On Sat, 10 May 2025 16:30:26 +0000
Lucas Gabriel Vuotto <lu...@sexy.is> wrote:
> Hello izzy,
>
> On Sat, May 10, 2025 at 09:53:20AM -0500, izzy Meyer wrote:
> > Hello ports@
> >
> > In a previous mail, I got x11/emwm-utils to work with
> > authenticate(3). In this diff, I set the SHUTDOWN_CMD, REBOOT_CMD,
> > and SUSPEND_CMD correctly, as well as enable unprivileged access to
> > these commands. I bumped REVISION as well. Hopefully the pkg-readme
> > is correctly phrased?
> >
> > Tested on amd64 and arm64.
> >
> > CC: Lucas Gabriel Vuotto
>
> ftr, I'm not an user of this software.
Oh, sorry. I wrongly assumed.
> > diff --git a/x11/emwm-utils/Makefile b/x11/emwm-utils/Makefile
> > index 0d8b6ba9f61..62e4397077a 100644
> > --- a/x11/emwm-utils/Makefile
> > +++ b/x11/emwm-utils/Makefile
> > @@ -3,6 +3,7 @@ COMMENT = session manager and a
> > toolchest-like application launcher V = 1.3
> > DISTNAME = emwm-utils-src-${V}
> > PKGNAME = emwm-utils-${V}
> > +REVISION = 0
> >
> > CATEGORIES = x11
> > HOMEPAGE = https://fastestcode.org/emwm.html
> > @@ -19,8 +20,13 @@ WANTLIB += X11 Xinerama Xm Xrandr Xss Xt c
> >
> > LIB_DEPENDS = x11/motif
> >
> > +MAKE_ENV = REBOOT_CMD="/sbin/shutdown -r now" \
> > + SHUTDOWN_CMD="/sbin/shutdown -p now" \
> > + SUSPEND_CMD="/usr/sbin/zzz"
> > +
> > MAKE_FLAGS = RCDIR=${PREFIX}/lib/X11 \
> > - CFLAGS="${CFLAGS} -I./Xm -I${X11BASE}/include
> > -I${LOCALBASE}/include"
> > + CFLAGS="${CFLAGS} -DUNPRIVILEGED_SHUTDOWN \
> > + -I./Xm -I${X11BASE}/include
> > -I${LOCALBASE}/include"
>
> I don't get how this works. MAKE_ENV works like running `env -i
> ${MAKE_ENV} ... ${MAKE} ...`; it adds variable to the environment in
> which make (in this case) is then executed. The way this software gets
> those *_CMD configured is by preprocessor definitions. You'd need to
> add -DREBOOT_CMD=... to CFLAGS for it to work.
>
> Nevertheless, src/smconf.h defines the right binaries for us if none
> were given as a preprocessor macro; I guess that's why this is
> working? I don't believe setting MAKE_ENV is necessary, nor defining
> your own *_CMD.
Well, this src/smconf.h file hardcodes `/sbin/reboot` when running the
gui reboot option. Overriding this at least enables reboot access. IIRC
the _shutdown group doesn't affect the `reboot` command, only
`_shutdown`. Unless something changed?
I suppose I could tack this into CFLAGS via a -DREBOOT_CMD option.
> > diff --git a/x11/emwm-utils/pkg/README b/x11/emwm-utils/pkg/README
> > new file mode 100644
> > index 00000000000..33648b63b53
> > --- /dev/null
> > +++ b/x11/emwm-utils/pkg/README
> > @@ -0,0 +1,11 @@
> > ++-------------------------------------------------------------------------------
> > +| Running ${PKGSTEM} on OpenBSD
> > ++-------------------------------------------------------------------------------
> > +
> > +This package is not installed with SUID root. You can ignore any
> > warnings about +Lacking SUID root.
> > +
> > +- To enable shutdown/reboot access, the user should be in the
> > _shutdown group.
>
> This is correct.
>
> > +- To enable suspend access, the user should be in the operator
> > group.
>
> This isn't. /usr/sbin/zzz is a hardlink to apm(8), which communicates
> with apmd(8). If apmd isn't running, apm (and hence zzz) won't work.
> apm(8) states
Good catch. Let me refactor a little and I'll send a new diff.
> FILES
> /var/run/apmdev The default UNIX-domain socket for
> communicating with apmd(8). The -f flag may be used to specify an
> alternate socket name. The protection modes on
> this socket govern which users may access the APM functions.
>
> In my machine(tm), that file is 660 root:wheel. Those permissions are
> set when apmd creates the socket.
>
> > +
> > +Use usermod(8) to add your user to these groups.
>
--
iz (she/her)
> i like to say mundane things,
> there are too many uninteresting things
> that go unnoticed.
izder456 (dot) neocities (dot) org
