On Tue, 13 May 2025 13:51:33 +0100
Stuart Henderson <stu@spacehopper.org> wrote:

> On 2025/05/13 07:11, izzy Meyer wrote:
> > On Sat, 10 May 2025 19:04:11 +0000
> > Lucas Gabriel Vuotto <lucas@sexy.is> wrote:
> > 
> > > On Sat, May 10, 2025 at 12:53:44PM -0500, izzy Meyer wrote:
> > > > Ended up just patching the file for simplicity.
> > > 
> > > I tend to avoid patching as much as possible, but to each one
> > > their own. You're the maintainer anyways.
> > 
> > This might make maintaining easier, but I couldn't get the -D flag
> > in CFLAGS to apply correctly when setting REBOOT_CMD to
> > "/sbin/shutdown -r now" in CFLAGS with -D. I must be missing
> > something here:
> 
> You can do it with
> 
> MAKE_FLAGS =	CFLAGS="${CFLAGS} -I./Xm -I${X11BASE}/include
> -I${LOCALBASE}/include -D'REBOOT_CMD=\"/sbin/shutdown -r now\"'"

Thanks! 

> but that's harder for maintenance because you don't get notified by
> patch(1) if upstream changes that variable in their Makefile, which
> you may need to adapt to.
> 
> The version with the patch is imho saner.

This is what I was thinking initially when doing it via a patch. I'll
attach a new diff with this added back.

> > > This package is not installed with SUID root; warnings about
> > > lacking SUID root can be ignored.
> 
> I don't particularly want to mess with my X setup to test it now, but
> if that warning does still get displayed but is irrelevant after the
> changes to the port, I would patch away the warning, rather than
> adding to the pkg-readme telling people to ignore it.

Good catch. Duh, why didn't I think of this! xD

> : - To enable shutdown and reboot, the user should be in _shutdown
> : group.
> : - To enable suspend, the user needs to be able to run zzz(8).
> : 
> : Use usermod(8) to add the user to _shutdown group.
> 
> Might as well give an example for usermod:
> 
> 	# usermod -G _shutdown <username>
> 
> : Enable apmd(8) and check zzz(8) for details about the required
> permissions.
> 
> Neither apmd(8) nor zzz(8) are really up-front about permissions.
> 
> zzz: "The protection modes on this socket govern which users may
> access the APM functions"
> 
> apmd: "The socket is protected to mode 0660, UID 0, GID 0; this
> protects access to suspend requests to authorized users only."
> 
> The experienced admin would realise what GID 0 is, but for user-level
> docs it would be clearer to mention in the pkg-readme that the user
> must be in group "wheel" for this to work -- however 'wheel' is a
> significant escalation if the only reason is to permit sleep.

Fair point. This is a large escalation for a seemingly simple
operation. 

Does this read better?

+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------

To enable shutdown and reboot, the user should be in _shutdown group.
To enable suspend, the user needs to be able to run zzz(8).

Use usermod(8) to add the user to _shutdown group:

        # usermod -G _shutdown <username>

The user must be in group "wheel", and apmd(8) must be running 
to be able to run zzz(8):

        # rcctl enable apmd
        # rcctl start apmd
        # usermod -G wheel <username>

(It is also in the diff)

[snip]

Thanks,

-- 
iz (she/her)

> i like to say mundane things,
> there are too many uninteresting things
> that go unnoticed.

izder456 (dot) neocities (dot) org
diff --git a/x11/emwm-utils/Makefile b/x11/emwm-utils/Makefile
index 0d8b6ba9f61..6a5e5822b36 100644
--- a/x11/emwm-utils/Makefile
+++ b/x11/emwm-utils/Makefile
@@ -3,6 +3,7 @@ COMMENT =	session manager and a toolchest-like application launcher
 V =		1.3
 DISTNAME =	emwm-utils-src-${V}
 PKGNAME =	emwm-utils-${V}
+REVISION =	0
 
 CATEGORIES =	x11
 HOMEPAGE =	https://fastestcode.org/emwm.html
@@ -20,7 +21,8 @@ WANTLIB += X11 Xinerama Xm Xrandr Xss Xt c
 LIB_DEPENDS =	x11/motif
 
 MAKE_FLAGS =	RCDIR=${PREFIX}/lib/X11 \
-		CFLAGS="${CFLAGS} -I./Xm -I${X11BASE}/include -I${LOCALBASE}/include"
+		CFLAGS="${CFLAGS} -DUNPRIVILEGED_SHUTDOWN \
+			-I./Xm -I${X11BASE}/include -I${LOCALBASE}/include"
 
 FAKE_FLAGS =	PREFIX=${WRKINST}${PREFIX} \
 		APPLRESDIR=${WRKINST}${PREFIX}/lib/X11/app-defaults \
diff --git a/x11/emwm-utils/patches/patch-src_smconf_h b/x11/emwm-utils/patches/patch-src_smconf_h
new file mode 100644
index 00000000000..fdb4703c05e
--- /dev/null
+++ b/x11/emwm-utils/patches/patch-src_smconf_h
@@ -0,0 +1,12 @@
+Index: src/smconf.h
+--- src/smconf.h.orig
++++ src/smconf.h
+@@ -33,7 +33,7 @@
+ #endif /* SHUTDOWN_CMD */
+ 
+ #ifndef REBOOT_CMD
+-#define REBOOT_CMD      "/sbin/reboot"
++#define REBOOT_CMD      "/sbin/shutdown -r now"
+ #endif
+ 
+ #ifndef SUSPEND_CMD
diff --git a/x11/emwm-utils/patches/patch-src_smmain_c b/x11/emwm-utils/patches/patch-src_smmain_c
index 93b4326b219..cf6ad7122bf 100644
--- a/x11/emwm-utils/patches/patch-src_smmain_c
+++ b/x11/emwm-utils/patches/patch-src_smmain_c
@@ -61,3 +61,21 @@ Index: src/smmain.c
  
  	memset(pwb,0,strlen(pwb));
  	XmTextFieldSetString(wpasswd,"");
+@@ -988,7 +1009,8 @@ static Boolean set_privileges(Boolean elevate)
+ 	if(!initialized){
+ 		orig_uid = geteuid();
+ 		orig_gid = getegid();
+-
++		/* BSD-auth handles authentication, no SUID needed.  */
++#ifndef __OpenBSD__
+ 		if(orig_uid != 0){
+ 			log_msg("%s must be setuid root to enable "
+ 				"screen locking capabilities.\n",bin_name);
+@@ -996,6 +1018,7 @@ static Boolean set_privileges(Boolean elevate)
+ 			can_elevate = False;
+ 			return False;
+ 		}
++#endif /* __OpenBSD__ */
+ 		initialized = True;
+ 		can_elevate = True;
+ 	}
diff --git a/x11/emwm-utils/pkg/PLIST b/x11/emwm-utils/pkg/PLIST
index 763b5a0e51f..36f96dc0494 100644
--- a/x11/emwm-utils/pkg/PLIST
+++ b/x11/emwm-utils/pkg/PLIST
@@ -10,3 +10,4 @@ lib/X11/app-defaults/XmToolbox
 lib/X11/toolboxrc
 @man man/man1/xmsm.1
 @man man/man1/xmtoolbox.1
+share/doc/pkg-readmes/${PKGSTEM}
diff --git a/x11/emwm-utils/pkg/README b/x11/emwm-utils/pkg/README
new file mode 100644
index 00000000000..df0883e0a92
--- /dev/null
+++ b/x11/emwm-utils/pkg/README
@@ -0,0 +1,18 @@
++-------------------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
++-------------------------------------------------------------------------------
+
+To enable shutdown and reboot, the user should be in _shutdown group.
+To enable suspend, the user needs to be able to run zzz(8).
+
+Use usermod(8) to add the user to _shutdown group:
+
+	# usermod -G _shutdown <username>
+
+The user must be in group "wheel", and apmd(8) must be running 
+to be able to run zzz(8):
+
+	# rcctl enable apmd
+	# rcctl start apmd
+	# usermod -G wheel <username>
+  
\ No newline at end of file

• emwm-utils-hotfix.diff (3K)