På søndag 1. mars 2026 kl. 10:42, skrev Volker Schlecht <[email protected]>:
> ... and yet more wayland/niri/hipster bikeshedding :-) > > Description > > Fuzzel is a Wayland-native application launcher and fuzzy finder, inspired by > rofi and dmenu. > > WWW: https://codeberg.org/dnkl/fuzzel/ > > Needs some patches that are basically copied from wayland/foot. > ok? Built/Tested on current/amd64: Use ark to extract fuzzel.tar.gz in /tmp/ Privsep with separate user: cp -Rv /tmp/fuzzel /usr/ports/mystuff/wayland/ cd /usr/ports/mystuff/wayland/fuzzel/ && make clean=all clean && make test port-lib-depends-check install clean Root: pkg_add -Dsnap -Dunsigned -r /usr/ports/packages/amd64/all/fuzzel-1.14.0.tgz I tried building in mystuff/wayland/fuzzel but: ===> Building package for fuzzel-1.14.0 Create /usr/ports/packages/amd64/all/fuzzel-1.14.0.tgz Creating package fuzzel-1.14.0 Link to /usr/ports/packages/amd64/ftp/fuzzel-1.14.0.tgz ===> Verifying specs: c cairo epoll-shim fcft fontconfig m pixman-1 png pthread stdthreads wayland-client wayland-cursor xkbcommon ===> found c.102.2 cairo.13.5 epoll-shim.0.1 fcft.0.1 fontconfig.14.1 m.10.1 pixman-1.46.4 png.18.2 pthread.28.1 stdthreads.0.0 wayland-client.0.3 wayland-cursor.0.0 xkbcommon.4.2 ===> Installing fuzzel-1.14.0 from /usr/ports/packages/amd64/all/ quirks-7.184 signed on 2026-02-28T16:57:14Z file:/usr/ports/packages/amd64/all/fuzzel-1.14.0.tgz: unsigned package Can't find /usr/ports/packages/amd64/all/fuzzel-1.14.0.tgz Couldn't install fuzzel-1.14.0 *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2260 '/var/db/pkg/fuzzel-1.14.0/+CONTENTS': @/usr/bin/env -i PKG_TMPDIR=/var/tmp ...) *** Error 2 in /usr/ports/mystuff/wayland/fuzzel (/usr/ports/infrastructure/mk/bsd.port.mk:2706 'install': @lock=fuzzel-1.14.0; export _LOC...) -- It looks like if you use privsep with another user it won't install unless you have something like: permit keepenv privsep_user as root cmd /usr/sbin/pkg_add permit keepenv privsep_user as root cmd pkg_add in /etc/doas.conf or worse with nopass. I did this prior, but was warned away from doing so by even Theo (de Raadt, and maybe Buehler) for security reasons. A no-no. When I made the user for privsep I made one like used in ports _some_project, with no password too, but past the 1000 uids. So one could not try to bruteforce a password from terminal, tty, or ssh. Only available if 'su - privsep_user' is used, whether by root or doas allowance. The /usr/ports/ folder is under said privsep_user user and wsrc group. With privsep_user being part of the wsrc, _pbuild, _pfetch groups. And in /etc/mk.conf : SUDO=doas PORTS_PRIVSEP=Yes -- Maybe I am doing it wrong or misunderstood? The only thing I have for privilege escalation in /etc/doas.conf is: # Non-exhaustive list of variables needed to build release(8) and ports(7) permit nopass setenv { \ FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \ DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \ MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \ PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \ PORTS_TREE_OWNER FAKE_TREE_OWNER PORTSDIR \ SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc permit keepenv nopass privsep_user as _pbuild permit keepenv nopass privsep_user as _pfetch -- As this as a dedicated user for fetching/building. Utilizing pkg_add -Dunsigned or with TRUSTED_PKG_PATH=/usr/ports/packages/amd64/all in root or a user with doas if desired. Regardless, fuzzel builds/installs. And no obvious grammar, formatting or syntax issues. I switched the wmenu-run I had used for fuzzel in ~/.config/niri/config.kdl : Mod+D { spawn "fuzzel"; } //Mod+D { spawn "wmenu-run"; } -- It looks good in niri and definitely help default niri installations. Definitely launches applications. Hope this helps. Thank all of OpenBSD devs for your efforts and also for help having been given to this port novice. -- yaydn
