From: "Anthony J. Bentley" <bentley@openbsd.org>
Subject: Re: Unprivileged font cache: xenocara
To: tech@openbsd.org
Date: Thu, 03 Jul 2025 02:31:12 -0600

Stuart Henderson writes:
> On 2025/07/01 01:41, Anthony J. Bentley wrote:
> > +        pw = getpwnam("_fc-cache");
> > +        if (!pw)
> > +            errx(1, "no _fc-cache user to revoke to");
>
> if _fc-cache doesn't exist yet, does it matter about setting ownership
> back to root? (i.e. would it make sense to fallback to old behaviour
> in case sysmerge hasn't been run to add the uid/gid yet?)

I think it's fine as-is. In my tests, sysmerge did always run without
user intervention. If for some reason sysmerge didn't run, the error
message is clear about what's wrong. Falling back to root instead would
cause difficulty for pkg_add if packages are updated before sysmerge,
which seems more likely than manually running fc-cache before sysmerge,
and would be harder to notice and to fix.

> (belt and braces: sysmerge could chown after the dir adding _fc-cache...)

Yes, but IMO that's added complication that's not necessary.