~kennylevinsen/greetd

greetd: add terminal switch flag configuration option

This adds "switch" true/false flag in "terminal" section of
configuration file.

Flag controls whether terminal under control should be switched to
when greetd starts. If "switch" set to true, greetd behaves as it
did before, on start vt_setactivate will be called. If "switch" set
to false, and terminal under control by greetd is not currently
active VT, greetd will wait for terminal to become active with
vt_waitactive, which translates to VT_WAITACTIVE ioctl call.

* greetd/src/config/mod.rs: add "switch" flag
* greetd/src/server.rs: add using "switch" flag and waiting for active
* greetd/src/terminal/mod.rs: add vt_waitactive method
* man/greetd-5.scd: mention "switch" configuration option
ipc: Fix tokio codec
rustfmt: Change merge_imports to imports_granularity
docs: Fix scdoc syntax for greetd.5
Ensure initial session is only run once.

Security concerns were raised regarding the initial session being
executed whenever greetd was restarted (when signing out of one's DE,
when greetd or a greeter restarted or crashed, ...).

This creates a runfile (by default at /run/greetd.run) either when the
initial session is executed or when a greeter is started. Whenever this
file exists, the initial session is ignored (and the configured greeter
is always run).
41c6b5f1 — cinerea0 3 months ago
Add makefile for man pages
recommend making config world readable rather than setting owner

There is no secret material that needs to be unreadable except to the
daemon, but if there were, the current instructions never recommended
setting a locked down mode.

The daemon doesn't need write access either.

Recommending chown rather than making the config world readable as is
typical for bog standard system configs, is confusing and inconsistent
with e.g. the in house AUR packaging. It also might be erroneously
interpreted as a requirement, which is challenging for packaging systems
that don't support distributing files/directories owned by non-root
users.
readme: Add discuss section
deps: update nix and other dependencies

`fork` is now marked as unsafe (nix-rust/nix#1030)
deps: update tokio to 1.0
ci: Disable automatic github mirroring
docs: Document new general section
config: Fix tests for general section
config: Add general.source_profile

This adds a system-wide toggle for whether the system profile should be
sourced by /bin/sh before running the command. Note that the command
will still be run with /bin/sh, regardless of profile sourcing.

The option defaults to true for now.

Example usage:

	[general]
	source_profile = false
Use additional pam service config for greeter

Check the existence and attempt to use `greetd-greeter` pam service file
for greeter sessions. The fallback is a standard greetd pam service,
i.e. `greetd` or `login`.

Rationale: proper configurations for different session types can vary in
acceptable modules. Certain modules like `pam_selinux` are actually
harmful for an unprivileged greeter session as it removes the SELinux
security label from the greeter processes.
config: Skip reading config in session worker

The decision to start a session worker or main process is taken after
the config module has been queried. This means that the regular process
for loading config files is also run. This can lead to errors if the
config file is not in the default location, as the session worker does
not receive the config argument.

Skip reading config files if the session-worker flag is set.
Use stdin as VT for current/none vt selections

The controlling tty will now be obtained from stdin if possible for
current/non, which is useful for inittab setups and shell test
use-cases.
Terminate cleanly on SIGINT
Use per-pid socket paths

Use of per-pid socket paths allows multiple greetd instances to be
started without accidentally trampling on eachothers' socket paths.

This has the added benefit of rendering the socket-path configuration
unnecessary.

Delete the listener on Drop for cleanup.
Next