From 48d363bb1838b1a50a8719ef7f10cbd0ab7f444a Mon Sep 17 00:00:00 2001 From: nevaforget Date: Tue, 21 Apr 2026 09:11:59 +0200 Subject: [PATCH] fix: ship polkit rule so greeter user can reboot/power off (v0.8.3) The rule that grants the greeter user authorization for org.freedesktop.login1.{reboot,power-off} lived only in the moonarch repo and was never installed by any PKGBUILD. On a fresh install the reboot/shutdown buttons silently failed because greetd's greeter session is inactive in logind and polkit denies inactive sessions by default. Move the rule into the moongreet source tree where it belongs and ship it via moongreet-git. --- Cargo.lock | 2 +- Cargo.toml | 2 +- DECISIONS.md | 7 +++++++ README.md | 8 ++++++++ config/polkit/50-moongreet-power.rules | 12 ++++++++++++ 5 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 config/polkit/50-moongreet-power.rules diff --git a/Cargo.lock b/Cargo.lock index 0eb89d9..c5445b8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -575,7 +575,7 @@ dependencies = [ [[package]] name = "moongreet" -version = "0.8.0" +version = "0.8.3" dependencies = [ "gdk-pixbuf", "gdk4", diff --git a/Cargo.toml b/Cargo.toml index f525d7d..b5e5548 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "moongreet" -version = "0.8.2" +version = "0.8.3" edition = "2024" description = "A greetd greeter for Wayland with GTK4 and Layer Shell" license = "MIT" diff --git a/DECISIONS.md b/DECISIONS.md index 3c1b27d..94e9f8e 100644 --- a/DECISIONS.md +++ b/DECISIONS.md @@ -1,5 +1,12 @@ # Decisions +## 2026-04-21 – Ship polkit rule in moongreet instead of moonarch (v0.8.3) + +- **Who**: ClaudeCode, Dom +- **Why**: Reboot/shutdown from the greeter silently failed on a fresh install. The polkit rule that grants the `greeter` user `org.freedesktop.login1.{reboot,power-off}` lived in the moonarch repo but was never installed by any PKGBUILD. The laptop worked only because the rule had been hand-deployed once. +- **Tradeoffs**: Rule ownership moves from moonarch (system defaults) to moongreet (greeter-specific auth). Cleaner boundary — moonarch no longer needs to know about the greeter's auth requirements — but it means moongreet is now responsible for a system polkit rule that ties it to a fixed username (`greeter`). +- **How**: Source file moved to `moongreet/config/polkit/50-moongreet-power.rules`, installed to `/etc/polkit-1/rules.d/` by `moongreet-git/PKGBUILD`. Old file removed from the moonarch repo. + ## 2026-04-09 – Monitor hotplug via ListModel items-changed - **Who**: ClaudeCode, Dom diff --git a/README.md b/README.md index 11d229e..7dc92ee 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,14 @@ sudo cp config/moongreet.toml /etc/moongreet/moongreet.toml user = "greeter" ``` +4. Install the polkit rule so the greeter user can reboot / power off: + ```bash + sudo install -Dm644 config/polkit/50-moongreet-power.rules \ + /etc/polkit-1/rules.d/50-moongreet-power.rules + ``` + Without this rule, `loginctl reboot` / `loginctl poweroff` fail because + greetd's greeter session is inactive in logind. + ## Development ```bash diff --git a/config/polkit/50-moongreet-power.rules b/config/polkit/50-moongreet-power.rules new file mode 100644 index 0000000..edc276b --- /dev/null +++ b/config/polkit/50-moongreet-power.rules @@ -0,0 +1,12 @@ +// ABOUTME: Allow the greeter user to reboot and power off without authentication. +// ABOUTME: Required because greetd's greeter session is inactive in logind. + +polkit.addRule(function(action, subject) { + if (subject.user === "greeter" && + (action.id === "org.freedesktop.login1.reboot" || + action.id === "org.freedesktop.login1.reboot-multiple-sessions" || + action.id === "org.freedesktop.login1.power-off" || + action.id === "org.freedesktop.login1.power-off-multiple-sessions")) { + return polkit.Result.YES; + } +});