nevaforget/moonlock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: audit fixes — peek icon, blur limit, GResource compression, sync markers (v0.6.8)
All checks were successful
Update PKGBUILD version / update-pkgver (push) Successful in 2s
Details

Browse Source 
- Enable peek icon on password entry (consistent with moongreet)
- Raise blur limit from 100 to 200 (consistent with moongreet/moonset)
- Add compressed="true" to GResource CSS/SVG entries
- Add SYNC comments to duplicated blur/background functions
This commit is contained in:
nevaforget 2026-03-31 11:08:36 +02:00
parent 102520d15f
commit 2a9cc52223
7 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CLAUDE.md
View File

@ -60,5 +60,5 @@ LD_PRELOAD=/usr/lib/libgtk4-layer-shell.so ./target/release/moonlock
- Root-Check: Exit mit Fehler wenn als root gestartet - Root-Check: Exit mit Fehler wenn als root gestartet
- Faillock: UI-Warnung nach 3 Fehlversuchen, aber PAM entscheidet über Lockout (Entry bleibt aktiv) - Faillock: UI-Warnung nach 3 Fehlversuchen, aber PAM entscheidet über Lockout (Entry bleibt aktiv)
- Kein Schließen per Escape/Alt-F4 — nur durch erfolgreiche PAM-Auth oder Fingerprint - Kein Schließen per Escape/Alt-F4 — nur durch erfolgreiche PAM-Auth oder Fingerprint
- Kein Peek-Icon am Passwortfeld (Shoulder-Surfing-Schutz) - Peek-Icon am Passwortfeld aktiv (UX-Entscheidung, konsistent mit moongreet)
- GResource-Bundle: CSS/Assets in der Binary kompiliert - GResource-Bundle: CSS/Assets in der Binary kompiliert

2
Cargo.lock generated
View File

@ -575,7 +575,7 @@ dependencies = [
[[package]] [[package]]
name = "moonlock" name = "moonlock"
version = "0.6.7" version = "0.6.8"
dependencies = [ dependencies = [
"gdk-pixbuf", "gdk-pixbuf",
"gdk4", "gdk4",

2
Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "moonlock" name = "moonlock"
version = "0.6.7" version = "0.6.8"
edition = "2024" edition = "2024"
description = "A secure Wayland lockscreen with GTK4, PAM and fingerprint support" description = "A secure Wayland lockscreen with GTK4, PAM and fingerprint support"
license = "MIT" license = "MIT"

7
DECISIONS.md
View File

@ -2,6 +2,13 @@
Architectural and design decisions for Moonlock, in reverse chronological order. Architectural and design decisions for Moonlock, in reverse chronological order.
## 2026-03-31 Fourth audit: peek icon, blur limit, GResource compression, sync markers
- **Who**: Ragnar, Dom
- **Why**: Fourth triple audit found blur limit inconsistency (moonlock 0100 vs moongreet/moonset 0200), missing GResource compression, peek icon inconsistency, and duplicated code without sync markers.
- **Tradeoffs**: Peek icon enabled in lockscreen — user decision favoring UX consistency over shoulder-surfing protection. Acceptable for single-user desktop. Blur limit raised to 200 for ecosystem consistency.
- **How**: (1) `show_peek_icon(true)` in lockscreen password entry. (2) `clamp(0.0, 200.0)` for blur in config.rs. (3) `compressed="true"` on CSS/SVG GResource entries. (4) SYNC comments on duplicated blur/background functions pointing to moongreet and moonset.
## 2026-03-30 Third audit: blur offset, lock-before-IO, FP signal lifecycle, TOCTOU ## 2026-03-30 Third audit: blur offset, lock-before-IO, FP signal lifecycle, TOCTOU
- **Who**: Nyx, Dom - **Who**: Nyx, Dom

4
resources/resources.gresource.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<gresources> <gresources>
<gresource prefix="/dev/moonarch/moonlock"> <gresource prefix="/dev/moonarch/moonlock">
<file>style.css</file> <file compressed="true">style.css</file>
<file>default-avatar.svg</file> <file compressed="true">default-avatar.svg</file>
</gresource> </gresource>
</gresources> </gresources>

2
src/config.rs
View File

@ -52,7 +52,7 @@ pub fn load_config(config_paths: Option<&[PathBuf]>) -> Config {
Ok(parsed) => { Ok(parsed) => {
if parsed.background_path.is_some() { merged.background_path = parsed.background_path; } if parsed.background_path.is_some() { merged.background_path = parsed.background_path; }
if let Some(blur) = parsed.background_blur { if let Some(blur) = parsed.background_blur {
merged.background_blur = Some(blur.clamp(0.0, 100.0)); merged.background_blur = Some(blur.clamp(0.0, 200.0));
} }
if let Some(fp) = parsed.fingerprint_enabled { merged.fingerprint_enabled = fp; } if let Some(fp) = parsed.fingerprint_enabled { merged.fingerprint_enabled = fp; }
} }

6
src/lockscreen.rs
View File

@ -137,7 +137,7 @@ pub fn create_lockscreen_window(
// Password entry // Password entry
let password_entry = gtk::PasswordEntry::builder() let password_entry = gtk::PasswordEntry::builder()
.placeholder_text(strings.password_placeholder) .placeholder_text(strings.password_placeholder)
.show_peek_icon(false) .show_peek_icon(true)
.hexpand(true) .hexpand(true)
.build(); .build();
password_entry.add_css_class("password-entry"); password_entry.add_css_class("password-entry");
@ -566,6 +566,10 @@ fn create_background_picture(
} }
/// Maximum texture dimension for blur input. Textures larger than this are /// Maximum texture dimension for blur input. Textures larger than this are
// SYNC: MAX_BLUR_DIMENSION, render_blurred_texture, and create_background_picture
// are duplicated in moongreet/src/greeter.rs and moonset/src/panel.rs.
// Changes here must be mirrored to the other two projects.
/// downscaled before blurring — the blur destroys detail anyway, so there is /// downscaled before blurring — the blur destroys detail anyway, so there is
/// no visible quality loss, but GPU work is reduced significantly. /// no visible quality loss, but GPU work is reduced significantly.
const MAX_BLUR_DIMENSION: f32 = 1920.0; const MAX_BLUR_DIMENSION: f32 = 1920.0;