From: "Anthony J. Bentley" Subject: Re: Unprivileged font cache: src To: tech@openbsd.org Date: Sun, 06 Jul 2025 06:07:56 -0600 Anthony J. Bentley writes: > Stuart Henderson writes: > > On 2025/07/01 01:40, Anthony J. Bentley wrote: > > > + # Transition users to unprivileged font cache > > > + if [[ $MODE == upgrade ]]; then > > > + chown _fc-cache:_fc-cache /mnt/var/cache/fontconfig/* > > > + fi > > > > Is there a reason not to chown -R on the dir instead? It would avoid the > > risk of overflowing the shell command line if there are too many files > > when expanding /mnt/var/cache/fontconfig/* (mostly 72 chars per file). > > That seems worth caring about. I did it this way to make sure the > directory permissions were properly set during build without the > installer hack in place. But now that that's been tested I think your > way is better. > > Rest of diff unchanged. New changes: - Removed $MODE == upgrade conditional, and added "remove in 7.9" to the comment. - Added an additional chown in sysmerge, after users are added. diff a90b31a2b49988afcb756bd8861bba28810568ee 564e4146109869d2954335d0b17667e97829c44f commit - a90b31a2b49988afcb756bd8861bba28810568ee commit + 564e4146109869d2954335d0b17667e97829c44f blob - a8a631901db38a5a905b1d21d29c85f4beb36b76 blob + 9625861cfc5428a7672a8832919bbee29b10597a --- distrib/miniroot/install.sub +++ distrib/miniroot/install.sub @@ -1807,6 +1807,10 @@ install_files() { rm -rf /mnt/var/syspatch/* fi + # Transition font cache ownership from root to its dedicated user. + # XXX Remove after 7.9 release. + chown -R _fc-cache:_fc-cache /mnt/var/cache/fontconfig + # Install the set files. for _f in $_get_sets; do reset_watchdog blob - 63a9597ba59d3de4195c35b2dfefe5ba97240d26 blob + 5dcc15870535141061390efc0a194bb5e438e5b4 --- etc/mtree/BSD.x11.dist +++ etc/mtree/BSD.x11.dist @@ -412,7 +412,7 @@ .. var cache - fontconfig + fontconfig uname=_fc-cache gname=_fc-cache .. .. db blob - e0110c0bb560b99241d53fd0bf83189332928b30 blob + d1acfcc50fb4ce79bdf4da1ace05b6414f65f499 --- usr.sbin/pkg_add/OpenBSD/PackingElement.pm +++ usr.sbin/pkg_add/OpenBSD/PackingElement.pm @@ -1671,10 +1671,20 @@ sub _restore_fontdir($state, $dirname) } } -sub _run_if_exists($state, $cmd, @l) +sub _run_if_exists($state, $user, $cmd, @l) { + unshift(@l, $cmd); if (-x $cmd) { - $state->vsystem($cmd, @l); + if (defined $user) { + my (undef, undef, $uid, $gid) = getpwnam($user); + if (!defined $uid) { + $state->log->fatal( + $state->f("Couldn't change identity: no #1 user", + $user)); + } + unshift(@l, sub() { $state->change_user($uid, $gid); }); + } + $state->vsystem(@l); } else { $state->errsay("#1 not found", $cmd); } @@ -1692,11 +1702,14 @@ sub finish($class, $state) require OpenBSD::Error; map { _update_fontalias($state, $_) } @l; - _run_if_exists($state, OpenBSD::Paths->mkfontscale, '--', @l); - _run_if_exists($state, OpenBSD::Paths->mkfontdir, '--', @l); + _run_if_exists($state, undef, + OpenBSD::Paths->mkfontscale, '--', @l); + _run_if_exists($state, undef, + OpenBSD::Paths->mkfontdir, '--', @l); map { _restore_fontdir($state, $_) } @l; - _run_if_exists($state, OpenBSD::Paths->fc_cache, '--', @l); + _run_if_exists($state, '_fc-cache', + OpenBSD::Paths->fc_cache, '--', @l); $state->say("ok") if $state->verbose < 2; } } blob - 79286eb9c5f7359b60f9ea0a061a8c40198029fe blob + e8c87f96a7eb559e05f9ed593cf9a1a813aacad3 --- usr.sbin/sysmerge/sysmerge.sh +++ usr.sbin/sysmerge/sysmerge.sh @@ -184,6 +184,10 @@ sm_run() { sm_add_user_grp sm_cp_pkg_samples + # Ensure the font cache is not owned by root. + # XXX Remove after 7.9 release. + chown -R _fc-cache:_fc-cache /var/cache/fontconfig + for _i in etcsum xetcsum pkgsum; do if [[ -f /var/sysmerge/${_i} && \ -f ./var/sysmerge/${_i} ]] && \