Rewrite moonlock from Python to Rust (v0.4.0)
Complete rewrite of the Wayland lockscreen from Python/PyGObject to Rust/gtk4-rs for memory safety in security-critical PAM code and consistency with the moonset/moongreet Rust ecosystem. Modules: main, lockscreen, auth (PAM FFI), fingerprint (fprintd D-Bus), config, i18n, users, power. 37 unit tests. Security: PAM conversation callback with Zeroizing password, panic hook that never unlocks, root check, ext-session-lock-v1 compositor policy, absolute loginctl path, avatar symlink rejection.
This commit is contained in:
@@ -0,0 +1,73 @@
|
||||
# Moonlock
|
||||
|
||||
A secure Wayland lockscreen with GTK4, PAM authentication and fingerprint support.
|
||||
Part of the Moonarch ecosystem.
|
||||
|
||||
## Features
|
||||
|
||||
- **ext-session-lock-v1** — Protocol-guaranteed screen locking (compositor keeps screen locked on crash)
|
||||
- **PAM authentication** — Uses system PAM stack (`/etc/pam.d/moonlock`)
|
||||
- **Fingerprint unlock** — fprintd D-Bus integration (optional)
|
||||
- **Multi-monitor** — Lockscreen on every monitor
|
||||
- **i18n** — German and English (auto-detected)
|
||||
- **Faillock warning** — UI counter + system pam_faillock
|
||||
- **Panic safety** — Panic hook logs but never unlocks
|
||||
- **Password wiping** — Zeroize on drop
|
||||
|
||||
## Requirements
|
||||
|
||||
- GTK 4
|
||||
- gtk4-session-lock (ext-session-lock-v1 support)
|
||||
- PAM (`/etc/pam.d/moonlock`)
|
||||
- Optional: fprintd for fingerprint support
|
||||
|
||||
## Building
|
||||
|
||||
```bash
|
||||
cargo build --release
|
||||
```
|
||||
|
||||
## Installation
|
||||
|
||||
```bash
|
||||
# Install binary
|
||||
sudo install -Dm755 target/release/moonlock /usr/bin/moonlock
|
||||
|
||||
# Install PAM config
|
||||
sudo install -Dm644 config/moonlock-pam /etc/pam.d/moonlock
|
||||
|
||||
# Optional: Install example config
|
||||
sudo install -Dm644 config/moonlock.toml.example /etc/moonlock/moonlock.toml.example
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
Create `/etc/moonlock/moonlock.toml` or `~/.config/moonlock/moonlock.toml`:
|
||||
|
||||
```toml
|
||||
background_path = "/usr/share/wallpapers/moon.jpg"
|
||||
fingerprint_enabled = true
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
Typically launched via keybind in your Wayland compositor:
|
||||
|
||||
```
|
||||
# Niri keybind example
|
||||
binds {
|
||||
Mod+L { spawn "moonlock"; }
|
||||
}
|
||||
```
|
||||
|
||||
## Development
|
||||
|
||||
```bash
|
||||
cargo test
|
||||
cargo build --release
|
||||
LD_PRELOAD=/usr/lib/libgtk4-layer-shell.so ./target/release/moonlock
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
MIT
|
||||
Reference in New Issue
Block a user