Begin cleanup of setgid game infrastructure.

 * Introduce USE_GAMESGROUP, which causes the games user and group to
be made available.

 * Retain SETGIDGAME as an alias for USE_GAMESGROUP. Describe it as
deprecated.

 * Always define GAMES_USER, GAMES_GROUP, GAMEMODE, GAMEDIRMODE, and
GAMEDATAMODE, regardless of whether USE_GAMESGROUP is turned on or not.

 * Define these variables in defaults/mk.conf instead of separately in
every platform/*.mk file. The definitions used to be the same for each
of these platforms anyway, except for some where they were randomly
missing or commented out for no clear reason, leading to broken game
packages.

 * Handle all these variables properly when unprivileged.

 * Update the comments/documentation for these variables.

 * Describe GAMEOWN and GAMEGRP as deprecated. These need to be
retained as aliases for GAMES_USER and GAMES_GROUP respectively for
supporting packages that use bsd.*.mk but should otherwise not be
used.

 * Add GAMEDATA_PERMS and GAMEDIR_PERMS using GAMEDATAMODE and
GAMEDIRMODE respectively.

 * Fix a bug I noticed that was improperly mixing the "games" group
and "games" user.

Things this does *not* do:

 - get rid of GAMES_USER, for which there should ultimately be no need.

 - move the declaration/documentation/default value of USE_GAMESGROUP
to a suitable place. (It is currently where SETGIDGAME was, which is
suboptimal.)

 - touch any of the games, all of which need updating with at least
s/SETGIDGAME/USE_GAMESGROUP/ and probably more.

 - update the guide to explain how to handle games properly.

Also, it would be nice if using GAMES_GROUP without setting
USE_GAMESGROUP=yes caused an error but as far as I know there isn't
any particularly good way to arrange this right now.

Note that these changes may alter the build/install behavior of broken
game packages, e.g. some may silently become setgid when they weren't
before or things like that. If you run into any of this file a PR.

While one might arguably bump the PKGREVISION of all games or other
packages using any of these variables as a precaution, that seems like
a bad idea. Instead, I think I will be bumping each game once it
itself has been fixed up to do everything the right way.

1 files changed, 60 insertions, 38 deletions

diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf
index 4ffc4a3704f..3f0e333d26d 100644
--- a/mk/defaults/mk.conf
+++ b/mk/defaults/mk.conf
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.191 2010/06/08 19:04:09 wiz Exp $
+# $NetBSD: mk.conf,v 1.192 2010/07/08 04:57:36 dholland Exp $
 #
 
 # This file provides default values for variables that may be overridden
@@ -541,10 +541,20 @@ PRE_ROOT_CMD?=	${TRUE}
 # Possible: any shell commands
 # Default: none
 
-SETGIDGAME?=	no
-# This flags specifies whether or not certain games are installed setgid,
-# which would allow them to write to a group-owned score file.
-# See also:	GAMEGRP, GAMEMODE, GAMEOWN
+USE_GAMESGROUP?=	no
+SETGIDGAME?=		${USE_GAMESGROUP}
+# This flag specifies whether a package uses the "games" group; if it is
+# set, the GAMES_GROUP, GAMEMODE, SETGID_GAMES_PERMS, etc. variables can
+# be used to install setgid games and their data files.
+#
+# SETGIDGAME is a deprecated alternative variable with the same
+# purpose but a murky history and unclear semantics; it is being
+# phased out because it conflicts with a like-named build variable in
+# the NetBSD base system.
+#
+# XXX: This variable should not be defined here.
+#
+# See also:	GAMES_GROUP, GAMEMODE
 # Possible:	yes, no
 # Default:	no
 
@@ -873,46 +883,58 @@ FREEWNN_GROUP?=	jserver
 # Possible: any group name
 # Default: jserver
 
-.if !empty(SETGIDGAME:M[yY][eE][sS])
-GAMEDATAMODE?=	664
-.else
-GAMEDATAMODE?=	${SHAREMODE}
-.endif
-# Used for various games to allow writing to a group-owned score file.
-# See also:	GAMEMODE, GAMEOWN, SETGIDGAME
-# Possible:	any file ownership
-# Default:	${SHAREMODE} if SETGIDGAME is not set to 'yes', 644 otherwise
+GAMES_USER?=	games
+# Used by games to own writeable material, normally in ${VARBASE}.
+# GAMES_USER has historically been "games" but in the absence of setuid
+# games, which are generally a bad idea, a games user is fairly pointless
+# and is expected to be removed in the future.
+# See also:	GAMES_GROUP, USE_GAMESGROUP
+# Possible:	any user name
+# Default:	games
 
-GAMEGRP?=	${BINGRP}
-# Used for various games to allow writing to a group-owned score file.
-# If SETGIDGAME is 'yes', setting this to a dedicated group, such as 'games'
-# would make sense.
-# See also:	GAMEMODE, GAMEOWN, SETGIDGAME
+GAMES_GROUP?=	games
+# Used by games to own writeable material, normally in ${VARBASE}.
+# See also:	GAMES_USER, GAMEMODE, GAMEDIRMODE, GAMEDATAMODE, USE_GAMESGROUP
 # Possible:	any group name
-# Default:	${BINGRP}
+# Default:	games
 
-GAMEMODE?=	${BINMODE}
-# Used for various games to allow writing to a group-owned score file.
-# If SETGIDGAME is 'yes', setting this to 2555 would make sense.
-# See also:	GAMEGRP, GAMEOWN, SETGIDGAME
+GAMEMODE?=	2555
+# Used by setgid games to install the setgid executable itself.
+# Note that USE_GAMESGROUP must be set to make the games group actually
+# exist.
+# See also:	GAMES_GROUP, GAMEDIRMODE, GAMEDATAMODE, USE_GAMESGROUP
 # Possible:	any mode
-# Default:	${BINMODE}
-
-GAMEDIRMODE?=	${PKGDIRMODE}
-# Used for various games to allow writing to a group-owned directory
-# e.g. for logfiles.
-# If SETGIDGAME is 'yes', setting this to 0775 would make sense.
-# See also:	GAMEGRP, GAMEOWN, GAMEMODE, SETGIDGAME
+# Default:	2555
+
+GAMEDIRMODE?=	775
+# Used by setgid games to allow writing to a group-owned directory for
+# e.g. logfiles. Note that this variable should only be used for
+# directories where the game needs write access at runtime; otherwise
+# stick to ${PKGDIRMODE}.
+# See also:	GAMES_USER, GAMES_GROUP, GAMEMODE, USE_GAMESGROUP
 # Possible:	any mode
-# Default:	${PKGDIRMODE}
+# Default:	775
+
+GAMEDATAMODE?=	664
+# Used by setgid games as the permissions for writeable material, such
+# as score files, normally found in ${VARBASE}.
+# See also:	GAMES_USER, GAMES_GROUP, USE_GAMESGROUP
+# Possible:	any file ownership
+# Default:	664
+
+GAMEGRP?=	${GAMES_GROUP}
+# Legacy form of GAMES_GROUP; should only be used in the context of
+# supporting packages that use bsd.*.mk.
+# See also:	GAMES_GROUP, USE_GAMESGROUP
+# Possible:	any group name
+# Default:	GAMES_GROUP
 
-GAMEOWN?=	${BINOWN}
-# Used for various games to allow writing to a group-owned score file.
-# If SETGIDGAME is 'yes', setting this to a dedicated user, such as 'games'
-# would make sense.
-# See also:	GAMEGRP, GAMEMODE, SETGIDGAME
+GAMEOWN?=	${GAMES_USER}
+# Legacy form of GAMES_USER; should only be used in the context of
+# supporting packages that use bsd.*.mk.
+# See also:	GAMES_USER
 # Possible:	any user name
-# Default:	${BINOWN}
+# Default:	GAMES_USER
 
 GNU_PROGRAM_PREFIX?=	g
 # This is the prefix to add for GNU programs, like gls or gnutouch.