Commit graph

22 commits

Author SHA1 Message Date
cheusov
8d503e63a6 Revert the patch commited in PR 36618. It creates more problems
than it solves on Interix.
2012-04-21 19:29:47 +00:00
dholland
4424b4c08b Begin cleanup of setgid game infrastructure.
* Introduce USE_GAMESGROUP, which causes the games user and group to
be made available.

 * Retain SETGIDGAME as an alias for USE_GAMESGROUP. Describe it as
deprecated.

 * Always define GAMES_USER, GAMES_GROUP, GAMEMODE, GAMEDIRMODE, and
GAMEDATAMODE, regardless of whether USE_GAMESGROUP is turned on or not.

 * Define these variables in defaults/mk.conf instead of separately in
every platform/*.mk file. The definitions used to be the same for each
of these platforms anyway, except for some where they were randomly
missing or commented out for no clear reason, leading to broken game
packages.

 * Handle all these variables properly when unprivileged.

 * Update the comments/documentation for these variables.

 * Describe GAMEOWN and GAMEGRP as deprecated. These need to be
retained as aliases for GAMES_USER and GAMES_GROUP respectively for
supporting packages that use bsd.*.mk but should otherwise not be
used.

 * Add GAMEDATA_PERMS and GAMEDIR_PERMS using GAMEDATAMODE and
GAMEDIRMODE respectively.

 * Fix a bug I noticed that was improperly mixing the "games" group
and "games" user.

Things this does *not* do:

 - get rid of GAMES_USER, for which there should ultimately be no need.

 - move the declaration/documentation/default value of USE_GAMESGROUP
to a suitable place. (It is currently where SETGIDGAME was, which is
suboptimal.)

 - touch any of the games, all of which need updating with at least
s/SETGIDGAME/USE_GAMESGROUP/ and probably more.

 - update the guide to explain how to handle games properly.

Also, it would be nice if using GAMES_GROUP without setting
USE_GAMESGROUP=yes caused an error but as far as I know there isn't
any particularly good way to arrange this right now.

Note that these changes may alter the build/install behavior of broken
game packages, e.g. some may silently become setgid when they weren't
before or things like that. If you run into any of this file a PR.

While one might arguably bump the PKGREVISION of all games or other
packages using any of these variables as a precaution, that seems like
a bad idea. Instead, I think I will be bumping each game once it
itself has been fixed up to do everything the right way.
2010-07-08 04:57:36 +00:00
tnn
275569dfeb override GAMEMODE as well 2010-02-28 19:57:52 +00:00
tnn
94b4d822b8 Fix GAMES_USER handling in unprivileged mode.
ok joerg
2010-02-28 19:33:00 +00:00
abs
d2402dcaf1 pkg PR/36618 - fix UNPRIVILEGED_GROUP definition for Interix 2009-12-30 12:21:15 +00:00
rillig
a07f1507cf typo 2008-11-27 19:28:01 +00:00
jlam
26a6bb9ac4 + Conditionally add GAMES_USER and GAMES_GROUP to the platform *.mk
files.  These variables are currently usable if ${SETGIDGAME} == yes.
  These variables should be used when describing ownership of files
  and directories to the pkginstall framework, e.g.

	SPECIAL_PERMS=	bin/foogame ${GAMES_USER} ${GAMES_GROUP} 2555

+ Rename SETGID_GAME_PERMS to SETGID_GAMES_PERMS because the default
  group name is "games".

+ Define SETGID_GAMES_PERMS in terms of GAMES_USER and GAMES_GROUP so
  that these names are protected from the normal flow of unprivileged.mk.
  This fixes the +INSTALL scripts in "user-destdir" packages to
  correctly refer to the games:games instead of the user:group of the
  user that built the packages.
2008-03-04 06:45:33 +00:00
rillig
3dcc70e06a Documented PRIVILEGED_STAGES. 2008-02-01 08:54:53 +00:00
dsainty
ece7c88dfb Allow a package to use its custom group so long as the group is in the
(new) UNPRIVILEGED_GROUPS list.

In addition, the value of UNPRIVILEGED_GROUPS is defaulted to all the
groups the installing user is a member of, in a similar mold to
UNPRIVILEGED_GROUP and UNPRIVILEGED_USER.

This allows non-root installations of packages that have special group
requirements but no special user requirements, so long as the installation
user has been given the necessary group membership.

Raised on tech-pkg @ 2007/10/14.
2007-10-20 06:57:17 +00:00
rillig
30ba11bfca Documented all the variables that are used or defined by this file.
Added lots of XXX tags for things that should be discussed further.
2007-09-04 08:42:30 +00:00
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
rillig
362a7f39b3 Fixed indentation. 2007-06-06 12:41:53 +00:00
joerg
5ca4038017 Drop NO_MTREE by making it the default. Introduce USE_MTREE to get the
old behaviour back. Discussed on tech-pkg@.
2007-04-19 16:52:03 +00:00
joerg
8e79aa8c40 Rename _INSTALL_ROOT_USER to REAL_ROOT_USER. Use it as default for
SETUID_ROOT_PERMS.
2006-11-05 15:10:08 +00:00
joerg
24562c0818 DOCOWN and DOCGRP should be unprivileged as well. 2006-11-05 14:36:13 +00:00
joerg
aa237578e1 Include some more magic to set ownership of packages build with
use-destdir to ${ROOT_USER}:${ROOT_GROU}. This allows us to safely
use it on all packages which don't install setuid/setgid binaries.
2006-10-15 16:20:34 +00:00
joerg
5b374e445d Main infrastructure for DESTDIR support.
Packages may set PKG_DESTDIR_SUPPORT to either "destdir" or
"user-destdir" to flag support for this, following the same
rules as PKG_INSTALLATION_TYPES (e.g. define before first include
of bsd.prefs.mk).

The user activates it via USE_DESTDIR. When set to "yes",
packages with "user-destdir" are handled as "destdir".
The installation of the package will not go to ${LOCALBASE},
but a subdirectory of ${WRKDIR} instead. pre/post install scripts are
not run and the package is not registered either. A binary package
can be created instead to be installed normally with pkg_add.

For "user-destdir" packages, everything is run as normal user and
ownership is supposed to be correctled by pkg_create later. Since
the current pkg_install code uses pax and it doesn't allow overwriting
owners, this does not work yet.

For "destdir" packages, installation, packaging and cleaning is run as
root.

This commit does not change the handling of DEPENDS_TARGET or
bin-install to allow recursive usage.
2006-10-09 12:25:44 +00:00
rillig
9a607f8e53 Instead of the variables CHOWN and CHGRP, the TOOLS_PLATFORM.* variables
need to be overridden to generate tool wrappers that also work when
called with their simple names (for example chown instead of ${CHOWN}).
2006-08-31 16:21:20 +00:00
rillig
8db27f7fe7 Converted the header comment to the canonical form. Changed the
definitions of CHOWN and CHGRP so that they still include the command
that is skipped, which is useful when viewing the build logs.
2006-07-15 20:47:43 +00:00
rillig
76d2a550ec Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE,
NO_BUILD, USE_LIBTOOL.
2005-09-28 21:55:32 +00:00
reed
17c4d72e54 Do not attempt to modify /etc/shells as a regular user.
Also set PKG_CREATE_USERGROUP with = instead of ?=.
2005-08-22 17:13:28 +00:00
jmmv
d5789c138e Simplify unprivileged builds by adding a new variable, UNPRIVILEGED, that,
when set to YES, changes multiple defaults to let this work properly.
2005-05-29 17:12:15 +00:00