dilim/agelesslinux
1
0
Fork 0
mirror of https://github.com/agelesslinux/agelesslinux.git synced 2026-06-24 08:47:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

broaden lock screen warning from SDDM-only to all display managers

Browse Source 
Linux Mint (LightDM) also confirmed affected by the lock screen bug.
The issue is nss-systemd reading /etc/userdb/ drop-ins, not specific
to any display manager. Rename print_sddm_warning to print_dm_warning,
trigger warning for any detected DM when userdb will be modified.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
John McCardle
2026-03-25 23:16:55 -04:00
parent 25c288bad0
commit 1b508f241c
4 changed files with 52 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
become-ageless.sh
View File

@@ -376,9 +376,10 @@ summary_compliance() {
# user resolution.
#
# NOTE: We do NOT reload systemd-userdbd after creating drop-in records.
# Reloading mid-session causes display managers (especially SDDM) to lose
# the ability to verify passwords on the lock screen. The drop-in records
# are picked up automatically on next boot or login.
# Creating or reloading drop-in records mid-session causes display managers
# (SDDM, LightDM, and potentially others) to lose the ability to verify
# passwords on the lock screen. The drop-in records are picked up
# automatically on next boot or login.
analyze_userdb() {
# Detect systemd
@@ -592,8 +593,8 @@ with open(fp, "w") as f:
echo ""
echo -e " ${YELLOW}NOTE:${NC} systemd-userdbd has NOT been reloaded. Userdb changes will"
echo -e " take effect after your next login or reboot."
if [[ "$DM_NAME" == "sddm" ]]; then
echo -e " ${YELLOW}SDDM users:${NC} Do NOT lock your screen before logging out/rebooting."
if [[ "$DM_NAME" != "unknown" ]]; then
echo -e " ${YELLOW}WARNING:${NC} Do NOT lock your screen before logging out/rebooting."
fi
}
@@ -704,7 +705,7 @@ execute_agelessd() {
# Runs every 24 hours via systemd timer.
#
# NOTE: This daemon does NOT reload systemd-userdbd after writing records.
# Reloading mid-session can break display manager lock screens (SDDM, etc).
# Reloading mid-session can break display manager lock screens (SDDM, LightDM, etc).
# Changes take effect on next login or boot.
#
# SPDX-License-Identifier: Unlicense
@@ -981,10 +982,12 @@ print_analysis() {
echo -e " Base system: ${CYAN}${BASE_NAME}${BASE_VERSION:+ $BASE_VERSION}${NC} (${BASE_ID})"
# Display manager
if [[ "$DM_NAME" == "sddm" ]]; then
echo -e " Display manager: ${YELLOW}${DM_NAME}${NC} (see warning below)"
elif [[ "$DM_NAME" != "unknown" ]]; then
echo -e " Display manager: ${DM_NAME}"
if [[ "$DM_NAME" != "unknown" ]]; then
if [[ $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " Display manager: ${YELLOW}${DM_NAME}${NC} (see warning below)"
else
echo -e " Display manager: ${DM_NAME}"
fi
else
echo -e " Display manager: ${YELLOW}not detected${NC}"
fi
@@ -1041,13 +1044,13 @@ print_analysis() {
echo ""
}
print_sddm_warning() {
if [[ "$DM_NAME" == "sddm" ]]; then
echo -e " ${YELLOW}WARNING: SDDM detected${NC}"
print_dm_warning() {
if [[ "$DM_NAME" != "unknown" && $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}WARNING: display manager detected (${DM_NAME})${NC}"
echo ""
echo " This system uses SDDM as its display manager. Creating userdb"
echo " drop-in records can interfere with SDDM's lock screen password"
echo " verification if applied mid-session. To avoid this:"
echo " Creating userdb drop-in records mid-session can interfere"
echo " with lock screen password verification (confirmed on SDDM"
echo " and LightDM). To avoid this:"
echo ""
echo " 1. After conversion, do NOT lock your screen."
echo " 2. Instead, fully log out and log back in (or reboot)."
@@ -1205,11 +1208,11 @@ print_summary() {
echo ""
echo -e " To revert: ${BOLD}sudo become-ageless.sh --revert${NC}"
echo ""
if [[ "$DM_NAME" == "sddm" ]]; then
if [[ "$DM_NAME" != "unknown" && $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}IMPORTANT: Do NOT lock your screen. Log out and back in (or reboot)"
echo -e " first. SDDM's lock screen may reject your password until you do.${NC}"
echo -e " first. Your lock screen may reject your password until you do.${NC}"
echo ""
else
elif [[ $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}Log out and back in (or reboot) for userdb changes to take effect.${NC}"
echo ""
fi
@@ -1240,11 +1243,11 @@ print_summary() {
echo ""
echo -e " To revert: ${BOLD}sudo become-ageless.sh --revert${NC}"
echo ""
if [[ "$DM_NAME" == "sddm" ]]; then
if [[ "$DM_NAME" != "unknown" && $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}IMPORTANT: Do NOT lock your screen. Log out and back in (or reboot)"
echo -e " first. SDDM's lock screen may reject your password until you do.${NC}"
echo -e " first. Your lock screen may reject your password until you do.${NC}"
echo ""
else
elif [[ $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}Log out and back in (or reboot) for userdb changes to take effect.${NC}"
echo ""
fi
@@ -1374,7 +1377,7 @@ main() {
# Report
print_analysis
print_sddm_warning
print_dm_warning
print_planned_actions
# Dry run exit

11
lib/30-userdb.sh
View File

@@ -9,9 +9,10 @@
# user resolution.
#
# NOTE: We do NOT reload systemd-userdbd after creating drop-in records.
# Reloading mid-session causes display managers (especially SDDM) to lose
# the ability to verify passwords on the lock screen. The drop-in records
# are picked up automatically on next boot or login.
# Creating or reloading drop-in records mid-session causes display managers
# (SDDM, LightDM, and potentially others) to lose the ability to verify
# passwords on the lock screen. The drop-in records are picked up
# automatically on next boot or login.
analyze_userdb() {
# Detect systemd
@@ -225,8 +226,8 @@ with open(fp, "w") as f:
echo ""
echo -e " ${YELLOW}NOTE:${NC} systemd-userdbd has NOT been reloaded. Userdb changes will"
echo -e " take effect after your next login or reboot."
if [[ "$DM_NAME" == "sddm" ]]; then
echo -e " ${YELLOW}SDDM users:${NC} Do NOT lock your screen before logging out/rebooting."
if [[ "$DM_NAME" != "unknown" ]]; then
echo -e " ${YELLOW}WARNING:${NC} Do NOT lock your screen before logging out/rebooting."
fi
}

2
lib/40-agelessd.sh
View File

@@ -49,7 +49,7 @@ execute_agelessd() {
# Runs every 24 hours via systemd timer.
#
# NOTE: This daemon does NOT reload systemd-userdbd after writing records.
# Reloading mid-session can break display manager lock screens (SDDM, etc).
# Reloading mid-session can break display manager lock screens (SDDM, LightDM, etc).
# Changes take effect on next login or boot.
#
# SPDX-License-Identifier: Unlicense

36
lib/99-main.sh
View File

@@ -117,10 +117,12 @@ print_analysis() {
echo -e " Base system: ${CYAN}${BASE_NAME}${BASE_VERSION:+ $BASE_VERSION}${NC} (${BASE_ID})"
# Display manager
if [[ "$DM_NAME" == "sddm" ]]; then
echo -e " Display manager: ${YELLOW}${DM_NAME}${NC} (see warning below)"
elif [[ "$DM_NAME" != "unknown" ]]; then
echo -e " Display manager: ${DM_NAME}"
if [[ "$DM_NAME" != "unknown" ]]; then
if [[ $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " Display manager: ${YELLOW}${DM_NAME}${NC} (see warning below)"
else
echo -e " Display manager: ${DM_NAME}"
fi
else
echo -e " Display manager: ${YELLOW}not detected${NC}"
fi
@@ -177,13 +179,13 @@ print_analysis() {
echo ""
}
print_sddm_warning() {
if [[ "$DM_NAME" == "sddm" ]]; then
echo -e " ${YELLOW}WARNING: SDDM detected${NC}"
print_dm_warning() {
if [[ "$DM_NAME" != "unknown" && $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}WARNING: display manager detected (${DM_NAME})${NC}"
echo ""
echo " This system uses SDDM as its display manager. Creating userdb"
echo " drop-in records can interfere with SDDM's lock screen password"
echo " verification if applied mid-session. To avoid this:"
echo " Creating userdb drop-in records mid-session can interfere"
echo " with lock screen password verification (confirmed on SDDM"
echo " and LightDM). To avoid this:"
echo ""
echo " 1. After conversion, do NOT lock your screen."
echo " 2. Instead, fully log out and log back in (or reboot)."
@@ -341,11 +343,11 @@ print_summary() {
echo ""
echo -e " To revert: ${BOLD}sudo become-ageless.sh --revert${NC}"
echo ""
if [[ "$DM_NAME" == "sddm" ]]; then
if [[ "$DM_NAME" != "unknown" && $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}IMPORTANT: Do NOT lock your screen. Log out and back in (or reboot)"
echo -e " first. SDDM's lock screen may reject your password until you do.${NC}"
echo -e " first. Your lock screen may reject your password until you do.${NC}"
echo ""
else
elif [[ $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}Log out and back in (or reboot) for userdb changes to take effect.${NC}"
echo ""
fi
@@ -376,11 +378,11 @@ print_summary() {
echo ""
echo -e " To revert: ${BOLD}sudo become-ageless.sh --revert${NC}"
echo ""
if [[ "$DM_NAME" == "sddm" ]]; then
if [[ "$DM_NAME" != "unknown" && $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}IMPORTANT: Do NOT lock your screen. Log out and back in (or reboot)"
echo -e " first. SDDM's lock screen may reject your password until you do.${NC}"
echo -e " first. Your lock screen may reject your password until you do.${NC}"
echo ""
else
elif [[ $USERDB_AVAILABLE -eq 1 ]]; then
echo -e " ${YELLOW}Log out and back in (or reboot) for userdb changes to take effect.${NC}"
echo ""
fi
@@ -510,7 +512,7 @@ main() {
# Report
print_analysis
print_sddm_warning
print_dm_warning
print_planned_actions
# Dry run exit