Mounting GMAs on a dedicated server that aren't added to the server's collection

Anyone have any idea how to do this without extracting the contents of the gma? There are some server providers that don’t allow gmas and instead forcibly extract the contents of the addons. That’s a problem because any addon that overwrites the default models don’t work properly. Example would be Prone Mod, which integrate into the m/f_anm.mdl file, and doesn’t take into effect resulting in problems with calculating hitgroup positions serverside.

i ran into the same problem some time ago and figured i could use the steam api ( specifically GetPublishedFileDetails ) which returns a direct download link for a given file to hotload & mount serverside using game.mountgma. i tried, but for whatever reason the direct download link is missing the .gma file headers that’s needed to make the file mount properly.

maybe you’ll have more luck with it than me.

if you do figure it out or have some luck, let me know because i would love to know this as well!

here’s the info returned for prone mod as an example

Unless they extract the addon files into the root folder, it should work fine.

Are you seriously suggesting that there are server providers who forcibly extract the cached .gmas downloaded from the collection you give the srcds?

particularly gmcservers does this, and manages to somehow spin this as a ‘feature’.[/T]

on another note, rubat do you know why the download links provided by the steam api are missing the proper gma headers? how would one go about getting the file directly with the headers? ( i was hoping to implement a replacement for serverside using this )

I do, but it is irrelevant because we will be pushing towards getting rid of addons that use the old workshop API.

The files that you download are LZMA compressed.

[editline]30th January 2017[/editline]

But that “perk” sounds like a load of shit, because the only reason .gmas are a thing is because they are faster to load.

I will for sure look into this. I’ve tried mountGMA before but not like this. Thank you for the info

[editline]30th January 2017[/editline]

Yep its a silly system, and GMC is the exact host I was thinking of. GMC is widely used and I have to accomodate the best I can.

For some reason dropping it in works perfectly fine for listen servers but core files can’t get overwritten in a dedicated one. Calling traces just yields a TPose coordinate if done server side

Will game.MountGMA ever be removed or can we maybe get rid of its deprecation status? I’d like to use it in my own mounting solution.

There are many perks (security wise and ease of use) to not relying on a system that is slow, sluggish and often fails to connect to valve properly to download said GMA files (in depth DDoS filters). I do appreciate the acknowledgement though :smile:

Slow, sluggish? How? Mounting .gma files is much faster than loading folder addons.

Security perks? There’s no difference in security in .gma vs extracted addons
Ease of use? If having to manually update & install addons is easier than adding an addon to a collection or subscribed list for it to be automatically downloaded and installed for you, then sure.

The way that your system connects to Workshop is slow and sluggish when used behind our in depth DDoS filtering system (according to my standards). It often hangs and is unresponsive. I can’t just have every port open like every other hosting provider since I host high risk clients who get attacked with anything and everything that there is. Regardless, I’m not debating that GMA files will “mount” faster and that they will get “priority” in loading. Those are the only benefits that I can see personally with the official server workshop system. I’m releasing a merged version of our custom workshop system (for collections) which should make up for the boot up time though (even though that wasn’t even a high priority or “issue”). As for the mounting priority issue, in the two and a half years where I have had this custom perk operating, I’ve only had one time where that became a issue of which you are seeing now.

The security feature is more for the top servers on GMod specifically where they won’t have to make their own “custom” workshop addons to avoid some malicious workshop “addon creator”. I’m sure that you are aware that Steam Workshop has no way to properly “vett” or “analyze” workshop addons for any sort of malicious intent. While people can contact you directly to report something, that often isn’t exactly the easiest or fastest solution.

The ease of use aspect speaks for itself. I would personally rather click one button and have a workshop addon or workshop collection download with a single click, avoid being automatically updated (with malicious intent) and also allow clients to download it as shown here:

I also remember the last time I left you to resolve a bug or issue with Garry’s Mod that was broken which was here (Stdin/Stdout broken for Linux). I believe that it is still unresolved since there is not enough demand for the issue being resolved ( which is understandable ). I’ve personally learned that fixing things myself is better than relying on official developers in the long run. I do certainly understand your point of view and where you’re coming from though.

Well if your network actively interferes with Steam to game server networking then I can see how it may be “slow, hang or unresponsive”.

You should try the new system in the Dev branch though, see if it makes any difference.

As for “priority”, the extracted addons should always have the precedence over .gma addons, that is by design.

As for your security concerns of addons being updated with malicious intent, there are very, VERY few cases of this.

In most cases, addons with malicious intent had said malicious code from day one of the upload, in which case not having automatic updates make no difference. Most backdoored addons are just reuploads of popular addons.

And even then, I see no reason why addons are forced to be extracted. You can download the .gma files however you want, and you can still load them properly by placing them either inside an addon or in the root folder.


They should load in this case just fine.

I don’t see your point on “analyzing” workshop addons, anyone can download and “analyze” any workshop item to their hearts content. It’s exactly the same as any non-workshop system. Workshop doesn’t make it easier or harder to detect or upload addons with malicious intent. People should just be more vigilant in what files they are downloading.

I have looked into this briefly, and in my testing, the same thing is happening in all srcds games ( I tested CS:S ). I couldn’t devise a solution as I am not very familiar with Linux.

The issue specifically with our setup is that if a client is hosting with us then they are most likely being attacked with ridiculously in depth source engine targeted DDoS attacks. In some cases, it even exploits the steam API directly which is independent of GMod as a whole. I have to do my best to make everything as it should be while making client’s lives as easy as possible.

I’ve also have had mostly positive reviews. It makes client’s lives a lot easier and allows them to install content in a matter of seconds instead of having to fiddle around with putting single workshop addons in a collection and restarting the server or extracting the content (to edit it) then reuploading it via FTP, etc. The only clients that have ever been concerned or had issues with our system are clients who either love the old system to death (for some reason) or require freedom to mount before everything else to replace animations (from my understanding, there are definitely more ways to resolve it however).

While indeed there are very, very few cases of people exploiting workshop (after it’s uploaded and deemed “safe”), more often than not, if a top server is using some addon then the person who uploaded the content has the potential to update the content which would be force updated to the server on a server reboot. That’s essentially the security flaw to where they could easily put some sort of script or SteamID check. Of course it’s best for the server owner to check everything beforehand, with the GMA system, they would have to extract it anyways to analyze the code. The less problems or issues my clients have, the less support they require at the end of the day.

The stdin/stdout wasn’t really all that important. It just broke how my panel based anti server crash system worked. TCP (RCon), even if local, is just far too slow. That’s a discussion for another time though.

I certainly don’t think that the official system is bad in any way, it just doesn’t fit my personal needs as many control panels and network providers in the past have not. From my understanding, the person who is currently experiencing issues is testing a new avenue of resolving this issue anyways. I do think that it should work out just fine for them.