--- /usr/portage/games-roguelike/nethack/nethack-3.4.3-r1.ebuild 2007-04-01 13:35:45 +0900 +++ nethack-3.4.3-r1.ebuild 2007-12-28 19:57:33 +0900 @@ -4,6 +4,20 @@ inherit eutils toolchain-funcs flag-o-matic games +# If ${USE_GENTOO_GAMES_POLICY} is set to a non-empty value, the build will +# follow the (current as of 2007) Gentoo games policy; otherwise, the build +# will assume standard Unix-like games policy. The differences are: +# - Under standard (non-Gentoo) policy, the "games" group is assumed to +# be protected from users, and NetHack will be installed as group +# "games" (actually ${GAMES_GROUP}). Under Gentoo policy, users are +# assumed to be in the "games" group, and a separate "nethack" group +# will be used for installation in order to protect the data files from +# modification by users. +# - The "you have to be in the 'games' group" message will only be +# displayed when using Gentoo policy. + +USE_GENTOO_GAMES_POLICY="for now, anyway" + MY_PV=${PV//.} DESCRIPTION="The ultimate old-school single player dungeon exploration game" HOMEPAGE="http://www.nethack.org/" @@ -31,6 +45,18 @@ )" HACKDIR="${GAMES_DATADIR}/${PN}" +if [ -n "${USE_GENTOO_GAMES_POLICY}" ]; then + NETHACK_GROUP="nethack" +else + NETHACK_GROUP="games" +fi + +pkg_setup() { + games_pkg_setup + if [ -n "${USE_GENTOO_GAMES_POLICY}" ]; then + enewgroup nethack + fi +} src_unpack() { unpack ${A} @@ -107,18 +133,31 @@ CC="$(tc-getCC)" \ CFLAGS="${CFLAGS}" \ LFLAGS="-L/usr/X11R6/lib" \ - GAMEPERM=0755 \ - GAMEUID="${GAMES_USER}" GAMEGRP="${GAMES_GROUP}" \ + GAMEPERM=2751 \ + GAMEUID="${GAMES_USER}" GAMEGRP="${NETHACK_GROUP}" \ PREFIX="${D}/usr" \ GAMEDIR="${D}${HACKDIR}" \ SHELLDIR="${D}/${GAMES_BINDIR}" \ install \ || die "make install failed" + # Set permissions on the game data directory--but note that the real + # executable is stored here too, so fix it up afterwards. + chgrp -R "${NETHACK_GROUP}" "${D}/${HACKDIR}" || die "chgrp hackdir" + chmod -R 640 "${D}/${HACKDIR}" || die "chmod hackdir 1" + # ${HACKDIR} would be 750 if ${GAMES_BINDIR}/nethack wasn't a shell + # script that called the real executable, ${HACKDIR}/nethack + chmod 751 "${D}/${HACKDIR}" || die "chmod hackdir 2" + chmod 2751 "${D}/${HACKDIR}/nethack" || die "chmod hackdir 3" + # We keep this stuff in ${GAMES_STATEDIR} instead so tidy up. rm -rf "${D}/usr/share/games/nethack/save" newgamesbin util/recover recover-nethack || die "newgamesbin failed" + # FIXME: do we want to let users run this or not? + chgrp "${NETHACK_GROUP}" "${D}/${GAMES_BINDIR}/recover-nethack" \ + || die "chgrp recover" + chmod 2750 "${D}/${GAMES_BINDIR}/recover-nethack" || die "chmod binaries" # The final nethack is a sh script. This fixes the hard-coded # HACKDIR directory so it doesn't point to ${D}/usr/share/nethackdir @@ -172,16 +211,36 @@ mv "${D}/${HACKDIR}/"{record,logfile,perm} "${D}/${statedir}/" make_desktop_entry nethack "Nethack" - prepgamesdirs - chmod -R 660 "${D}/${statedir}" - chmod 770 "${D}/${statedir}" "${D}/${statedir}/save" + # Prevent users from modifying state files (#125902) + chgrp -R "${NETHACK_GROUP}" "${D}/${statedir}" || die "chgrp statedir" + chmod -R 660 "${D}/${statedir}" || die "chmod statedir 1" + chmod 770 "${D}/${statedir}" "${D}/${statedir}/save" \ + || die "chmod statedir 2" + + # We do NOT run prepgamesdirs because it would stomp all over our + # carefully set permissions. } pkg_postinst() { - games_pkg_postinst + if [ -z "${USE_GENTOO_GAMES_POLICY}" ]; then + gamesenv + else + games_pkg_postinst + fi if use qt3 && has_version '=x11-libs/qt-3.1*' ; then ewarn "the qt frontend may be a little unstable with this version of qt" ewarn "please see Bug 32629 for more information" fi elog "You may want to look at /etc/skel/.nethackrc for interesting options" + + # Old installations of nethack may have the wrong group or permissions, + # so update them once more here + chgrp -R "${NETHACK_GROUP}" "${HACKDIR}" || die "chgrp hackdir" + chmod -R 640 "${HACKDIR}" || die "chmod hackdir 1" + chmod 751 "${HACKDIR}" || die "chmod hackdir 2" + chmod 2751 "${HACKDIR}/nethack" + local statedir="${GAMES_STATEDIR}/${PN}" + chgrp -R "${NETHACK_GROUP}" "${statedir}" || die "chgrp statedir" + chmod -R 660 "${statedir}" || die "chmod statedir 1" + chmod 770 "${statedir}" "${statedir}/save" || die "chmod statedir 2" }