_USER_DED=${GAMES_USER_DED:-games} |
62 |
-export GAMES_GROUP=${GAMES_GROUP:-games} |
63 |
+GAMES_USER=${GAMES_USER:-root} |
64 |
+GAMES_USER_DED=${GAMES_USER_DED:-games} |
65 |
+GAMES_GROUP=${GAMES_GROUP:-games} |
66 |
|
67 |
games_get_libdir() { |
68 |
echo ${GAMES_PREFIX}/$(get_libdir) |
69 |
@@ -87,46 +108,56 @@ |
70 |
|
71 |
games_make_wrapper() { gameswrapper ${FUNCNAME/games_} "$@"; } |
72 |
|
73 |
-gamesowners() { chown ${GAMES_USER}:${GAMES_GROUP} "$@"; } |
74 |
-gamesperms() { chmod u+rw,g+r-w,o-rwx "$@"; } |
75 |
+gamesowners() { |
76 |
+ if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then |
77 |
+ chown ${GAMES_USER}:${GAMES_GROUP} "$@" |
78 |
+ fi |
79 |
+} |
80 |
+gamesperms() { |
81 |
+ if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then |
82 |
+ chmod u+rw,g+r-w,o-rwx "$@"; |
83 |
+ fi |
84 |
+} |
85 |
prepgamesdirs() { |
86 |
- local dir f mode |
87 |
- for dir in \ |
88 |
- "${GAMES_PREFIX}" "${GAMES_PREFIX_OPT}" "${GAMES_DATADIR}" \ |
89 |
- "${GAMES_SYSCONFDIR}" "${GAMES_STATEDIR}" "$(games_get_libdir)" \ |
90 |
- "${GAMES_BINDIR}" "$@" |
91 |
- do |
92 |
- [[ ! -d ${D}/${dir} ]] && continue |
93 |
- ( |
94 |
- gamesowners -R "${D}/${dir}" |
95 |
- find "${D}/${dir}" -type d -print0 | xargs -0 chmod 750 |
96 |
- mode=o-rwx,g+r,g-w |
97 |
- [[ ${dir} = ${GAMES_STATEDIR} ]] && mode=o-rwx,g+r |
98 |
- find "${D}/${dir}" -type f -print0 | xargs -0 chmod $mode |
99 |
- |
100 |
- # common trees should not be games owned #264872 |
101 |
- if [[ ${dir} == "${GAMES_PREFIX_OPT}" ]] ; then |
102 |
- fowners root:root "${dir}" |
103 |
- fperms 755 "${dir}" |
104 |
- for d in $(get_libdir) bin ; do |
105 |
- # check if dirs exist to avoid "nonfatal" option |
106 |
- if [[ -e ${D}/${dir}/${d} ]] ; then |
107 |
- fowners root:root "${dir}/${d}" |
108 |
- fperms 755 "${dir}/${d}" |
109 |
- fi |
110 |
- done |
111 |
+ if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then |
112 |
+ local dir f mode |
113 |
+ for dir in \ |
114 |
+ "${GAMES_PREFIX}" "${GAMES_PREFIX_OPT}" "${GAMES_DATADIR}" \ |
115 |
+ "${GAMES_SYSCONFDIR}" "${GAMES_STATEDIR}" "$(games_get_libdir)" \ |
116 |
+ "${GAMES_BINDIR}" "$@" |
117 |
+ do |
118 |
+ [[ ! -d ${D}/${dir} ]] && continue |
119 |
+ ( |
120 |
+ gamesowners -R "${D}/${dir}" |
121 |
+ find "${D}/${dir}" -type d -print0 | xargs -0 chmod 750 |
122 |
+ mode=o-rwx,g+r,g-w |
123 |
+ [[ ${dir} = ${GAMES_STATEDIR} ]] && mode=o-rwx,g+r |
124 |
+ find "${D}/${dir}" -type f -print0 | xargs -0 chmod $mode |
125 |
+ |
126 |
+ # common trees should not be games owned #264872 |
127 |
+ if [[ ${dir} == "${GAMES_PREFIX_OPT}" ]] ; then |
128 |
+ fowners root:root "${dir}" |
129 |
+ fperms 755 "${dir}" |
130 |
+ for d in $(get_libdir) bin ; do |
131 |
+ # check if dirs exist to avoid "nonfatal" option |
132 |
+ if [[ -e ${D}/${dir}/${d} ]] ; then |
133 |
+ fowners root:root "${dir}/${d}" |
134 |
+ fperms 755 "${dir}/${d}" |
135 |
+ fi |
136 |
+ done |
137 |
+ fi |
138 |
+ ) &>/dev/null |
139 |
+ |
140 |
+ f=$(find "${D}/${dir}" -perm +4000 -a -uid 0 2>/dev/null) |
141 |
+ if [[ -n ${f} ]] ; then |
142 |
+ eerror "A game was detected that is setuid root!" |
143 |
+ eerror "${f}" |
144 |
+ die "refusing to merge a setuid root game" |
145 |
fi |
146 |
- ) &>/dev/null |
147 |
- |
148 |
- f=$(find "${D}/${dir}" -perm +4000 -a -uid 0 2>/dev/null) |
149 |
- if [[ -n ${f} ]] ; then |
150 |
- eerror "A game was detected that is setuid root!" |
151 |
- eerror "${f}" |
152 |
- die "refusing to merge a setuid root game" |
153 |
- fi |
154 |
- done |
155 |
- [[ -d ${D}/${GAMES_BINDIR} ]] || return 0 |
156 |
- find "${D}/${GAMES_BINDIR}" -maxdepth 1 -type f -exec chmod 750 '{}' \; |
157 |
+ done |
158 |
+ [[ -d ${D}/${GAMES_BINDIR} ]] || return 0 |
159 |
+ find "${D}/${GAMES_BINDIR}" -maxdepth 1 -type f -exec chmod 750 '{}' \; |
160 |
+ fi |
161 |
} |
162 |
|
163 |
games_pkg_setup() { |
164 |
@@ -174,15 +205,22 @@ |
165 |
# pkg_postinst function ... warn about games group |
166 |
games_pkg_postinst() { |
167 |
if [[ -z "${GAMES_SHOW_WARNING}" ]] ; then |
168 |
- ewarn "Remember, in order to play games, you have to" |
169 |
- ewarn "be in the '${GAMES_GROUP}' group." |
170 |
- echo |
171 |
- case ${CHOST} in |
172 |
- *-darwin*) ewarn "Just run 'niutil -appendprop / /groups/games users <USER>'";; |
173 |
- *-freebsd*|*-dragonfly*) ewarn "Just run 'pw groupmod ${GAMES_GROUP} -m <USER>'";; |
174 |
- *) ewarn "Just run 'gpasswd -a <USER> ${GAMES_GROUP}', then have <USER> re-login.";; |
175 |
- esac |
176 |
- echo |
177 |
+ if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then |
178 |
+ ewarn "Remember, in order to play games, you have to" |
179 |
+ ewarn "be in the '${GAMES_GROUP}' group." |
180 |
+ echo |
181 |
+ case ${CHOST} in |
182 |
+ *-darwin*) ewarn "Just run 'niutil -appendprop / /groups/games users <USER>'";; |
183 |
+ *-freebsd*|*-dragonfly*) ewarn "Just run 'pw groupmod ${GAMES_GROUP} -m <USER>'";; |
184 |
+ *) ewarn "Just run 'gpasswd -a <USER> ${GAMES_GROUP}', then have <USER> re-login.";; |
185 |
+ esac |
186 |
+ echo |
187 |
+ else |
188 |
+ ewarn "You have games permissions disabled." |
189 |
+ ewarn "If you want to run a dedicated server, doublecheck" |
190 |
+ ewarn "the permissions of the executable and consider" |
191 |
+ ewarn "to add a separate user." |
192 |
+ fi |
193 |
einfo "For more info about Gentoo gaming in general, see our website:" |
194 |
einfo " http://games.gentoo.org/" |
195 |
echo |