[gentoo-commits] repo/gentoo:master commit in: games-server/minecraft-server/, games-server/minecraft-server/files/

Conrad Kostecki Sat, 11 Dec 2021 09:12:41 -0800

commit:     9efd7aaf26aae0f3983d42906b9daa9de366ca9a
Author:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 11 17:08:01 2021 +0000
Commit:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Dec 11 17:08:01 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9efd7aaf


games-server/minecraft-server: add workaround for log4j rce

Bug: https://bugs.gentoo.org/828936
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>

 .../minecraft-server/files/log4j2_112-116.xml      | 28 +++++++++
 .../files/minecraft-server.initd-r6                | 67 ++++++++++++++++++++++
 .../files/minecraft-server.service-r1              | 17 ++++++
 .../minecraft-server-1.16.5-r1.ebuild              | 55 ++++++++++++++++++
 4 files changed, 167 insertions(+)

diff --git a/games-server/minecraft-server/files/log4j2_112-116.xml 
b/games-server/minecraft-server/files/log4j2_112-116.xml
new file mode 100644
index 000000000000..569223572f64
--- /dev/null
+++ b/games-server/minecraft-server/files/log4j2_112-116.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="WARN">
+    <Appenders>
+        <Console name="SysOut" target="SYSTEM_OUT">
+            <PatternLayout pattern="[%d{HH:mm:ss}] [%t/%level]: 
%msg{nolookups}%n" />
+        </Console>
+        <Queue name="ServerGuiConsole">
+            <PatternLayout pattern="[%d{HH:mm:ss} %level]: %msg{nolookups}%n" 
/>
+        </Queue>
+        <RollingRandomAccessFile name="File" fileName="logs/latest.log" 
filePattern="logs/%d{yyyy-MM-dd}-%i.log.gz">
+            <PatternLayout pattern="[%d{HH:mm:ss}] [%t/%level]: 
%msg{nolookups}%n" />
+            <Policies>
+                <TimeBasedTriggeringPolicy />
+                <OnStartupTriggeringPolicy />
+            </Policies>
+        </RollingRandomAccessFile>
+    </Appenders>
+    <Loggers>
+        <Root level="info">
+            <filters>
+                <MarkerFilter marker="NETWORK_PACKETS" onMatch="DENY" 
onMismatch="NEUTRAL" />
+            </filters>
+            <AppenderRef ref="SysOut"/>
+            <AppenderRef ref="File"/>
+            <AppenderRef ref="ServerGuiConsole"/>
+        </Root>
+    </Loggers>
+</Configuration>

diff --git a/games-server/minecraft-server/files/minecraft-server.initd-r6 
b/games-server/minecraft-server/files/minecraft-server.initd-r6
new file mode 100644
index 000000000000..dc4ecc84a997
--- /dev/null
+++ b/games-server/minecraft-server/files/minecraft-server.initd-r6
@@ -0,0 +1,67 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+if [ "${SVCNAME}" = "minecraft-server" ]; then
+       instance="main"
+else
+       instance="${SVCNAME#minecraft-server.}"
+fi
+
+dtach_tmpfile="$(mktemp -u)"
+minecraft_command="/usr/bin/minecraft-server"
+minecraft_log4j="log4j2_112-116.xml"
+minecraft_logs="/var/log/minecraft-server"
+minecraft_logs_instance="${minecraft_logs}/${instance}"
+minecraft_path="/var/lib/minecraft-server"
+minecraft_path_instance="${minecraft_path}/${instance}"
+name="Minecraft Server (World: ${instance})"
+pidfile="/run/minecraft-server.${instance}.pid"
+start_stop_daemon_args="--chdir ${minecraft_path_instance} --env 
JAVA_OPTS='${MINECRAFT_OPTS}'"
+
+description_attach="Attaches to the session (interactive console) of the 
Minecraft server"
+extra_started_commands="attach"
+
+command="/usr/bin/dtach"
+command_background="true"
+command_args="-N ${dtach_tmpfile} ${minecraft_command}"
+command_group="minecraft"
+command_user="minecraft"
+
+depend() {
+       use net
+}
+
+start_pre() {
+       checkpath -d -o "${command_user}:${command_group}" -q 
"${minecraft_path}" "${minecraft_path_instance}"
+
+       if [ ! -L "${minecraft_path_instance}/${minecraft_log4j}" ]; then
+               ln -s 
../../../../usr/share/minecraft-server/"${minecraft_log4j}" 
"${minecraft_path_instance}"
+       fi
+
+       checkpath -f -o "${command_user}:${command_group}" -q 
"${minecraft_path_instance}"/eula.txt
+       echo "eula=true" > "${minecraft_path_instance}"/eula.txt
+
+       checkpath -d -o "${command_user}:${command_group}" -q 
"${minecraft_logs}" "${minecraft_logs_instance}"
+
+       if [ ! -L "${minecraft_path_instance}"/logs ]; then
+               cd "${minecraft_path_instance}" && ln -s 
../../../log/minecraft-server/"${instance}" logs
+       fi
+
+       if [ -z "${MINECRAFT_OPTS}" ]; then
+               eerror "You must define 'MINECRAFT_OPTS' in 
'/etc/conf.d/${SVCNAME}'!"
+               return 1
+       fi
+}
+
+attach() {
+       pidnumber="$(cat ${pidfile})"
+       dtach_tmpfile="$(cat /proc/${pidnumber}/cmdline | tr '\0' ' ' | awk 
'{print $3}')"
+
+       if [ -S "${dtach_tmpfile}" ]; then
+               eval "${command}" -a "${dtach_tmpfile}" "${DTACH_OPTS}"
+       else
+               eerror "The determined socket file for dtach could not be 
found!"
+               eerror "Did the process crash?"
+       fi
+}

diff --git a/games-server/minecraft-server/files/minecraft-server.service-r1 
b/games-server/minecraft-server/files/minecraft-server.service-r1
new file mode 100644
index 000000000000..fac26368a043
--- /dev/null
+++ b/games-server/minecraft-server/files/minecraft-server.service-r1
@@ -0,0 +1,17 @@
+[Unit]
+Description=Minecraft Server (World: %I)
+After=network.target
+
+[Service]
+User=minecraft
+Group=minecraft
+WorkingDirectory=-/var/lib/minecraft-server/%I
+PIDFile=/run/minecraft-server.%I.pid
+ExecStartPre=!/bin/mkdir -p /var/lib/minecraft-server/%I
+ExecStartPre=!/bin/chown -R minecraft:minecraft /var/lib/minecraft-server/%I
+ExecStartPre=!/bin/ln -s /usr/share/minecraft-server/log4j2_112-116.xml 
/var/lib/minecraft-server/%I
+ExecStartPre=/bin/sh -c 'echo "eula=true" > 
/var/lib/minecraft-server/%I/eula.txt'
+ExecStart=/bin/sh -c '/usr/bin/dtach -N $(mktemp -u) /usr/bin/minecraft-server'
+
+[Install]
+WantedBy=multi-user.target

diff --git a/games-server/minecraft-server/minecraft-server-1.16.5-r1.ebuild 
b/games-server/minecraft-server/minecraft-server-1.16.5-r1.ebuild
new file mode 100644
index 000000000000..d66a93f97015
--- /dev/null
+++ b/games-server/minecraft-server/minecraft-server-1.16.5-r1.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+EGIT_COMMIT="1b557e7b033b583cd9f66746b7a9ab1ec1673ced"
+README_GENTOO_SUFFIX="-r1"
+
+inherit readme.gentoo-r1 java-pkg-2 systemd
+
+DESCRIPTION="The official server for the sandbox video game"
+HOMEPAGE="https://www.minecraft.net/";
+SRC_URI="https://launcher.mojang.com/v1/objects/${EGIT_COMMIT}/server.jar -> 
${P}.jar"
+S="${WORKDIR}"
+
+LICENSE="Mojang"
+SLOT="0"
+KEYWORDS="amd64 ~arm64 x86"
+RESTRICT="bindist mirror"
+
+RDEPEND="
+       acct-group/minecraft
+       acct-user/minecraft
+       app-misc/dtach
+       || (
+               >=virtual/jre-1.8
+               >=virtual/jdk-1.8
+       )
+"
+
+src_unpack() {
+       cp "${DISTDIR}/${A}" "${WORKDIR}" || die
+}
+
+src_compile() {
+       :;
+}
+
+src_install() {
+       java-pkg_newjar minecraft-server-${PV}.jar minecraft-server.jar
+       java-pkg_dolauncher minecraft-server --jar minecraft-server.jar 
--java_args "\${JAVA_OPTS} -Dlog4j.configurationFile=log4j2_112-116.xml" 
--pkg_args nogui
+
+       insinto /usr/share/minecraft-server
+       doins "${FILESDIR}"/log4j2_112-116.xml
+
+       newinitd "${FILESDIR}"/minecraft-server.initd-r6 minecraft-server
+       newconfd "${FILESDIR}"/minecraft-server.confd-r1 minecraft-server
+       systemd_newunit "${FILESDIR}"/minecraft-server.service-r1 
[email protected]
+
+       readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+       readme.gentoo_print_elog
+}

[gentoo-commits] repo/gentoo:master commit in: games-server/minecraft-server/, games-server/minecraft-server/files/

Reply via email to