x11-wm/hikari: seatd option and option groupings
Needs ReviewPublic
Actions

Authored by ports_xanderio.de on Dec 12 2020, 9:13 PM.

Details

Reviewers

Summary

This change adds a new option to the hikari port seatd, when this option is selected setuid isn't set on the hikari binary.
The old setuid behavior is still avalible trouw the HIKARI_SUID option.

The old SUID option was there for split into the UNLOCKER_SUID and HIKARI_SUID options.

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

ports_xanderio.de created this revision.Dec 12 2020, 9:13 PM

Herald added a subscriber: mat. · View Herald TranscriptDec 12 2020, 9:13 PM

ports_xanderio.de requested review of this revision.Dec 12 2020, 9:13 PM

Bug tracker: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251794

SEATD option is not necessary:

seatd support is only available if x11-toolkits/wlroots is built with LIBSEAT option enabled
LIBSEAT is enabled by default since rP553548, reducing the need to patch compositors to support setuid

Not sure about SUID -> HIKARI_SUID + UNLOCKER_SUID e.g., x11/swaylock doesn't have an option to disable setuid bit. hikari_unlocker requires setuid for pam_authenticate(3) to read /etc/master.passwd via pam_unix.so. Even if PAM configuration is changed (e.g., pam_google_authenticator, pam_yubico) an unprivileged process may still not be trusted with access to secret (generator). However, I don't maintain x11-wm/hikari, so whatever. ;)