On Sat, 10 May 2025 16:30:26 +0000
Lucas Gabriel Vuotto <lucas@sexy.is> wrote:

> Hello izzy,
> 
> On Sat, May 10, 2025 at 09:53:20AM -0500, izzy Meyer wrote:
> > Hello ports@
> > 
> > In a previous mail, I got x11/emwm-utils to work with
> > authenticate(3). In this diff, I set the SHUTDOWN_CMD, REBOOT_CMD,
> > and SUSPEND_CMD correctly, as well as enable unprivileged access to
> > these commands. I bumped REVISION as well. Hopefully the pkg-readme
> > is correctly phrased?
> > 
> > Tested on amd64 and arm64. 
> > 
> > CC: Lucas Gabriel Vuotto
> 
> ftr, I'm not an user of this software.

Oh, sorry. I wrongly assumed.
 
> > diff --git a/x11/emwm-utils/Makefile b/x11/emwm-utils/Makefile
> > index 0d8b6ba9f61..62e4397077a 100644
> > --- a/x11/emwm-utils/Makefile
> > +++ b/x11/emwm-utils/Makefile
> > @@ -3,6 +3,7 @@ COMMENT =	session manager and a
> > toolchest-like application launcher V =		1.3
> >  DISTNAME =	emwm-utils-src-${V}
> >  PKGNAME =	emwm-utils-${V}
> > +REVISION =	0
> >  
> >  CATEGORIES =	x11
> >  HOMEPAGE =	https://fastestcode.org/emwm.html
> > @@ -19,8 +20,13 @@ WANTLIB += X11 Xinerama Xm Xrandr Xss Xt c
> >  
> >  LIB_DEPENDS =	x11/motif
> >  
> > +MAKE_ENV =	REBOOT_CMD="/sbin/shutdown -r now" \
> > +		SHUTDOWN_CMD="/sbin/shutdown -p now" \
> > +		SUSPEND_CMD="/usr/sbin/zzz"
> > +
> >  MAKE_FLAGS =	RCDIR=${PREFIX}/lib/X11 \
> > -		CFLAGS="${CFLAGS} -I./Xm -I${X11BASE}/include
> > -I${LOCALBASE}/include"
> > +		CFLAGS="${CFLAGS} -DUNPRIVILEGED_SHUTDOWN \
> > +			-I./Xm -I${X11BASE}/include
> > -I${LOCALBASE}/include"
> 
> I don't get how this works. MAKE_ENV works like running `env -i
> ${MAKE_ENV} ... ${MAKE} ...`; it adds variable to the environment in
> which make (in this case) is then executed. The way this software gets
> those *_CMD configured is by preprocessor definitions. You'd need to
> add -DREBOOT_CMD=... to CFLAGS for it to work.
> 
> Nevertheless, src/smconf.h defines the right binaries for us if none
> were given as a preprocessor macro; I guess that's why this is
> working? I don't believe setting MAKE_ENV is necessary, nor defining
> your own *_CMD.


Well, this src/smconf.h file hardcodes `/sbin/reboot` when running the
gui reboot option. Overriding this at least enables reboot access. IIRC
the _shutdown group doesn't affect the `reboot` command, only
`_shutdown`. Unless something changed?

I suppose I could tack this into CFLAGS via a -DREBOOT_CMD option.

> > diff --git a/x11/emwm-utils/pkg/README b/x11/emwm-utils/pkg/README
> > new file mode 100644
> > index 00000000000..33648b63b53
> > --- /dev/null
> > +++ b/x11/emwm-utils/pkg/README
> > @@ -0,0 +1,11 @@
> > ++-------------------------------------------------------------------------------
> > +| Running ${PKGSTEM} on OpenBSD
> > ++-------------------------------------------------------------------------------
> > +
> > +This package is not installed with SUID root. You can ignore any
> > warnings about +Lacking SUID root.
> > +
> > +- To enable shutdown/reboot access, the user should be in the
> > _shutdown group.
> 
> This is correct.
> 
> > +- To enable suspend access, the user should be in the operator
> > group.
> 
> This isn't. /usr/sbin/zzz is a hardlink to apm(8), which communicates
> with apmd(8). If apmd isn't running, apm (and hence zzz) won't work.
> apm(8) states

Good catch. Let me refactor a little and I'll send a new diff.

> FILES
>      /var/run/apmdev  The default UNIX-domain socket for
> communicating with apmd(8).  The -f flag may be used to specify an
>                       alternate socket name.  The protection modes on
> this socket govern which users may access the APM functions.
> 
> In my machine(tm), that file is 660 root:wheel. Those permissions are
> set when apmd creates the socket.
> 
> > +
> > +Use usermod(8) to add your user to these groups.
> 

-- 
iz (she/her)

> i like to say mundane things,
> there are too many uninteresting things
> that go unnoticed.

izder456 (dot) neocities (dot) org