Bug 211218

Summary: x11/kde4-workspace: installs kcheckpass with insufficient perms
Product: Ports & Packages Reporter: Matthias Apitz <guru>
Component: Individual Port(s)Assignee: Chris Rees <crees>
Status: Closed FIXED    
Severity: Affects Many People CC: bdrewery, crees, groot, guru, jhb
Priority: --- Keywords: easy, needs-patch, regression
Version: LatestFlags: bugzilla: maintainer-feedback? (kde)
koobs: merge-quarterly?
Hardware: Any   
OS: Any   

Description Matthias Apitz 2016-07-19 10:15:13 UTC 
I'm installing a new laptop with 12-CURRENT and ports from head
(compiled by me with poduriere); it turned out, that I was unable to
unlock a locked KDE session; digging into the problem I saw that the
component to validate the password (kcheckpass) was packaged into the
pkg with wrong perms:

$ tar tzvf /usr/PKGDIR.20160716/kde-workspace-4.11.21.txz | fgrep kcheckpass
-rwxr-xr-x  0 root   wheel   14352 17 jul. 21:43 /usr/local/lib/kde4/libexec/kcheckpass


in older versions from head in December and Mai it was with perms '-rwsr-sr-x':

$ tar tzvf /usr/PKGDIR.20151230/kde-workspace-4.11.14_4.txz | fgrep kcheckpass
-rwsr-sr-x  0 root   wheel   14352 dic. 31  2015 /usr/local/lib/kde4/libexec/kcheckpass

$ tar tzvf /usr/PKGDIR.20160501/kde-workspace-4.11.14_6.txz | fgrep kcheckpass
-rwsr-sr-x  0 root   wheel   14352 may.  6 21:19 /usr/local/lib/kde4/libexec/kcheckpass
Comment 1 groot 2016-08-09 22:40:51 UTC 
I just built kde4-workspace out of area51-trunk, and the permissions are as described; official package dated may 15 2015 has different permissions on kcheckpass in the packaged txz.
Comment 2 John Baldwin freebsd_committer freebsd_triage 2016-09-01 20:26:28 UTC 
Adding a "me-too".  I was able to unlock my desktop by 'chmod u+s' of kcheckpass over an SSH session thankfully.
Comment 3 Bryan Drewery freebsd_committer freebsd_triage 2016-09-01 20:28:49 UTC 
Latest poudriere-devel has BUILD_AS_NON_ROOT=yes as default which may
be exposing the problem.  The official package builds do not use this
yet.  So there is a missing @mode or (mode) modifier in the pkg-plist.
Comment 4 John Baldwin freebsd_committer freebsd_triage 2016-09-01 20:48:08 UTC 
Untested possible fix:

Index: pkg-plist
===================================================================
--- pkg-plist   (revision 421134)
+++ pkg-plist   (working copy)
@@ -229,7 +229,7 @@
 lib/kde4/libexec/fontinst
 lib/kde4/libexec/fontinst_helper
 lib/kde4/libexec/fontinst_x11
-lib/kde4/libexec/kcheckpass
+@(root,wheel,6755) lib/kde4/libexec/kcheckpass
 lib/kde4/libexec/kcmdatetimehelper
 lib/kde4/libexec/kcmkdmhelper
 lib/kde4/libexec/kdm_config
Comment 5 John Baldwin freebsd_committer freebsd_triage 2016-09-01 20:48:43 UTC 
(Though I found that for me simply u+s was enough without also requiring g+s)
Comment 6 Chris Rees freebsd_committer freebsd_triage 2016-09-01 21:14:29 UTC 
Testing jhb's patch.
Comment 7 commit-hook freebsd_committer freebsd_triage 2016-09-02 06:59:46 UTC 
A commit references this bug:

Author: crees
Date: Fri Sep  2 06:59:23 UTC 2016
New revision: 421252
URL: https://svnweb.freebsd.org/changeset/ports/421252

Log:
  Correct permissions on kcheckpass

  Without this, if the port is staged as non-root (default on new poudriere), the
  file is installed without setuid root and fails to unlock desktops.

  PR:		ports/211218
  Submitted by:	jhb
  Approved by:	maintainer timeout (kde, 2 months)

Changes:
  head/x11/kde4-workspace/Makefile
  head/x11/kde4-workspace/pkg-plist
Comment 8 Chris Rees freebsd_committer freebsd_triage 2016-09-02 07:00:06 UTC 
Committed.  Thanks!