From: "Anthony J. Bentley" Subject: Unprivileged font cache: src To: tech@openbsd.org Date: Tue, 01 Jul 2025 01:40:57 -0600 Transitioning /var/cache/fontconfig to non-root ownership requires a few separate changes to both base and xenocara, all of which will need to be committed at the same time. Here are the src parts. deraadt@ recommended manual chown in the installer; I assume it will remain there for two releases. The pkg_add bits are from espie (thanks). I've tested the following cases: - Build a full base+xenocara release with the diffs. Then on a -current snapshot, pkg_add a couple of fonts. (At this point, /var/cache/fontconfig and contents are entirely root-owned.) Run sysupgrade(8) and install the newly built sets. - On a -current snapshot, pkg_add a couple of fonts. Then upgrade base and xenocara from source. In both upgraded systems, new fonts can be pkg_added and existing ones can be pkg_deleted and re-added, all with no errors, and owned by the new _fc-cache user. So unless there's something I've overlooked, the transition is seamless. ok? diff 1c3bdad1df8382eba1e67c36909c80caca3bea19 73d753b54132ced1afa7899006f91af812bbc4f0 commit - 1c3bdad1df8382eba1e67c36909c80caca3bea19 commit + 73d753b54132ced1afa7899006f91af812bbc4f0 blob - a8a631901db38a5a905b1d21d29c85f4beb36b76 blob + 7a9e4315694cb1bc9ede95da20ddd922db2e220c --- distrib/miniroot/install.sub +++ distrib/miniroot/install.sub @@ -1807,6 +1807,11 @@ install_files() { rm -rf /mnt/var/syspatch/* fi + # Transition users to unprivileged font cache + if [[ $MODE == upgrade ]]; then + chown _fc-cache:_fc-cache /mnt/var/cache/fontconfig/* + fi + # Install the set files. for _f in $_get_sets; do reset_watchdog blob - 63a9597ba59d3de4195c35b2dfefe5ba97240d26 blob + 5dcc15870535141061390efc0a194bb5e438e5b4 --- etc/mtree/BSD.x11.dist +++ etc/mtree/BSD.x11.dist @@ -412,7 +412,7 @@ .. var cache - fontconfig + fontconfig uname=_fc-cache gname=_fc-cache .. .. db blob - e0110c0bb560b99241d53fd0bf83189332928b30 blob + d1acfcc50fb4ce79bdf4da1ace05b6414f65f499 --- usr.sbin/pkg_add/OpenBSD/PackingElement.pm +++ usr.sbin/pkg_add/OpenBSD/PackingElement.pm @@ -1671,10 +1671,20 @@ sub _restore_fontdir($state, $dirname) } } -sub _run_if_exists($state, $cmd, @l) +sub _run_if_exists($state, $user, $cmd, @l) { + unshift(@l, $cmd); if (-x $cmd) { - $state->vsystem($cmd, @l); + if (defined $user) { + my (undef, undef, $uid, $gid) = getpwnam($user); + if (!defined $uid) { + $state->log->fatal( + $state->f("Couldn't change identity: no #1 user", + $user)); + } + unshift(@l, sub() { $state->change_user($uid, $gid); }); + } + $state->vsystem(@l); } else { $state->errsay("#1 not found", $cmd); } @@ -1692,11 +1702,14 @@ sub finish($class, $state) require OpenBSD::Error; map { _update_fontalias($state, $_) } @l; - _run_if_exists($state, OpenBSD::Paths->mkfontscale, '--', @l); - _run_if_exists($state, OpenBSD::Paths->mkfontdir, '--', @l); + _run_if_exists($state, undef, + OpenBSD::Paths->mkfontscale, '--', @l); + _run_if_exists($state, undef, + OpenBSD::Paths->mkfontdir, '--', @l); map { _restore_fontdir($state, $_) } @l; - _run_if_exists($state, OpenBSD::Paths->fc_cache, '--', @l); + _run_if_exists($state, '_fc-cache', + OpenBSD::Paths->fc_cache, '--', @l); $state->say("ok") if $state->verbose < 2; } }