From ead3b41dffa3a874ed0b807238f38c9b9595cf33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= <reynir@reynir.dk>
Date: Tue, 17 Sep 2024 11:36:54 +0200
Subject: [PATCH 1/2] Add FreeBSD rc script for running the demo

---
 misc/rc.d/webauthn_demo | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100755 misc/rc.d/webauthn_demo

diff --git a/misc/rc.d/webauthn_demo b/misc/rc.d/webauthn_demo
new file mode 100755
index 0000000..1f4f7b5
--- /dev/null
+++ b/misc/rc.d/webauthn_demo
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+. /etc/rc.subr
+
+name="webauthn_demo"
+title="webauthn-demo"
+rcvar="${name}_enable"
+
+pidfile="/var/run/${name}/${name}.pid"
+# Change this if you place the demo binary elsewhere
+exec_path="/home/builder/webauthn/${name}.exe"
+
+start_precmd="webauthn_demo_precmd"
+
+load_rc_config "$name"
+
+: ${webauthn_demo_enable:="NO"}
+: ${webauthn_demo_user:="builder"}
+
+webauthn_demo_precmd () {
+  # Create the parent directory for the pidfile with owner
+  # ${webauthn_demo_user} as daemon(8) will not have permissions for /var/run/
+  install -d -o "${webauthn_demo_user}" "/var/run/${name}"
+}
+
+command="/usr/sbin/daemon"
+command_args="-r -S -t ${title} -P ${pidfile} ${exec_path}"
+
+run_rc_command "$1"

From 1e79dea71a5ae78d3f52dcb10bbf85ccaced9624 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= <reynir@reynir.dk>
Date: Wed, 18 Sep 2024 16:26:15 +0200
Subject: [PATCH 2/2] Refactor rc script

---
 misc/rc.d/webauthn_demo | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/misc/rc.d/webauthn_demo b/misc/rc.d/webauthn_demo
index 1f4f7b5..9334254 100755
--- a/misc/rc.d/webauthn_demo
+++ b/misc/rc.d/webauthn_demo
@@ -6,24 +6,18 @@ name="webauthn_demo"
 title="webauthn-demo"
 rcvar="${name}_enable"
 
-pidfile="/var/run/${name}/${name}.pid"
+pidfile="/var/run/${name}.pid"
 # Change this if you place the demo binary elsewhere
 exec_path="/home/builder/webauthn/${name}.exe"
 
-start_precmd="webauthn_demo_precmd"
-
 load_rc_config "$name"
 
 : ${webauthn_demo_enable:="NO"}
-: ${webauthn_demo_user:="builder"}
-
-webauthn_demo_precmd () {
-  # Create the parent directory for the pidfile with owner
-  # ${webauthn_demo_user} as daemon(8) will not have permissions for /var/run/
-  install -d -o "${webauthn_demo_user}" "/var/run/${name}"
-}
+# We can't use $webauthn_demo_user as otherwise daemon(8) will run unprivileged
+# and can't create the pidfile and drop privileges
+: ${webauthn_demo_runas:="builder"}
 
 command="/usr/sbin/daemon"
-command_args="-r -S -t ${title} -P ${pidfile} ${exec_path}"
+command_args="-r -S -t ${title} -P ${pidfile} -u ${webauthn_demo_runas} ${exec_path}"
 
 run_rc_command "$1"