sci-misc/boinc: fix dep, openrc: ALLOW_REMOTE_RPC=no, GROUP=(id -gn $USER)

Replace the deprecated virtual/jpeg with media-libs/libjpeg-turbo.

Use 'boinc' user's primary group per default. This syncs the behavior of
the openrc-run script with the systemd service file. We can now also
drop acct-group/boinc, since nothing in sci-misc/boinc depends on it.

Also set ALLOW_REMOTE_RPC=no, instead of yes, if absent. Allowing remote
RPCs, if not explicitly enabled by the user, that is, per default, is
not sensible from a security perspective.
Note that the shipped boinc.conf already sets ALLOW_REMOTE_RPC=no.

Signed-off-by: Florian Schmaus <flow@gentoo.org>

4 files changed, 8 insertions, 8 deletions

diff --git a/sci-misc/boinc/boinc-7.18.1.ebuild b/sci-misc/boinc/boinc-7.18.1-r1.ebuild
index 2d86dc42372a..3395522f0874 100644
--- a/sci-misc/boinc/boinc-7.18.1.ebuild
+++ b/sci-misc/boinc/boinc-7.18.1-r1.ebuild
@@ -30,7 +30,6 @@ REQUIRED_USE="^^ ( curl_ssl_gnutls curl_ssl_openssl ) "
 # libcurl must not be using an ssl backend boinc does not support.
 # If the libcurl ssl backend changes, boinc should be recompiled.
 DEPEND="
-	acct-group/boinc
 	acct-user/boinc
 	>=app-misc/ca-certificates-20080809
 	cuda? (
@@ -43,6 +42,7 @@ DEPEND="
 	X? (
 		dev-db/sqlite:3
 		media-libs/freeglut
+		media-libs/libjpeg-turbo:=
 		x11-libs/gtk+:3
 		x11-libs/libICE
 		>=x11-libs/libnotify-0.7
@@ -50,7 +50,6 @@ DEPEND="
 		x11-libs/libXi
 		x11-libs/libXmu
 		x11-libs/wxGTK:${WX_GTK_VER}[X,opengl,webkit]
-		virtual/jpeg
 	)
 "
 BDEPEND="app-text/docbook-xml-dtd:4.4
diff --git a/sci-misc/boinc/boinc-9999.ebuild b/sci-misc/boinc/boinc-9999.ebuild
index 21a46ecfa659..78012a2d9c57 100644
--- a/sci-misc/boinc/boinc-9999.ebuild
+++ b/sci-misc/boinc/boinc-9999.ebuild
@@ -32,7 +32,6 @@ REQUIRED_USE="^^ ( curl_ssl_gnutls curl_ssl_openssl ) "
 # libcurl must not be using an ssl backend boinc does not support.
 # If the libcurl ssl backend changes, boinc should be recompiled.
 DEPEND="
-	acct-group/boinc
 	acct-user/boinc
 	>=app-misc/ca-certificates-20080809
 	cuda? (
@@ -45,6 +44,7 @@ DEPEND="
 	X? (
 		dev-db/sqlite:3
 		media-libs/freeglut
+		media-libs/libjpeg-turbo:=
 		x11-libs/gtk+:3
 		x11-libs/libICE
 		>=x11-libs/libnotify-0.7
@@ -52,7 +52,6 @@ DEPEND="
 		x11-libs/libXi
 		x11-libs/libXmu
 		x11-libs/wxGTK:${WX_GTK_VER}[X,opengl,webkit]
-		virtual/jpeg
 	)
 "
 BDEPEND="app-text/docbook-xml-dtd:4.4
diff --git a/sci-misc/boinc/files/boinc.conf b/sci-misc/boinc/files/boinc.conf
index 22fcca0d3001..856be30a2402 100644
--- a/sci-misc/boinc/files/boinc.conf
+++ b/sci-misc/boinc/files/boinc.conf
@@ -2,7 +2,9 @@
 
 # Owner of BOINC process (must be existing)
 USER="boinc"
-GROUP="boinc"
+# Group of the BOINC process. Defaults to the user's primary group if
+# not set.
+#GROUP="boinc"
 
 # Directory with runtime data: Work units, project binaries, user info etc.
 RUNTIMEDIR="/var/lib/boinc"
diff --git a/sci-misc/boinc/files/boinc.init.in b/sci-misc/boinc/files/boinc.init.in
index 763b69694444..9ac9b11a930d 100644
--- a/sci-misc/boinc/files/boinc.init.in
+++ b/sci-misc/boinc/files/boinc.init.in
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 extra_started_commands="attach resume suspend"
@@ -91,12 +91,12 @@ opencl_check() {
 env_check() {
 	# Make sure the configuration is sane
 	: ${USER:="boinc"}
-	: ${GROUP:="boinc"}
+	: ${GROUP:="$(id -ng ${USER})"}
 	: ${RUNTIMEDIR:="/var/lib/boinc"}
 	: ${BOINCBIN:="$(which boinc_client)"}
 	: ${BOINC_PIDFILE:="/var/run/boinc_client.pid"}
 	: ${BOINCCMD:="$(which /usr/bin/boinccmd)"}
-	: ${ALLOW_REMOTE_RPC:="yes"}
+	: ${ALLOW_REMOTE_RPC:="no"}
 	: ${NICELEVEL:="19"}
 	# ARGS is not checked, it could have been explicitly set
 	# to be empty by the user.