weston-vnc: restore auth-method=none ini so weston accepts empty Apple-DH credentials

2026-05-20 19:20:02 +02:00 · 2026-05-20 19:20:02 +02:00 · 1b7d058d3c
commit 1b7d058d3c
parent 3224178d2d
1 changed files with 12 additions and 4 deletions
--- a/nix/templates/weston-vnc.nix
+++ b/nix/templates/weston-vnc.nix
@ -106,11 +106,19 @@

          # neatvnc ≥ 0.9 advertises RSA-AES and Apple-DH security types
          # when auth is compiled in. The browser client handles Apple-DH
-          # (type 30) with empty credentials (weston auth-method=none
-          # accepts any credentials). --disable-transport-layer-security
-          # prevents the VeNCrypt TLS wrapper over the VNC-over-WebSocket
-          # relay; plain auth types are used directly.
+          # (type 30) with empty credentials.
+          #
+          # weston.ini [vnc] auth-method=none: weston uses an always-accept
+          # auth callback instead of PAM. Without this, weston defaults to
+          # PAM authentication which rejects empty credentials (SecurityResult=1).
+          #
+          # --disable-transport-layer-security prevents the VeNCrypt TLS
+          # wrapper; plain auth types (incl. type 30) are advertised directly.
+          WESTON_INI=$(${pkgs.coreutils}/bin/mktemp /tmp/weston-XXXXXX.ini)
+          ${pkgs.coreutils}/bin/printf '[vnc]\nauth-method=none\n' > "$WESTON_INI"
+
          exec ${pkgs.weston}/bin/weston \
+            --config="$WESTON_INI" \
            --backend=vnc-backend.so \
            --renderer=pixman \
            --port="$VNC_PORT" \