git.delta.rocks / remowt / refs/commits / f01cb7f97360

difftreelog

chore cargo publishing boilerplate

uqvspxnkYaroslav Bolyukin2026-06-11parent: #42e2f16.patch.diff
in: trunk

25 files changed

modifiedCargo.lockdiffbeforeafterboth
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1108,9 +1108,9 @@
 
 [[package]]
 name = "futures-channel"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78"
+checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
 dependencies = [
  "futures-core",
  "futures-sink",
@@ -1118,9 +1118,9 @@
 
 [[package]]
 name = "futures-core"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d"
+checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
 
 [[package]]
 name = "futures-executor"
@@ -1135,9 +1135,9 @@
 
 [[package]]
 name = "futures-io"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1"
+checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718"
 
 [[package]]
 name = "futures-lite"
@@ -1154,9 +1154,9 @@
 
 [[package]]
 name = "futures-macro"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
+checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1165,21 +1165,21 @@
 
 [[package]]
 name = "futures-sink"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5"
+checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893"
 
 [[package]]
 name = "futures-task"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004"
+checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
 
 [[package]]
 name = "futures-util"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48"
+checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
 dependencies = [
  "futures-channel",
  "futures-core",
@@ -1189,7 +1189,6 @@
  "futures-task",
  "memchr",
  "pin-project-lite",
- "pin-utils",
  "slab",
 ]
 
@@ -1909,12 +1908,6 @@
 version = "0.2.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02"
-
-[[package]]
-name = "pin-utils"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 
 [[package]]
 name = "piper"
@@ -1979,25 +1972,16 @@
  "clap",
  "nix 0.29.0",
  "pam-client",
- "polkit-shared",
+ "remowt-polkit-shared",
+ "remowt-ui-prompt",
  "tokio",
  "tracing",
  "tracing-subscriber",
- "ui-prompt",
  "zbus",
  "zbus_polkit",
 ]
 
 [[package]]
-name = "polkit-shared"
-version = "0.1.0"
-dependencies = [
- "nix 0.29.0",
- "serde",
- "zbus",
-]
-
-[[package]]
 name = "polling"
 version = "3.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2251,18 +2235,18 @@
  "futures",
  "futures-util",
  "nix 0.29.0",
- "polkit-shared",
  "rand 0.8.5",
  "remowt-link-shared",
  "remowt-plugin",
+ "remowt-polkit-shared",
  "remowt-pty",
+ "remowt-ui-prompt",
  "serde",
  "tempfile",
  "tokio",
  "tokio-util",
  "tracing",
  "tracing-subscriber",
- "ui-prompt",
  "uuid",
  "zbus",
  "zbus_polkit",
@@ -2310,11 +2294,11 @@
  "remowt-fs",
  "remowt-pty",
  "remowt-systemd",
+ "remowt-ui-prompt",
  "serde",
  "serde_json",
  "thiserror 1.0.63",
  "tokio",
- "ui-prompt",
 ]
 
 [[package]]
@@ -2348,6 +2332,15 @@
 ]
 
 [[package]]
+name = "remowt-polkit-shared"
+version = "0.1.0"
+dependencies = [
+ "nix 0.29.0",
+ "serde",
+ "zbus",
+]
+
+[[package]]
 name = "remowt-pty"
 version = "0.1.0"
 dependencies = [
@@ -2375,6 +2368,7 @@
  "openssh",
  "remowt-client",
  "remowt-link-shared",
+ "remowt-ui-prompt",
  "russh",
  "russh-config",
  "serde",
@@ -2385,7 +2379,6 @@
  "tokio-stream",
  "tracing",
  "tracing-subscriber",
- "ui-prompt",
  "uuid",
 ]
 
@@ -2401,6 +2394,20 @@
 ]
 
 [[package]]
+name = "remowt-ui-prompt"
+version = "0.1.0"
+dependencies = [
+ "bifrostlink",
+ "bifrostlink-macros",
+ "serde",
+ "serde_json",
+ "thiserror 1.0.63",
+ "tokio",
+ "tracing",
+ "zbus",
+]
+
+[[package]]
 name = "rfc6979"
 version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3215,20 +3222,6 @@
  "memoffset",
  "tempfile",
  "winapi",
-]
-
-[[package]]
-name = "ui-prompt"
-version = "0.1.0"
-dependencies = [
- "bifrostlink",
- "bifrostlink-macros",
- "serde",
- "serde_json",
- "thiserror 1.0.63",
- "tokio",
- "tracing",
- "zbus",
 ]
 
 [[package]]
modifiedCargo.tomldiffbeforeafterboth
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,17 +1,22 @@
 [workspace]
 members = ["cmds/*", "crates/*"]
 resolver = "2"
-package.version = "0.1.0"
 
+[workspace.package]
+version = "0.1.0"
+license = "MIT"
+edition = "2021"
+repository = "https://gitlab.delta.directory/iam/remowt"
+
 [workspace.dependencies]
-remowt-fs = { path = "crates/remowt-fs" }
-remowt-pty = { path = "crates/remowt-pty" }
-remowt-systemd = { path = "crates/remowt-systemd" }
-remowt-client = { path = "crates/remowt-client" }
-polkit-shared = { version = "0.1.0", path = "crates/polkit-shared" }
+remowt-fs = { version = "0.1.0", path = "crates/remowt-fs" }
+remowt-pty = { version = "0.1.0", path = "crates/remowt-pty" }
+remowt-systemd = { version = "0.1.0", path = "crates/remowt-systemd" }
+remowt-client = { version = "0.1.0", path = "crates/remowt-client" }
+remowt-polkit-shared = { version = "0.1.0", path = "crates/polkit-shared" }
 remowt-link-shared = { version = "0.1.0", path = "crates/remowt-link-shared" }
 remowt-plugin = { version = "0.1.0", path = "crates/remowt-plugin" }
-ui-prompt = { version = "0.1.0", path = "crates/ui-prompt" }
+remowt-ui-prompt = { version = "0.1.0", path = "crates/ui-prompt" }
 
 bifrostlink = "0.2.0"
 bifrostlink-macros = "0.2.0"
addedLICENSEdiffbeforeafterboth
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Lach
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
modifiedcmds/polkit-dbus-helper/Cargo.tomldiffbeforeafterboth
--- a/cmds/polkit-dbus-helper/Cargo.toml
+++ b/cmds/polkit-dbus-helper/Cargo.toml
@@ -1,17 +1,19 @@
 [package]
 name = "polkit-backend"
+description = "polkit/PAM D-Bus authentication backend for remowt"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
 clap = { workspace = true, features = ["derive"] }
 nix.workspace = true
 pam-client.workspace = true
-polkit-shared.workspace = true
+remowt-polkit-shared.workspace = true
 tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] }
 tracing.workspace = true
 tracing-subscriber.workspace = true
-ui-prompt.workspace = true
+remowt-ui-prompt.workspace = true
 zbus = { workspace = true, features = ["tokio"] }
 zbus_polkit = { workspace = true, features = ["tokio"] }
modifiedcmds/polkit-dbus-helper/src/main.rsdiffbeforeafterboth
--- a/cmds/polkit-dbus-helper/src/main.rs
+++ b/cmds/polkit-dbus-helper/src/main.rs
@@ -7,11 +7,11 @@
 use clap::Parser;
 use nix::unistd::{setuid, Uid, User};
 use pam_client::{Context, ConversationHandler, ErrorCode, Flag};
-use polkit_shared::BackendRequest;
+use remowt_polkit_shared::BackendRequest;
 use tokio::task::{block_in_place, spawn_blocking};
 use tracing::trace;
-use ui_prompt::dbus::DbusPrompterProxyBlocking;
-use ui_prompt::BlockingPrompter;
+use remowt_ui_prompt::dbus::DbusPrompterProxyBlocking;
+use remowt_ui_prompt::BlockingPrompter;
 use zbus::fdo;
 use zbus::message::Header;
 use zbus::zvariant::OwnedValue;
modifiedcmds/remowt-agent/Cargo.tomldiffbeforeafterboth
--- a/cmds/remowt-agent/Cargo.toml
+++ b/cmds/remowt-agent/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "remowt-agent"
+description = "remowt on-host agent serving fs/pty/systemd endpoints over bifrostlink"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
@@ -11,7 +13,7 @@
 futures.workspace = true
 futures-util.workspace = true
 nix.workspace = true
-polkit-shared.workspace = true
+remowt-polkit-shared.workspace = true
 rand.workspace = true
 remowt-link-shared.workspace = true
 remowt-plugin.workspace = true
@@ -30,7 +32,7 @@
 tokio-util = { workspace = true, features = ["codec"] }
 tracing.workspace = true
 tracing-subscriber.workspace = true
-ui-prompt.workspace = true
+remowt-ui-prompt.workspace = true
 uuid = { workspace = true, features = ["v4"] }
 zbus = { workspace = true, features = ["tokio"] }
 zbus_polkit = { workspace = true, features = ["tokio"] }
modifiedcmds/remowt-agent/src/askpass.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/askpass.rs
+++ b/cmds/remowt-agent/src/askpass.rs
@@ -2,9 +2,9 @@
 use std::io::Write as _;
 
 use anyhow::Context as _;
-use ui_prompt::bifrost::PromptEndpointsClient;
-use ui_prompt::dbus::{DbusPrompterInterface, DbusPrompterProxy};
-use ui_prompt::Source;
+use remowt_ui_prompt::bifrost::PromptEndpointsClient;
+use remowt_ui_prompt::dbus::{DbusPrompterInterface, DbusPrompterProxy};
+use remowt_ui_prompt::Source;
 use zbus::Connection;
 
 use remowt_link_shared::BifConfig;
modifiedcmds/remowt-agent/src/helper/dbus.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/dbus.rs
+++ b/cmds/remowt-agent/src/helper/dbus.rs
@@ -1,9 +1,9 @@
 use std::collections::HashMap;
 use std::marker::PhantomData;
 
-use polkit_shared::{BackendRequest, Identity};
-use ui_prompt::dbus::DbusPrompterInterface;
-use ui_prompt::Prompter;
+use remowt_polkit_shared::{BackendRequest, Identity};
+use remowt_ui_prompt::dbus::DbusPrompterInterface;
+use remowt_ui_prompt::Prompter;
 use zbus::Connection;
 
 use crate::PolkitHelperProxy;
modifiedcmds/remowt-agent/src/helper/mod.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/mod.rs
+++ b/cmds/remowt-agent/src/helper/mod.rs
@@ -1,6 +1,6 @@
 use futures::Future;
-use polkit_shared::Identity;
-use ui_prompt::Prompter;
+use remowt_polkit_shared::Identity;
+use remowt_ui_prompt::Prompter;
 
 mod dbus;
 mod protocol;
modifiedcmds/remowt-agent/src/helper/protocol.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/protocol.rs
+++ b/cmds/remowt-agent/src/helper/protocol.rs
@@ -6,7 +6,7 @@
 use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt as _};
 use tokio::select;
 use tokio_util::codec::{FramedRead, LinesCodec};
-use ui_prompt::Prompter;
+use remowt_ui_prompt::Prompter;
 
 pub async fn run_conversation<R, W, P>(reader: R, mut writer: W, prompt: P) -> anyhow::Result<()>
 where
modifiedcmds/remowt-agent/src/helper/socket.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/socket.rs
+++ b/cmds/remowt-agent/src/helper/socket.rs
@@ -1,10 +1,10 @@
 use anyhow::{anyhow, bail};
 use nix::unistd::User;
-use polkit_shared::Identity;
+use remowt_polkit_shared::Identity;
+use remowt_ui_prompt::Prompter;
 use tokio::io::AsyncWriteExt as _;
 use tokio::net::UnixStream;
 use tracing::debug;
-use ui_prompt::Prompter;
 
 use super::protocol::run_conversation;
 use super::Helper;
modifiedcmds/remowt-agent/src/helper/suid.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/suid.rs
+++ b/cmds/remowt-agent/src/helper/suid.rs
@@ -2,10 +2,10 @@
 
 use anyhow::{anyhow, bail};
 use nix::unistd::User;
-use polkit_shared::Identity;
+use remowt_polkit_shared::Identity;
+use remowt_ui_prompt::Prompter;
 use tokio::io::AsyncWriteExt as _;
 use tokio::process::Command;
-use ui_prompt::Prompter;
 
 use super::protocol::run_conversation;
 use super::Helper;
modifiedcmds/remowt-agent/src/main.rsdiffbeforeafterboth
before · cmds/remowt-agent/src/main.rs
1use std::borrow::Cow;2use std::collections::{BTreeMap, HashMap};3use std::fs::Permissions;4use std::future::pending;5use std::os::unix::fs::PermissionsExt as _;6use std::path::PathBuf;7use std::sync::{Arc, Mutex, OnceLock};89use bifrostlink::declarative::RemoteEndpoints;10use bifrostlink::Rpc;11use bifrostlink_ports::stdio::from_stdio;12use bifrostlink_ports::unix_socket::from_socket;13use clap::Parser;14use polkit_shared::{emphasize, BackendRequest, Identity, PidDisplay};15use remowt_link_shared::editor::EditorEndpointsClient;16use remowt_link_shared::{Address, BifConfig, Fs, Pty, Systemd};17use tokio::fs;18use tokio::net::UnixStream;19use tokio::runtime::Builder;20use tokio::task::AbortHandle;21use tracing::{info, trace};22use ui_prompt::bifrost::PromptEndpointsClient;23use ui_prompt::{PrependSourcePrompter, Prompter, Source};24use zbus::fdo;25use zbus::zvariant::{OwnedValue, Str};26use zbus::{interface, proxy, Connection};27use zbus_polkit::policykit1::Subject;2829use self::helper::{Helper, SocketHelper, SuidHelper};3031pub mod askpass;32pub mod bus;33pub mod editor;34pub mod helper;3536struct CancelTaskOnDrop {37	tasks: Arc<Mutex<HashMap<String, AbortHandle>>>,38	handle: String,39}40impl Drop for CancelTaskOnDrop {41	fn drop(&mut self) {42		info!("cancel on drop");43		if let Some(task) = self44			.tasks45			.lock()46			.expect("not poisoned")47			.remove(&self.handle)48		{49			task.abort();50		}51	}52}5354struct Agent<H, P> {55	tasks: Arc<Mutex<HashMap<String, AbortHandle>>>,56	helper: H,57	prompter: P,58}59impl<H, P> Agent<H, P> {60	fn new(helper: H, prompter: P) -> Self {61		Agent {62			tasks: Arc::new(Mutex::new(HashMap::new())),63			helper,64			prompter,65		}66	}67}6869#[interface(name = "org.freedesktop.PolicyKit1.AuthenticationAgent")]70impl<H, P> Agent<H, P>71where72	H: Helper + Clone + Send + Sync + 'static,73	P: Prompter + Clone + Send + Sync + 'static,74{75	/// BeginAuthentication method76	#[allow(clippy::too_many_arguments)]77	async fn begin_authentication(78		&self,79		action_id: String,80		message: String,81		_icon_name: String,82		mut details: BTreeMap<String, String>,83		cookie: String,84		identities: Vec<Identity>,85	) -> zbus::fdo::Result<()> {86		use std::fmt::Write;87		info!("begin auth");88		let _cancel_guard = Arc::new(OnceLock::new());89		let task = {90			let helper = self.helper.clone();91			let prompter = self.prompter.clone();92			let cookie = cookie.clone();93			let _cancel_guard = _cancel_guard.clone();94			tokio::task::spawn(async move {95				let _cancel_guard = _cancel_guard.clone();96				trace!("conversation task");97				let mut description = format!("{message}\n\n<b>Action id:</b> {action_id}",);98				if let Some(subject) = details.remove("polkit.caller-pid") {99					let _ = write!(description, "\n<b>Caller:</b> ");100					if let Ok(pid) = subject.parse::<u32>() {101						let _ = write!(description, "{}", PidDisplay(pid));102					} else {103						let _ = write!(description, "{}", emphasize("invalid pid"));104					}105				}106				if let Some(subject) = details.remove("polkit.subject-pid") {107					let _ = write!(description, "\n<b>Subject:</b> ");108					if let Ok(pid) = subject.parse::<u32>() {109						let _ = write!(description, "{}", PidDisplay(pid));110					} else {111						let _ = write!(description, "{}", emphasize("invalid pid"));112					}113				}114				let mut prompter = PrependSourcePrompter {115					source: vec![Source(Cow::Borrowed("polkit agent"))],116					description: description.clone(),117					prompter,118				};119120				let identity_displays: Vec<String> =121					identities.iter().map(|v| v.to_string()).collect();122				let identity_displays: Vec<&str> =123					identity_displays.iter().map(|v| v.as_str()).collect();124				info!("choose identity");125				let choosen_identity = match identity_displays.len() {126					0 => {127						return Err(fdo::Error::AuthFailed(128							"no identity to authenticate as".to_owned(),129						))130					}131					1 => 0,132					_ => {133						prompter134							.prompt_enum(135								"Identity",136								"Select identity to use for polkit authorization",137								&identity_displays,138								&[],139							)140							.await?141					}142				};143				info!("identity chosen");144145				let _ = write!(146					description,147					"\n<b>Identity:</b> {}",148					identities[choosen_identity as usize]149				);150				prompter.description = description;151152				prompter.source.push(Source(Cow::Borrowed("polkit daemon")));153154				helper155					.help_me(156						&cookie,157						prompter,158						identities[choosen_identity as usize].clone(),159					)160					.await161					.map_err(|e| fdo::Error::Failed(e.to_string()))?;162				// let connection = Connection::system().await?;163				// let helper = PolkitHelperProxy::new(&connection).await?;164165				Ok(())166			})167		};168		self.tasks169			.lock()170			.unwrap()171			.insert(cookie.clone(), task.abort_handle());172		info!("abort handle stored");173		let _ = _cancel_guard.set(CancelTaskOnDrop {174			tasks: self.tasks.clone(),175			handle: cookie.clone(),176		});177178		let _ = task.await;179180		Ok(())181	}182183	/// CancelAuthentication method184	async fn cancel_authentication(&self, cookie: &str) -> zbus::fdo::Result<()> {185		info!("auth cancelled");186		if let Some(abort) = self.tasks.lock().unwrap().remove(cookie) {187			info!("abort handle found");188			abort.abort();189		}190		// debug!("Authentication cancled ! {cookie}");191		Ok(())192	}193}194195const OBJ_PATH: &str = "/org/freedesktop/PolicyKit1/AuthenticationAgent";196197#[proxy(198	interface = "lach.PolkitHelper",199	default_service = "lach.polkit.helper1",200	default_path = "/lach/PolkitHelper"201)]202trait PolkitHelper {203	fn init_conversation(&self, request: BackendRequest) -> zbus::Result<()>;204}205206#[derive(Parser)]207enum Opts {208	AskPass {209		prompt: String,210		description: String,211	},212	Editor {213		/// Argument to nvim214		path: String,215	},216	RealAgent {217		#[arg(long)]218		path: Option<PathBuf>,219		/// Expect own address to be AgentPrivileged, skip installing polkit agent220		#[arg(long)]221		privileged: bool,222	},223}224225fn main() -> anyhow::Result<()> {226	// Log to stderr: `privileged-agent` uses stdout as the bifrost transport,227	// so anything written there would corrupt the stream.228	tracing_subscriber::fmt()229		.with_writer(std::io::stderr)230		.init();231	let opts = Opts::parse();232233	let runtime = Builder::new_current_thread().enable_all().build()?;234235	match opts {236		Opts::AskPass {237			prompt,238			description,239		} => runtime.block_on(askpass::ask(&prompt, description)),240		Opts::Editor { path } => runtime.block_on(editor::edit(path)),241		Opts::RealAgent { path, privileged } => runtime.block_on(main_real_agent(path, privileged)),242	}243}244async fn main_real_agent(path: Option<PathBuf>, privileged: bool) -> anyhow::Result<()> {245	let address = if privileged {246		Address::AgentPrivileged247	} else {248		Address::Agent249	};250	let mut rpc = Rpc::<BifConfig>::new(address);251252	Fs::new().register_endpoints(&mut rpc);253	Systemd.register_endpoints(&mut rpc);254	Pty::new().register_endpoints(&mut rpc);255256	remowt_plugin::host::serve(&mut rpc);257258	let user_prompter = PromptEndpointsClient::wrap(rpc.remote(Address::User));259	let editor_client = EditorEndpointsClient::wrap(rpc.remote(Address::User));260261	let bus = bus::spawn().await?;262	askpass::serve(&bus.conn, user_prompter.clone()).await?;263	editor::serve(&bus.conn, editor_client).await?;264265	let helpers = tempfile::Builder::new().prefix("remowt-path.").tempdir()?;266	let exe = std::env::current_exe()?;267	let askpass_helper = helpers.path().join("remowt-askpass");268	let editor_helper = helpers.path().join("remowt-editor");269	{270		let script = format!(271			"#!/bin/sh\nexec {} ask-pass \"password\" \"$1\"\n",272			sh_quote(&exe.to_string_lossy())273		);274		fs::write(&askpass_helper, script).await?;275		fs::set_permissions(&askpass_helper, Permissions::from_mode(0o755)).await?;276	}277	{278		let script = format!(279			"#!/bin/sh\nexec {} editor \"$1\"\n",280			sh_quote(&exe.to_string_lossy())281		);282		fs::write(&editor_helper, script).await?;283		fs::set_permissions(&editor_helper, Permissions::from_mode(0o755)).await?;284	}285286	// Safety: Hoping tokio own threads won't read any of those...287	unsafe {288		prepend_path(helpers.path());289		std::env::set_var("SUDO_ASKPASS", &askpass_helper);290		std::env::set_var("SSH_ASKPASS", &askpass_helper);291		std::env::set_var("SSH_ASKPASS_REQUIRE", "force");292		std::env::set_var("EDITOR", &editor_helper);293		std::env::set_var("VISUAL", &editor_helper);294		std::env::set_var("DBUS_SESSION_BUS_ADDRESS", &bus.address);295	}296297	let port = match path {298		Some(path) => from_socket(UnixStream::connect(path).await?),299		None => from_stdio(),300	};301	rpc.add_direct(Address::User, port, bifrostlink::Rtt(0));302303	let polkit_conn = if !privileged {304		// The unprivileged agent doubles as a polkit authentication agent so305		// `run0` (e.g. our own elevation) routes its prompt to the User over306		// bifrost instead of failing on a tty-less session.307		let conn = Connection::system().await?;308		let helper = SocketHelper {309			fallback: SuidHelper,310		};311		register_auth_agent(&conn, Agent::new(helper, user_prompter)).await?;312		Some(conn)313	} else {314		None315	};316317	let _keep_alive = (bus, helpers, polkit_conn);318	pending().await319}320321async fn register_auth_agent<H, P>(conn: &Connection, agent: Agent<H, P>) -> anyhow::Result<()>322where323	H: Helper + Clone + Send + Sync + 'static,324	P: Prompter + Clone + Send + Sync + 'static,325{326	let proxy = zbus_polkit::policykit1::AuthorityProxy::new(conn).await?;327	conn.object_server().at(OBJ_PATH, agent).await?;328329	let subject = auth_agent_subject()?;330	proxy331		.register_authentication_agent(&subject, "C", OBJ_PATH)332		.await?;333	info!(kind = subject.subject_kind, "registered polkit agent");334	Ok(())335}336337fn auth_agent_subject() -> anyhow::Result<Subject> {338	let mut details = HashMap::new();339	if let Ok(session_id) = std::env::var("XDG_SESSION_ID") {340		let val: OwnedValue = Str::from(session_id).into();341		details.insert("session-id".to_string(), val);342		return Ok(Subject {343			subject_kind: "unix-session".to_string(),344			subject_details: details,345		});346	}347348	details.insert("pid".to_string(), OwnedValue::from(std::process::id()));349	Ok(Subject {350		subject_kind: "unix-process".to_string(),351		subject_details: details,352	})353}354355fn sh_quote(s: &str) -> String {356	format!("'{}'", s.replace('\'', "'\\''"))357}358359/// Prepend `dir` to the process `PATH`.360///361/// # SAFETY362///363/// Same as `set_var`364unsafe fn prepend_path(dir: &std::path::Path) {365	let value = match std::env::var_os("PATH") {366		Some(existing) => {367			let mut v = dir.as_os_str().to_owned();368			v.push(":");369			v.push(existing);370			v371		}372		None => dir.as_os_str().to_owned(),373	};374	unsafe {375		std::env::set_var("PATH", value);376	}377}
after · cmds/remowt-agent/src/main.rs
1use std::borrow::Cow;2use std::collections::{BTreeMap, HashMap};3use std::fs::Permissions;4use std::future::pending;5use std::os::unix::fs::PermissionsExt as _;6use std::path::PathBuf;7use std::sync::{Arc, Mutex, OnceLock};89use bifrostlink::declarative::RemoteEndpoints;10use bifrostlink::Rpc;11use bifrostlink_ports::stdio::from_stdio;12use bifrostlink_ports::unix_socket::from_socket;13use clap::Parser;14use remowt_link_shared::editor::EditorEndpointsClient;15use remowt_link_shared::{Address, BifConfig, Fs, Pty, Systemd};16use remowt_polkit_shared::{emphasize, BackendRequest, Identity, PidDisplay};17use remowt_ui_prompt::bifrost::PromptEndpointsClient;18use remowt_ui_prompt::{PrependSourcePrompter, Prompter, Source};19use tokio::fs;20use tokio::net::UnixStream;21use tokio::runtime::Builder;22use tokio::task::AbortHandle;23use tracing::{info, trace};24use zbus::fdo;25use zbus::zvariant::{OwnedValue, Str};26use zbus::{interface, proxy, Connection};27use zbus_polkit::policykit1::Subject;2829use self::helper::{Helper, SocketHelper, SuidHelper};3031pub mod askpass;32pub mod bus;33pub mod editor;34pub mod helper;3536struct CancelTaskOnDrop {37	tasks: Arc<Mutex<HashMap<String, AbortHandle>>>,38	handle: String,39}40impl Drop for CancelTaskOnDrop {41	fn drop(&mut self) {42		info!("cancel on drop");43		if let Some(task) = self44			.tasks45			.lock()46			.expect("not poisoned")47			.remove(&self.handle)48		{49			task.abort();50		}51	}52}5354struct Agent<H, P> {55	tasks: Arc<Mutex<HashMap<String, AbortHandle>>>,56	helper: H,57	prompter: P,58}59impl<H, P> Agent<H, P> {60	fn new(helper: H, prompter: P) -> Self {61		Agent {62			tasks: Arc::new(Mutex::new(HashMap::new())),63			helper,64			prompter,65		}66	}67}6869#[interface(name = "org.freedesktop.PolicyKit1.AuthenticationAgent")]70impl<H, P> Agent<H, P>71where72	H: Helper + Clone + Send + Sync + 'static,73	P: Prompter + Clone + Send + Sync + 'static,74{75	/// BeginAuthentication method76	#[allow(clippy::too_many_arguments)]77	async fn begin_authentication(78		&self,79		action_id: String,80		message: String,81		_icon_name: String,82		mut details: BTreeMap<String, String>,83		cookie: String,84		identities: Vec<Identity>,85	) -> zbus::fdo::Result<()> {86		use std::fmt::Write;87		info!("begin auth");88		let _cancel_guard = Arc::new(OnceLock::new());89		let task = {90			let helper = self.helper.clone();91			let prompter = self.prompter.clone();92			let cookie = cookie.clone();93			let _cancel_guard = _cancel_guard.clone();94			tokio::task::spawn(async move {95				let _cancel_guard = _cancel_guard.clone();96				trace!("conversation task");97				let mut description = format!("{message}\n\n<b>Action id:</b> {action_id}",);98				if let Some(subject) = details.remove("polkit.caller-pid") {99					let _ = write!(description, "\n<b>Caller:</b> ");100					if let Ok(pid) = subject.parse::<u32>() {101						let _ = write!(description, "{}", PidDisplay(pid));102					} else {103						let _ = write!(description, "{}", emphasize("invalid pid"));104					}105				}106				if let Some(subject) = details.remove("polkit.subject-pid") {107					let _ = write!(description, "\n<b>Subject:</b> ");108					if let Ok(pid) = subject.parse::<u32>() {109						let _ = write!(description, "{}", PidDisplay(pid));110					} else {111						let _ = write!(description, "{}", emphasize("invalid pid"));112					}113				}114				let mut prompter = PrependSourcePrompter {115					source: vec![Source(Cow::Borrowed("polkit agent"))],116					description: description.clone(),117					prompter,118				};119120				let identity_displays: Vec<String> =121					identities.iter().map(|v| v.to_string()).collect();122				let identity_displays: Vec<&str> =123					identity_displays.iter().map(|v| v.as_str()).collect();124				info!("choose identity");125				let choosen_identity = match identity_displays.len() {126					0 => {127						return Err(fdo::Error::AuthFailed(128							"no identity to authenticate as".to_owned(),129						))130					}131					1 => 0,132					_ => {133						prompter134							.prompt_enum(135								"Identity",136								"Select identity to use for polkit authorization",137								&identity_displays,138								&[],139							)140							.await?141					}142				};143				info!("identity chosen");144145				let _ = write!(146					description,147					"\n<b>Identity:</b> {}",148					identities[choosen_identity as usize]149				);150				prompter.description = description;151152				prompter.source.push(Source(Cow::Borrowed("polkit daemon")));153154				helper155					.help_me(156						&cookie,157						prompter,158						identities[choosen_identity as usize].clone(),159					)160					.await161					.map_err(|e| fdo::Error::Failed(e.to_string()))?;162				// let connection = Connection::system().await?;163				// let helper = PolkitHelperProxy::new(&connection).await?;164165				Ok(())166			})167		};168		self.tasks169			.lock()170			.unwrap()171			.insert(cookie.clone(), task.abort_handle());172		info!("abort handle stored");173		let _ = _cancel_guard.set(CancelTaskOnDrop {174			tasks: self.tasks.clone(),175			handle: cookie.clone(),176		});177178		let _ = task.await;179180		Ok(())181	}182183	/// CancelAuthentication method184	async fn cancel_authentication(&self, cookie: &str) -> zbus::fdo::Result<()> {185		info!("auth cancelled");186		if let Some(abort) = self.tasks.lock().unwrap().remove(cookie) {187			info!("abort handle found");188			abort.abort();189		}190		// debug!("Authentication cancled ! {cookie}");191		Ok(())192	}193}194195const OBJ_PATH: &str = "/org/freedesktop/PolicyKit1/AuthenticationAgent";196197#[proxy(198	interface = "lach.PolkitHelper",199	default_service = "lach.polkit.helper1",200	default_path = "/lach/PolkitHelper"201)]202trait PolkitHelper {203	fn init_conversation(&self, request: BackendRequest) -> zbus::Result<()>;204}205206#[derive(Parser)]207enum Opts {208	AskPass {209		prompt: String,210		description: String,211	},212	Editor {213		/// Argument to nvim214		path: String,215	},216	RealAgent {217		#[arg(long)]218		path: Option<PathBuf>,219		/// Expect own address to be AgentPrivileged, skip installing polkit agent220		#[arg(long)]221		privileged: bool,222	},223}224225fn main() -> anyhow::Result<()> {226	// Log to stderr: `privileged-agent` uses stdout as the bifrost transport,227	// so anything written there would corrupt the stream.228	tracing_subscriber::fmt()229		.with_writer(std::io::stderr)230		.init();231	let opts = Opts::parse();232233	let runtime = Builder::new_current_thread().enable_all().build()?;234235	match opts {236		Opts::AskPass {237			prompt,238			description,239		} => runtime.block_on(askpass::ask(&prompt, description)),240		Opts::Editor { path } => runtime.block_on(editor::edit(path)),241		Opts::RealAgent { path, privileged } => runtime.block_on(main_real_agent(path, privileged)),242	}243}244async fn main_real_agent(path: Option<PathBuf>, privileged: bool) -> anyhow::Result<()> {245	let address = if privileged {246		Address::AgentPrivileged247	} else {248		Address::Agent249	};250	let mut rpc = Rpc::<BifConfig>::new(address);251252	Fs::new().register_endpoints(&mut rpc);253	Systemd.register_endpoints(&mut rpc);254	Pty::new().register_endpoints(&mut rpc);255256	remowt_plugin::host::serve(&mut rpc);257258	let user_prompter = PromptEndpointsClient::wrap(rpc.remote(Address::User));259	let editor_client = EditorEndpointsClient::wrap(rpc.remote(Address::User));260261	let bus = bus::spawn().await?;262	askpass::serve(&bus.conn, user_prompter.clone()).await?;263	editor::serve(&bus.conn, editor_client).await?;264265	let helpers = tempfile::Builder::new().prefix("remowt-path.").tempdir()?;266	let exe = std::env::current_exe()?;267	let askpass_helper = helpers.path().join("remowt-askpass");268	let editor_helper = helpers.path().join("remowt-editor");269	{270		let script = format!(271			"#!/bin/sh\nexec {} ask-pass \"password\" \"$1\"\n",272			sh_quote(&exe.to_string_lossy())273		);274		fs::write(&askpass_helper, script).await?;275		fs::set_permissions(&askpass_helper, Permissions::from_mode(0o755)).await?;276	}277	{278		let script = format!(279			"#!/bin/sh\nexec {} editor \"$1\"\n",280			sh_quote(&exe.to_string_lossy())281		);282		fs::write(&editor_helper, script).await?;283		fs::set_permissions(&editor_helper, Permissions::from_mode(0o755)).await?;284	}285286	// Safety: Hoping tokio own threads won't read any of those...287	unsafe {288		prepend_path(helpers.path());289		std::env::set_var("SUDO_ASKPASS", &askpass_helper);290		std::env::set_var("SSH_ASKPASS", &askpass_helper);291		std::env::set_var("SSH_ASKPASS_REQUIRE", "force");292		std::env::set_var("EDITOR", &editor_helper);293		std::env::set_var("VISUAL", &editor_helper);294		std::env::set_var("DBUS_SESSION_BUS_ADDRESS", &bus.address);295	}296297	let port = match path {298		Some(path) => from_socket(UnixStream::connect(path).await?),299		None => from_stdio(),300	};301	rpc.add_direct(Address::User, port, bifrostlink::Rtt(0));302303	let polkit_conn = if !privileged {304		// The unprivileged agent doubles as a polkit authentication agent so305		// `run0` (e.g. our own elevation) routes its prompt to the User over306		// bifrost instead of failing on a tty-less session.307		let conn = Connection::system().await?;308		let helper = SocketHelper {309			fallback: SuidHelper,310		};311		register_auth_agent(&conn, Agent::new(helper, user_prompter)).await?;312		Some(conn)313	} else {314		None315	};316317	let _keep_alive = (bus, helpers, polkit_conn);318	pending().await319}320321async fn register_auth_agent<H, P>(conn: &Connection, agent: Agent<H, P>) -> anyhow::Result<()>322where323	H: Helper + Clone + Send + Sync + 'static,324	P: Prompter + Clone + Send + Sync + 'static,325{326	let proxy = zbus_polkit::policykit1::AuthorityProxy::new(conn).await?;327	conn.object_server().at(OBJ_PATH, agent).await?;328329	let subject = auth_agent_subject()?;330	proxy331		.register_authentication_agent(&subject, "C", OBJ_PATH)332		.await?;333	info!(kind = subject.subject_kind, "registered polkit agent");334	Ok(())335}336337fn auth_agent_subject() -> anyhow::Result<Subject> {338	let mut details = HashMap::new();339	if let Ok(session_id) = std::env::var("XDG_SESSION_ID") {340		let val: OwnedValue = Str::from(session_id).into();341		details.insert("session-id".to_string(), val);342		return Ok(Subject {343			subject_kind: "unix-session".to_string(),344			subject_details: details,345		});346	}347348	details.insert("pid".to_string(), OwnedValue::from(std::process::id()));349	Ok(Subject {350		subject_kind: "unix-process".to_string(),351		subject_details: details,352	})353}354355fn sh_quote(s: &str) -> String {356	format!("'{}'", s.replace('\'', "'\\''"))357}358359/// Prepend `dir` to the process `PATH`.360///361/// # SAFETY362///363/// Same as `set_var`364unsafe fn prepend_path(dir: &std::path::Path) {365	let value = match std::env::var_os("PATH") {366		Some(existing) => {367			let mut v = dir.as_os_str().to_owned();368			v.push(":");369			v.push(existing);370			v371		}372		None => dir.as_os_str().to_owned(),373	};374	unsafe {375		std::env::set_var("PATH", value);376	}377}
modifiedcmds/remowt-ssh/Cargo.tomldiffbeforeafterboth
--- a/cmds/remowt-ssh/Cargo.toml
+++ b/cmds/remowt-ssh/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "remowt-ssh"
+description = "SSH transport client for connecting to a remowt agent"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 clap = { workspace = true, features = ["derive"] }
@@ -23,6 +25,6 @@
 thiserror = "2.0.18"
 serde_json.workspace = true
 serde.workspace = true
-ui-prompt.workspace = true
+remowt-ui-prompt.workspace = true
 russh.workspace = true
 russh-config.workspace = true
modifiedcmds/remowt-ssh/src/main.rsdiffbeforeafterboth
--- a/cmds/remowt-ssh/src/main.rs
+++ b/cmds/remowt-ssh/src/main.rs
@@ -17,9 +17,9 @@
 use tokio::io::{AsyncRead, ReadBuf};
 use tokio::signal::unix::{signal, SignalKind};
 use tracing::info;
-use ui_prompt::bifrost::serve_prompts;
-use ui_prompt::rofi::RofiPrompter;
-use ui_prompt::{PrependSourcePrompter, Source};
+use remowt_ui_prompt::bifrost::serve_prompts;
+use remowt_ui_prompt::rofi::RofiPrompter;
+use remowt_ui_prompt::{PrependSourcePrompter, Source};
 
 #[derive(Parser)]
 struct Opts {
modifiedcrates/polkit-shared/Cargo.tomldiffbeforeafterboth
--- a/crates/polkit-shared/Cargo.toml
+++ b/crates/polkit-shared/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
-name = "polkit-shared"
+name = "remowt-polkit-shared"
+description = "Shared polkit/PAM types for remowt"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 nix.workspace = true
modifiedcrates/remowt-client/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-client/Cargo.toml
+++ b/crates/remowt-client/Cargo.toml
@@ -3,6 +3,7 @@
 description = "russh-based client connection to a remowt agent"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
modifiedcrates/remowt-fs/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-fs/Cargo.toml
+++ b/crates/remowt-fs/Cargo.toml
@@ -3,6 +3,7 @@
 description = "Filesystem endpoint for remowt/bifrostlink"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true
modifiedcrates/remowt-link-shared/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-link-shared/Cargo.toml
+++ b/crates/remowt-link-shared/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "remowt-link-shared"
-version = "0.1.0"
+description = "Shared bifrostlink endpoint wiring for remowt"
+version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true
@@ -12,6 +14,6 @@
 tokio = { workspace = true, features = ["fs"] }
 remowt-fs.workspace = true
 remowt-systemd.workspace = true
-ui-prompt.workspace = true
+remowt-ui-prompt.workspace = true
 camino = { workspace = true, features = ["serde1"] }
 remowt-pty.workspace = true
modifiedcrates/remowt-link-shared/src/lib.rsdiffbeforeafterboth
--- a/crates/remowt-link-shared/src/lib.rs
+++ b/crates/remowt-link-shared/src/lib.rs
@@ -1,3 +1,5 @@
+use std::future::Future;
+
 use bifrostlink::declarative::endpoints;
 use bifrostlink::error::{ErrorT, ListenerForYourRequestHasBeenDeadError, ResponseError};
 use bifrostlink::notification;
@@ -30,7 +32,7 @@
 }
 
 pub trait Elevator: Send + Sync {
-	fn elevate(&self) -> impl std::future::Future<Output = Result<(), ElevateError>> + Send;
+	fn elevate(&self) -> impl Future<Output = Result<(), ElevateError>> + Send;
 }
 
 pub struct ElevateEndpoints<E>(pub E);
@@ -51,7 +53,7 @@
 	Response(String),
 
 	#[error(transparent)]
-	Ui(#[from] ui_prompt::Error),
+	Ui(#[from] remowt_ui_prompt::Error),
 }
 
 impl From<ListenerForYourRequestHasBeenDeadError> for Error {
modifiedcrates/remowt-nix-daemon/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-nix-daemon/Cargo.toml
+++ b/crates/remowt-nix-daemon/Cargo.toml
@@ -3,6 +3,7 @@
 description = "Nix daemon proxy"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
modifiedcrates/remowt-plugin/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-plugin/Cargo.toml
+++ b/crates/remowt-plugin/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "remowt-plugin"
+description = "Plugin host and protocol for remowt agents"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
modifiedcrates/remowt-pty/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-pty/Cargo.toml
+++ b/crates/remowt-pty/Cargo.toml
@@ -3,6 +3,7 @@
 description = "PTY/shell endpoint for remowt"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true
modifiedcrates/remowt-systemd/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-systemd/Cargo.toml
+++ b/crates/remowt-systemd/Cargo.toml
@@ -3,6 +3,7 @@
 description = "systemd control endpoint for remowt/bifrostlink (over D-Bus)"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true
modifiedcrates/ui-prompt/Cargo.tomldiffbeforeafterboth
--- a/crates/ui-prompt/Cargo.toml
+++ b/crates/ui-prompt/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
-name = "ui-prompt"
+name = "remowt-ui-prompt"
+description = "Interactive UI prompt endpoint for remowt (D-Bus)"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true