Hygiene audit found deps clean but CI ran no vulnerability scan, so a
future advisory against a locked crate would go undetected. Add an
Audit workflow running cargo audit on push/PR — parses Cargo.lock,
needs no GTK4 build env.
Remove pkg/PKGBUILD: orphaned moonlock-git VCS recipe from the
pre-tag-build era, two minors behind; canonical packaging lives in
moonarch-pkgbuilds and is auto-bumped by update-pkgver.yaml. Drop the
now-dead pkg/* makepkg ignore lines and add .pytest_cache/.
No version bump — no change to the binary.
Complete rewrite of the Wayland lockscreen from Python/PyGObject to
Rust/gtk4-rs for memory safety in security-critical PAM code and
consistency with the moonset/moongreet Rust ecosystem.
Modules: main, lockscreen, auth (PAM FFI), fingerprint (fprintd D-Bus),
config, i18n, users, power. 37 unit tests.
Security: PAM conversation callback with Zeroizing password, panic hook
that never unlocks, root check, ext-session-lock-v1 compositor policy,
absolute loginctl path, avatar symlink rejection.
Wayland does not expose absolute pointer coordinates to clients,
so we cannot reliably detect which monitor has focus. Instead,
show the full lockscreen UI on every monitor — the compositor
assigns keyboard focus to the surface under the pointer via
ext-session-lock-v1.
Share a single FingerprintListener across all windows to avoid
multiple device claims. Also add makepkg build artifacts to
gitignore.
nevaforget