På søndag 1. mars 2026 kl. 10:42, skrev Volker Schlecht
<openbsd-ports@schlecht.dev>:
> ... and yet more wayland/niri/hipster bikeshedding :-)
>
> Description
>
> Fuzzel is a Wayland-native application launcher and fuzzy finder, inspired by
> rofi and dmenu.
>
> WWW: https://codeberg.org/dnkl/fuzzel/
>
> Needs some patches that are basically copied from wayland/foot.
> ok?
Built/Tested on current/amd64:
Use ark to extract fuzzel.tar.gz in /tmp/
Privsep with separate user:
cp -Rv /tmp/fuzzel /usr/ports/mystuff/wayland/
cd /usr/ports/mystuff/wayland/fuzzel/ && make clean=all clean && make test port-lib-depends-check install clean
Root:
pkg_add -Dsnap -Dunsigned -r /usr/ports/packages/amd64/all/fuzzel-1.14.0.tgz
I tried building in mystuff/wayland/fuzzel but:
===> Building package for fuzzel-1.14.0
Create /usr/ports/packages/amd64/all/fuzzel-1.14.0.tgz
Creating package fuzzel-1.14.0
Link to /usr/ports/packages/amd64/ftp/fuzzel-1.14.0.tgz
===> Verifying specs: c cairo epoll-shim fcft fontconfig m pixman-1 png pthread stdthreads wayland-client wayland-cursor xkbcommon
===> found c.102.2 cairo.13.5 epoll-shim.0.1 fcft.0.1 fontconfig.14.1 m.10.1 pixman-1.46.4 png.18.2 pthread.28.1 stdthreads.0.0 wayland-client.0.3 wayland-cursor.0.0 xkbcommon.4.2
===> Installing fuzzel-1.14.0 from /usr/ports/packages/amd64/all/
quirks-7.184 signed on 2026-02-28T16:57:14Z
file:/usr/ports/packages/amd64/all/fuzzel-1.14.0.tgz: unsigned package
Can't find /usr/ports/packages/amd64/all/fuzzel-1.14.0.tgz
Couldn't install fuzzel-1.14.0
*** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2260 '/var/db/pkg/fuzzel-1.14.0/+CONTENTS': @/usr/bin/env -i PKG_TMPDIR=/var/tmp ...)
*** Error 2 in /usr/ports/mystuff/wayland/fuzzel (/usr/ports/infrastructure/mk/bsd.port.mk:2706 'install': @lock=fuzzel-1.14.0; export _LOC...)
--
It looks like if you use privsep with another user it won't install
unless you have something like:
permit keepenv privsep_user as root cmd /usr/sbin/pkg_add
permit keepenv privsep_user as root cmd pkg_add
in /etc/doas.conf or worse with nopass.
I did this prior, but was warned away from doing so by even Theo
(de Raadt, and maybe Buehler) for security reasons. A no-no.
When I made the user for privsep I made one like used in ports
_some_project, with no password too, but past the 1000 uids. So one
could not try to bruteforce a password from terminal, tty, or ssh. Only
available if 'su - privsep_user' is used, whether by root or doas
allowance. The /usr/ports/ folder is under said privsep_user user and
wsrc group. With privsep_user being part of the wsrc, _pbuild, _pfetch
groups.
And in /etc/mk.conf :
SUDO=doas
PORTS_PRIVSEP=Yes
--
Maybe I am doing it wrong or misunderstood?
The only thing I have for privilege escalation in /etc/doas.conf is:
# Non-exhaustive list of variables needed to build release(8) and ports(7)
permit nopass setenv { \
FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \
DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \
MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \
PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \
PORTS_TREE_OWNER FAKE_TREE_OWNER PORTSDIR \
SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc
permit keepenv nopass privsep_user as _pbuild
permit keepenv nopass privsep_user as _pfetch
--
As this as a dedicated user for fetching/building. Utilizing pkg_add
-Dunsigned or with TRUSTED_PKG_PATH=/usr/ports/packages/amd64/all in
root or a user with doas if desired.
Regardless, fuzzel builds/installs. And no obvious grammar, formatting
or syntax issues.
I switched the wmenu-run I had used for fuzzel in
~/.config/niri/config.kdl :
Mod+D { spawn "fuzzel"; }
//Mod+D { spawn "wmenu-run"; }
--
It looks good in niri and definitely help default niri installations.
Definitely launches applications.
Hope this helps. Thank all of OpenBSD devs for your efforts and also
for help having been given to this port novice.
--
yaydn
No comments:
Post a Comment