From: Lucas Gabriel Vuotto Subject: Re: MAINTAINER FIX: x11/emwm-utils: Enable unpriv shutdown/reboot/suspend and add pkg-readme To: izzy Meyer Cc: ports@openbsd.org Date: Sat, 10 May 2025 16:30:26 +0000 Hello izzy, On Sat, May 10, 2025 at 09:53:20AM -0500, izzy Meyer wrote: > Hello ports@ > > In a previous mail, I got x11/emwm-utils to work with authenticate(3). > In this diff, I set the SHUTDOWN_CMD, REBOOT_CMD, and SUSPEND_CMD > correctly, as well as enable unprivileged access to these commands. I > bumped REVISION as well. Hopefully the pkg-readme is correctly phrased? > > Tested on amd64 and arm64. > > CC: Lucas Gabriel Vuotto ftr, I'm not an user of this software. > diff --git a/x11/emwm-utils/Makefile b/x11/emwm-utils/Makefile > index 0d8b6ba9f61..62e4397077a 100644 > --- a/x11/emwm-utils/Makefile > +++ b/x11/emwm-utils/Makefile > @@ -3,6 +3,7 @@ COMMENT = session manager and a toolchest-like application launcher > V = 1.3 > DISTNAME = emwm-utils-src-${V} > PKGNAME = emwm-utils-${V} > +REVISION = 0 > > CATEGORIES = x11 > HOMEPAGE = https://fastestcode.org/emwm.html > @@ -19,8 +20,13 @@ WANTLIB += X11 Xinerama Xm Xrandr Xss Xt c > > LIB_DEPENDS = x11/motif > > +MAKE_ENV = REBOOT_CMD="/sbin/shutdown -r now" \ > + SHUTDOWN_CMD="/sbin/shutdown -p now" \ > + SUSPEND_CMD="/usr/sbin/zzz" > + > MAKE_FLAGS = RCDIR=${PREFIX}/lib/X11 \ > - CFLAGS="${CFLAGS} -I./Xm -I${X11BASE}/include -I${LOCALBASE}/include" > + CFLAGS="${CFLAGS} -DUNPRIVILEGED_SHUTDOWN \ > + -I./Xm -I${X11BASE}/include -I${LOCALBASE}/include" I don't get how this works. MAKE_ENV works like running `env -i ${MAKE_ENV} ... ${MAKE} ...`; it adds variable to the environment in which make (in this case) is then executed. The way this software gets those *_CMD configured is by preprocessor definitions. You'd need to add -DREBOOT_CMD=... to CFLAGS for it to work. Nevertheless, src/smconf.h defines the right binaries for us if none were given as a preprocessor macro; I guess that's why this is working? I don't believe setting MAKE_ENV is necessary, nor defining your own *_CMD. Adding -DUNPRIVILEGED_SHUTDOWN seems correct. > FAKE_FLAGS = PREFIX=${WRKINST}${PREFIX} \ > APPLRESDIR=${WRKINST}${PREFIX}/lib/X11/app-defaults \ > diff --git a/x11/emwm-utils/pkg/PLIST b/x11/emwm-utils/pkg/PLIST > index 763b5a0e51f..36f96dc0494 100644 > --- a/x11/emwm-utils/pkg/PLIST > +++ b/x11/emwm-utils/pkg/PLIST > @@ -10,3 +10,4 @@ lib/X11/app-defaults/XmToolbox > lib/X11/toolboxrc > @man man/man1/xmsm.1 > @man man/man1/xmtoolbox.1 > +share/doc/pkg-readmes/${PKGSTEM} > diff --git a/x11/emwm-utils/pkg/README b/x11/emwm-utils/pkg/README > new file mode 100644 > index 00000000000..33648b63b53 > --- /dev/null > +++ b/x11/emwm-utils/pkg/README > @@ -0,0 +1,11 @@ > ++------------------------------------------------------------------------------- > +| Running ${PKGSTEM} on OpenBSD > ++------------------------------------------------------------------------------- > + > +This package is not installed with SUID root. You can ignore any warnings about > +Lacking SUID root. > + > +- To enable shutdown/reboot access, the user should be in the _shutdown group. This is correct. > +- To enable suspend access, the user should be in the operator group. This isn't. /usr/sbin/zzz is a hardlink to apm(8), which communicates with apmd(8). If apmd isn't running, apm (and hence zzz) won't work. apm(8) states FILES /var/run/apmdev The default UNIX-domain socket for communicating with apmd(8). The -f flag may be used to specify an alternate socket name. The protection modes on this socket govern which users may access the APM functions. In my machine(tm), that file is 660 root:wheel. Those permissions are set when apmd creates the socket. > + > +Use usermod(8) to add your user to these groups.