diff options
| author |   Conrad Kostecki <conikost@gentoo.org> | 2021-12-11 18:08:01 +0100 |
|---|---|---|
| committer | Conrad Kostecki <conikost@gentoo.org> | 2021-12-11 18:08:01 +0100 |
| commit | 9efd7aaf26aae0f3983d42906b9daa9de366ca9a (patch) | |
| tree | 9004697ab4be16d4a0db90be91f4cd9747a29c45 /games-server/minecraft-server | |
| parent | sys-devel/llvm: Include third-party directory in the checkout (diff) | |
| download | gentoo-9efd7aaf26aae0f3983d42906b9daa9de366ca9a.tar.gz gentoo-9efd7aaf26aae0f3983d42906b9daa9de366ca9a.tar.bz2 gentoo-9efd7aaf26aae0f3983d42906b9daa9de366ca9a.zip | |
games-server/minecraft-server: add workaround for log4j rce
Bug: https://bugs.gentoo.org/828936
Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
Diffstat (limited to 'games-server/minecraft-server')
4 files changed, 167 insertions, 0 deletions
diff --git a/games-server/minecraft-server/files/log4j2_112-116.xml b/games-server/minecraft-server/files/log4j2_112-116.xml new file mode 100644 index 000000000000..569223572f64 --- /dev/null +++ b/games-server/minecraft-server/files/log4j2_112-116.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Configuration status="WARN"> + <Appenders> + <Console name="SysOut" target="SYSTEM_OUT"> + <PatternLayout pattern="[%d{HH:mm:ss}] [%t/%level]: %msg{nolookups}%n" /> + </Console> + <Queue name="ServerGuiConsole"> + <PatternLayout pattern="[%d{HH:mm:ss} %level]: %msg{nolookups}%n" /> + </Queue> + <RollingRandomAccessFile name="File" fileName="logs/latest.log" filePattern="logs/%d{yyyy-MM-dd}-%i.log.gz"> + <PatternLayout pattern="[%d{HH:mm:ss}] [%t/%level]: %msg{nolookups}%n" /> + <Policies> + <TimeBasedTriggeringPolicy /> + <OnStartupTriggeringPolicy /> + </Policies> + </RollingRandomAccessFile> + </Appenders> + <Loggers> + <Root level="info"> + <filters> + <MarkerFilter marker="NETWORK_PACKETS" onMatch="DENY" onMismatch="NEUTRAL" /> + </filters> + <AppenderRef ref="SysOut"/> + <AppenderRef ref="File"/> + <AppenderRef ref="ServerGuiConsole"/> + </Root> + </Loggers> +</Configuration> diff --git a/games-server/minecraft-server/files/minecraft-server.initd-r6 b/games-server/minecraft-server/files/minecraft-server.initd-r6 new file mode 100644 index 000000000000..dc4ecc84a997 --- /dev/null +++ b/games-server/minecraft-server/files/minecraft-server.initd-r6 @@ -0,0 +1,67 @@ +#!/sbin/openrc-run +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +if [ "${SVCNAME}" = "minecraft-server" ]; then + instance="main" +else + instance="${SVCNAME#minecraft-server.}" +fi + +dtach_tmpfile="$(mktemp -u)" +minecraft_command="/usr/bin/minecraft-server" +minecraft_log4j="log4j2_112-116.xml" +minecraft_logs="/var/log/minecraft-server" +minecraft_logs_instance="${minecraft_logs}/${instance}" +minecraft_path="/var/lib/minecraft-server" +minecraft_path_instance="${minecraft_path}/${instance}" +name="Minecraft Server (World: ${instance})" +pidfile="/run/minecraft-server.${instance}.pid" +start_stop_daemon_args="--chdir ${minecraft_path_instance} --env JAVA_OPTS='${MINECRAFT_OPTS}'" + +description_attach="Attaches to the session (interactive console) of the Minecraft server" +extra_started_commands="attach" + +command="/usr/bin/dtach" +command_background="true" +command_args="-N ${dtach_tmpfile} ${minecraft_command}" +command_group="minecraft" +command_user="minecraft" + +depend() { + use net +} + +start_pre() { + checkpath -d -o "${command_user}:${command_group}" -q "${minecraft_path}" "${minecraft_path_instance}" + + if [ ! -L "${minecraft_path_instance}/${minecraft_log4j}" ]; then + ln -s ../../../../usr/share/minecraft-server/"${minecraft_log4j}" "${minecraft_path_instance}" + fi + + checkpath -f -o "${command_user}:${command_group}" -q "${minecraft_path_instance}"/eula.txt + echo "eula=true" > "${minecraft_path_instance}"/eula.txt + + checkpath -d -o "${command_user}:${command_group}" -q "${minecraft_logs}" "${minecraft_logs_instance}" + + if [ ! -L "${minecraft_path_instance}"/logs ]; then + cd "${minecraft_path_instance}" && ln -s ../../../log/minecraft-server/"${instance}" logs + fi + + if [ -z "${MINECRAFT_OPTS}" ]; then + eerror "You must define 'MINECRAFT_OPTS' in '/etc/conf.d/${SVCNAME}'!" + return 1 + fi +} + +attach() { + pidnumber="$(cat ${pidfile})" + dtach_tmpfile="$(cat /proc/${pidnumber}/cmdline | tr '\0' ' ' | awk '{print $3}')" + + if [ -S "${dtach_tmpfile}" ]; then + eval "${command}" -a "${dtach_tmpfile}" "${DTACH_OPTS}" + else + eerror "The determined socket file for dtach could not be found!" + eerror "Did the process crash?" + fi +} diff --git a/games-server/minecraft-server/files/minecraft-server.service-r1 b/games-server/minecraft-server/files/minecraft-server.service-r1 new file mode 100644 index 000000000000..fac26368a043 --- /dev/null +++ b/games-server/minecraft-server/files/minecraft-server.service-r1 @@ -0,0 +1,17 @@ +[Unit] +Description=Minecraft Server (World: %I) +After=network.target + +[Service] +User=minecraft +Group=minecraft +WorkingDirectory=-/var/lib/minecraft-server/%I +PIDFile=/run/minecraft-server.%I.pid +ExecStartPre=!/bin/mkdir -p /var/lib/minecraft-server/%I +ExecStartPre=!/bin/chown -R minecraft:minecraft /var/lib/minecraft-server/%I +ExecStartPre=!/bin/ln -s /usr/share/minecraft-server/log4j2_112-116.xml /var/lib/minecraft-server/%I +ExecStartPre=/bin/sh -c 'echo "eula=true" > /var/lib/minecraft-server/%I/eula.txt' +ExecStart=/bin/sh -c '/usr/bin/dtach -N $(mktemp -u) /usr/bin/minecraft-server' + +[Install] +WantedBy=multi-user.target diff --git a/games-server/minecraft-server/minecraft-server-1.16.5-r1.ebuild b/games-server/minecraft-server/minecraft-server-1.16.5-r1.ebuild new file mode 100644 index 000000000000..d66a93f97015 --- /dev/null +++ b/games-server/minecraft-server/minecraft-server-1.16.5-r1.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +EGIT_COMMIT="1b557e7b033b583cd9f66746b7a9ab1ec1673ced" +README_GENTOO_SUFFIX="-r1" + +inherit readme.gentoo-r1 java-pkg-2 systemd + +DESCRIPTION="The official server for the sandbox video game" +HOMEPAGE="https://www.minecraft.net/" +SRC_URI="https://launcher.mojang.com/v1/objects/${EGIT_COMMIT}/server.jar -> ${P}.jar" +S="${WORKDIR}" + +LICENSE="Mojang" +SLOT="0" +KEYWORDS="amd64 ~arm64 x86" +RESTRICT="bindist mirror" + +RDEPEND=" + acct-group/minecraft + acct-user/minecraft + app-misc/dtach + || ( + >=virtual/jre-1.8 + >=virtual/jdk-1.8 + ) +" + +src_unpack() { + cp "${DISTDIR}/${A}" "${WORKDIR}" || die +} + +src_compile() { + :; +} + +src_install() { + java-pkg_newjar minecraft-server-${PV}.jar minecraft-server.jar + java-pkg_dolauncher minecraft-server --jar minecraft-server.jar --java_args "\${JAVA_OPTS} -Dlog4j.configurationFile=log4j2_112-116.xml" --pkg_args nogui + + insinto /usr/share/minecraft-server + doins "${FILESDIR}"/log4j2_112-116.xml + + newinitd "${FILESDIR}"/minecraft-server.initd-r6 minecraft-server + newconfd "${FILESDIR}"/minecraft-server.confd-r1 minecraft-server + systemd_newunit "${FILESDIR}"/minecraft-server.service-r1 minecraft-server@.service + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog +} |