--- /usr/portage/games-roguelike/nethack/nethack-3.4.3-r1.ebuild 2007-04-01 13:35:45 +0900 +++ nethack-3.4.3-r1.ebuild 2008-03-19 21:24:28 +0900 @@ -4,6 +4,20 @@ inherit eutils toolchain-funcs flag-o-matic games +# If ${USE_GENTOO_GAMES_POLICY} is set to a non-empty value, the build will +# follow the (current as of 2008) Gentoo games policy; otherwise, the build +# will assume standard Unix-like games policy. The differences are: +# - Under standard (non-Gentoo) policy, the "games" group is assumed to +# be protected from users, and NetHack will be installed as group +# "games" (actually ${GAMES_GROUP}). Under Gentoo policy, users are +# assumed to be in the "games" group, and a separate "nethack" group +# will be used for installation in order to protect the data files from +# modification by users. +# - The "you have to be in the 'games' group" message will only be +# displayed when using Gentoo policy. + +USE_GENTOO_GAMES_POLICY="for now, anyway" + MY_PV=${PV//.} DESCRIPTION="The ultimate old-school single player dungeon exploration game" HOMEPAGE="http://www.nethack.org/" @@ -31,6 +45,18 @@ )" HACKDIR="${GAMES_DATADIR}/${PN}" +if [ -n "${USE_GENTOO_GAMES_POLICY}" ]; then + NETHACK_GROUP="nethack" +else + NETHACK_GROUP="games" +fi + +pkg_setup() { + games_pkg_setup + if [ -n "${USE_GENTOO_GAMES_POLICY}" ]; then + enewgroup nethack + fi +} src_unpack() { unpack ${A} @@ -105,8 +131,8 @@ CC="$(tc-getCC)" \ CFLAGS="${CFLAGS}" \ LFLAGS="-L/usr/X11R6/lib" \ - GAMEPERM=0755 \ - GAMEUID="${GAMES_USER}" GAMEGRP="${GAMES_GROUP}" \ + GAMEPERM=2751 \ + GAMEUID="${GAMES_USER}" GAMEGRP="${NETHACK_GROUP}" \ PREFIX="${D}/usr" \ GAMEDIR="${D}${HACKDIR}" \ SHELLDIR="${D}/${GAMES_BINDIR}" \ @@ -171,15 +197,51 @@ make_desktop_entry nethack "Nethack" prepgamesdirs - chmod -R 660 "${D}/${statedir}" - chmod 770 "${D}/${statedir}" "${D}/${statedir}/save" + + # Set permissions on the game data directory--but note that the real + # executable is stored here too, so fix it up afterwards. + chgrp -R "${NETHACK_GROUP}" "${D}/${HACKDIR}" || die "chgrp hackdir" + chmod -R 640 "${D}/${HACKDIR}" || die "chmod hackdir 1" + # ${HACKDIR} would be 750 if ${GAMES_BINDIR}/nethack wasn't a shell + # script that called the real executable, ${HACKDIR}/nethack + chmod 751 "${D}/${HACKDIR}" || die "chmod hackdir 2" + chmod 2751 "${D}/${HACKDIR}/nethack" || die "chmod nethack" + + # "recover" should only be runnable by the administrator; otherwise, + # ordinary users could mess with other users' save files (see the + # manpage). + chgrp "${NETHACK_GROUP}" "${D}/${GAMES_BINDIR}/recover-nethack" \ + || die "chgrp recover" + chmod 2750 "${D}/${GAMES_BINDIR}/recover-nethack" || die "chmod recover" + + # Prevent users from modifying state files. (#125902) + chgrp -R "${NETHACK_GROUP}" "${D}/${statedir}" || die "chgrp statedir" + chmod -R 660 "${D}/${statedir}" || die "chmod statedir 1" + chmod 770 "${D}/${statedir}" "${D}/${statedir}/save" \ + || die "chmod statedir 2" } pkg_postinst() { - games_pkg_postinst + if [ -z "${USE_GENTOO_GAMES_POLICY}" ]; then + gamesenv + else + games_pkg_postinst + fi if use qt3 && has_version '=x11-libs/qt-3.1*' ; then ewarn "the qt frontend may be a little unstable with this version of qt" ewarn "please see Bug 32629 for more information" fi elog "You may want to look at /etc/skel/.nethackrc for interesting options" + + # Old installations of nethack may have the wrong group or permissions, + # so update them once more here. FIXME: If we force an unmerge of any + # old ebuild first, the code below can be removed. + chgrp -R "${NETHACK_GROUP}" "${HACKDIR}" || die "chgrp hackdir" + chmod -R 640 "${HACKDIR}" || die "chmod hackdir 1" + chmod 751 "${HACKDIR}" || die "chmod hackdir 2" + chmod 2751 "${HACKDIR}/nethack" + local statedir="${GAMES_STATEDIR}/${PN}" + chgrp -R "${NETHACK_GROUP}" "${statedir}" || die "chgrp statedir" + chmod -R 660 "${statedir}" || die "chmod statedir 1" + chmod 770 "${statedir}" "${statedir}/save" || die "chmod statedir 2" }