From: Remco van 't Veer <remco@remworks.net>
To: Oleander <7059548@protonmail.com>
Cc: help-guix@gnu.org
Subject: Re: swaylock does not accept my correct password and fails to unlock
Date: Fri, 22 Dec 2023 08:56:20 +0100 [thread overview]
Message-ID: <875y0qk6vv.fsf@remworks.net> (raw)
In-Reply-To: <Vkyua70CiIra-A9fmDrF0RzuRR2QNXlLHV6A2AaVHmcTCJ6M6bujzLiSVj66WfF32oACPfImhIjJvdT8Lezvryk6DXf3s317pKTbNa47IvI=@protonmail.com>
Hi,
This looks like a problem I had in June of this year. Something to do
with swaylock needing pam stuff instead of setuid. I fixed it by
removing the setuid on swaylock and adding the following service:
(define swaylock-service-type
(service-type
(name 'swaylock)
(description "Swaylock needs /etc/pam.d/swaylock configuration.")
(extensions
(list
(service-extension pam-root-service-type
(lambda (_)
(list
(pam-service
(name "swaylock")
(auth
(list
(pam-entry (control "include")
(module "login"))))))))))
(default-value #f)))
This works for me but I am not sure it's still needed. I am pretty sure
swaylock does not like to be setuid anymore.
A way to figure out what is wrong on your system would be to just run
swaylock from something like xterm and capture all output somewhere to
review later. It will probably utter some complaints to stdout or
stderr.
Cheers,
Remco
2023/12/21, Oleander via:
> Hello,
> has anyone had any problem with swaylock/swaylock-effects recently?
> They don't accept my correct password when trying to unlock.
>
> I use the following lockscreen.sh and system.scm:
>
> @example
> #!/bin/sh
>
> # Times the screen off and puts it to background
> swayidle \
> timeout 60 'swaymsg "output * dpms off"' \
> resume 'swaymsg "output * dpms on"' &
>
> # Locks the screen immediately
> swaylock --clock --indicator --screenshots --effect-scale 0.4
> --effect-vignette 0.2:0.5 --effect-blur 4x2 --datestr "%a %e.%m.%Y"
> --timestr "%k:%M"
>
> # Kills last background task so idle timer doesn't keep running
> kill %%
> @end example
>
> @example
> ;; Guix config with swaywm, encrypted with LUKS
>
> (use-modules
> (gnu) (gnu system nss) (gnu system setuid))
> (use-service-modules
> dbus desktop networking sddm sound ssh)
> (use-package-modules
> certs
> compression
> disk
> emacs
> finance
> fonts
> fontutils
> freedesktop
> glib
> games
> gnome
> gnupg
> gnuzilla
> gtk
> haskell-xyz
> image
> linux
> package-management
> password-utils
> pulseaudio
> rsync
> ruby
> ssh
> terminals
> tex
> texinfo
> version-control
> wm)
>
> (operating-system
> (host-name "t420")
> (timezone "Europe/Rome")
> (locale "en_US.utf8")
>
> ;; Keyboard layout.
> (keyboard-layout (keyboard-layout "us"))
>
> ;; Bootloader
> (bootloader (bootloader-configuration
> (bootloader grub-bootloader)
> (terminal-outputs '(console))
> (targets (list "/dev/sda"))
> (keyboard-layout keyboard-layout)))
>
> ;; Specify a mapped device for the encrypted root partition.
> ;; The UUID is that returned by 'cryptsetup luksUUID'.
> (mapped-devices
> (list (mapped-device
> (source (uuid "8022876e-e0cc-4ec5-8363-0f07c590cdbc"))
> (targets (list "guix-root"))
> (type luks-device-mapping))))
>
> (file-systems
> (append
> (list (file-system
> (device (file-system-label "guix-root"))
> (mount-point "/")
> (type "ext4")
> (dependencies mapped-devices)))
> %base-file-systems))
>
> (swap-devices (list
> (swap-space (target "/swapfile"))))
>
> ;; Define users and groups.
> (users
> (cons (user-account
> (name "oleander")
> (comment "")
> (group "users")
> (home-directory "/home/oleander")
> (supplementary-groups '("wheel" "netdev"
> "audio" "video" "input")))
> %base-user-accounts))
>
> ;; Sudoers
> (sudoers-file
> (plain-file "sudoers" "\
> %root ALL=(ALL) ALL
> %wheel ALL=(ALL) ALL
> %wheel ALL=(ALL) NOPASSWD: /run/current-system/profile/sbin/reboot\n"))
>
> ;; This is where we specify system-wide packages.
> (packages
> (append
> (list
> adwaita-icon-theme
> alacritty
> at-spi2-core
> dbus
> emacs
> font-awesome
> fontconfig
> font-dejavu
> font-gnu-unifont
> fzf
> git
> gnupg
> grim
> gtypist
> icecat
> keepassxc
> ledger
> nss-certs
> openssh-sans-x
> pandoc
> parted
> pass-otp
> password-store
> pavucontrol
> pinentry
> pulseaudio
> rsync
> ruby-asciidoctor
> slurp
> stow
> sway
> swayidle
> swaylock-effects
> texinfo
> texlive-base
> unzip
> waybar
> xdg-utils
> zip)
> %base-packages))
>
> ;; Some programs need to run with “root” privileges, even when they
> are launched by unprivileged users
> (setuid-programs (cons*
> (setuid-program
> (program
> (file-append swaylock-effects "/bin/swaylock")))
> %setuid-programs))
>
> ;; Services
> (services
> (cons*
> (service alsa-service-type
> (alsa-configuration
> (pulseaudio? #t)))
> (service dbus-root-service-type)
> (service elogind-service-type)
> (service openssh-service-type
> (openssh-configuration
> (openssh openssh-sans-x)
> (port-number 22)
> (password-authentication? #f)
> (permit-root-login 'prohibit-password)
> (authorized-keys
> `(("oleander" ,(local-file "/home/oleander/.ssh/authorized_keys"))))))
> (service polkit-service-type)
> (service sddm-service-type
> (sddm-configuration
> (auto-login-user "oleander")
> (display-server "wayland")))
> ;; Static networking for one NIC, IPv4-only.
> (service static-networking-service-type
> (list (static-networking
> (addresses
> (list (network-address
> (device "wlp1s0")
> (value "192.168.1.200/24"))))
> (routes
> (list (network-route
> (destination "default")
> (gateway "192.168.1.1"))))
> (name-servers '("1.1.1.1" "1.0.0.1")))))
> (service wpa-supplicant-service-type
> (wpa-supplicant-configuration
> (config-file "/etc/wpa-supplicant/wpa-supplicant.conf")
> (interface "wlp1s0")))
> %base-services))
>
> ;; Allow resolution of '.local' host names with mDNS.
> (name-service-switch %mdns-host-lookup-nss))
> @end example
>
> Also, do you have any suggestion to improve my code? One thing I never
> figured out is how to log in to the system automatically without a
> display manager.
>
> I found this config
> https://gitlab.com/mbakke/guix-sway-example/-/tree/master but I don't
> know if it still works and I need some time to study/understand the
> code before merging some of it into my config without creating a mess.
>
> Thank you
next prev parent reply other threads:[~2023-12-22 7:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-21 14:09 swaylock does not accept my correct password and fails to unlock Oleander via
2023-12-22 7:56 ` Remco van 't Veer [this message]
2023-12-22 8:24 ` Emmanuel Beffara
2023-12-22 8:57 ` Remco van 't Veer
2023-12-22 14:20 ` Oleander via
2023-12-22 15:10 ` Remco van 't Veer
2023-12-22 15:10 ` Emmanuel Beffara
2023-12-25 8:58 ` Oleander via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875y0qk6vv.fsf@remworks.net \
--to=remco@remworks.net \
--cc=7059548@protonmail.com \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.