Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 nevaforget
|
a462b2cf06 | ||
|
nevaforget
|
77b94a560d | ||
|
nevaforget
|
b06b02faac | ||
|
nevaforget
|
9a89da8b13 |
@@ -17,7 +17,7 @@ Teil des Moonarch-Ökosystems.
|
||||
## Projektstruktur
|
||||
|
||||
- `src/` — Rust-Quellcode (main.rs, greeter.rs, ipc.rs, config.rs, users.rs, sessions.rs, i18n.rs, power.rs)
|
||||
- `resources/` — GResource-Assets (style.css, wallpaper.jpg, default-avatar.svg)
|
||||
- `resources/` — GResource-Assets (style.css, default-avatar.svg)
|
||||
- `config/` — Beispiel-Konfigurationsdateien für `/etc/moongreet/` und `/etc/greetd/`
|
||||
- `pkg/` — PKGBUILD für Arch-Linux-Paketierung (`makepkg -sf`)
|
||||
|
||||
@@ -44,8 +44,9 @@ cd pkg && makepkg -sf && sudo pacman -U moongreet-git-<version>-x86_64.pkg.tar.z
|
||||
- `sessions.rs` — Wayland/X11 Sessions aus .desktop Files
|
||||
- `power.rs` — Reboot/Shutdown via loginctl
|
||||
- `i18n.rs` — Locale-Erkennung (LANG / /etc/locale.conf) und String-Tabellen (DE/EN), alle UI- und Login-Fehlermeldungen
|
||||
- `config.rs` — TOML-Config ([appearance] background, gtk-theme) + Wallpaper-Fallback
|
||||
- `greeter.rs` — GTK4 UI (Overlay-Layout), Login-Flow via greetd IPC, Faillock-Warnung, Avatar-Cache, Last-User/Last-Session Persistence (0o600 Permissions)
|
||||
- `fingerprint.rs` — fprintd D-Bus Probe (gio::DBusProxy) — Geräteerkennung und Enrollment-Check für UI-Feedback
|
||||
- `config.rs` — TOML-Config ([appearance] background, gtk-theme, fingerprint-enabled) + Wallpaper-Fallback
|
||||
- `greeter.rs` — GTK4 UI (Overlay-Layout), Login-Flow via greetd IPC (Multi-Stage-Auth für fprintd), Faillock-Warnung, Avatar-Cache, Last-User/Last-Session Persistence (0o600 Permissions)
|
||||
- `main.rs` — Entry Point, GTK App, Layer Shell Setup, Multi-Monitor, systemd-journal-logger
|
||||
- `resources/style.css` — Catppuccin-inspiriertes Theme
|
||||
|
||||
@@ -57,6 +58,7 @@ cd pkg && makepkg -sf && sudo pacman -U moongreet-git-<version>-x86_64.pkg.tar.z
|
||||
- **Socket-Cancellation**: `Arc<Mutex<Option<UnixStream>>>` + `AtomicBool` für saubere Abbrüche
|
||||
- **Avatar-Cache**: `HashMap<String, gdk::Texture>` in `Rc<RefCell<GreeterState>>`
|
||||
- **GPU-Blur via GskBlurNode**: `Snapshot::push_blur()` + `GskRenderer::render_texture()` im `connect_realize` Callback — kein CPU-Blur, kein Disk-Cache, kein `image`-Crate
|
||||
- **Fingerprint via greetd Multi-Stage PAM**: fprintd D-Bus nur als Probe (Gerät/Enrollment), eigentliche Verifizierung läuft über PAM im greetd-Auth-Loop. `auth_message_type: "secret"` → Passwort, alles andere → `None` (PAM entscheidet). 60s Socket-Timeout bei fprintd.
|
||||
- **Symmetrie mit moonlock/moonset**: Gleiche Patterns (i18n, config, users, power, GResource, GPU-Blur)
|
||||
- **Session-Validierung**: Relative Pfade erlaubt (greetd löst PATH auf), nur `..`/Null-Bytes werden abgelehnt
|
||||
- **GTK-Theme-Validierung**: Nur alphanumerisch + `_-+.` erlaubt, verhindert Path-Traversal über Config
|
||||
|
||||
Generated
+1
-1
@@ -569,7 +569,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "moongreet"
|
||||
version = "0.5.0"
|
||||
version = "0.5.3"
|
||||
dependencies = [
|
||||
"gdk-pixbuf",
|
||||
"gdk4",
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "moongreet"
|
||||
version = "0.5.1"
|
||||
version = "0.6.0"
|
||||
edition = "2024"
|
||||
description = "A greetd greeter for Wayland with GTK4 and Layer Shell"
|
||||
license = "MIT"
|
||||
|
||||
@@ -1,5 +1,19 @@
|
||||
# Decisions
|
||||
|
||||
## 2026-03-29 – Fingerprint authentication via greetd multi-stage PAM
|
||||
|
||||
- **Who**: Ragnar, Dom
|
||||
- **Why**: moonlock supports fprintd but moongreet rejected multi-stage auth. Users with enrolled fingerprints couldn't use them at the login screen.
|
||||
- **Tradeoffs**: Direct fprintd D-Bus verification (like moonlock) can't start a greetd session — greetd controls session creation via PAM. Using greetd multi-stage means PAM decides the auth order (fingerprint first, then password fallback), not truly parallel. Acceptable — matches standard pam_fprintd behavior.
|
||||
- **How**: Replace single-pass auth with a loop over auth_message rounds. Secret prompts get the password, non-secret prompts (fprintd) get None and block until PAM resolves. fprintd D-Bus probe (gio::DBusProxy) only for UI — detecting device availability and enrolled fingers. 60s socket timeout when fingerprint available. Config option `fingerprint-enabled` (default true).
|
||||
|
||||
## 2026-03-28 – Remove embedded wallpaper from binary
|
||||
|
||||
- **Who**: Selene, Dom
|
||||
- **Why**: Wallpaper is installed by moonarch to /usr/share/moonarch/wallpaper.jpg. Embedding a 374K JPEG in the binary is redundant. GTK background color (Catppuccin Mocha base) is a clean fallback.
|
||||
- **Tradeoffs**: Without moonarch installed AND without config, greeter shows plain dark background instead of wallpaper. Acceptable — that's the expected minimal state.
|
||||
- **How**: Remove wallpaper.jpg from GResources, return None from resolve_background_path when no file found, skip wallpaper window creation and background picture when no path available.
|
||||
|
||||
## 2026-03-28 – GPU blur via GskBlurNode replaces CPU blur
|
||||
|
||||
- **Who**: Ragnar, Dom
|
||||
|
||||
@@ -15,6 +15,7 @@ Part of the Moonarch ecosystem.
|
||||
- **Multi-monitor** — Greeter on primary, wallpaper on all monitors
|
||||
- **i18n** — German and English (auto-detected from system locale)
|
||||
- **Faillock warning** — Warns after 2 failed attempts, locked message after 3
|
||||
- **Fingerprint** — fprintd support via greetd multi-stage PAM (configurable)
|
||||
|
||||
## Requirements
|
||||
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
<gresources>
|
||||
<gresource prefix="/dev/moonarch/moongreet">
|
||||
<file>style.css</file>
|
||||
<file>wallpaper.jpg</file>
|
||||
<file>default-avatar.svg</file>
|
||||
</gresource>
|
||||
</gresources>
|
||||
|
||||
@@ -54,6 +54,13 @@ window.wallpaper {
|
||||
font-size: 14px;
|
||||
}
|
||||
|
||||
/* Fingerprint prompt label */
|
||||
.fingerprint-label {
|
||||
color: alpha(white, 0.6);
|
||||
font-size: 13px;
|
||||
margin-top: 8px;
|
||||
}
|
||||
|
||||
/* User list on the bottom left */
|
||||
.user-list {
|
||||
background-color: transparent;
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 366 KiB |
+49
-16
@@ -6,7 +6,6 @@ use std::fs;
|
||||
use std::path::{Path, PathBuf};
|
||||
|
||||
const MOONARCH_WALLPAPER: &str = "/usr/share/moonarch/wallpaper.jpg";
|
||||
const GRESOURCE_PREFIX: &str = "/dev/moonarch/moongreet";
|
||||
|
||||
/// Default config search path: system-wide config.
|
||||
fn default_config_paths() -> Vec<PathBuf> {
|
||||
@@ -26,14 +25,28 @@ struct Appearance {
|
||||
background_blur: Option<f32>,
|
||||
#[serde(rename = "gtk-theme")]
|
||||
gtk_theme: Option<String>,
|
||||
#[serde(rename = "fingerprint-enabled")]
|
||||
fingerprint_enabled: Option<bool>,
|
||||
}
|
||||
|
||||
/// Greeter configuration.
|
||||
#[derive(Debug, Clone, Default)]
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct Config {
|
||||
pub background_path: Option<String>,
|
||||
pub background_blur: Option<f32>,
|
||||
pub gtk_theme: Option<String>,
|
||||
pub fingerprint_enabled: bool,
|
||||
}
|
||||
|
||||
impl Default for Config {
|
||||
fn default() -> Self {
|
||||
Config {
|
||||
background_path: None,
|
||||
background_blur: None,
|
||||
gtk_theme: None,
|
||||
fingerprint_enabled: true,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Load config from TOML files. Later paths override earlier ones.
|
||||
@@ -65,6 +78,9 @@ pub fn load_config(config_paths: Option<&[PathBuf]>) -> Config {
|
||||
if appearance.gtk_theme.is_some() {
|
||||
merged.gtk_theme = appearance.gtk_theme;
|
||||
}
|
||||
if let Some(fp) = appearance.fingerprint_enabled {
|
||||
merged.fingerprint_enabled = fp;
|
||||
}
|
||||
}
|
||||
}
|
||||
Err(e) => {
|
||||
@@ -78,25 +94,25 @@ pub fn load_config(config_paths: Option<&[PathBuf]>) -> Config {
|
||||
}
|
||||
}
|
||||
|
||||
log::debug!("Config result: background={:?}, blur={:?}, gtk_theme={:?}", merged.background_path, merged.background_blur, merged.gtk_theme);
|
||||
log::debug!("Config result: background={:?}, blur={:?}, gtk_theme={:?}, fingerprint={}", merged.background_path, merged.background_blur, merged.gtk_theme, merged.fingerprint_enabled);
|
||||
merged
|
||||
}
|
||||
|
||||
/// Resolve the wallpaper path using the fallback hierarchy.
|
||||
///
|
||||
/// Priority: config background_path > Moonarch system default > gresource fallback.
|
||||
pub fn resolve_background_path(config: &Config) -> PathBuf {
|
||||
/// Priority: config background_path > Moonarch system default > None (GTK background color).
|
||||
pub fn resolve_background_path(config: &Config) -> Option<PathBuf> {
|
||||
resolve_background_path_with(config, Path::new(MOONARCH_WALLPAPER))
|
||||
}
|
||||
|
||||
/// Resolve with configurable moonarch wallpaper path (for testing).
|
||||
pub fn resolve_background_path_with(config: &Config, moonarch_wallpaper: &Path) -> PathBuf {
|
||||
pub fn resolve_background_path_with(config: &Config, moonarch_wallpaper: &Path) -> Option<PathBuf> {
|
||||
// User-configured path
|
||||
if let Some(ref bg) = config.background_path {
|
||||
let path = PathBuf::from(bg);
|
||||
if path.is_file() {
|
||||
log::debug!("Wallpaper: using config path {}", path.display());
|
||||
return path;
|
||||
return Some(path);
|
||||
}
|
||||
log::debug!("Wallpaper: config path {} not found, trying fallbacks", path.display());
|
||||
}
|
||||
@@ -104,12 +120,11 @@ pub fn resolve_background_path_with(config: &Config, moonarch_wallpaper: &Path)
|
||||
// Moonarch ecosystem default
|
||||
if moonarch_wallpaper.is_file() {
|
||||
log::debug!("Wallpaper: using moonarch default {}", moonarch_wallpaper.display());
|
||||
return moonarch_wallpaper.to_path_buf();
|
||||
return Some(moonarch_wallpaper.to_path_buf());
|
||||
}
|
||||
|
||||
// GResource fallback path (loaded from compiled resources at runtime)
|
||||
log::debug!("Wallpaper: using GResource fallback");
|
||||
PathBuf::from(format!("{GRESOURCE_PREFIX}/wallpaper.jpg"))
|
||||
log::debug!("Wallpaper: no wallpaper found, using GTK background color");
|
||||
None
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
@@ -122,6 +137,7 @@ mod tests {
|
||||
assert!(config.background_path.is_none());
|
||||
assert!(config.background_blur.is_none());
|
||||
assert!(config.gtk_theme.is_none());
|
||||
assert!(config.fingerprint_enabled);
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -218,7 +234,7 @@ mod tests {
|
||||
};
|
||||
assert_eq!(
|
||||
resolve_background_path_with(&config, Path::new("/nonexistent")),
|
||||
wallpaper
|
||||
Some(wallpaper)
|
||||
);
|
||||
}
|
||||
|
||||
@@ -229,7 +245,7 @@ mod tests {
|
||||
..Config::default()
|
||||
};
|
||||
let result = resolve_background_path_with(&config, Path::new("/nonexistent"));
|
||||
assert!(result.to_str().unwrap().contains("moongreet"));
|
||||
assert!(result.is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -240,14 +256,31 @@ mod tests {
|
||||
let config = Config::default();
|
||||
assert_eq!(
|
||||
resolve_background_path_with(&config, &moonarch_wp),
|
||||
moonarch_wp
|
||||
Some(moonarch_wp)
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn resolve_uses_gresource_fallback_as_last_resort() {
|
||||
fn resolve_returns_none_when_no_wallpaper_found() {
|
||||
let config = Config::default();
|
||||
let result = resolve_background_path_with(&config, Path::new("/nonexistent"));
|
||||
assert!(result.to_str().unwrap().contains("wallpaper.jpg"));
|
||||
assert!(result.is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn load_config_fingerprint_enabled_default_true() {
|
||||
let paths = vec![PathBuf::from("/nonexistent/moongreet.toml")];
|
||||
let config = load_config(Some(&paths));
|
||||
assert!(config.fingerprint_enabled);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn load_config_fingerprint_disabled() {
|
||||
let dir = tempfile::tempdir().unwrap();
|
||||
let conf = dir.path().join("moongreet.toml");
|
||||
fs::write(&conf, "[appearance]\nfingerprint-enabled = false\n").unwrap();
|
||||
let paths = vec![conf];
|
||||
let config = load_config(Some(&paths));
|
||||
assert!(!config.fingerprint_enabled);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,137 @@
|
||||
// ABOUTME: fprintd D-Bus probe for fingerprint device availability.
|
||||
// ABOUTME: Checks if fprintd is running and the user has enrolled fingerprints.
|
||||
|
||||
use gio::prelude::*;
|
||||
use gtk4::gio;
|
||||
|
||||
const FPRINTD_BUS_NAME: &str = "net.reactivated.Fprint";
|
||||
const FPRINTD_MANAGER_PATH: &str = "/net/reactivated/Fprint/Manager";
|
||||
const FPRINTD_MANAGER_IFACE: &str = "net.reactivated.Fprint.Manager";
|
||||
const FPRINTD_DEVICE_IFACE: &str = "net.reactivated.Fprint.Device";
|
||||
|
||||
const DBUS_TIMEOUT_MS: i32 = 3000;
|
||||
|
||||
/// Lightweight fprintd probe — detects device availability and finger enrollment.
|
||||
/// Does NOT perform verification (that happens through greetd/PAM).
|
||||
pub struct FingerprintProbe {
|
||||
device_proxy: Option<gio::DBusProxy>,
|
||||
}
|
||||
|
||||
impl FingerprintProbe {
|
||||
/// Create a probe without any D-Bus connections.
|
||||
/// Call `init_async().await` to connect to fprintd.
|
||||
pub fn new() -> Self {
|
||||
FingerprintProbe {
|
||||
device_proxy: None,
|
||||
}
|
||||
}
|
||||
|
||||
/// Connect to fprintd on the system bus and discover the default device.
|
||||
pub async fn init_async(&mut self) {
|
||||
let manager = match gio::DBusProxy::for_bus_future(
|
||||
gio::BusType::System,
|
||||
gio::DBusProxyFlags::NONE,
|
||||
None,
|
||||
FPRINTD_BUS_NAME,
|
||||
FPRINTD_MANAGER_PATH,
|
||||
FPRINTD_MANAGER_IFACE,
|
||||
)
|
||||
.await
|
||||
{
|
||||
Ok(m) => m,
|
||||
Err(e) => {
|
||||
log::debug!("fprintd manager not available: {e}");
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
let result = match manager
|
||||
.call_future("GetDefaultDevice", None, gio::DBusCallFlags::NONE, DBUS_TIMEOUT_MS)
|
||||
.await
|
||||
{
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
log::debug!("fprintd GetDefaultDevice failed: {e}");
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
let device_path = match result.child_value(0).get::<String>() {
|
||||
Some(p) => p,
|
||||
None => {
|
||||
log::debug!("fprintd: unexpected GetDefaultDevice response type");
|
||||
return;
|
||||
}
|
||||
};
|
||||
if device_path.is_empty() {
|
||||
return;
|
||||
}
|
||||
|
||||
match gio::DBusProxy::for_bus_future(
|
||||
gio::BusType::System,
|
||||
gio::DBusProxyFlags::NONE,
|
||||
None,
|
||||
FPRINTD_BUS_NAME,
|
||||
&device_path,
|
||||
FPRINTD_DEVICE_IFACE,
|
||||
)
|
||||
.await
|
||||
{
|
||||
Ok(proxy) => {
|
||||
self.device_proxy = Some(proxy);
|
||||
}
|
||||
Err(e) => {
|
||||
log::debug!("fprintd device proxy failed: {e}");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Check if the user has enrolled fingerprints on the default device.
|
||||
/// Returns false if fprintd is unavailable or the user has no enrollments.
|
||||
pub async fn is_available_async(&self, username: &str) -> bool {
|
||||
let proxy = match &self.device_proxy {
|
||||
Some(p) => p,
|
||||
None => return false,
|
||||
};
|
||||
|
||||
let args = glib::Variant::from((&username,));
|
||||
match proxy
|
||||
.call_future(
|
||||
"ListEnrolledFingers",
|
||||
Some(&args),
|
||||
gio::DBusCallFlags::NONE,
|
||||
DBUS_TIMEOUT_MS,
|
||||
)
|
||||
.await
|
||||
{
|
||||
Ok(result) => match result.child_value(0).get::<Vec<String>>() {
|
||||
Some(fingers) => !fingers.is_empty(),
|
||||
None => {
|
||||
log::debug!("fprintd: unexpected ListEnrolledFingers response type");
|
||||
false
|
||||
}
|
||||
},
|
||||
Err(_) => false,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn new_probe_has_no_device() {
|
||||
let probe = FingerprintProbe::new();
|
||||
assert!(probe.device_proxy.is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn constants_are_defined() {
|
||||
assert!(!FPRINTD_BUS_NAME.is_empty());
|
||||
assert!(!FPRINTD_MANAGER_PATH.is_empty());
|
||||
assert!(!FPRINTD_MANAGER_IFACE.is_empty());
|
||||
assert!(!FPRINTD_DEVICE_IFACE.is_empty());
|
||||
assert!(DBUS_TIMEOUT_MS > 0);
|
||||
}
|
||||
}
|
||||
+217
-80
@@ -95,42 +95,23 @@ fn is_valid_username(name: &str) -> bool {
|
||||
.all(|c| c.is_ascii_alphanumeric() || c == '_' || c == '.' || c == '-' || c == '@')
|
||||
}
|
||||
|
||||
/// Load background texture from GResource or filesystem.
|
||||
/// Load background texture from filesystem.
|
||||
pub fn load_background_texture(bg_path: &Path) -> Option<gdk::Texture> {
|
||||
let path_str = bg_path.to_str()?;
|
||||
if bg_path.starts_with("/dev/moonarch/moongreet") {
|
||||
match gio::resources_lookup_data(path_str, gio::ResourceLookupFlags::NONE) {
|
||||
Ok(bytes) => match gdk::Texture::from_bytes(&bytes) {
|
||||
Ok(texture) => Some(texture),
|
||||
Err(e) => {
|
||||
log::debug!("GResource texture decode error: {e}");
|
||||
log::warn!("Failed to decode background texture from GResource {path_str}");
|
||||
None
|
||||
}
|
||||
},
|
||||
Err(e) => {
|
||||
log::debug!("GResource lookup error: {e}");
|
||||
log::warn!("Failed to load background texture from GResource {path_str}");
|
||||
None
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if let Ok(meta) = std::fs::metadata(bg_path)
|
||||
&& meta.len() > MAX_WALLPAPER_FILE_SIZE
|
||||
{
|
||||
log::warn!(
|
||||
"Wallpaper file too large ({} bytes), skipping: {}",
|
||||
meta.len(), bg_path.display()
|
||||
);
|
||||
return None;
|
||||
}
|
||||
match gdk::Texture::from_filename(bg_path) {
|
||||
Ok(texture) => Some(texture),
|
||||
Err(e) => {
|
||||
log::debug!("Wallpaper load error: {e}");
|
||||
log::warn!("Failed to load background texture from {}", bg_path.display());
|
||||
None
|
||||
}
|
||||
if let Ok(meta) = std::fs::metadata(bg_path)
|
||||
&& meta.len() > MAX_WALLPAPER_FILE_SIZE
|
||||
{
|
||||
log::warn!(
|
||||
"Wallpaper file too large ({} bytes), skipping: {}",
|
||||
meta.len(), bg_path.display()
|
||||
);
|
||||
return None;
|
||||
}
|
||||
match gdk::Texture::from_filename(bg_path) {
|
||||
Ok(texture) => Some(texture),
|
||||
Err(e) => {
|
||||
log::debug!("Wallpaper load error: {e}");
|
||||
log::warn!("Failed to load background texture from {}", bg_path.display());
|
||||
None
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -138,6 +119,10 @@ pub fn load_background_texture(bg_path: &Path) -> Option<gdk::Texture> {
|
||||
// -- GPU blur via GskBlurNode -------------------------------------------------
|
||||
|
||||
/// Render a blurred texture using the GPU via GskBlurNode.
|
||||
///
|
||||
/// To avoid edge darkening (blur samples transparent pixels outside bounds),
|
||||
/// the texture is rendered with padding equal to 3x the blur sigma. The blur
|
||||
/// is applied to the padded area, then cropped back to the original size.
|
||||
fn render_blurred_texture(
|
||||
widget: &impl IsA<gtk::Widget>,
|
||||
texture: &gdk::Texture,
|
||||
@@ -145,15 +130,24 @@ fn render_blurred_texture(
|
||||
) -> Option<gdk::Texture> {
|
||||
let native = widget.native()?;
|
||||
let renderer = native.renderer()?;
|
||||
|
||||
let w = texture.width() as f32;
|
||||
let h = texture.height() as f32;
|
||||
// Padding must cover the blur kernel radius (typically ~3x sigma)
|
||||
let pad = (sigma * 3.0).ceil();
|
||||
|
||||
let snapshot = gtk::Snapshot::new();
|
||||
let bounds = graphene_rs::Rect::new(
|
||||
0.0, 0.0, texture.width() as f32, texture.height() as f32,
|
||||
);
|
||||
// Clip output to original texture size
|
||||
snapshot.push_clip(&graphene_rs::Rect::new(pad, pad, w, h));
|
||||
snapshot.push_blur(sigma as f64);
|
||||
snapshot.append_texture(texture, &bounds);
|
||||
snapshot.pop();
|
||||
// Render texture with padding on all sides (edges repeat via oversized bounds)
|
||||
snapshot.append_texture(texture, &graphene_rs::Rect::new(0.0, 0.0, w + 2.0 * pad, h + 2.0 * pad));
|
||||
snapshot.pop(); // blur
|
||||
snapshot.pop(); // clip
|
||||
|
||||
let node = snapshot.to_node()?;
|
||||
Some(renderer.render_texture(&node, None))
|
||||
let viewport = graphene_rs::Rect::new(pad, pad, w, h);
|
||||
Some(renderer.render_texture(&node, Some(&viewport)))
|
||||
}
|
||||
|
||||
/// Create a wallpaper-only window for secondary monitors.
|
||||
@@ -200,6 +194,7 @@ struct GreeterState {
|
||||
failed_attempts: HashMap<String, u32>,
|
||||
greetd_sock: Arc<Mutex<Option<UnixStream>>>,
|
||||
login_cancelled: Arc<std::sync::atomic::AtomicBool>,
|
||||
fingerprint_available: bool,
|
||||
}
|
||||
|
||||
/// Create the main greeter window with login UI.
|
||||
@@ -230,6 +225,7 @@ pub fn create_greeter_window(
|
||||
}
|
||||
|
||||
let strings = load_strings(None);
|
||||
let fingerprint_enabled = config.fingerprint_enabled;
|
||||
let all_users = users::get_users(None);
|
||||
let all_sessions = sessions::get_sessions(None, None);
|
||||
log::debug!("Greeter window: {} user(s), {} session(s)", all_users.len(), all_sessions.len());
|
||||
@@ -244,6 +240,7 @@ pub fn create_greeter_window(
|
||||
failed_attempts: HashMap::new(),
|
||||
greetd_sock: Arc::new(Mutex::new(None)),
|
||||
login_cancelled: Arc::new(std::sync::atomic::AtomicBool::new(false)),
|
||||
fingerprint_available: false,
|
||||
}));
|
||||
|
||||
// Root overlay for layering
|
||||
@@ -314,6 +311,12 @@ pub fn create_greeter_window(
|
||||
error_label.set_visible(false);
|
||||
login_box.append(&error_label);
|
||||
|
||||
// Fingerprint label (hidden until probe confirms availability)
|
||||
let fp_label = gtk::Label::new(None);
|
||||
fp_label.add_css_class("fingerprint-label");
|
||||
fp_label.set_visible(false);
|
||||
login_box.append(&fp_label);
|
||||
|
||||
login_box.set_halign(gtk::Align::Center);
|
||||
main_box.append(&login_box);
|
||||
|
||||
@@ -354,6 +357,8 @@ pub fn create_greeter_window(
|
||||
#[weak]
|
||||
error_label,
|
||||
#[weak]
|
||||
fp_label,
|
||||
#[weak]
|
||||
session_dropdown,
|
||||
#[weak]
|
||||
window,
|
||||
@@ -370,9 +375,12 @@ pub fn create_greeter_window(
|
||||
&username_label,
|
||||
&password_entry,
|
||||
&error_label,
|
||||
&fp_label,
|
||||
&session_dropdown,
|
||||
&sessions_rc,
|
||||
&window,
|
||||
fingerprint_enabled,
|
||||
strings,
|
||||
);
|
||||
}
|
||||
));
|
||||
@@ -503,6 +511,8 @@ pub fn create_greeter_window(
|
||||
#[weak]
|
||||
error_label,
|
||||
#[weak]
|
||||
fp_label,
|
||||
#[weak]
|
||||
session_dropdown,
|
||||
#[weak]
|
||||
window,
|
||||
@@ -520,6 +530,8 @@ pub fn create_greeter_window(
|
||||
#[weak]
|
||||
error_label,
|
||||
#[weak]
|
||||
fp_label,
|
||||
#[weak]
|
||||
session_dropdown,
|
||||
#[weak]
|
||||
window,
|
||||
@@ -531,9 +543,12 @@ pub fn create_greeter_window(
|
||||
&username_label,
|
||||
&password_entry,
|
||||
&error_label,
|
||||
&fp_label,
|
||||
&session_dropdown,
|
||||
&sessions_rc,
|
||||
&window,
|
||||
fingerprint_enabled,
|
||||
strings,
|
||||
);
|
||||
}
|
||||
));
|
||||
@@ -551,9 +566,12 @@ fn select_initial_user(
|
||||
username_label: >k::Label,
|
||||
password_entry: >k::PasswordEntry,
|
||||
error_label: >k::Label,
|
||||
fp_label: >k::Label,
|
||||
session_dropdown: >k::DropDown,
|
||||
sessions: &[Session],
|
||||
window: >k::ApplicationWindow,
|
||||
fingerprint_enabled: bool,
|
||||
strings: &'static Strings,
|
||||
) {
|
||||
if users.is_empty() {
|
||||
return;
|
||||
@@ -573,9 +591,12 @@ fn select_initial_user(
|
||||
username_label,
|
||||
password_entry,
|
||||
error_label,
|
||||
fp_label,
|
||||
session_dropdown,
|
||||
sessions,
|
||||
window,
|
||||
fingerprint_enabled,
|
||||
strings,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -587,19 +608,24 @@ fn switch_to_user(
|
||||
username_label: >k::Label,
|
||||
password_entry: >k::PasswordEntry,
|
||||
error_label: >k::Label,
|
||||
fp_label: >k::Label,
|
||||
session_dropdown: >k::DropDown,
|
||||
sessions: &[Session],
|
||||
window: >k::ApplicationWindow,
|
||||
fingerprint_enabled: bool,
|
||||
strings: &'static Strings,
|
||||
) {
|
||||
log::debug!("Switching to user: {}", user.username);
|
||||
{
|
||||
let mut s = state.borrow_mut();
|
||||
s.selected_user = Some(user.clone());
|
||||
s.fingerprint_available = false;
|
||||
}
|
||||
|
||||
username_label.set_text(user.display_name());
|
||||
password_entry.set_text("");
|
||||
error_label.set_visible(false);
|
||||
fp_label.set_visible(false);
|
||||
|
||||
// Update avatar
|
||||
let cached = {
|
||||
@@ -624,6 +650,27 @@ fn switch_to_user(
|
||||
// Pre-select last used session for this user
|
||||
select_last_session(&user.username, session_dropdown, sessions);
|
||||
|
||||
// Probe fprintd for fingerprint availability
|
||||
if fingerprint_enabled {
|
||||
let username = user.username.clone();
|
||||
glib::spawn_future_local(clone!(
|
||||
#[weak]
|
||||
fp_label,
|
||||
#[strong]
|
||||
state,
|
||||
async move {
|
||||
let mut probe = crate::fingerprint::FingerprintProbe::new();
|
||||
probe.init_async().await;
|
||||
let available = probe.is_available_async(&username).await;
|
||||
state.borrow_mut().fingerprint_available = available;
|
||||
fp_label.set_visible(available);
|
||||
if available {
|
||||
fp_label.set_text(strings.fingerprint_prompt);
|
||||
}
|
||||
}
|
||||
));
|
||||
}
|
||||
|
||||
password_entry.grab_focus();
|
||||
}
|
||||
|
||||
@@ -891,6 +938,7 @@ fn attempt_login(
|
||||
let session_name = session.name.clone();
|
||||
let greetd_sock = state.borrow().greetd_sock.clone();
|
||||
let login_cancelled = state.borrow().login_cancelled.clone();
|
||||
let fingerprint_available = state.borrow().fingerprint_available;
|
||||
|
||||
glib::spawn_future_local(clone!(
|
||||
#[weak]
|
||||
@@ -914,6 +962,7 @@ fn attempt_login(
|
||||
&greetd_sock,
|
||||
&login_cancelled,
|
||||
strings,
|
||||
fingerprint_available,
|
||||
)
|
||||
})
|
||||
.await;
|
||||
@@ -931,6 +980,7 @@ fn attempt_login(
|
||||
let warning = faillock_warning(*count, strings);
|
||||
drop(s);
|
||||
|
||||
set_login_sensitive(&password_entry, &session_dropdown, true);
|
||||
show_greetd_error(
|
||||
&error_label,
|
||||
&password_entry,
|
||||
@@ -941,24 +991,23 @@ fn attempt_login(
|
||||
let current = error_label.text().to_string();
|
||||
error_label.set_text(&format!("{current}\n{w}"));
|
||||
}
|
||||
set_login_sensitive(&password_entry, &session_dropdown, true);
|
||||
}
|
||||
Ok(Ok(LoginResult::Error { message })) => {
|
||||
show_error(&error_label, &password_entry, &message);
|
||||
set_login_sensitive(&password_entry, &session_dropdown, true);
|
||||
show_error(&error_label, &password_entry, &message);
|
||||
}
|
||||
Ok(Ok(LoginResult::Cancelled)) => {
|
||||
set_login_sensitive(&password_entry, &session_dropdown, true);
|
||||
}
|
||||
Ok(Err(e)) => {
|
||||
log::error!("Login worker error: {e}");
|
||||
show_error(&error_label, &password_entry, strings.socket_error);
|
||||
set_login_sensitive(&password_entry, &session_dropdown, true);
|
||||
show_error(&error_label, &password_entry, strings.socket_error);
|
||||
}
|
||||
Err(_) => {
|
||||
log::error!("Login worker panicked");
|
||||
show_error(&error_label, &password_entry, strings.socket_error);
|
||||
set_login_sensitive(&password_entry, &session_dropdown, true);
|
||||
show_error(&error_label, &password_entry, strings.socket_error);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -989,6 +1038,7 @@ fn login_worker(
|
||||
greetd_sock: &Arc<Mutex<Option<UnixStream>>>,
|
||||
login_cancelled: &Arc<std::sync::atomic::AtomicBool>,
|
||||
strings: &Strings,
|
||||
fingerprint_available: bool,
|
||||
) -> Result<LoginResult, String> {
|
||||
if login_cancelled.load(std::sync::atomic::Ordering::SeqCst) {
|
||||
log::debug!("Login cancelled before connect");
|
||||
@@ -997,7 +1047,9 @@ fn login_worker(
|
||||
|
||||
log::debug!("Connecting to greetd socket: {sock_path}");
|
||||
let mut sock = UnixStream::connect(sock_path).map_err(|e| e.to_string())?;
|
||||
if let Err(e) = sock.set_read_timeout(Some(std::time::Duration::from_secs(10))) {
|
||||
// Longer timeout when fingerprint is available — pam_fprintd waits for scan
|
||||
let read_timeout_secs = if fingerprint_available { 60 } else { 10 };
|
||||
if let Err(e) = sock.set_read_timeout(Some(std::time::Duration::from_secs(read_timeout_secs))) {
|
||||
log::warn!("Failed to set read timeout: {e}");
|
||||
}
|
||||
if let Err(e) = sock.set_write_timeout(Some(std::time::Duration::from_secs(10))) {
|
||||
@@ -1029,11 +1081,40 @@ fn login_worker(
|
||||
}
|
||||
}
|
||||
|
||||
// Step 2: Send password if auth message received
|
||||
if response.get("type").and_then(|v| v.as_str()) == Some("auth_message") {
|
||||
log::debug!("Sending auth response for {username}");
|
||||
response =
|
||||
ipc::post_auth_response(&mut sock, Some(password)).map_err(|e| e.to_string())?;
|
||||
// Step 2: Handle auth_message loop (supports multi-stage PAM, e.g. fprintd + password)
|
||||
const MAX_AUTH_ROUNDS: u32 = 5;
|
||||
let mut auth_round = 0;
|
||||
|
||||
while response.get("type").and_then(|v| v.as_str()) == Some("auth_message") {
|
||||
auth_round += 1;
|
||||
if auth_round > MAX_AUTH_ROUNDS {
|
||||
log::warn!("Too many auth rounds ({auth_round}), aborting");
|
||||
let _ = ipc::cancel_session(&mut sock);
|
||||
return Ok(LoginResult::Error {
|
||||
message: strings.auth_failed.to_string(),
|
||||
});
|
||||
}
|
||||
|
||||
if login_cancelled.load(std::sync::atomic::Ordering::SeqCst) {
|
||||
return Ok(LoginResult::Cancelled);
|
||||
}
|
||||
|
||||
let msg_type = response
|
||||
.get("auth_message_type")
|
||||
.and_then(|v| v.as_str())
|
||||
.unwrap_or("secret");
|
||||
|
||||
if msg_type == "secret" {
|
||||
log::debug!("Sending password for {username} (round {auth_round})");
|
||||
response =
|
||||
ipc::post_auth_response(&mut sock, Some(password)).map_err(|e| e.to_string())?;
|
||||
} else {
|
||||
// Non-secret prompt (e.g. fprintd "Place finger on reader")
|
||||
// PAM handles the actual verification; this blocks until resolved
|
||||
log::debug!("Acknowledging non-secret auth prompt (round {auth_round})");
|
||||
response =
|
||||
ipc::post_auth_response(&mut sock, None).map_err(|e| e.to_string())?;
|
||||
}
|
||||
|
||||
if login_cancelled.load(std::sync::atomic::Ordering::SeqCst) {
|
||||
return Ok(LoginResult::Cancelled);
|
||||
@@ -1046,14 +1127,6 @@ fn login_worker(
|
||||
username: username.to_string(),
|
||||
});
|
||||
}
|
||||
|
||||
if response.get("type").and_then(|v| v.as_str()) == Some("auth_message") {
|
||||
// Multi-stage auth is not supported
|
||||
let _ = ipc::cancel_session(&mut sock);
|
||||
return Ok(LoginResult::Error {
|
||||
message: strings.multi_stage_unsupported.to_string(),
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// Step 3: Start session
|
||||
@@ -1481,7 +1554,7 @@ mod tests {
|
||||
let result = login_worker(
|
||||
"alice", "wrongpass", "/usr/bin/niri",
|
||||
&sock_path, &default_greetd_sock(), &default_cancelled(),
|
||||
load_strings(Some("en")),
|
||||
load_strings(Some("en")), false,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
@@ -1523,7 +1596,7 @@ mod tests {
|
||||
let result = login_worker(
|
||||
"alice", "correct", "/usr/bin/bash",
|
||||
&sock_path, &default_greetd_sock(), &default_cancelled(),
|
||||
load_strings(Some("en")),
|
||||
load_strings(Some("en")), false,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
@@ -1532,40 +1605,104 @@ mod tests {
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn login_worker_multi_stage_rejected() {
|
||||
fn login_worker_multi_stage_fingerprint_then_password() {
|
||||
let (sock_path, handle) = fake_greetd(|stream| {
|
||||
// create_session
|
||||
let _msg = ipc::recv_message(stream).unwrap();
|
||||
ipc::send_message(stream, &serde_json::json!({
|
||||
"type": "auth_message",
|
||||
"auth_message_type": "visible",
|
||||
"auth_message": "Place your finger on the reader",
|
||||
})).unwrap();
|
||||
|
||||
// post_auth_response with None (fingerprint prompt acknowledged)
|
||||
let msg = ipc::recv_message(stream).unwrap();
|
||||
assert!(msg["response"].is_null());
|
||||
|
||||
// Fingerprint failed, PAM falls through to password
|
||||
ipc::send_message(stream, &serde_json::json!({
|
||||
"type": "auth_message",
|
||||
"auth_message_type": "secret",
|
||||
"auth_message": "Password: ",
|
||||
})).unwrap();
|
||||
|
||||
// post_auth_response → another auth_message (TOTP)
|
||||
let _msg = ipc::recv_message(stream).unwrap();
|
||||
ipc::send_message(stream, &serde_json::json!({
|
||||
"type": "auth_message",
|
||||
"auth_message_type": "visible",
|
||||
"auth_message": "TOTP: ",
|
||||
})).unwrap();
|
||||
// post_auth_response with password
|
||||
let msg = ipc::recv_message(stream).unwrap();
|
||||
assert_eq!(msg["response"], "correctpass");
|
||||
ipc::send_message(stream, &serde_json::json!({"type": "success"})).unwrap();
|
||||
|
||||
// cancel_session
|
||||
// start_session
|
||||
let _msg = ipc::recv_message(stream).unwrap();
|
||||
ipc::send_message(stream, &serde_json::json!({"type": "success"})).unwrap();
|
||||
});
|
||||
|
||||
let result = login_worker(
|
||||
"alice", "pass", "/usr/bin/niri",
|
||||
"alice", "correctpass", "/usr/bin/bash",
|
||||
&sock_path, &default_greetd_sock(), &default_cancelled(),
|
||||
load_strings(Some("en")),
|
||||
load_strings(Some("en")), true,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
assert!(matches!(result, LoginResult::Success { .. }));
|
||||
handle.join().unwrap();
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn login_worker_multi_stage_fingerprint_success() {
|
||||
let (sock_path, handle) = fake_greetd(|stream| {
|
||||
// create_session
|
||||
let _msg = ipc::recv_message(stream).unwrap();
|
||||
ipc::send_message(stream, &serde_json::json!({
|
||||
"type": "auth_message",
|
||||
"auth_message_type": "visible",
|
||||
"auth_message": "Place your finger on the reader",
|
||||
})).unwrap();
|
||||
|
||||
// post_auth_response with None → fingerprint matched via PAM
|
||||
let _msg = ipc::recv_message(stream).unwrap();
|
||||
ipc::send_message(stream, &serde_json::json!({"type": "success"})).unwrap();
|
||||
|
||||
// start_session
|
||||
let _msg = ipc::recv_message(stream).unwrap();
|
||||
ipc::send_message(stream, &serde_json::json!({"type": "success"})).unwrap();
|
||||
});
|
||||
|
||||
let result = login_worker(
|
||||
"alice", "", "/usr/bin/bash",
|
||||
&sock_path, &default_greetd_sock(), &default_cancelled(),
|
||||
load_strings(Some("en")), true,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
assert!(matches!(result, LoginResult::Success { .. }));
|
||||
handle.join().unwrap();
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn login_worker_max_auth_rounds_exceeded() {
|
||||
let (sock_path, handle) = fake_greetd(|stream| {
|
||||
// create_session
|
||||
let _msg = ipc::recv_message(stream).unwrap();
|
||||
|
||||
// Send 6 auth_messages (exceeds MAX_AUTH_ROUNDS=5)
|
||||
for _ in 0..6 {
|
||||
ipc::send_message(stream, &serde_json::json!({
|
||||
"type": "auth_message",
|
||||
"auth_message_type": "visible",
|
||||
"auth_message": "Prompt",
|
||||
})).unwrap();
|
||||
let _msg = ipc::recv_message(stream).unwrap();
|
||||
}
|
||||
});
|
||||
|
||||
let result = login_worker(
|
||||
"alice", "pass", "/usr/bin/bash",
|
||||
&sock_path, &default_greetd_sock(), &default_cancelled(),
|
||||
load_strings(Some("en")), false,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
assert!(matches!(result, LoginResult::Error { .. }));
|
||||
if let LoginResult::Error { message } = result {
|
||||
assert!(message.contains("Multi-stage"));
|
||||
}
|
||||
handle.join().unwrap();
|
||||
}
|
||||
|
||||
@@ -1595,7 +1732,7 @@ mod tests {
|
||||
let result = login_worker(
|
||||
"alice", "pass", "/usr/bin/bash",
|
||||
&sock_path, &default_greetd_sock(), &default_cancelled(),
|
||||
load_strings(Some("en")),
|
||||
load_strings(Some("en")), false,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
@@ -1610,7 +1747,7 @@ mod tests {
|
||||
let result = login_worker(
|
||||
"alice", "pass", "/usr/bin/niri",
|
||||
"/nonexistent/sock", &default_greetd_sock(), &cancelled,
|
||||
load_strings(Some("en")),
|
||||
load_strings(Some("en")), false,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
@@ -1623,7 +1760,7 @@ mod tests {
|
||||
let result = login_worker(
|
||||
"alice", "pass", "/usr/bin/niri",
|
||||
"/nonexistent/sock", &default_greetd_sock(), &cancelled,
|
||||
load_strings(Some("en")),
|
||||
load_strings(Some("en")), false,
|
||||
);
|
||||
|
||||
assert!(result.is_err());
|
||||
@@ -1653,7 +1790,7 @@ mod tests {
|
||||
let result = login_worker(
|
||||
"alice", "pass", "../../../etc/evil",
|
||||
&sock_path, &default_greetd_sock(), &default_cancelled(),
|
||||
load_strings(Some("en")),
|
||||
load_strings(Some("en")), false,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
@@ -1685,7 +1822,7 @@ mod tests {
|
||||
let result = login_worker(
|
||||
"alice", "pass", "niri-session",
|
||||
&sock_path, &default_greetd_sock(), &default_cancelled(),
|
||||
load_strings(Some("en")),
|
||||
load_strings(Some("en")), false,
|
||||
);
|
||||
|
||||
let result = result.unwrap();
|
||||
|
||||
+4
-3
@@ -23,7 +23,7 @@ pub struct Strings {
|
||||
pub greetd_sock_unreachable: &'static str,
|
||||
pub auth_failed: &'static str,
|
||||
pub wrong_password: &'static str,
|
||||
pub multi_stage_unsupported: &'static str,
|
||||
pub fingerprint_prompt: &'static str,
|
||||
pub invalid_session_command: &'static str,
|
||||
pub session_start_failed: &'static str,
|
||||
pub reboot_failed: &'static str,
|
||||
@@ -47,7 +47,7 @@ const STRINGS_DE: Strings = Strings {
|
||||
greetd_sock_unreachable: "GREETD_SOCK nicht erreichbar",
|
||||
auth_failed: "Authentifizierung fehlgeschlagen",
|
||||
wrong_password: "Falsches Passwort",
|
||||
multi_stage_unsupported: "Mehrstufige Authentifizierung wird nicht unterstützt",
|
||||
fingerprint_prompt: "Fingerabdruck auflegen oder Passwort eingeben",
|
||||
invalid_session_command: "Ungültiger Session-Befehl",
|
||||
session_start_failed: "Session konnte nicht gestartet werden",
|
||||
reboot_failed: "Neustart fehlgeschlagen",
|
||||
@@ -69,7 +69,7 @@ const STRINGS_EN: Strings = Strings {
|
||||
greetd_sock_unreachable: "GREETD_SOCK unreachable",
|
||||
auth_failed: "Authentication failed",
|
||||
wrong_password: "Wrong password",
|
||||
multi_stage_unsupported: "Multi-stage authentication is not supported",
|
||||
fingerprint_prompt: "Place finger on reader or enter password",
|
||||
invalid_session_command: "Invalid session command",
|
||||
session_start_failed: "Failed to start session",
|
||||
reboot_failed: "Reboot failed",
|
||||
@@ -282,6 +282,7 @@ mod tests {
|
||||
assert!(!s.greetd_sock_not_set.is_empty(), "{locale}: greetd_sock_not_set");
|
||||
assert!(!s.auth_failed.is_empty(), "{locale}: auth_failed");
|
||||
assert!(!s.wrong_password.is_empty(), "{locale}: wrong_password");
|
||||
assert!(!s.fingerprint_prompt.is_empty(), "{locale}: fingerprint_prompt");
|
||||
assert!(!s.reboot_failed.is_empty(), "{locale}: reboot_failed");
|
||||
assert!(!s.shutdown_failed.is_empty(), "{locale}: shutdown_failed");
|
||||
assert!(!s.faillock_attempts_remaining.is_empty(), "{locale}: faillock_attempts_remaining");
|
||||
|
||||
+6
-9
@@ -2,6 +2,7 @@
|
||||
// ABOUTME: Sets up GTK Application, Layer Shell, CSS, and multi-monitor windows.
|
||||
|
||||
mod config;
|
||||
mod fingerprint;
|
||||
mod greeter;
|
||||
mod i18n;
|
||||
mod ipc;
|
||||
@@ -51,15 +52,11 @@ fn activate(app: >k::Application) {
|
||||
|
||||
// Load config and resolve wallpaper
|
||||
let config = config::load_config(None);
|
||||
let bg_path = config::resolve_background_path(&config);
|
||||
log::debug!("Background path: {}", bg_path.display());
|
||||
|
||||
// Load background texture once — shared across all windows
|
||||
// Blur is applied on the GPU via GskBlurNode at widget realization time.
|
||||
let bg_texture = greeter::load_background_texture(&bg_path);
|
||||
if bg_texture.is_none() {
|
||||
log::error!("Failed to load background texture — greeter will start without wallpaper");
|
||||
}
|
||||
let bg_texture = config::resolve_background_path(&config)
|
||||
.and_then(|path| {
|
||||
log::debug!("Background path: {}", path.display());
|
||||
greeter::load_background_texture(&path)
|
||||
});
|
||||
|
||||
let use_layer_shell = std::env::var("MOONGREET_NO_LAYER_SHELL").is_err();
|
||||
log::debug!("Layer shell: {use_layer_shell}");
|
||||
|
||||
Reference in New Issue
Block a user