Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: hasufell <hasufell@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] [PATCH] games.eclass: Allow to disable games permissions wrt #467386
Date: Thu, 20 Nov 2014 17:25:37
Message-Id: 546E2404.7090500@gentoo.org
1 From: Julian Ospald <hasufell@g.o>
2 Date: Thu Nov 20 17:04:20 UTC 2014
3 Subject: Allow to disable games permissions wrt #467386
4
5 This also removes unnecessary exports of games
6 variables.
7
8 --- eclass/games.eclass
9 +++ eclass/games.eclass
10 @@ -19,25 +19,46 @@
11 *) die "no support for EAPI=${EAPI} yet" ;;
12 esac
13
14 +# Set to 0 to disable file permission modifications.
15 +GAMES_PERMISSIONS=${GAMES_PERMISSIONS:-1}
16 +
17 +# Set to 0 to set the games variables like GAMES_PREFIX to
18 +# match regular ebuilds if you don't want to micromanage them.
19 +GAMES_VARIABLES=${GAMES_VARIABLES:-1}
20 +
21 if [[ ${CATEGORY}/${PN} != "games-misc/games-envd" ]] ; then
22 # environment file
23 RDEPEND="games-misc/games-envd"
24 fi
25
26 -export GAMES_PREFIX=${GAMES_PREFIX:-/usr/games}
27 -export GAMES_PREFIX_OPT=${GAMES_PREFIX_OPT:-/opt}
28 -export GAMES_DATADIR=${GAMES_DATADIR:-/usr/share/games}
29 -export GAMES_DATADIR_BASE=${GAMES_DATADIR_BASE:-/usr/share} # some packages auto append 'games'
30 -export GAMES_SYSCONFDIR=${GAMES_SYSCONFDIR:-/etc/games}
31 -export GAMES_STATEDIR=${GAMES_STATEDIR:-/var/games}
32 -export GAMES_LOGDIR=${GAMES_LOGDIR:-/var/log/games}
33 -export GAMES_BINDIR=${GAMES_BINDIR:-${GAMES_PREFIX}/bin}
34 -export GAMES_ENVD="90games"
35 +if [[ ${GAMES_VARIABLES} != 1 ]] ; then
36 + GAMES_PREFIX=/usr
37 + GAMES_PREFIX_OPT=/opt
38 + GAMES_DATADIR=/usr/share
39 + GAMES_DATADIR_BASE=/usr/share
40 + GAMES_SYSCONFDIR=/etc
41 + GAMES_STATEDIR=/var/lib
42 + GAMES_LOGDIR=/var/log
43 + GAMES_BINDIR=${GAMES_PREFIX}/bin
44 + GAMES_USER=root
45 + GAMES_USER_DED=root
46 + GAMES_GROUP=root
47 +fi
48 +
49 +GAMES_PREFIX=${GAMES_PREFIX:-/usr/games}
50 +GAMES_PREFIX_OPT=${GAMES_PREFIX_OPT:-/opt}
51 +GAMES_DATADIR=${GAMES_DATADIR:-/usr/share/games}
52 +GAMES_DATADIR_BASE=${GAMES_DATADIR_BASE:-/usr/share} # some packages auto append 'games'
53 +GAMES_SYSCONFDIR=${GAMES_SYSCONFDIR:-/etc/games}
54 +GAMES_STATEDIR=${GAMES_STATEDIR:-/var/games}
55 +GAMES_LOGDIR=${GAMES_LOGDIR:-/var/log/games}
56 +GAMES_BINDIR=${GAMES_BINDIR:-${GAMES_PREFIX}/bin}
57 +GAMES_ENVD="90games"
58 # if you want to use a different user/group than games.games,
59 # just add these two variables to your environment (aka /etc/profile)
60 -export GAMES_USER=${GAMES_USER:-root}
61 -export GAMES_USER_DED=${GAMES_USER_DED:-games}
62 -export GAMES_GROUP=${GAMES_GROUP:-games}
63 +GAMES_USER=${GAMES_USER:-root}
64 +GAMES_USER_DED=${GAMES_USER_DED:-games}
65 +GAMES_GROUP=${GAMES_GROUP:-games}
66
67 games_get_libdir() {
68 echo ${GAMES_PREFIX}/$(get_libdir)
69 @@ -87,46 +108,56 @@
70
71 games_make_wrapper() { gameswrapper ${FUNCNAME/games_} "$@"; }
72
73 -gamesowners() { chown ${GAMES_USER}:${GAMES_GROUP} "$@"; }
74 -gamesperms() { chmod u+rw,g+r-w,o-rwx "$@"; }
75 +gamesowners() {
76 + if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then
77 + chown ${GAMES_USER}:${GAMES_GROUP} "$@"
78 + fi
79 +}
80 +gamesperms() {
81 + if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then
82 + chmod u+rw,g+r-w,o-rwx "$@";
83 + fi
84 +}
85 prepgamesdirs() {
86 - local dir f mode
87 - for dir in \
88 - "${GAMES_PREFIX}" "${GAMES_PREFIX_OPT}" "${GAMES_DATADIR}" \
89 - "${GAMES_SYSCONFDIR}" "${GAMES_STATEDIR}" "$(games_get_libdir)" \
90 - "${GAMES_BINDIR}" "$@"
91 - do
92 - [[ ! -d ${D}/${dir} ]] && continue
93 - (
94 - gamesowners -R "${D}/${dir}"
95 - find "${D}/${dir}" -type d -print0 | xargs -0 chmod 750
96 - mode=o-rwx,g+r,g-w
97 - [[ ${dir} = ${GAMES_STATEDIR} ]] && mode=o-rwx,g+r
98 - find "${D}/${dir}" -type f -print0 | xargs -0 chmod $mode
99 -
100 - # common trees should not be games owned #264872
101 - if [[ ${dir} == "${GAMES_PREFIX_OPT}" ]] ; then
102 - fowners root:root "${dir}"
103 - fperms 755 "${dir}"
104 - for d in $(get_libdir) bin ; do
105 - # check if dirs exist to avoid "nonfatal" option
106 - if [[ -e ${D}/${dir}/${d} ]] ; then
107 - fowners root:root "${dir}/${d}"
108 - fperms 755 "${dir}/${d}"
109 - fi
110 - done
111 + if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then
112 + local dir f mode
113 + for dir in \
114 + "${GAMES_PREFIX}" "${GAMES_PREFIX_OPT}" "${GAMES_DATADIR}" \
115 + "${GAMES_SYSCONFDIR}" "${GAMES_STATEDIR}" "$(games_get_libdir)" \
116 + "${GAMES_BINDIR}" "$@"
117 + do
118 + [[ ! -d ${D}/${dir} ]] && continue
119 + (
120 + gamesowners -R "${D}/${dir}"
121 + find "${D}/${dir}" -type d -print0 | xargs -0 chmod 750
122 + mode=o-rwx,g+r,g-w
123 + [[ ${dir} = ${GAMES_STATEDIR} ]] && mode=o-rwx,g+r
124 + find "${D}/${dir}" -type f -print0 | xargs -0 chmod $mode
125 +
126 + # common trees should not be games owned #264872
127 + if [[ ${dir} == "${GAMES_PREFIX_OPT}" ]] ; then
128 + fowners root:root "${dir}"
129 + fperms 755 "${dir}"
130 + for d in $(get_libdir) bin ; do
131 + # check if dirs exist to avoid "nonfatal" option
132 + if [[ -e ${D}/${dir}/${d} ]] ; then
133 + fowners root:root "${dir}/${d}"
134 + fperms 755 "${dir}/${d}"
135 + fi
136 + done
137 + fi
138 + ) &>/dev/null
139 +
140 + f=$(find "${D}/${dir}" -perm +4000 -a -uid 0 2>/dev/null)
141 + if [[ -n ${f} ]] ; then
142 + eerror "A game was detected that is setuid root!"
143 + eerror "${f}"
144 + die "refusing to merge a setuid root game"
145 fi
146 - ) &>/dev/null
147 -
148 - f=$(find "${D}/${dir}" -perm +4000 -a -uid 0 2>/dev/null)
149 - if [[ -n ${f} ]] ; then
150 - eerror "A game was detected that is setuid root!"
151 - eerror "${f}"
152 - die "refusing to merge a setuid root game"
153 - fi
154 - done
155 - [[ -d ${D}/${GAMES_BINDIR} ]] || return 0
156 - find "${D}/${GAMES_BINDIR}" -maxdepth 1 -type f -exec chmod 750 '{}' \;
157 + done
158 + [[ -d ${D}/${GAMES_BINDIR} ]] || return 0
159 + find "${D}/${GAMES_BINDIR}" -maxdepth 1 -type f -exec chmod 750 '{}' \;
160 + fi
161 }
162
163 games_pkg_setup() {
164 @@ -174,15 +205,22 @@
165 # pkg_postinst function ... warn about games group
166 games_pkg_postinst() {
167 if [[ -z "${GAMES_SHOW_WARNING}" ]] ; then
168 - ewarn "Remember, in order to play games, you have to"
169 - ewarn "be in the '${GAMES_GROUP}' group."
170 - echo
171 - case ${CHOST} in
172 - *-darwin*) ewarn "Just run 'niutil -appendprop / /groups/games users <USER>'";;
173 - *-freebsd*|*-dragonfly*) ewarn "Just run 'pw groupmod ${GAMES_GROUP} -m <USER>'";;
174 - *) ewarn "Just run 'gpasswd -a <USER> ${GAMES_GROUP}', then have <USER> re-login.";;
175 - esac
176 - echo
177 + if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then
178 + ewarn "Remember, in order to play games, you have to"
179 + ewarn "be in the '${GAMES_GROUP}' group."
180 + echo
181 + case ${CHOST} in
182 + *-darwin*) ewarn "Just run 'niutil -appendprop / /groups/games users <USER>'";;
183 + *-freebsd*|*-dragonfly*) ewarn "Just run 'pw groupmod ${GAMES_GROUP} -m <USER>'";;
184 + *) ewarn "Just run 'gpasswd -a <USER> ${GAMES_GROUP}', then have <USER> re-login.";;
185 + esac
186 + echo
187 + else
188 + ewarn "You have games permissions disabled."
189 + ewarn "If you want to run a dedicated server, doublecheck"
190 + ewarn "the permissions of the executable and consider"
191 + ewarn "to add a separate user."
192 + fi
193 einfo "For more info about Gentoo gaming in general, see our website:"
194 einfo " http://games.gentoo.org/"
195 echo

Replies

Subject Author
Re: [gentoo-dev] [PATCH] games.eclass: Allow to disable games permissions wrt #467386 hasufell <hasufell@g.o>
Re: [gentoo-dev] [PATCH] games.eclass: Allow to disable games permissions wrt #467386 Ulrich Mueller <ulm@g.o>
Report Message
Find on MARC Find on Google Groups