Last weekend I sat down and set into code a project that has been living in my
head rent-free for some time: µlock (a.k.a: ulock).
ulock is a minimal Wayland screen-locker, designed to work without relying on
any setuid binary on Linux. This is done by relying on the tcb password
shadowing scheme. The gist of this scheme is: each user’s shadow entry is
stored in /etc/tcb/$USER/shadow instead of /etc/shadow, and each user has
permissions to read their own encrypted password’s hash (and to edit it,
depending on the administrator’s policy). I works in environments where setuid
binaries are disabled entirely (but is not limited to those).
As is often the case with these short, hobby projects, it was a good opportunity for some hands-on practice with technologies I like, those being Hare and Wayland in this case.
ulock shows the current uptime on each display while the system is locked, and
highlights a different edge each time a key is pressed to provide some visual
feedback while typing a password.
During my usage throughout the week, a couple of issues came up which were promptly squashed. Something with such simple scope used on a daily basis gets polished quite quickly.
At some point, I had to reboot my computer for entirely unrelated reasons. After the reboot, I had an inexplicable feeling of loss seeing my uptime go down from over 13 days back to fewer digits. Somehow, seeing the uptime in the lockscreen also gives a continuous awareness of how long the computer has been on and also when I last unlocked it. I did not expect this.
ulock is hosted on sourcehut. It compiles into a single binary, and
only requires libxkbcommon at runtime. libxkbcommon is ubiquitous on Wayland
setups.
Lastly, one can’t present a GUI application without a screenshot. The following shows an uptime of 9 (almost 10) days:
There isn’t much more to it. It’s intentionally minimal and simple. I’ll write a BSD backend at some point and then call it done.