From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:5f26::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id H0uyBVZBhWUfGAEAkFu2QA (envelope-from ) for ; Fri, 22 Dec 2023 08:57:10 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id EEBkAFZBhWXclQAAqHPOHw (envelope-from ) for ; Fri, 22 Dec 2023 08:57:10 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=remworks.net header.s=fm1 header.b=FQqY+gri; dkim=pass header.d=messagingengine.com header.s=fm2 header.b="r HgZgi+"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1703231829; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=bXZYjiCeiNMBc3fT7xzQ7SIGOMVQ5/AfnpwxjXwrGiE=; b=kLH1PVsQftwreG5NAcl/b7n4UAxKYJ+lds46lLYkpeK+x/sDprQWsrD0ByJvava7+hVs7x ZAP9r8dKTYwH4MUnCOGbn2nTMQxvRD/m0NTACZQlAVnOzJEGLQ7OPvYwI4NWn/MRRKWSvv Zeed/6RRW+ckJa7JMEWI6GYnd6W+uRCdjKQjKX/lu3O/Nd0xg9caG6PT6B+TyDHlKEksws cnW7q4WQ1rNIJ9+fluluALtl9EJOdWWf5zevfjG4vmjscsxTehXxhxN/wC0Bkj7utZqHuS m86rZKA4AlOv82kKwasmhwAivp0yYcetrSvi5shvax5dagXp1h+GGKLq5pGXMw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1703231829; a=rsa-sha256; cv=none; b=J4waJGWM5VP5fl5mcVWIXyOOt5bu3fcjS5Ai3HhSue98jMGoFwDDC9+YZT8Yf18XETySc2 oXiQK7Iu8qx03h08rHgXjVzoeYRmihSTTiOaSDxoJr47JjHV3h8DhDWDGcb1/AIYPhariP KabzsxM4Mpg32IHqZEDwP+1Asq6JpnP5qwmP1Tb683ToNUA17KOnluOv0QfDKxfMRCzXMX 1mTZQ/RWExdf+xCmgJ3ywdytrkRpkCZPOprG+G+W/Xpvl3vV8SYtVP1qDgMNUiYVmB4Dw3 5ZUYf4cw1D4gAvWAmTtDB4LQkfrBNV4phROOZ+ZvFpP1XAZwswcmmY/rSMflrQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=remworks.net header.s=fm1 header.b=FQqY+gri; dkim=pass header.d=messagingengine.com header.s=fm2 header.b="r HgZgi+"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C885F36CF3 for ; Fri, 22 Dec 2023 08:57:09 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGaOX-00018N-G1; Fri, 22 Dec 2023 02:56:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGaOU-00017z-Ho for help-guix@gnu.org; Fri, 22 Dec 2023 02:56:31 -0500 Received: from wout5-smtp.messagingengine.com ([64.147.123.21]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGaOS-0001b1-2g for help-guix@gnu.org; Fri, 22 Dec 2023 02:56:30 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 7BF8E32000F9; Fri, 22 Dec 2023 02:56:23 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Fri, 22 Dec 2023 02:56:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1703231782; x=1703318182; bh=bXZYjiCeiNMBc3fT7xzQ7SIGOMVQ5/AfnpwxjXwrGiE=; b= FQqY+griuIj/Fm1cfRt9+3F8nGAU+oKFIVhnA/X1uvn/cz+qqWUKHG2u345Rn1O/ H9ezOL4gXtfZl7w92Y3zjYsQKDh4gw2F5rMdUp79Nrmaza7/g/ks14dVzjfPIziV p52QI/C4p5YTFfKqtlbJk9UIk3odQQTsQY9fjhlK3/+/EjZ8FpUPGLxU2Dfqz7+/ 9YFs0pycHlzrp8rwZ+GmnVSZaKHLLNv2tglgxy9mpjChE+Pa3hcWuYceh9QHye9j KVSo3xpw07al3t67gz4j/mMvD9IHCxvekIOkf6YzAusju6JfFpPvxn35rmC4dkMu Nf2UrFSZWXJsh6Rc11LZXg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1703231782; x= 1703318182; bh=bXZYjiCeiNMBc3fT7xzQ7SIGOMVQ5/AfnpwxjXwrGiE=; b=r HgZgi+Pp6T5hFrFk/RAOIhMbLxVI0unj3aUeU26LEP5C1kZO7wxgJl2ZlMcTDb8L y7kDMayBSgQqAtfzNMgTVQw+eqOsGidYO5XML1udK9ldVTPAq8KKrzsWcaSe6I3t FxeJwGHHVsNHNeDjGeb71uDEq5nVWQKpWmywJALLE6hm1ehbuZjh1L2F5SAIkwdo 02I8+ranvqCvB0OW7tp2X1MU01RPRLr4PXXplydFDTYQBFt2VfQVeUaIo9dw9sx/ HecP+fHmtu7eoQtJ/6h8pkDgclb10YTY8McbKLoOdVTCcJUv+uyKbdzYPjbbmtJg C3q22eWCB367e6KC03iyw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdduiedgudduvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfhgfhffvvefujgffkfggtgfgse htqhertddtreejnecuhfhrohhmpeftvghmtghouchvrghnucdkthcugggvvghruceorhgv mhgtohesrhgvmhifohhrkhhsrdhnvghtqeenucggtffrrghtthgvrhhnpeekheeggeethe ekieevtdfhleekgffgheehleehffffkefhieefjeduheekteeigeenucffohhmrghinhep ghhithhlrggsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomheprhgvmhgtohesrhgvmhifohhrkhhsrdhnvght X-ME-Proxy: Feedback-ID: i7e59465b:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 22 Dec 2023 02:56:22 -0500 (EST) References: User-agent: mu4e 1.10.8; emacs 29.1 From: Remco van 't Veer To: Oleander <7059548@protonmail.com> Cc: help-guix@gnu.org Subject: Re: swaylock does not accept my correct password and fails to unlock In-reply-to: Date: Fri, 22 Dec 2023 08:56:20 +0100 Message-ID: <875y0qk6vv.fsf@remworks.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=64.147.123.21; envelope-from=remco@remworks.net; helo=wout5-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -9.33 X-Spam-Score: -9.33 X-Migadu-Queue-Id: C885F36CF3 X-Migadu-Scanner: mx12.migadu.com X-TUID: UaojFE9wRNiM Hi, This looks like a problem I had in June of this year. Something to do with swaylock needing pam stuff instead of setuid. I fixed it by removing the setuid on swaylock and adding the following service: (define swaylock-service-type (service-type (name 'swaylock) (description "Swaylock needs /etc/pam.d/swaylock configuration.") (extensions (list (service-extension pam-root-service-type (lambda (_) (list (pam-service (name "swaylock") (auth (list (pam-entry (control "include") (module "login")))))))))) (default-value #f))) This works for me but I am not sure it's still needed. I am pretty sure swaylock does not like to be setuid anymore. A way to figure out what is wrong on your system would be to just run swaylock from something like xterm and capture all output somewhere to review later. It will probably utter some complaints to stdout or stderr. Cheers, Remco 2023/12/21, Oleander via: > Hello, > has anyone had any problem with swaylock/swaylock-effects recently? > They don't accept my correct password when trying to unlock. > > I use the following lockscreen.sh and system.scm: > > @example > #!/bin/sh > > # Times the screen off and puts it to background > swayidle \ > timeout 60 'swaymsg "output * dpms off"' \ > resume 'swaymsg "output * dpms on"' & > > # Locks the screen immediately > swaylock --clock --indicator --screenshots --effect-scale 0.4 > --effect-vignette 0.2:0.5 --effect-blur 4x2 --datestr "%a %e.%m.%Y" > --timestr "%k:%M" > > # Kills last background task so idle timer doesn't keep running > kill %% > @end example > > @example > ;; Guix config with swaywm, encrypted with LUKS > > (use-modules > (gnu) (gnu system nss) (gnu system setuid)) > (use-service-modules > dbus desktop networking sddm sound ssh) > (use-package-modules > certs > compression > disk > emacs > finance > fonts > fontutils > freedesktop > glib > games > gnome > gnupg > gnuzilla > gtk > haskell-xyz > image > linux > package-management > password-utils > pulseaudio > rsync > ruby > ssh > terminals > tex > texinfo > version-control > wm) > > (operating-system > (host-name "t420") > (timezone "Europe/Rome") > (locale "en_US.utf8") > > ;; Keyboard layout. > (keyboard-layout (keyboard-layout "us")) > > ;; Bootloader > (bootloader (bootloader-configuration > (bootloader grub-bootloader) > (terminal-outputs '(console)) > (targets (list "/dev/sda")) > (keyboard-layout keyboard-layout))) > > ;; Specify a mapped device for the encrypted root partition. > ;; The UUID is that returned by 'cryptsetup luksUUID'. > (mapped-devices > (list (mapped-device > (source (uuid "8022876e-e0cc-4ec5-8363-0f07c590cdbc")) > (targets (list "guix-root")) > (type luks-device-mapping)))) > > (file-systems > (append > (list (file-system > (device (file-system-label "guix-root")) > (mount-point "/") > (type "ext4") > (dependencies mapped-devices))) > %base-file-systems)) > > (swap-devices (list > (swap-space (target "/swapfile")))) > > ;; Define users and groups. > (users > (cons (user-account > (name "oleander") > (comment "") > (group "users") > (home-directory "/home/oleander") > (supplementary-groups '("wheel" "netdev" > "audio" "video" "input"))) > %base-user-accounts)) > > ;; Sudoers > (sudoers-file > (plain-file "sudoers" "\ > %root ALL=3D(ALL) ALL > %wheel ALL=3D(ALL) ALL > %wheel ALL=3D(ALL) NOPASSWD: /run/current-system/profile/sbin/reboot\n")) > > ;; This is where we specify system-wide packages. > (packages > (append > (list > adwaita-icon-theme > alacritty > at-spi2-core > dbus > emacs > font-awesome > fontconfig > font-dejavu > font-gnu-unifont > fzf > git > gnupg > grim > gtypist > icecat > keepassxc > ledger > nss-certs > openssh-sans-x > pandoc > parted > pass-otp > password-store > pavucontrol > pinentry > pulseaudio > rsync > ruby-asciidoctor > slurp > stow > sway > swayidle > swaylock-effects > texinfo > texlive-base > unzip > waybar > xdg-utils > zip) > %base-packages)) > > ;; Some programs need to run with =E2=80=9Croot=E2=80=9D privileges, even= when they > are launched by unprivileged users > (setuid-programs (cons* > (setuid-program > (program > (file-append swaylock-effects "/bin/swaylock"))) > %setuid-programs)) > > ;; Services > (services > (cons* > (service alsa-service-type > (alsa-configuration > (pulseaudio? #t))) > (service dbus-root-service-type) > (service elogind-service-type) > (service openssh-service-type > (openssh-configuration > (openssh openssh-sans-x) > (port-number 22) > (password-authentication? #f) > (permit-root-login 'prohibit-password) > (authorized-keys > `(("oleander" ,(local-file "/home/oleander/.ssh/authorized_keys")))))) > (service polkit-service-type) > (service sddm-service-type > (sddm-configuration > (auto-login-user "oleander") > (display-server "wayland"))) > ;; Static networking for one NIC, IPv4-only. > (service static-networking-service-type > (list (static-networking > (addresses > (list (network-address > (device "wlp1s0") > (value "192.168.1.200/24")))) > (routes > (list (network-route > (destination "default") > (gateway "192.168.1.1")))) > (name-servers '("1.1.1.1" "1.0.0.1"))))) > (service wpa-supplicant-service-type > (wpa-supplicant-configuration > (config-file "/etc/wpa-supplicant/wpa-supplicant.conf") > (interface "wlp1s0"))) > %base-services)) > > ;; Allow resolution of '.local' host names with mDNS. > (name-service-switch %mdns-host-lookup-nss)) > @end example > > Also, do you have any suggestion to improve my code? One thing I never > figured out is how to log in to the system automatically without a > display manager. > > I found this config > https://gitlab.com/mbakke/guix-sway-example/-/tree/master but I don't > know if it still works and I need some time to study/understand the > code before merging some of it into my config without creating a mess. > > Thank you