Download raw body.
Unprivileged font cache: src
Anthony J. Bentley writes:
> Stuart Henderson writes:
> > On 2025/07/01 01:40, Anthony J. Bentley wrote:
> > > + # Transition users to unprivileged font cache
> > > + if [[ $MODE == upgrade ]]; then
> > > + chown _fc-cache:_fc-cache /mnt/var/cache/fontconfig/*
> > > + fi
> >
> > Is there a reason not to chown -R on the dir instead? It would avoid the
> > risk of overflowing the shell command line if there are too many files
> > when expanding /mnt/var/cache/fontconfig/* (mostly 72 chars per file).
>
> That seems worth caring about. I did it this way to make sure the
> directory permissions were properly set during build without the
> installer hack in place. But now that that's been tested I think your
> way is better.
>
> Rest of diff unchanged.
New changes:
- Removed $MODE == upgrade conditional, and added "remove in 7.9"
to the comment.
- Added an additional chown in sysmerge, after users are added.
diff a90b31a2b49988afcb756bd8861bba28810568ee 564e4146109869d2954335d0b17667e97829c44f
commit - a90b31a2b49988afcb756bd8861bba28810568ee
commit + 564e4146109869d2954335d0b17667e97829c44f
blob - a8a631901db38a5a905b1d21d29c85f4beb36b76
blob + 9625861cfc5428a7672a8832919bbee29b10597a
--- distrib/miniroot/install.sub
+++ distrib/miniroot/install.sub
@@ -1807,6 +1807,10 @@ install_files() {
rm -rf /mnt/var/syspatch/*
fi
+ # Transition font cache ownership from root to its dedicated user.
+ # XXX Remove after 7.9 release.
+ chown -R _fc-cache:_fc-cache /mnt/var/cache/fontconfig
+
# Install the set files.
for _f in $_get_sets; do
reset_watchdog
blob - 63a9597ba59d3de4195c35b2dfefe5ba97240d26
blob + 5dcc15870535141061390efc0a194bb5e438e5b4
--- etc/mtree/BSD.x11.dist
+++ etc/mtree/BSD.x11.dist
@@ -412,7 +412,7 @@
..
var
cache
- fontconfig
+ fontconfig uname=_fc-cache gname=_fc-cache
..
..
db
blob - e0110c0bb560b99241d53fd0bf83189332928b30
blob + d1acfcc50fb4ce79bdf4da1ace05b6414f65f499
--- usr.sbin/pkg_add/OpenBSD/PackingElement.pm
+++ usr.sbin/pkg_add/OpenBSD/PackingElement.pm
@@ -1671,10 +1671,20 @@ sub _restore_fontdir($state, $dirname)
}
}
-sub _run_if_exists($state, $cmd, @l)
+sub _run_if_exists($state, $user, $cmd, @l)
{
+ unshift(@l, $cmd);
if (-x $cmd) {
- $state->vsystem($cmd, @l);
+ if (defined $user) {
+ my (undef, undef, $uid, $gid) = getpwnam($user);
+ if (!defined $uid) {
+ $state->log->fatal(
+ $state->f("Couldn't change identity: no #1 user",
+ $user));
+ }
+ unshift(@l, sub() { $state->change_user($uid, $gid); });
+ }
+ $state->vsystem(@l);
} else {
$state->errsay("#1 not found", $cmd);
}
@@ -1692,11 +1702,14 @@ sub finish($class, $state)
require OpenBSD::Error;
map { _update_fontalias($state, $_) } @l;
- _run_if_exists($state, OpenBSD::Paths->mkfontscale, '--', @l);
- _run_if_exists($state, OpenBSD::Paths->mkfontdir, '--', @l);
+ _run_if_exists($state, undef,
+ OpenBSD::Paths->mkfontscale, '--', @l);
+ _run_if_exists($state, undef,
+ OpenBSD::Paths->mkfontdir, '--', @l);
map { _restore_fontdir($state, $_) } @l;
- _run_if_exists($state, OpenBSD::Paths->fc_cache, '--', @l);
+ _run_if_exists($state, '_fc-cache',
+ OpenBSD::Paths->fc_cache, '--', @l);
$state->say("ok") if $state->verbose < 2;
}
}
blob - 79286eb9c5f7359b60f9ea0a061a8c40198029fe
blob + e8c87f96a7eb559e05f9ed593cf9a1a813aacad3
--- usr.sbin/sysmerge/sysmerge.sh
+++ usr.sbin/sysmerge/sysmerge.sh
@@ -184,6 +184,10 @@ sm_run() {
sm_add_user_grp
sm_cp_pkg_samples
+ # Ensure the font cache is not owned by root.
+ # XXX Remove after 7.9 release.
+ chown -R _fc-cache:_fc-cache /var/cache/fontconfig
+
for _i in etcsum xetcsum pkgsum; do
if [[ -f /var/sysmerge/${_i} && \
-f ./var/sysmerge/${_i} ]] && \
Unprivileged font cache: src