From: Julian Ospald <hasuf...@gentoo.org>
Date: Thu Nov 20 17:04:20 UTC 2014
Subject: Allow to disable games permissions wrt #467386
This also removes unnecessary exports of games
variables.
--- eclass/games.eclass
+++ eclass/games.eclass
@@ -19,25 +19,46 @@
*) die "no support for EAPI=${EAPI} yet" ;;
esac
+# Set to 0 to disable file permission modifications.
+GAMES_PERMISSIONS=${GAMES_PERMISSIONS:-1}
+
+# Set to 0 to set the games variables like GAMES_PREFIX to
+# match regular ebuilds if you don't want to micromanage them.
+GAMES_VARIABLES=${GAMES_VARIABLES:-1}
+
if [[ ${CATEGORY}/${PN} != "games-misc/games-envd" ]] ; then
# environment file
RDEPEND="games-misc/games-envd"
fi
-export GAMES_PREFIX=${GAMES_PREFIX:-/usr/games}
-export GAMES_PREFIX_OPT=${GAMES_PREFIX_OPT:-/opt}
-export GAMES_DATADIR=${GAMES_DATADIR:-/usr/share/games}
-export GAMES_DATADIR_BASE=${GAMES_DATADIR_BASE:-/usr/share} # some packages
auto append 'games'
-export GAMES_SYSCONFDIR=${GAMES_SYSCONFDIR:-/etc/games}
-export GAMES_STATEDIR=${GAMES_STATEDIR:-/var/games}
-export GAMES_LOGDIR=${GAMES_LOGDIR:-/var/log/games}
-export GAMES_BINDIR=${GAMES_BINDIR:-${GAMES_PREFIX}/bin}
-export GAMES_ENVD="90games"
+if [[ ${GAMES_VARIABLES} != 1 ]] ; then
+ GAMES_PREFIX=/usr
+ GAMES_PREFIX_OPT=/opt
+ GAMES_DATADIR=/usr/share
+ GAMES_DATADIR_BASE=/usr/share
+ GAMES_SYSCONFDIR=/etc
+ GAMES_STATEDIR=/var/lib
+ GAMES_LOGDIR=/var/log
+ GAMES_BINDIR=${GAMES_PREFIX}/bin
+ GAMES_USER=root
+ GAMES_USER_DED=root
+ GAMES_GROUP=root
+fi
+
+GAMES_PREFIX=${GAMES_PREFIX:-/usr/games}
+GAMES_PREFIX_OPT=${GAMES_PREFIX_OPT:-/opt}
+GAMES_DATADIR=${GAMES_DATADIR:-/usr/share/games}
+GAMES_DATADIR_BASE=${GAMES_DATADIR_BASE:-/usr/share} # some packages auto
append 'games'
+GAMES_SYSCONFDIR=${GAMES_SYSCONFDIR:-/etc/games}
+GAMES_STATEDIR=${GAMES_STATEDIR:-/var/games}
+GAMES_LOGDIR=${GAMES_LOGDIR:-/var/log/games}
+GAMES_BINDIR=${GAMES_BINDIR:-${GAMES_PREFIX}/bin}
+GAMES_ENVD="90games"
# if you want to use a different user/group than games.games,
# just add these two variables to your environment (aka /etc/profile)
-export GAMES_USER=${GAMES_USER:-root}
-export GAMES_USER_DED=${GAMES_USER_DED:-games}
-export GAMES_GROUP=${GAMES_GROUP:-games}
+GAMES_USER=${GAMES_USER:-root}
+GAMES_USER_DED=${GAMES_USER_DED:-games}
+GAMES_GROUP=${GAMES_GROUP:-games}
games_get_libdir() {
echo ${GAMES_PREFIX}/$(get_libdir)
@@ -87,46 +108,56 @@
games_make_wrapper() { gameswrapper ${FUNCNAME/games_} "$@"; }
-gamesowners() { chown ${GAMES_USER}:${GAMES_GROUP} "$@"; }
-gamesperms() { chmod u+rw,g+r-w,o-rwx "$@"; }
+gamesowners() {
+ if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then
+ chown ${GAMES_USER}:${GAMES_GROUP} "$@"
+ fi
+}
+gamesperms() {
+ if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then
+ chmod u+rw,g+r-w,o-rwx "$@";
+ fi
+}
prepgamesdirs() {
- local dir f mode
- for dir in \
- "${GAMES_PREFIX}" "${GAMES_PREFIX_OPT}" "${GAMES_DATADIR}" \
- "${GAMES_SYSCONFDIR}" "${GAMES_STATEDIR}" "$(games_get_libdir)"
\
- "${GAMES_BINDIR}" "$@"
- do
- [[ ! -d ${D}/${dir} ]] && continue
- (
- gamesowners -R "${D}/${dir}"
- find "${D}/${dir}" -type d -print0 | xargs -0 chmod 750
- mode=o-rwx,g+r,g-w
- [[ ${dir} = ${GAMES_STATEDIR} ]] && mode=o-rwx,g+r
- find "${D}/${dir}" -type f -print0 | xargs -0 chmod
$mode
-
- # common trees should not be games owned #264872
- if [[ ${dir} == "${GAMES_PREFIX_OPT}" ]] ; then
- fowners root:root "${dir}"
- fperms 755 "${dir}"
- for d in $(get_libdir) bin ; do
- # check if dirs exist to avoid
"nonfatal" option
- if [[ -e ${D}/${dir}/${d} ]] ; then
- fowners root:root "${dir}/${d}"
- fperms 755 "${dir}/${d}"
- fi
- done
+ if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then
+ local dir f mode
+ for dir in \
+ "${GAMES_PREFIX}" "${GAMES_PREFIX_OPT}"
"${GAMES_DATADIR}" \
+ "${GAMES_SYSCONFDIR}" "${GAMES_STATEDIR}"
"$(games_get_libdir)" \
+ "${GAMES_BINDIR}" "$@"
+ do
+ [[ ! -d ${D}/${dir} ]] && continue
+ (
+ gamesowners -R "${D}/${dir}"
+ find "${D}/${dir}" -type d -print0 | xargs -0
chmod 750
+ mode=o-rwx,g+r,g-w
+ [[ ${dir} = ${GAMES_STATEDIR} ]] &&
mode=o-rwx,g+r
+ find "${D}/${dir}" -type f -print0 | xargs -0
chmod $mode
+
+ # common trees should not be games owned #264872
+ if [[ ${dir} == "${GAMES_PREFIX_OPT}" ]] ; then
+ fowners root:root "${dir}"
+ fperms 755 "${dir}"
+ for d in $(get_libdir) bin ; do
+ # check if dirs exist to avoid
"nonfatal" option
+ if [[ -e ${D}/${dir}/${d} ]] ;
then
+ fowners root:root
"${dir}/${d}"
+ fperms 755 "${dir}/${d}"
+ fi
+ done
+ fi
+ ) &>/dev/null
+
+ f=$(find "${D}/${dir}" -perm +4000 -a -uid 0
2>/dev/null)
+ if [[ -n ${f} ]] ; then
+ eerror "A game was detected that is setuid
root!"
+ eerror "${f}"
+ die "refusing to merge a setuid root game"
fi
- ) &>/dev/null
-
- f=$(find "${D}/${dir}" -perm +4000 -a -uid 0 2>/dev/null)
- if [[ -n ${f} ]] ; then
- eerror "A game was detected that is setuid root!"
- eerror "${f}"
- die "refusing to merge a setuid root game"
- fi
- done
- [[ -d ${D}/${GAMES_BINDIR} ]] || return 0
- find "${D}/${GAMES_BINDIR}" -maxdepth 1 -type f -exec chmod 750 '{}' \;
+ done
+ [[ -d ${D}/${GAMES_BINDIR} ]] || return 0
+ find "${D}/${GAMES_BINDIR}" -maxdepth 1 -type f -exec chmod 750
'{}' \;
+ fi
}
games_pkg_setup() {
@@ -174,15 +205,22 @@
# pkg_postinst function ... warn about games group
games_pkg_postinst() {
if [[ -z "${GAMES_SHOW_WARNING}" ]] ; then
- ewarn "Remember, in order to play games, you have to"
- ewarn "be in the '${GAMES_GROUP}' group."
- echo
- case ${CHOST} in
- *-darwin*) ewarn "Just run 'niutil -appendprop /
/groups/games users <USER>'";;
- *-freebsd*|*-dragonfly*) ewarn "Just run 'pw groupmod
${GAMES_GROUP} -m <USER>'";;
- *) ewarn "Just run 'gpasswd -a <USER> ${GAMES_GROUP}',
then have <USER> re-login.";;
- esac
- echo
+ if [[ ${GAMES_PERMISSIONS} == 1 ]] ; then
+ ewarn "Remember, in order to play games, you have to"
+ ewarn "be in the '${GAMES_GROUP}' group."
+ echo
+ case ${CHOST} in
+ *-darwin*) ewarn "Just run 'niutil -appendprop
/ /groups/games users <USER>'";;
+ *-freebsd*|*-dragonfly*) ewarn "Just run 'pw
groupmod ${GAMES_GROUP} -m <USER>'";;
+ *) ewarn "Just run 'gpasswd -a <USER>
${GAMES_GROUP}', then have <USER> re-login.";;
+ esac
+ echo
+ else
+ ewarn "You have games permissions disabled."
+ ewarn "If you want to run a dedicated server,
doublecheck"
+ ewarn "the permissions of the executable and consider"
+ ewarn "to add a separate user."
+ fi
einfo "For more info about Gentoo gaming in general, see our
website:"
einfo " http://games.gentoo.org/";
echo
