From: "Anthony J. Bentley" Subject: Re: Unprivileged font cache: src To: tech@openbsd.org Date: Thu, 03 Jul 2025 02:27:33 -0600 Stuart Henderson writes: > On 2025/07/01 01:40, Anthony J. Bentley wrote: > > + # Transition users to unprivileged font cache > > + if [[ $MODE == upgrade ]]; then > > + chown _fc-cache:_fc-cache /mnt/var/cache/fontconfig/* > > + fi > > Is there a reason not to chown -R on the dir instead? It would avoid the > risk of overflowing the shell command line if there are too many files > when expanding /mnt/var/cache/fontconfig/* (mostly 72 chars per file). That seems worth caring about. I did it this way to make sure the directory permissions were properly set during build without the installer hack in place. But now that that's been tested I think your way is better. Rest of diff unchanged. diff a90b31a2b49988afcb756bd8861bba28810568ee 54690b34b03e1bdc67f19800ef9bc16c7cc2f5f2 commit - a90b31a2b49988afcb756bd8861bba28810568ee commit + 54690b34b03e1bdc67f19800ef9bc16c7cc2f5f2 blob - a8a631901db38a5a905b1d21d29c85f4beb36b76 blob + 76308091ec8f6e221112b6b998f4d2fa1eee8daa --- distrib/miniroot/install.sub +++ distrib/miniroot/install.sub @@ -1807,6 +1807,11 @@ install_files() { rm -rf /mnt/var/syspatch/* fi + # Transition users to unprivileged font cache + if [[ $MODE == upgrade ]]; then + chown -R _fc-cache:_fc-cache /mnt/var/cache/fontconfig + fi + # Install the set files. for _f in $_get_sets; do reset_watchdog blob - 63a9597ba59d3de4195c35b2dfefe5ba97240d26 blob + 5dcc15870535141061390efc0a194bb5e438e5b4 --- etc/mtree/BSD.x11.dist +++ etc/mtree/BSD.x11.dist @@ -412,7 +412,7 @@ .. var cache - fontconfig + fontconfig uname=_fc-cache gname=_fc-cache .. .. db blob - e0110c0bb560b99241d53fd0bf83189332928b30 blob + d1acfcc50fb4ce79bdf4da1ace05b6414f65f499 --- usr.sbin/pkg_add/OpenBSD/PackingElement.pm +++ usr.sbin/pkg_add/OpenBSD/PackingElement.pm @@ -1671,10 +1671,20 @@ sub _restore_fontdir($state, $dirname) } } -sub _run_if_exists($state, $cmd, @l) +sub _run_if_exists($state, $user, $cmd, @l) { + unshift(@l, $cmd); if (-x $cmd) { - $state->vsystem($cmd, @l); + if (defined $user) { + my (undef, undef, $uid, $gid) = getpwnam($user); + if (!defined $uid) { + $state->log->fatal( + $state->f("Couldn't change identity: no #1 user", + $user)); + } + unshift(@l, sub() { $state->change_user($uid, $gid); }); + } + $state->vsystem(@l); } else { $state->errsay("#1 not found", $cmd); } @@ -1692,11 +1702,14 @@ sub finish($class, $state) require OpenBSD::Error; map { _update_fontalias($state, $_) } @l; - _run_if_exists($state, OpenBSD::Paths->mkfontscale, '--', @l); - _run_if_exists($state, OpenBSD::Paths->mkfontdir, '--', @l); + _run_if_exists($state, undef, + OpenBSD::Paths->mkfontscale, '--', @l); + _run_if_exists($state, undef, + OpenBSD::Paths->mkfontdir, '--', @l); map { _restore_fontdir($state, $_) } @l; - _run_if_exists($state, OpenBSD::Paths->fc_cache, '--', @l); + _run_if_exists($state, '_fc-cache', + OpenBSD::Paths->fc_cache, '--', @l); $state->say("ok") if $state->verbose < 2; } }