obel1x/fedora-OEMDRV
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: obel1x/fedora-OEMDRV:40843b82956323c5bbc8ab320a80595d0d8836ce
Branches Tags
obel1x/fedora-OEMDRV:main
..
compare: obel1x/fedora-OEMDRV:f705722e6d273ba4d92e03b1bb5190d0013da34b
Branches Tags
obel1x/fedora-OEMDRV:main

7 Commits
40843b8295 .. f705722e6d

Author SHA1 Message Date
obel1x f705722e6d Merge pull request 'kwallet: proper session lifecycle + chrony/desktop fixes' (#32) from unbrot/fedora-OEMDRV:main into main 
Reviewed-on: #32
 2026-05-11 13:19:20 +02:00
Daniel unbrot Pätzold ac85c665a8 sync_client_software: remove unresolvable _gateway NTP entry from chrony.conf 
Anaconda adds 'server _gateway iburst' as a fallback NTP source when
no NTP servers are specified in the kickstart. chronyd cannot resolve
the special hostname '_gateway' at startup, logging an error each boot.
The sourcedir /run/chrony-dhcp directive already handles DHCP-provided
NTP servers, making the _gateway line redundant.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-11 12:56:19 +02:00
Daniel unbrot Pätzold 01b39e892f 0040_autostart_logon_script: remove executable bit from .desktop file 
systemd-xdg-autostart-generator warns that .desktop files with
execute permissions set are invalid. .desktop files should not be
executable.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-11 12:43:09 +02:00
Daniel unbrot Pätzold 5e0f268962 kwallet: remove ExecStop, stop old unit in user_run.sh instead 
ExecStop on the user service caused an unmount race: it fired
asynchronously after logout while the next login's install.sh had
already remounted the wallet, then unmounted it again leaving
kwalletd6 without its wallet directory.

install.sh already handles umount/remount at login start, so no
ExecStop is needed. On gocryptfs systems the wallet becomes
inaccessible at logout naturally when ~/data is unmounted.

user_run.sh now explicitly stops any leftover kwalletd6-logon unit
from a previous session before creating a new one, avoiding the
systemd-run unit-name-conflict failure.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-11 12:29:20 +02:00
Daniel unbrot Pätzold b32cc96ca0 kwallet: stop kwalletd6-logon.service before remounting wallet 
ExecStop (umount) fires asynchronously ~26s after logout, by which
time a second login's install.sh has already remounted the wallet.
ExecStop then unmounts the fresh mount, leaving kwalletd6 without
the wallet directory.

Fix: stop kwalletd6-logon.service at the top of install.sh so its
ExecStop fires and drains before the remount, eliminating the race.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-11 12:01:08 +02:00
Daniel unbrot Pätzold 5b13ea7372 kwallet: treat exit code 1 as success in kwalletd6-logon.service 
kwalletd6 exits with code 1 when the Wayland compositor shuts down
during logout. Without SuccessExitStatus=1, the service is marked
failed and ExecStop (the bind mount umount) never runs. Treating
exit code 1 as success keeps the service in active-exited state so
systemd fires ExecStop cleanly on session end.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-11 11:49:12 +02:00
Daniel unbrot Pätzold 3429ffa48f kwallet: unmount bind mount cleanly on session logout 
Switch kwalletd6-logon from --scope to a transient service with
RemainAfterExit=yes (kwalletd6 forks to background, so the service
must stay active after the main process exits). ExecStop runs
'sudo umount -l' to detach the wallet bind mount before gocryptfs
unmounts ~/data (Before=gocryptfs-home.service ordering).

install.sh adds a per-user sudoers drop-in so the user service
can call umount as root without a password.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-11 11:07:01 +02:00
3 changed files with 16 additions and 1 deletions
Expand all files Collapse all files
client_software/0010_kwallet/user_run.sh
+6 -1
View File
@@ -18,7 +18,12 @@ if [[ -z $(wmctrl -m | grep "KWin") ]]; then
fi fi
#Restart the service #Restart the service
systemd-run --user --scope --unit=kwalletd6-logon kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 & # Stop any leftover unit from a previous session before creating a new one
systemctl --user stop kwalletd6-logon.service 2>/dev/null || true
systemd-run --user --unit=kwalletd6-logon \
--property=RemainAfterExit=yes \
--property=SuccessExitStatus=1 \
kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 &
sleep 1 sleep 1
#Check if kwalletd is enabled now #Check if kwalletd is enabled now
client_software/0040_autostart_logon_script/logon_script.sh.desktop
Executable → Regular
View File
system_setup/sync_client_software.sh
+10
View File
@@ -10,6 +10,16 @@ if [ "$EUID" -ne 0 ]; then
echo "Press any key to continue" && read -n 1 -s -r && exit 1 echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi fi
# Remove 'server _gateway iburst' from chrony.conf — Anaconda adds it as a fallback but
# _gateway is not resolvable by chronyd at startup; DHCP-sourced servers via sourcedir
# /run/chrony-dhcp already cover NTP discovery so this line is redundant and noisy.
_CHRONY_CONF="/etc/chrony.conf"
if [ -f "${_CHRONY_CONF}" ] && grep -q "^server _gateway" "${_CHRONY_CONF}"; then
echo "Patching chrony.conf: removing unresolvable 'server _gateway' entry"
sed -i "/^server _gateway/d" "${_CHRONY_CONF}"
systemctl restart chronyd
fi
# Ensure krb5_validate = False in sssd.conf to restore offline auth # Ensure krb5_validate = False in sssd.conf to restore offline auth
# (SSSD >= 2.10.1 skips the CAP_DAC_READ_SEARCH raise in offline mode, so validate_tgt # (SSSD >= 2.10.1 skips the CAP_DAC_READ_SEARCH raise in offline mode, so validate_tgt
# fails with EACCES before the cached-credential fallback is reached) # fails with EACCES before the cached-credential fallback is reached)