synergy: Run as user, add crypto support #29220
Conversation
- Run synergy client and server as user services instead of root - Add optional crypto support
|
@benley, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @MarcWeber and @wkennington to be potential reviewers. |
| serviceConfig.Restart = "on-failure"; | ||
| }; | ||
| }) | ||
| (mkIf cfgS.enable { | ||
| systemd.services."synergy-server" = { | ||
| systemd.user.services."synergy-server" = { |
There was a problem hiding this comment.
This requires the user to be logged in (so that a systemd --user instance is spawned). Is this desired for this kind of service?
There was a problem hiding this comment.
That's how I use it, at least. If we want to have synergy working on the display manager login screen, it would probably have to run as root. My guess is that nearly all synergy users will find it acceptable to have synergy start after login, but I suppose I don't know that for certain.
|
Anyone object to merging this? |
|
Sorry, I just forgot about this. |
ExecStart is not executed by a shell, hence && cannot be used
|
Have you tested that you can still connect to the client with this configuration? |
|
wiki link shows 404. |
|
The wiki is at https://github.com/symless/synergy-core/wiki/Security now. |
|
I'll finish up this PR soon - I had kinda forgotten about it. |
|
Any progress? |
|
I haven't been using Synergy recently so I once again forgot about this PR. If anyone is anxious for these features I can finish it up at some point. |
|
@benley any motivation to continue with this PR? |
|
This is probably a deadend now, because they removed support for crypto in synergy upstream. It's a non-free feature now. If anybody else wants to pick up this PR please feel free, of course. |
Motivation for this change
Sending keystrokes over the network unencrypted makes me sad.
Details on setting up x509 certs are at https://github.com/symless/synergy/wiki/Security#Generating_Certificate_and_Fingerprint