On 2025/05/13 07:11, izzy Meyer wrote:
> On Sat, 10 May 2025 19:04:11 +0000
> Lucas Gabriel Vuotto <lucas@sexy.is> wrote:
> 
> > On Sat, May 10, 2025 at 12:53:44PM -0500, izzy Meyer wrote:
> > > Ended up just patching the file for simplicity.
> > 
> > I tend to avoid patching as much as possible, but to each one their
> > own. You're the maintainer anyways.
> 
> This might make maintaining easier, but I couldn't get the -D flag in
> CFLAGS to apply correctly when setting REBOOT_CMD to "/sbin/shutdown -r
> now" in CFLAGS with -D. I must be missing something here:

You can do it with

MAKE_FLAGS =	CFLAGS="${CFLAGS} -I./Xm -I${X11BASE}/include -I${LOCALBASE}/include -D'REBOOT_CMD=\"/sbin/shutdown -r now\"'"

but that's harder for maintenance because you don't get notified by
patch(1) if upstream changes that variable in their Makefile, which
you may need to adapt to.

The version with the patch is imho saner.

> > This package is not installed with SUID root; warnings about lacking
> > SUID root can be ignored.

I don't particularly want to mess with my X setup to test it now, but
if that warning does still get displayed but is irrelevant after the
changes to the port, I would patch away the warning, rather than
adding to the pkg-readme telling people to ignore it.

: - To enable shutdown and reboot, the user should be in _shutdown
: group.
: - To enable suspend, the user needs to be able to run zzz(8).
: 
: Use usermod(8) to add the user to _shutdown group.

Might as well give an example for usermod:

	# usermod -G _shutdown <username>

: Enable apmd(8) and check zzz(8) for details about the required permissions.

Neither apmd(8) nor zzz(8) are really up-front about permissions.

zzz: "The protection modes on this socket govern which users may
access the APM functions"

apmd: "The socket is protected to mode 0660, UID 0, GID 0; this protects
access to suspend requests to authorized users only."

The experienced admin would realise what GID 0 is, but for user-level
docs it would be clearer to mention in the pkg-readme that the user
must be in group "wheel" for this to work -- however 'wheel' is a
significant escalation if the only reason is to permit sleep.

I wonder if it might actually be more sensible to have apmd use
group _shutdown for its socket as well (and have the installer add
${ADMIN} to _shutdown like it does for wheel), but that's a change
for base rather than something that can be dealt with in this port.