nevaforget/moonlock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35 Commits 1 Branch 16 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
nevaforget d11b6e634e fix: audit fixes — D-Bus sender validation, fp lifecycle, multi-monitor caching (v0.6.0) 
Close the only exploitable auth bypass: validate VerifyStatus signal sender
against fprintd's unique bus name. Fix fingerprint D-Bus lifecycle so devices
are properly released on verify-match and async restarts check the running
flag between awaits.

Security: num_msg guard in PAM callback, symlink rejection for background_path,
peek icon disabled, TOML parse errors logged, panic hook before logging.

Performance: blur and avatar textures cached across monitors, release profile
with LTO/strip.
2026-03-28 22:47:09 +01:00
config
Add security hardening, config system, and integration tests
2026-03-26 12:36:58 +01:00
pkg
feat: switch logging to systemd journal (v0.4.2)
2026-03-28 01:11:48 +01:00
resources
Rewrite moonlock from Python to Rust (v0.4.0)
2026-03-27 23:09:54 +01:00
src
fix: audit fixes — D-Bus sender validation, fp lifecycle, multi-monitor caching (v0.6.0)
2026-03-28 22:47:09 +01:00
.gitignore
Rewrite moonlock from Python to Rust (v0.4.0)
2026-03-27 23:09:54 +01:00
build.rs
Rewrite moonlock from Python to Rust (v0.4.0)
2026-03-27 23:09:54 +01:00
Cargo.lock
fix: audit fixes — D-Bus sender validation, fp lifecycle, multi-monitor caching (v0.6.0)
2026-03-28 22:47:09 +01:00
Cargo.toml
fix: audit fixes — D-Bus sender validation, fp lifecycle, multi-monitor caching (v0.6.0)
2026-03-28 22:47:09 +01:00
CLAUDE.md
fix: audit fixes — D-Bus sender validation, fp lifecycle, multi-monitor caching (v0.6.0)
2026-03-28 22:47:09 +01:00
DECISIONS.md
fix: audit fixes — D-Bus sender validation, fp lifecycle, multi-monitor caching (v0.6.0)
2026-03-28 22:47:09 +01:00
README.md
fix: audit fixes — async restart_verify, locale caching, panic safety (v0.5.0)
2026-03-28 10:16:06 +01:00

README.md

Moonlock

A secure Wayland lockscreen with GTK4, PAM authentication and fingerprint support. Part of the Moonarch ecosystem.

Features

  • ext-session-lock-v1 — Protocol-guaranteed screen locking (compositor keeps screen locked on crash)
  • PAM authentication — Uses system PAM stack (/etc/pam.d/moonlock)
  • Fingerprint unlock — fprintd D-Bus integration, async init (optional, window appears instantly)
  • Multi-monitor — Lockscreen on every monitor, single shared fingerprint listener
  • i18n — German and English (auto-detected)
  • Faillock warning — UI counter + system pam_faillock
  • Panic safety — Panic hook logs but never unlocks
  • Password wiping — Zeroize on drop

Requirements

  • GTK 4
  • gtk4-session-lock (ext-session-lock-v1 support)
  • PAM (/etc/pam.d/moonlock)
  • Optional: fprintd for fingerprint support

Building

cargo build --release

Installation

# Install binary
sudo install -Dm755 target/release/moonlock /usr/bin/moonlock

# Install PAM config
sudo install -Dm644 config/moonlock-pam /etc/pam.d/moonlock

# Optional: Install example config
sudo install -Dm644 config/moonlock.toml.example /etc/moonlock/moonlock.toml.example

Configuration

Create /etc/moonlock/moonlock.toml or ~/.config/moonlock/moonlock.toml:

background_path = "/usr/share/wallpapers/moon.jpg"
fingerprint_enabled = true

Usage

Typically launched via keybind in your Wayland compositor:

# Niri keybind example
binds {
    Mod+L { spawn "moonlock"; }
}

Development

cargo test
cargo build --release
LD_PRELOAD=/usr/lib/libgtk4-layer-shell.so ./target/release/moonlock

License

MIT

Description
No description provided
Readme 990 KiB
Languages
Rust 96.2%
CSS 2.5%
Shell 1.3%