1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
# $NetBSD: permissions.mk,v 1.2 2017/08/10 05:37:44 jlam Exp $
#
# Copyright (c) 2017 The NetBSD Foundation, Inc.
# All rights reserved.
#
# This code is derived from software contributed to The NetBSD Foundation
# by Johnny C. Lam.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
# Generate the data file for the permissions package task.
# SPECIAL_PERMS
# List of blocks of four words of the following form:
#
# <file> <owner> <group> <mode>
#
# The <file> (it may be a directory) is changed to be owned by
# <owner>:<group> with <mode> permissions. If <file> is a
# relative path, then it is taken to be relative to ${PREFIX}.
#
# SPECIAL_PERMS should be used primarily to change permissions of
# files or directories listed in the PLIST. This may be used to
# ensure certain files are set-uid or to change the ownership of a
# directory.
#
_PKG_VARS.pkgtasks+= SPECIAL_PERMS
SPECIAL_PERMS?= # empty
# Trigger pkgtasks dependency if needed.
_PKGTASKS_DATAVARS.permissions= SPECIAL_PERMS
.for _var_ in ${_PKGTASKS_DATAVARS.permissions}
. if !empty(${_var_})
USE_PKGTASKS= yes
. endif
.endfor
# Strip leading "${PREFIX}/" from pathnames.
_SPECIAL_PERMS= ${SPECIAL_PERMS:S|^${PREFIX}/||g}
# SETUID_ROOT_PERMS
# Convenience variable used to note an executable should be setuid
# root, and should be used as follows:
#
# SPECIAL_PERMS+= /path/to/suidroot ${SETUID_ROOT_PERMS}
#
# SETGID_GAMES_PERMS
# Convenience variable used to note an executable should be setgid
# games, and should be used as follows:
#
# SPECIAL_PERMS+= /path/to/sgidgame ${SETGID_GAMES_PERMS}
#
# GAMEDATA_PERMS
# GAMEDIR_PERMS
# Convenience variables for files or directories that should be
# accessible by executables that are setgid games. Since such
# files or directories should normally live under ${VARBASE},
# these definitions should be used roughly as follows:
#
# REQD_DIRS_PERMS+= /path/to/scoredir ${GAMEDIR_PERMS}
# REQD_FILES_PERMS+= /dev/null /path/to/scorefile ${GAMEDATA_PERMS}
#
# Keywords: setuid setgid st_mode perms
#
_SYS_VARS.pkgtasks+= SETUID_ROOT_PERMS SETGID_GAMES_PERMS \
GAMEDATA_PERMS GAMEDIR_PERMS
SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4511
SETGID_GAMES_PERMS?= ${GAMES_USER} ${GAMES_GROUP} ${GAMEMODE}
GAMEDATA_PERMS?= ${GAMES_USER} ${GAMES_GROUP} ${GAMEDATAMODE}
GAMEDIR_PERMS?= ${GAMES_USER} ${GAMES_GROUP} ${GAMEDIRMODE}
# ASSERT: The variables have the right number of words.
.for _var_ in SPECIAL_PERMS
. if empty(${_var_}) || empty(${_var_}:C/.*/4/:M*:S/4 4 4 4//gW)
# ${_var_} has a multiple of 4 words.
. else
PKG_FAIL_REASON+= ${_var_:Q}" must have a multiple of 4 words."
. endif
.endfor
_PKGTASKS_DATA.permissions= ${_PKGTASKS_DIR}/permissions
_PKGTASKS_DATAFILES+= ${_PKGTASKS_DATA.permissions}
${_PKGTASKS_DATA.permissions}:
${RUN}${MKDIR} ${.TARGET:H:Q}
${RUN}exec > ${.TARGET}.tmp
${RUN}set -- args ${_SPECIAL_PERMS}; shift; \
while ${TEST} "$$#" -gt 0; do \
path="$$1"; owner="$$2"; group="$$3"; mode="$$4"; shift 4; \
${ECHO} "# PERMS: $$path $$mode $$owner $$group" \
>> ${.TARGET}.tmp; \
done
${RUN}${MV} ${.TARGET:Q}.tmp ${.TARGET:Q}
|
