Rework notification to not be sent from systemd service

ublue-os · Sep 15, 2024 · 87ddcf2 · 87ddcf2
1 parent 3efe8f1
commit 87ddcf2
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 22 deletions.
diff --git a/build_files/systemd.sh b/build_files/systemd.sh
@@ -14,4 +14,4 @@ systemctl enable brew-upgrade.timer
 systemctl enable brew-update.timer
 systemctl --global enable ublue-user-setup.service
 systemctl --global enable podman-auto-update.timer
-systemctl enable sb-key-notify.service
+systemctl enable check-sb-key.service
diff --git a/system_files/shared/etc/profile.d/sb-key-notify-autostart.sh b/system_files/shared/etc/profile.d/sb-key-notify-autostart.sh
@@ -0,0 +1,6 @@
+if test "$(id -u)" -gt "0" && test -d "$HOME"; then
+    if test ! -e "$HOME"/.config/autostart/sb-key-notify.desktop; then
+        mkdir -p "$HOME"/.config/autostart
+        cp -f /etc/skel/.config/autostart/sb-key-notify.desktop "$HOME"/.config/autostart
+    fi
+fi
diff --git a/system_files/shared/etc/skel/.config/autostart/sb-key-notify.desktop b/system_files/shared/etc/skel/.config/autostart/sb-key-notify.desktop
@@ -0,0 +1,10 @@
+[Desktop Entry]
+Name=Secure boot Notify
+Comment=Autostart secure boot key notification
+Exec=/usr/bin/sb-key-notify
+Icon=org.gnome.Terminal
+Type=Application
+Categories=Utility;System;
+Name[en_US]=secure-boot-notify
+
+
diff --git a/system_files/shared/usr/bin/sb-key-notify b/system_files/shared/usr/bin/sb-key-notify
@@ -0,0 +1,9 @@
+KEY_WARN_FILE="/run/user-motd-sbkey-warn.md"
+
+if [ -e $KEY_WARN_FILE ]; then
+    WARNING_MSG=$(cat "$KEY_WARN_FILE")
+
+    notify-send "WARNING" "$(echo "$WARNING_MSG" | tr -d '*~')" -i dialog-warning -u critical -a mokutil --wait
+else
+    echo "No secure boot key warning file.  Skipping...
+fi
diff --git a/.../lib/systemd/system/sb-key-notify.service → ...r/lib/systemd/system/check-sb-key.service b/.../lib/systemd/system/sb-key-notify.service → ...r/lib/systemd/system/check-sb-key.service
@@ -2,11 +2,7 @@
 Description=Service to check for secure boot key enrollment and send notifications
 
 [Service]
-ExecStart=/usr/libexec/sb-key-notify.sh
+ExecStart=/usr/libexec/check-sb-key.sh
 
 [Install]
 WantedBy=multi-user.target
-
-[Timer]
-OnBootSec=1min
-OnUnitActiveSec=3h
diff --git a/...files/shared/usr/libexec/sb-key-notify.sh → ..._files/shared/usr/libexec/check-sb-key.sh b/...files/shared/usr/libexec/sb-key-notify.sh → ..._files/shared/usr/libexec/check-sb-key.sh
@@ -18,22 +18,6 @@ if [ $SB_ENABLED -ne 0 ]; then
 fi
 
 if mokutil --test-key "$KEY_DER_FILE"; then 
-    if loginctl --help | grep -q "json=MODE"; then
-        JSON_ARG="--json=short"
-    fi
-    USER_ID=$(loginctl list-users --output=json ${JSON_ARG:+$JSON_ARG} | jq -r '.[] | .user')
-    XDG_DIR=$(loginctl show-user "$USER_ID" | grep RuntimePath | cut -c 13-)
-    sudo -u "$USER_ID" \
-        "DISPLAY=:0" \
-        "DBUS_SESSION_BUS_ADDRESS=unix:path=$XDG_DIR/bus" \
-        notify-send \
-        "WARNING" \
-        "$(echo "$WARNING_MSG" | tr -d '*~')" \
-        -i dialog-warning \
-        -u critical \
-        -a mokutil \
-        --wait
-
     echo "**WARNING**: $WARNING_MSG" > $KEY_WARN_FILE
 else
     [ -e $KEY_WARN_FILE ] && rm $KEY_WARN_FILE