nevaforget/moonlock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34 Commits 1 Branch 16 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
nevaforget 4026f6dafa fix: audit fixes — double-unlock guard, PAM OOM code, GPU blur, async fp stop (v0.5.1) 
Security: prevent double unlock() when PAM and fingerprint succeed
simultaneously (ext-session-lock protocol error). Fix PAM callback
returning PAM_AUTH_ERR instead of PAM_BUF_ERR on calloc OOM.

Performance: replace CPU-side Gaussian blur (image crate) with GPU blur
via GskBlurNode + GskRenderer::render_texture(). Eliminates 500ms-2s
main-thread blocking on cold cache for 4K wallpapers. Remove image and
dirs dependencies (~15 transitive crates). Make fingerprint stop()
fire-and-forget async to avoid 6s UI block after successful auth.
2026-03-28 22:06:38 +01:00
config
Add security hardening, config system, and integration tests
2026-03-26 12:36:58 +01:00
pkg
feat: switch logging to systemd journal (v0.4.2)
2026-03-28 01:11:48 +01:00
resources
Rewrite moonlock from Python to Rust (v0.4.0)
2026-03-27 23:09:54 +01:00
src
fix: audit fixes — double-unlock guard, PAM OOM code, GPU blur, async fp stop (v0.5.1)
2026-03-28 22:06:38 +01:00
.gitignore
Rewrite moonlock from Python to Rust (v0.4.0)
2026-03-27 23:09:54 +01:00
build.rs
Rewrite moonlock from Python to Rust (v0.4.0)
2026-03-27 23:09:54 +01:00
Cargo.lock
fix: audit fixes — double-unlock guard, PAM OOM code, GPU blur, async fp stop (v0.5.1)
2026-03-28 22:06:38 +01:00
Cargo.toml
fix: audit fixes — double-unlock guard, PAM OOM code, GPU blur, async fp stop (v0.5.1)
2026-03-28 22:06:38 +01:00
CLAUDE.md
fix: audit fixes — double-unlock guard, PAM OOM code, GPU blur, async fp stop (v0.5.1)
2026-03-28 22:06:38 +01:00
DECISIONS.md
fix: audit fixes — double-unlock guard, PAM OOM code, GPU blur, async fp stop (v0.5.1)
2026-03-28 22:06:38 +01:00
README.md
fix: audit fixes — async restart_verify, locale caching, panic safety (v0.5.0)
2026-03-28 10:16:06 +01:00

README.md

Moonlock

A secure Wayland lockscreen with GTK4, PAM authentication and fingerprint support. Part of the Moonarch ecosystem.

Features

  • ext-session-lock-v1 — Protocol-guaranteed screen locking (compositor keeps screen locked on crash)
  • PAM authentication — Uses system PAM stack (/etc/pam.d/moonlock)
  • Fingerprint unlock — fprintd D-Bus integration, async init (optional, window appears instantly)
  • Multi-monitor — Lockscreen on every monitor, single shared fingerprint listener
  • i18n — German and English (auto-detected)
  • Faillock warning — UI counter + system pam_faillock
  • Panic safety — Panic hook logs but never unlocks
  • Password wiping — Zeroize on drop

Requirements

  • GTK 4
  • gtk4-session-lock (ext-session-lock-v1 support)
  • PAM (/etc/pam.d/moonlock)
  • Optional: fprintd for fingerprint support

Building

cargo build --release

Installation

# Install binary
sudo install -Dm755 target/release/moonlock /usr/bin/moonlock

# Install PAM config
sudo install -Dm644 config/moonlock-pam /etc/pam.d/moonlock

# Optional: Install example config
sudo install -Dm644 config/moonlock.toml.example /etc/moonlock/moonlock.toml.example

Configuration

Create /etc/moonlock/moonlock.toml or ~/.config/moonlock/moonlock.toml:

background_path = "/usr/share/wallpapers/moon.jpg"
fingerprint_enabled = true

Usage

Typically launched via keybind in your Wayland compositor:

# Niri keybind example
binds {
    Mod+L { spawn "moonlock"; }
}

Development

cargo test
cargo build --release
LD_PRELOAD=/usr/lib/libgtk4-layer-shell.so ./target/release/moonlock

License

MIT

Description
No description provided
Readme 990 KiB
Languages
Rust 96.2%
CSS 2.5%
Shell 1.3%