git.delta.rocks / remowt / refs/commits / f01cb7f97360

difftreelog

chore cargo publishing boilerplate

uqvspxnkYaroslav Bolyukin2026-06-11parent: #42e2f16.patch.diff
in: trunk

25 files changed

modifiedCargo.lockdiffbeforeafterboth
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1108,9 +1108,9 @@
 
 [[package]]
 name = "futures-channel"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78"
+checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
 dependencies = [
  "futures-core",
  "futures-sink",
@@ -1118,9 +1118,9 @@
 
 [[package]]
 name = "futures-core"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d"
+checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
 
 [[package]]
 name = "futures-executor"
@@ -1135,9 +1135,9 @@
 
 [[package]]
 name = "futures-io"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1"
+checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718"
 
 [[package]]
 name = "futures-lite"
@@ -1154,9 +1154,9 @@
 
 [[package]]
 name = "futures-macro"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
+checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1165,21 +1165,21 @@
 
 [[package]]
 name = "futures-sink"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5"
+checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893"
 
 [[package]]
 name = "futures-task"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004"
+checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
 
 [[package]]
 name = "futures-util"
-version = "0.3.30"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48"
+checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
 dependencies = [
  "futures-channel",
  "futures-core",
@@ -1189,7 +1189,6 @@
  "futures-task",
  "memchr",
  "pin-project-lite",
- "pin-utils",
  "slab",
 ]
 
@@ -1909,12 +1908,6 @@
 version = "0.2.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02"
-
-[[package]]
-name = "pin-utils"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 
 [[package]]
 name = "piper"
@@ -1979,25 +1972,16 @@
  "clap",
  "nix 0.29.0",
  "pam-client",
- "polkit-shared",
+ "remowt-polkit-shared",
+ "remowt-ui-prompt",
  "tokio",
  "tracing",
  "tracing-subscriber",
- "ui-prompt",
  "zbus",
  "zbus_polkit",
 ]
 
 [[package]]
-name = "polkit-shared"
-version = "0.1.0"
-dependencies = [
- "nix 0.29.0",
- "serde",
- "zbus",
-]
-
-[[package]]
 name = "polling"
 version = "3.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2251,18 +2235,18 @@
  "futures",
  "futures-util",
  "nix 0.29.0",
- "polkit-shared",
  "rand 0.8.5",
  "remowt-link-shared",
  "remowt-plugin",
+ "remowt-polkit-shared",
  "remowt-pty",
+ "remowt-ui-prompt",
  "serde",
  "tempfile",
  "tokio",
  "tokio-util",
  "tracing",
  "tracing-subscriber",
- "ui-prompt",
  "uuid",
  "zbus",
  "zbus_polkit",
@@ -2310,11 +2294,11 @@
  "remowt-fs",
  "remowt-pty",
  "remowt-systemd",
+ "remowt-ui-prompt",
  "serde",
  "serde_json",
  "thiserror 1.0.63",
  "tokio",
- "ui-prompt",
 ]
 
 [[package]]
@@ -2348,6 +2332,15 @@
 ]
 
 [[package]]
+name = "remowt-polkit-shared"
+version = "0.1.0"
+dependencies = [
+ "nix 0.29.0",
+ "serde",
+ "zbus",
+]
+
+[[package]]
 name = "remowt-pty"
 version = "0.1.0"
 dependencies = [
@@ -2375,6 +2368,7 @@
  "openssh",
  "remowt-client",
  "remowt-link-shared",
+ "remowt-ui-prompt",
  "russh",
  "russh-config",
  "serde",
@@ -2385,7 +2379,6 @@
  "tokio-stream",
  "tracing",
  "tracing-subscriber",
- "ui-prompt",
  "uuid",
 ]
 
@@ -2401,6 +2394,20 @@
 ]
 
 [[package]]
+name = "remowt-ui-prompt"
+version = "0.1.0"
+dependencies = [
+ "bifrostlink",
+ "bifrostlink-macros",
+ "serde",
+ "serde_json",
+ "thiserror 1.0.63",
+ "tokio",
+ "tracing",
+ "zbus",
+]
+
+[[package]]
 name = "rfc6979"
 version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3215,20 +3222,6 @@
  "memoffset",
  "tempfile",
  "winapi",
-]
-
-[[package]]
-name = "ui-prompt"
-version = "0.1.0"
-dependencies = [
- "bifrostlink",
- "bifrostlink-macros",
- "serde",
- "serde_json",
- "thiserror 1.0.63",
- "tokio",
- "tracing",
- "zbus",
 ]
 
 [[package]]
modifiedCargo.tomldiffbeforeafterboth
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,17 +1,22 @@
 [workspace]
 members = ["cmds/*", "crates/*"]
 resolver = "2"
-package.version = "0.1.0"
 
+[workspace.package]
+version = "0.1.0"
+license = "MIT"
+edition = "2021"
+repository = "https://gitlab.delta.directory/iam/remowt"
+
 [workspace.dependencies]
-remowt-fs = { path = "crates/remowt-fs" }
-remowt-pty = { path = "crates/remowt-pty" }
-remowt-systemd = { path = "crates/remowt-systemd" }
-remowt-client = { path = "crates/remowt-client" }
-polkit-shared = { version = "0.1.0", path = "crates/polkit-shared" }
+remowt-fs = { version = "0.1.0", path = "crates/remowt-fs" }
+remowt-pty = { version = "0.1.0", path = "crates/remowt-pty" }
+remowt-systemd = { version = "0.1.0", path = "crates/remowt-systemd" }
+remowt-client = { version = "0.1.0", path = "crates/remowt-client" }
+remowt-polkit-shared = { version = "0.1.0", path = "crates/polkit-shared" }
 remowt-link-shared = { version = "0.1.0", path = "crates/remowt-link-shared" }
 remowt-plugin = { version = "0.1.0", path = "crates/remowt-plugin" }
-ui-prompt = { version = "0.1.0", path = "crates/ui-prompt" }
+remowt-ui-prompt = { version = "0.1.0", path = "crates/ui-prompt" }
 
 bifrostlink = "0.2.0"
 bifrostlink-macros = "0.2.0"
addedLICENSEdiffbeforeafterboth
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Lach
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
modifiedcmds/polkit-dbus-helper/Cargo.tomldiffbeforeafterboth
--- a/cmds/polkit-dbus-helper/Cargo.toml
+++ b/cmds/polkit-dbus-helper/Cargo.toml
@@ -1,17 +1,19 @@
 [package]
 name = "polkit-backend"
+description = "polkit/PAM D-Bus authentication backend for remowt"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
 clap = { workspace = true, features = ["derive"] }
 nix.workspace = true
 pam-client.workspace = true
-polkit-shared.workspace = true
+remowt-polkit-shared.workspace = true
 tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] }
 tracing.workspace = true
 tracing-subscriber.workspace = true
-ui-prompt.workspace = true
+remowt-ui-prompt.workspace = true
 zbus = { workspace = true, features = ["tokio"] }
 zbus_polkit = { workspace = true, features = ["tokio"] }
modifiedcmds/polkit-dbus-helper/src/main.rsdiffbeforeafterboth
before · cmds/polkit-dbus-helper/src/main.rs
1use std::collections::{HashMap, HashSet};2use std::ffi::{CStr, CString};3use std::future::pending;4use std::sync::LazyLock;56use anyhow::Context as _;7use clap::Parser;8use nix::unistd::{setuid, Uid, User};9use pam_client::{Context, ConversationHandler, ErrorCode, Flag};10use polkit_shared::BackendRequest;11use tokio::task::{block_in_place, spawn_blocking};12use tracing::trace;13use ui_prompt::dbus::DbusPrompterProxyBlocking;14use ui_prompt::BlockingPrompter;15use zbus::fdo;16use zbus::message::Header;17use zbus::zvariant::OwnedValue;18use zbus::{blocking, interface, proxy, Connection};1920struct Helper {21	connection: Connection,22	blocking_connection: blocking::Connection,23}2425static ALLOWED_ENVIRONMENT: LazyLock<HashSet<&str>> = LazyLock::new(|| {26	[27		// pam ssh agent auth28		"SSH_AUTH_SOCK",29		// ssh itself provides this when running PAM30		"SSH_AUTH_INFO_0",31		// contains user which ran sudo32		"SUDO_USER",33	]34	.into_iter()35	.collect()36});3738struct Conversation<P>(P);39impl<P: BlockingPrompter> Conversation<P> {40	fn prompt_inner(&self, echo: bool, prompt: &CStr) -> Result<CString, ErrorCode> {41		trace!("do prompt");42		let out = self43			.044			.prompt_text(echo, &prompt.to_string_lossy(), "PAM prompt request", &[])45			.map_err(|e| {46				trace!("prompt error: {e}");47				ErrorCode::CONV_ERR48			})?;49		CString::new(out).map_err(|_| ErrorCode::CONV_AGAIN)50	}51	fn text_inner(&self, error: bool, msg: &CStr) {52		trace!("do text");53		let msg = msg.to_string_lossy();54		let _ = self.0.display_text(error, &msg, &[]);55	}56}57impl<P: BlockingPrompter> ConversationHandler for Conversation<P> {58	fn prompt_echo_on(&mut self, prompt: &CStr) -> Result<CString, ErrorCode> {59		self.prompt_inner(true, prompt)60	}6162	fn prompt_echo_off(&mut self, prompt: &CStr) -> Result<CString, ErrorCode> {63		self.prompt_inner(false, prompt)64	}6566	fn text_info(&mut self, msg: &CStr) {67		self.text_inner(false, msg)68	}6970	fn error_msg(&mut self, msg: &CStr) {71		self.text_inner(true, msg)72	}7374	fn radio_prompt(&mut self, prompt: &CStr) -> Result<bool, ErrorCode> {75		let prompt = prompt.to_string_lossy();76		let result = self77			.078			.prompt_radio(&prompt, "PAM prompt request", &[])79			.map_err(|_| ErrorCode::CONV_ERR)?;80		Ok(result)81	}82}8384#[proxy(85	default_service = "org.freedesktop.DBus",86	default_path = "/org/freedesktop/DBus"87)]88trait DBus {89	fn get_connection_credentials(&self, body: &str) -> zbus::Result<HashMap<String, OwnedValue>>;90}9192#[interface(name = "lach.PolkitHelper")]93impl Helper {94	async fn init_conversation(95		&self,96		request: BackendRequest,97		#[zbus(header)] hdr: Header<'_>,98	) -> fdo::Result<()> {99		let Some(sender) = hdr.sender().map(|v| v.to_owned()) else {100			trace!("missing sender");101			return Err(fdo::Error::AuthFailed("missing sender".to_owned()));102		};103104		let dbus = DBusProxy::new(&self.connection).await?;105106		// TOCTOU: sender might be already disconnected, and there might be another107		// user with different user id here, but does it matters?108		let reply = dbus.get_connection_credentials(&sender).await?;109		let connection_uid: u32 = (&reply["UnixUserID"]).try_into().unwrap();110111		let identity = request.identity.clone();112		let blocking_connection = self.blocking_connection.clone();113		let thread_result: fdo::Result<()> = block_in_place(move || {114			trace!("find user");115			let Some(identity_uid) = identity.uid() else {116				return Err(fdo::Error::AuthFailed("can't process identity".to_owned()));117			};118			let user = User::from_uid(identity_uid)119				.map_err(|_| fdo::Error::AuthFailed("error querying user".to_owned()))?120				.ok_or_else(|| fdo::Error::AuthFailed("uid not found".to_owned()))?;121122			let responder = DbusPrompterProxyBlocking::new(123				&blocking_connection,124				sender,125				request.prompter_path,126			)?;127			let conversation = Conversation(responder);128			trace!("run context for {}", &user.name);129			let mut ctx = Context::new(130				// TODO: Should another scope be used?131				"login",132				Some(&user.name),133				conversation,134			)135			.map_err(|_| fdo::Error::Failed("pam context init failed".to_owned()))?;136137			trace!("fill env");138			for (k, v) in request.environment {139				if k.contains('=') || !ALLOWED_ENVIRONMENT.contains(k.as_str()) {140					continue;141				}142				let _ = ctx.putenv(format!("{k}={v}"));143			}144145			trace!("authenticate");146			ctx.authenticate(Flag::NONE)147				.map_err(|_| fdo::Error::AuthFailed("pam authentication failed".to_owned()))?;148149			trace!("acct mgmt");150			ctx.acct_mgmt(Flag::NONE)151				.map_err(|_| fdo::Error::AuthFailed("pam acct mgmt failed".to_owned()))?;152153			Ok(())154		});155156		thread_result?;157158		trace!("respond");159		let proxy = zbus_polkit::policykit1::AuthorityProxy::new(&self.connection).await?;160161		let identity_details = request162			.identity163			.details164			.iter()165			.map(|(k, v)| (k.as_str(), (**v).try_clone().expect("success")))166			.collect::<HashMap<_, _>>();167		proxy168			.authentication_agent_response2(169				connection_uid,170				&request.cookie,171				&zbus_polkit::policykit1::Identity {172					identity_kind: &request.identity.kind,173					identity_details: &identity_details,174				},175			)176			.await?;177		Ok(())178	}179}180181const OBJ_PATH: &str = "/lach/PolkitHelper";182183#[derive(Parser)]184struct Opts {185	/// Not recommended: start as a session connection, then use escalation186	/// to respond to polkit requests.187	#[arg(long)]188	session: bool,189}190191#[tokio::main]192async fn main() -> anyhow::Result<()> {193	tracing_subscriber::fmt::init();194	let opts = Opts::parse();195	let connection = if opts.session {196		Connection::session().await197	} else {198		Connection::system().await199	}200	.context("failed to open connection")?;201202	let session = opts.session;203	let blocking_connection: anyhow::Result<blocking::Connection> = spawn_blocking(move || {204		Ok(if session {205			blocking::Connection::session()?206		} else {207			blocking::Connection::system()?208		})209	})210	.await?;211	let blocking_connection = blocking_connection.context("failed to open blocking connection")?;212213	if opts.session {214		setuid(Uid::from_raw(0))215			.context("polkit-backend needs to be suid if run in session mode")?;216	}217218	connection219		.object_server()220		.at(221			OBJ_PATH,222			Helper {223				connection: connection.clone(),224				blocking_connection,225			},226		)227		.await228		.context("failed listen path")?;229230	connection231		.request_name("lach.polkit.helper1")232		.await233		.context("failed to request name")?;234235	pending().await236}
after · cmds/polkit-dbus-helper/src/main.rs
1use std::collections::{HashMap, HashSet};2use std::ffi::{CStr, CString};3use std::future::pending;4use std::sync::LazyLock;56use anyhow::Context as _;7use clap::Parser;8use nix::unistd::{setuid, Uid, User};9use pam_client::{Context, ConversationHandler, ErrorCode, Flag};10use remowt_polkit_shared::BackendRequest;11use tokio::task::{block_in_place, spawn_blocking};12use tracing::trace;13use remowt_ui_prompt::dbus::DbusPrompterProxyBlocking;14use remowt_ui_prompt::BlockingPrompter;15use zbus::fdo;16use zbus::message::Header;17use zbus::zvariant::OwnedValue;18use zbus::{blocking, interface, proxy, Connection};1920struct Helper {21	connection: Connection,22	blocking_connection: blocking::Connection,23}2425static ALLOWED_ENVIRONMENT: LazyLock<HashSet<&str>> = LazyLock::new(|| {26	[27		// pam ssh agent auth28		"SSH_AUTH_SOCK",29		// ssh itself provides this when running PAM30		"SSH_AUTH_INFO_0",31		// contains user which ran sudo32		"SUDO_USER",33	]34	.into_iter()35	.collect()36});3738struct Conversation<P>(P);39impl<P: BlockingPrompter> Conversation<P> {40	fn prompt_inner(&self, echo: bool, prompt: &CStr) -> Result<CString, ErrorCode> {41		trace!("do prompt");42		let out = self43			.044			.prompt_text(echo, &prompt.to_string_lossy(), "PAM prompt request", &[])45			.map_err(|e| {46				trace!("prompt error: {e}");47				ErrorCode::CONV_ERR48			})?;49		CString::new(out).map_err(|_| ErrorCode::CONV_AGAIN)50	}51	fn text_inner(&self, error: bool, msg: &CStr) {52		trace!("do text");53		let msg = msg.to_string_lossy();54		let _ = self.0.display_text(error, &msg, &[]);55	}56}57impl<P: BlockingPrompter> ConversationHandler for Conversation<P> {58	fn prompt_echo_on(&mut self, prompt: &CStr) -> Result<CString, ErrorCode> {59		self.prompt_inner(true, prompt)60	}6162	fn prompt_echo_off(&mut self, prompt: &CStr) -> Result<CString, ErrorCode> {63		self.prompt_inner(false, prompt)64	}6566	fn text_info(&mut self, msg: &CStr) {67		self.text_inner(false, msg)68	}6970	fn error_msg(&mut self, msg: &CStr) {71		self.text_inner(true, msg)72	}7374	fn radio_prompt(&mut self, prompt: &CStr) -> Result<bool, ErrorCode> {75		let prompt = prompt.to_string_lossy();76		let result = self77			.078			.prompt_radio(&prompt, "PAM prompt request", &[])79			.map_err(|_| ErrorCode::CONV_ERR)?;80		Ok(result)81	}82}8384#[proxy(85	default_service = "org.freedesktop.DBus",86	default_path = "/org/freedesktop/DBus"87)]88trait DBus {89	fn get_connection_credentials(&self, body: &str) -> zbus::Result<HashMap<String, OwnedValue>>;90}9192#[interface(name = "lach.PolkitHelper")]93impl Helper {94	async fn init_conversation(95		&self,96		request: BackendRequest,97		#[zbus(header)] hdr: Header<'_>,98	) -> fdo::Result<()> {99		let Some(sender) = hdr.sender().map(|v| v.to_owned()) else {100			trace!("missing sender");101			return Err(fdo::Error::AuthFailed("missing sender".to_owned()));102		};103104		let dbus = DBusProxy::new(&self.connection).await?;105106		// TOCTOU: sender might be already disconnected, and there might be another107		// user with different user id here, but does it matters?108		let reply = dbus.get_connection_credentials(&sender).await?;109		let connection_uid: u32 = (&reply["UnixUserID"]).try_into().unwrap();110111		let identity = request.identity.clone();112		let blocking_connection = self.blocking_connection.clone();113		let thread_result: fdo::Result<()> = block_in_place(move || {114			trace!("find user");115			let Some(identity_uid) = identity.uid() else {116				return Err(fdo::Error::AuthFailed("can't process identity".to_owned()));117			};118			let user = User::from_uid(identity_uid)119				.map_err(|_| fdo::Error::AuthFailed("error querying user".to_owned()))?120				.ok_or_else(|| fdo::Error::AuthFailed("uid not found".to_owned()))?;121122			let responder = DbusPrompterProxyBlocking::new(123				&blocking_connection,124				sender,125				request.prompter_path,126			)?;127			let conversation = Conversation(responder);128			trace!("run context for {}", &user.name);129			let mut ctx = Context::new(130				// TODO: Should another scope be used?131				"login",132				Some(&user.name),133				conversation,134			)135			.map_err(|_| fdo::Error::Failed("pam context init failed".to_owned()))?;136137			trace!("fill env");138			for (k, v) in request.environment {139				if k.contains('=') || !ALLOWED_ENVIRONMENT.contains(k.as_str()) {140					continue;141				}142				let _ = ctx.putenv(format!("{k}={v}"));143			}144145			trace!("authenticate");146			ctx.authenticate(Flag::NONE)147				.map_err(|_| fdo::Error::AuthFailed("pam authentication failed".to_owned()))?;148149			trace!("acct mgmt");150			ctx.acct_mgmt(Flag::NONE)151				.map_err(|_| fdo::Error::AuthFailed("pam acct mgmt failed".to_owned()))?;152153			Ok(())154		});155156		thread_result?;157158		trace!("respond");159		let proxy = zbus_polkit::policykit1::AuthorityProxy::new(&self.connection).await?;160161		let identity_details = request162			.identity163			.details164			.iter()165			.map(|(k, v)| (k.as_str(), (**v).try_clone().expect("success")))166			.collect::<HashMap<_, _>>();167		proxy168			.authentication_agent_response2(169				connection_uid,170				&request.cookie,171				&zbus_polkit::policykit1::Identity {172					identity_kind: &request.identity.kind,173					identity_details: &identity_details,174				},175			)176			.await?;177		Ok(())178	}179}180181const OBJ_PATH: &str = "/lach/PolkitHelper";182183#[derive(Parser)]184struct Opts {185	/// Not recommended: start as a session connection, then use escalation186	/// to respond to polkit requests.187	#[arg(long)]188	session: bool,189}190191#[tokio::main]192async fn main() -> anyhow::Result<()> {193	tracing_subscriber::fmt::init();194	let opts = Opts::parse();195	let connection = if opts.session {196		Connection::session().await197	} else {198		Connection::system().await199	}200	.context("failed to open connection")?;201202	let session = opts.session;203	let blocking_connection: anyhow::Result<blocking::Connection> = spawn_blocking(move || {204		Ok(if session {205			blocking::Connection::session()?206		} else {207			blocking::Connection::system()?208		})209	})210	.await?;211	let blocking_connection = blocking_connection.context("failed to open blocking connection")?;212213	if opts.session {214		setuid(Uid::from_raw(0))215			.context("polkit-backend needs to be suid if run in session mode")?;216	}217218	connection219		.object_server()220		.at(221			OBJ_PATH,222			Helper {223				connection: connection.clone(),224				blocking_connection,225			},226		)227		.await228		.context("failed listen path")?;229230	connection231		.request_name("lach.polkit.helper1")232		.await233		.context("failed to request name")?;234235	pending().await236}
modifiedcmds/remowt-agent/Cargo.tomldiffbeforeafterboth
--- a/cmds/remowt-agent/Cargo.toml
+++ b/cmds/remowt-agent/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "remowt-agent"
+description = "remowt on-host agent serving fs/pty/systemd endpoints over bifrostlink"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
@@ -11,7 +13,7 @@
 futures.workspace = true
 futures-util.workspace = true
 nix.workspace = true
-polkit-shared.workspace = true
+remowt-polkit-shared.workspace = true
 rand.workspace = true
 remowt-link-shared.workspace = true
 remowt-plugin.workspace = true
@@ -30,7 +32,7 @@
 tokio-util = { workspace = true, features = ["codec"] }
 tracing.workspace = true
 tracing-subscriber.workspace = true
-ui-prompt.workspace = true
+remowt-ui-prompt.workspace = true
 uuid = { workspace = true, features = ["v4"] }
 zbus = { workspace = true, features = ["tokio"] }
 zbus_polkit = { workspace = true, features = ["tokio"] }
modifiedcmds/remowt-agent/src/askpass.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/askpass.rs
+++ b/cmds/remowt-agent/src/askpass.rs
@@ -2,9 +2,9 @@
 use std::io::Write as _;
 
 use anyhow::Context as _;
-use ui_prompt::bifrost::PromptEndpointsClient;
-use ui_prompt::dbus::{DbusPrompterInterface, DbusPrompterProxy};
-use ui_prompt::Source;
+use remowt_ui_prompt::bifrost::PromptEndpointsClient;
+use remowt_ui_prompt::dbus::{DbusPrompterInterface, DbusPrompterProxy};
+use remowt_ui_prompt::Source;
 use zbus::Connection;
 
 use remowt_link_shared::BifConfig;
modifiedcmds/remowt-agent/src/helper/dbus.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/dbus.rs
+++ b/cmds/remowt-agent/src/helper/dbus.rs
@@ -1,9 +1,9 @@
 use std::collections::HashMap;
 use std::marker::PhantomData;
 
-use polkit_shared::{BackendRequest, Identity};
-use ui_prompt::dbus::DbusPrompterInterface;
-use ui_prompt::Prompter;
+use remowt_polkit_shared::{BackendRequest, Identity};
+use remowt_ui_prompt::dbus::DbusPrompterInterface;
+use remowt_ui_prompt::Prompter;
 use zbus::Connection;
 
 use crate::PolkitHelperProxy;
modifiedcmds/remowt-agent/src/helper/mod.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/mod.rs
+++ b/cmds/remowt-agent/src/helper/mod.rs
@@ -1,6 +1,6 @@
 use futures::Future;
-use polkit_shared::Identity;
-use ui_prompt::Prompter;
+use remowt_polkit_shared::Identity;
+use remowt_ui_prompt::Prompter;
 
 mod dbus;
 mod protocol;
modifiedcmds/remowt-agent/src/helper/protocol.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/protocol.rs
+++ b/cmds/remowt-agent/src/helper/protocol.rs
@@ -6,7 +6,7 @@
 use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt as _};
 use tokio::select;
 use tokio_util::codec::{FramedRead, LinesCodec};
-use ui_prompt::Prompter;
+use remowt_ui_prompt::Prompter;
 
 pub async fn run_conversation<R, W, P>(reader: R, mut writer: W, prompt: P) -> anyhow::Result<()>
 where
modifiedcmds/remowt-agent/src/helper/socket.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/socket.rs
+++ b/cmds/remowt-agent/src/helper/socket.rs
@@ -1,10 +1,10 @@
 use anyhow::{anyhow, bail};
 use nix::unistd::User;
-use polkit_shared::Identity;
+use remowt_polkit_shared::Identity;
+use remowt_ui_prompt::Prompter;
 use tokio::io::AsyncWriteExt as _;
 use tokio::net::UnixStream;
 use tracing::debug;
-use ui_prompt::Prompter;
 
 use super::protocol::run_conversation;
 use super::Helper;
modifiedcmds/remowt-agent/src/helper/suid.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/helper/suid.rs
+++ b/cmds/remowt-agent/src/helper/suid.rs
@@ -2,10 +2,10 @@
 
 use anyhow::{anyhow, bail};
 use nix::unistd::User;
-use polkit_shared::Identity;
+use remowt_polkit_shared::Identity;
+use remowt_ui_prompt::Prompter;
 use tokio::io::AsyncWriteExt as _;
 use tokio::process::Command;
-use ui_prompt::Prompter;
 
 use super::protocol::run_conversation;
 use super::Helper;
modifiedcmds/remowt-agent/src/main.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/main.rs
+++ b/cmds/remowt-agent/src/main.rs
@@ -11,16 +11,16 @@
 use bifrostlink_ports::stdio::from_stdio;
 use bifrostlink_ports::unix_socket::from_socket;
 use clap::Parser;
-use polkit_shared::{emphasize, BackendRequest, Identity, PidDisplay};
 use remowt_link_shared::editor::EditorEndpointsClient;
 use remowt_link_shared::{Address, BifConfig, Fs, Pty, Systemd};
+use remowt_polkit_shared::{emphasize, BackendRequest, Identity, PidDisplay};
+use remowt_ui_prompt::bifrost::PromptEndpointsClient;
+use remowt_ui_prompt::{PrependSourcePrompter, Prompter, Source};
 use tokio::fs;
 use tokio::net::UnixStream;
 use tokio::runtime::Builder;
 use tokio::task::AbortHandle;
 use tracing::{info, trace};
-use ui_prompt::bifrost::PromptEndpointsClient;
-use ui_prompt::{PrependSourcePrompter, Prompter, Source};
 use zbus::fdo;
 use zbus::zvariant::{OwnedValue, Str};
 use zbus::{interface, proxy, Connection};
modifiedcmds/remowt-ssh/Cargo.tomldiffbeforeafterboth
--- a/cmds/remowt-ssh/Cargo.toml
+++ b/cmds/remowt-ssh/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "remowt-ssh"
+description = "SSH transport client for connecting to a remowt agent"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 clap = { workspace = true, features = ["derive"] }
@@ -23,6 +25,6 @@
 thiserror = "2.0.18"
 serde_json.workspace = true
 serde.workspace = true
-ui-prompt.workspace = true
+remowt-ui-prompt.workspace = true
 russh.workspace = true
 russh-config.workspace = true
modifiedcmds/remowt-ssh/src/main.rsdiffbeforeafterboth
--- a/cmds/remowt-ssh/src/main.rs
+++ b/cmds/remowt-ssh/src/main.rs
@@ -17,9 +17,9 @@
 use tokio::io::{AsyncRead, ReadBuf};
 use tokio::signal::unix::{signal, SignalKind};
 use tracing::info;
-use ui_prompt::bifrost::serve_prompts;
-use ui_prompt::rofi::RofiPrompter;
-use ui_prompt::{PrependSourcePrompter, Source};
+use remowt_ui_prompt::bifrost::serve_prompts;
+use remowt_ui_prompt::rofi::RofiPrompter;
+use remowt_ui_prompt::{PrependSourcePrompter, Source};
 
 #[derive(Parser)]
 struct Opts {
modifiedcrates/polkit-shared/Cargo.tomldiffbeforeafterboth
--- a/crates/polkit-shared/Cargo.toml
+++ b/crates/polkit-shared/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
-name = "polkit-shared"
+name = "remowt-polkit-shared"
+description = "Shared polkit/PAM types for remowt"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 nix.workspace = true
modifiedcrates/remowt-client/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-client/Cargo.toml
+++ b/crates/remowt-client/Cargo.toml
@@ -3,6 +3,7 @@
 description = "russh-based client connection to a remowt agent"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
modifiedcrates/remowt-fs/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-fs/Cargo.toml
+++ b/crates/remowt-fs/Cargo.toml
@@ -3,6 +3,7 @@
 description = "Filesystem endpoint for remowt/bifrostlink"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true
modifiedcrates/remowt-link-shared/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-link-shared/Cargo.toml
+++ b/crates/remowt-link-shared/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "remowt-link-shared"
-version = "0.1.0"
+description = "Shared bifrostlink endpoint wiring for remowt"
+version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true
@@ -12,6 +14,6 @@
 tokio = { workspace = true, features = ["fs"] }
 remowt-fs.workspace = true
 remowt-systemd.workspace = true
-ui-prompt.workspace = true
+remowt-ui-prompt.workspace = true
 camino = { workspace = true, features = ["serde1"] }
 remowt-pty.workspace = true
modifiedcrates/remowt-link-shared/src/lib.rsdiffbeforeafterboth
--- a/crates/remowt-link-shared/src/lib.rs
+++ b/crates/remowt-link-shared/src/lib.rs
@@ -1,3 +1,5 @@
+use std::future::Future;
+
 use bifrostlink::declarative::endpoints;
 use bifrostlink::error::{ErrorT, ListenerForYourRequestHasBeenDeadError, ResponseError};
 use bifrostlink::notification;
@@ -30,7 +32,7 @@
 }
 
 pub trait Elevator: Send + Sync {
-	fn elevate(&self) -> impl std::future::Future<Output = Result<(), ElevateError>> + Send;
+	fn elevate(&self) -> impl Future<Output = Result<(), ElevateError>> + Send;
 }
 
 pub struct ElevateEndpoints<E>(pub E);
@@ -51,7 +53,7 @@
 	Response(String),
 
 	#[error(transparent)]
-	Ui(#[from] ui_prompt::Error),
+	Ui(#[from] remowt_ui_prompt::Error),
 }
 
 impl From<ListenerForYourRequestHasBeenDeadError> for Error {
modifiedcrates/remowt-nix-daemon/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-nix-daemon/Cargo.toml
+++ b/crates/remowt-nix-daemon/Cargo.toml
@@ -3,6 +3,7 @@
 description = "Nix daemon proxy"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
modifiedcrates/remowt-plugin/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-plugin/Cargo.toml
+++ b/crates/remowt-plugin/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "remowt-plugin"
+description = "Plugin host and protocol for remowt agents"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 anyhow.workspace = true
modifiedcrates/remowt-pty/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-pty/Cargo.toml
+++ b/crates/remowt-pty/Cargo.toml
@@ -3,6 +3,7 @@
 description = "PTY/shell endpoint for remowt"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true
modifiedcrates/remowt-systemd/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-systemd/Cargo.toml
+++ b/crates/remowt-systemd/Cargo.toml
@@ -3,6 +3,7 @@
 description = "systemd control endpoint for remowt/bifrostlink (over D-Bus)"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true
modifiedcrates/ui-prompt/Cargo.tomldiffbeforeafterboth
--- a/crates/ui-prompt/Cargo.toml
+++ b/crates/ui-prompt/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
-name = "ui-prompt"
+name = "remowt-ui-prompt"
+description = "Interactive UI prompt endpoint for remowt (D-Bus)"
 version.workspace = true
 edition = "2021"
+license.workspace = true
 
 [dependencies]
 bifrostlink.workspace = true