From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id mKecHlMbLWPGjQAAbAwnHQ (envelope-from ) for ; Fri, 23 Sep 2022 04:34:59 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id aDKcHlMbLWOzvQAA9RJhRA (envelope-from ) for ; Fri, 23 Sep 2022 04:34:59 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2ED642506D for ; Fri, 23 Sep 2022 04:34:58 +0200 (CEST) Received: from localhost ([::1]:51096 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1obYWn-0003YZ-VA for larch@yhetil.org; Thu, 22 Sep 2022 22:34:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59602) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1obYT6-0001B8-6D for guix-patches@gnu.org; Thu, 22 Sep 2022 22:31:11 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39803) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1obYT0-0006Zi-L5 for guix-patches@gnu.org; Thu, 22 Sep 2022 22:31:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1obYT0-0001GP-GR for guix-patches@gnu.org; Thu, 22 Sep 2022 22:31:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker. Resent-From: =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 23 Sep 2022 02:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 57881 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Josselin Poiret Cc: 57881@debbugs.gnu.org Received: via spool by 57881-submit@debbugs.gnu.org id=B57881.16639002554843 (code B ref 57881); Fri, 23 Sep 2022 02:31:02 +0000 Received: (at 57881) by debbugs.gnu.org; 23 Sep 2022 02:30:55 +0000 Received: from localhost ([127.0.0.1]:38881 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1obYSs-0001G3-UH for submit@debbugs.gnu.org; Thu, 22 Sep 2022 22:30:55 -0400 Received: from mail-yw1-f195.google.com ([209.85.128.195]:38586) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1obYSr-0001Fq-1G for 57881@debbugs.gnu.org; Thu, 22 Sep 2022 22:30:53 -0400 Received: by mail-yw1-f195.google.com with SMTP id 00721157ae682-3321c2a8d4cso118571877b3.5 for <57881@debbugs.gnu.org>; Thu, 22 Sep 2022 19:30:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:from:to:cc:subject:date; bh=lz4oTlrXWbyMnfhTEmYz+BYUKu+fNnHXZyKeZdtelAI=; b=F4KEQ7I/jAgNElDsSSo0e+O7XR053Dpvbk5TmQS6F+PRUnCKuedZ+wPHYC8LFCpWcv JjblNcg8P0mc+94l8HMRD2mhfVGq5R6eLVaN1cVnWxx9zccJR+UM4yUlNo944VBdyi7z Np4LyfneQI4r0mf0F6kQhyHEyRvWUuLQ8fam4hE31QyWEuPsJLT9aQTg7f4Jro6Id1Eb wWnWGL8RjGFwY8U/Bk2BMWSHQ343nLCuOfSYw/LiN1r2IAfrQpewGWjTe7CVnHyg3ukH d1zfWnORQLPxtUkX3SrAp3M5TF/hlh5ijGRrJDMTYoeqkZtgUq1i80ZDOpmKtLxe/foW 6G3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=lz4oTlrXWbyMnfhTEmYz+BYUKu+fNnHXZyKeZdtelAI=; b=Y5M+NkNCYcslknWtZe+nAkfXt594Gd7CM3v5xz9ROtQ6pCThXxRsx26zcVmua5d93Z 6XJCvUTSLpJ2UCQ470rETSGAfQu0+EMtGXuhzvHsRNxV7wlDodc1kF2v4sEp/hc0MXtl EylnTpl35buZqeQQUaxCPY+JqfukVzRGNJuEfRGqev6srTWRRugw2ACGQaEUoEOx2I37 CyujZJzxKvMP72BMsF9eKuv6PEFNbK+iiw9bBck8eACPwjZcPDJMnCiev/nNSH9+NBz2 8FqRpaYLVG3AHEriqmnXAW5SOdgomLaFwAPDTXBFW2LNr5UFEoxZMTb2yjbkrGUY1mK8 CQfw== X-Gm-Message-State: ACrzQf0l357yPkfcXepTR/9IBRNrxyWAFEg5AhgItH4v6oT8TvuFbnLC H9fr5mnjU9IO1hVI9lhly9bj/lnWpz2y2RdnvaI= X-Google-Smtp-Source: AMsMyM6OftcRiIzKfBoQa+Vl83hH8+kuWE8K8PF8BddZYQA+kFA1JWVHyhsoREAKXYx78BtDD3+uR2iyEbFoBD3THb0= X-Received: by 2002:a81:6ed7:0:b0:34a:78e:bc58 with SMTP id j206-20020a816ed7000000b0034a078ebc58mr6399521ywc.143.1663900247406; Thu, 22 Sep 2022 19:30:47 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a81:dd11:0:0:0:0:0 with HTTP; Thu, 22 Sep 2022 19:30:47 -0700 (PDT) In-Reply-To: <87illk8n4f.fsf@jpoiret.xyz> References: <87illk8n4f.fsf@jpoiret.xyz> From: =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= Date: Fri, 23 Sep 2022 02:30:47 +0000 Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1663900499; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=lz4oTlrXWbyMnfhTEmYz+BYUKu+fNnHXZyKeZdtelAI=; b=ubtEDD4O6WFjJoQtGDAK7OLuz8JXYG/jUjCt3RNgqzb3N9Dz6f9J1sLRMvRE5x5b3Mb/al jKMrVb67BbGh9bA3ZGhb10qPlw70ZfJVcHMJuFUSkmKeuJXkLa22I9FkHha6/rNJdUu1/i JrrRnR9CnDawJJ3onXLsWBlrjiMpGe6obcwxkrX//LSDjFPAoCOE1ibqzYgqfaANrv1l43 P2E91wTL238T5QiXdj+BCQQ15ZLp0ZrwSzy34Ekh82OKWhd2Znh6C+3hPa3OiiMsKAbHjg EJzSoDxc/TTcnroz1GySgxf6yifCnofHs+LJOVhouORcgaSDvIh4uFGO0F8iSA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1663900499; a=rsa-sha256; cv=none; b=CHzLAS9al1kxEvAWe5e6Tdga44FZyuKz8T4pEwLvZlJKCYZhqHPPvEiOAz3quaLXVLvacc MoPweU+fAhDG3Hl24LxkiWU9TryoH+tImZ9+lseTVkn/J7Em6o4bshIJIDPBNpU48CQDfO 14FhoebPCdIhI1BcsFsKDygIkl05b3Toi1vW5wmUoh0rNrAWhqt8MdltVIlrKDiSCXAMGb OE9SWUIyEs1B7xAXM3F4vILYih7QYJZEW3icdeBV01NyEjKc8r2R2DZp5ihUUQ80Eihn/f urPVzzmBZ8BuryWWwBTmXSdGNrJLJiZX7H/sB8L6x6WoXkCCRsMuo2VShhUT6Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b="F4KEQ7I/"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 7.65 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b="F4KEQ7I/"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 2ED642506D X-Spam-Score: 7.65 X-Migadu-Scanner: scn1.migadu.com X-TUID: SMvAmSPARDL5 ok, I will take some time to fix it. 2022-09-18 20:05 GMT, Josselin Poiret : > Hi, > > =E8=B7=AF=E8=BE=89 writes: > >> hikari-unlocker need setuid and pam to work. >> >> if hikari exec a non-setuid hikari-unlocker, such as >> "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's >> lock-mode can't exit, only can press power button to exit it. :( >> >> https://hikari.acmelabs.space/manpage.html >> >> https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71 >> From d1bedbc3c850cf0a60b182999c229079bad9cd99 Mon Sep 17 00:00:00 2001 >> From: Lu Hui >> Date: Sat, 17 Sep 2022 20:10:34 +0800 >> Subject: [PATCH] gnu: hikari: only allow use setuid hikari-unlocker. >> >> * gnu/packages/wm.scm (hikari) >> [phases]{force-use-setuid-unlocker}: replace "sh -c hikari-unlocker" to >> "/run/setuid-programs/hikari-unlocker" > > On Guix system, /run/setuid-programs/ should be in front of whatever > profiles you're using in your PATH, otherwise it will be shadowed by > them. With the default profile loading code in /etc/profile, this > should be what happens but there might be issues with any non-default > setup (ie. package not installed in the ~/.guix-profile/). > > To be honest, I'm not happy with hardcoding > /run/setuid-programs/hikari-unlocker, since it won't work on foreign > distros. > > Shouldn't we rather report this issue upstream? I'm under the > impression that the locker should detect that it isn't running suid and > not try to query PAM if it isn't able to, and instead fail and display > an error message or something similar. > > Best, > -- > Josselin Poiret >