The registry signing key was imported without verifying its fingerprint,
allowing a MITM or compromised server to inject a rogue key. Now checks
the downloaded key against a pinned fingerprint before import. Also adds
trap EXIT for tempfile cleanup and rejects empty curl responses.
Import Gitea Arch registry key dynamically and configure pacman
with SigLevel = Required DatabaseOptional. Key ID is extracted
from the downloaded key file to avoid hardcoding.
These configs are owned by their respective packages in /etc/xdg/ so
the XDG copy loop installs the package defaults instead of ours.
Overwrite with moonarch versions from /usr/share/moonarch/ after the
loop.
cp -r from /etc/xdg/ preserved root ownership on directories,
causing rm -rf to fail on subsequent runs. Add --no-preserve=ownership
to cp and escalated rm fallback for existing root-owned dirs.
Walker (GTK4 + Elephant backend) replaces rofi-lbonn-wayland-git as the
central launcher and menu framework.
Native Walker providers replace 5 custom rofi scripts:
- App launcher (desktopapplications provider)
- Clipboard (clipboard provider, replaces cliphist frontend)
- Bluetooth (bluetooth provider, replaces bluetoothctl script)
- Volume/audio (wireplumber provider)
- Sink switcher (wireplumber provider)
3 scripts ported to Walker dmenu mode:
- moonarch-vpn (nmcli)
- moonarch-cpugov (auto-cpufreq)
- moonarch-sink-switcher (pactl)
Settings menu (moonarch-setmen) removed — apps are findable via Walker
app search directly.
Walker theme (gtk-inherit) inherits all colors from the active GTK4
theme instead of hardcoding Catppuccin values.
Walker and Elephant run as systemd user services for instant startup.
Also standardizes GTK theme to Colloid-Grey-Dark-Catppuccin across all
config files (was inconsistent between gsettings and file configs).
Old rofi configs preserved in legacy/rofi/ for reference.
Bug fixes from quality and security audits:
- moonarch-capsnote: use value[0] instead of value[2]
- moonarch-btnote: guard empty PER_INT before integer comparison
- moonarch-clipboard + niri config: use XDG_RUNTIME_DIR instead of UID 1000
- moonarch-waybar-hidpp: use charging icon when charging
- moonarch-waybar-gpustat: find gpu_busy_percent dynamically across hwmon*
- post-install/transform: use systemctl --user cat for service detection
- post-install/transform: install paru from [extra] instead of AUR clone
Replace wlogout with moonset in niri keybind and waybar on-click.
Remove moonarch-session (dead code, replaced by moonset) and wlogout
layout config.
Refactor post-install.sh and transform.sh to install moonarch-git via
paru instead of manually copying configs, scripts, and themes. Remove
install-themes.sh (replaced by sweet-cursors-git dependency). Replace
update.sh with deprecation notice that forwards to the package-provided
moonarch-update in /usr/bin/.
Extract shared helpers into lib.sh (log, err, confirm, path constants)
and refactor post-install.sh + update.sh to source it.
New transform.sh converts an existing Arch+Wayland system to Moonarch:
pre-flight summary, config backup, DM conflict resolution, PulseAudio
removal, full package install, and hard overwrite of all configs.
Also migrate kanshi from niri spawn-at-startup to systemd user service.
