New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
synergy: Run as user, add crypto support #29220
Conversation
- Run synergy client and server as user services instead of root - Add optional crypto support
@benley, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @MarcWeber and @wkennington to be potential reviewers. |
serviceConfig.Restart = "on-failure"; | ||
}; | ||
}) | ||
(mkIf cfgS.enable { | ||
systemd.services."synergy-server" = { | ||
systemd.user.services."synergy-server" = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This requires the user to be logged in (so that a systemd --user
instance is spawned). Is this desired for this kind of service?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's how I use it, at least. If we want to have synergy working on the display manager login screen, it would probably have to run as root. My guess is that nearly all synergy users will find it acceptable to have synergy start after login, but I suppose I don't know that for certain.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
Anyone object to merging this? |
Sorry, I just forgot about this. |
ExecStart is not executed by a shell, hence && cannot be used
Have you tested that you can still connect to the client with this configuration? |
wiki link shows 404. |
The wiki is at https://github.com/symless/synergy-core/wiki/Security now. |
I'll finish up this PR soon - I had kinda forgotten about it. |
Any progress? |
I haven't been using Synergy recently so I once again forgot about this PR. If anyone is anxious for these features I can finish it up at some point. |
@benley any motivation to continue with this PR? |
This is probably a deadend now, because they removed support for crypto in synergy upstream. It's a non-free feature now. If anybody else wants to pick up this PR please feel free, of course. |
Motivation for this change
Sending keystrokes over the network unencrypted makes me sad.
Details on setting up x509 certs are at https://github.com/symless/synergy/wiki/Security#Generating_Certificate_and_Fingerprint