unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 4 Wiki Activity

style(host): rustfmt the security-fix wrapping (cargo fmt --all --check)
apple / swift (push) Successful in 1m5s
Details
ci / rust (push) Successful in 1m53s
Details
ci / web (push) Successful in 57s
Details
android / android (push) Successful in 3m47s
Details
ci / docs-site (push) Successful in 1m2s
Details
apple / screenshots (push) Successful in 5m35s
Details
deb / build-publish (push) Successful in 2m52s
Details
decky / build-publish (push) Successful in 22s
Details
windows-host / package (push) Successful in 8m26s
Details
ci / bench (push) Successful in 4m51s
Details
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 34s
Details
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 2m41s
Details
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m46s
Details
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m16s
Details
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 55s
Details
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Successful in 9m5s
Details
docker / deploy-docs (push) Successful in 23s
Details
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Successful in 8m53s
Details

Browse Source 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Enrico Bühler
2026-06-29 05:19:22 +00:00
parent 36259b264f
commit 91bb955d0c
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/punktfunk-host/src/mgmt_token.rs
+2 -1
View File
@@ -36,7 +36,8 @@ pub fn load_or_generate() -> Result<String> {
let token = hex::encode(buf); let token = hex::encode(buf);
let dir = crate::gamestream::config_dir(); let dir = crate::gamestream::config_dir();
// Owner-private dir (0700 Unix / DACL-locked Windows) so the token can't leak via the config path. // Owner-private dir (0700 Unix / DACL-locked Windows) so the token can't leak via the config path.
crate::gamestream::create_private_dir(&dir).with_context(|| format!("create {}", dir.display()))?; crate::gamestream::create_private_dir(&dir)
.with_context(|| format!("create {}", dir.display()))?;
write_token(&path, &token)?; write_token(&path, &token)?;
tracing::info!(path = %path.display(), "generated and persisted management API token (owner-only)"); tracing::info!(path = %path.display(), "generated and persisted management API token (owner-only)");
Ok(token) Ok(token)
crates/punktfunk-host/src/vdisplay/linux/gamescope.rs
+3 -1
View File
@@ -806,7 +806,9 @@ fn spawn(w: u32, h: u32, hz: u32, cmd: Option<&str>) -> Result<Child> {
.filter(|s| !s.trim().is_empty()) .filter(|s| !s.trim().is_empty())
// Read the env fallback under the shared env lock so it can't race a concurrent session's // Read the env fallback under the shared env lock so it can't race a concurrent session's
// `set_var` of the same key (security-review 2026-06-28 #7). // `set_var` of the same key (security-review 2026-06-28 #7).
.or_else(|| crate::vdisplay::with_env_lock(|| std::env::var("PUNKTFUNK_GAMESCOPE_APP").ok())) .or_else(|| {
crate::vdisplay::with_env_lock(|| std::env::var("PUNKTFUNK_GAMESCOPE_APP").ok())
})
.filter(|s| !s.trim().is_empty()) .filter(|s| !s.trim().is_empty())
.unwrap_or_else(|| "sleep infinity".to_string()); .unwrap_or_else(|| "sleep infinity".to_string());
let relay = ei_socket_file(); let relay = ei_socket_file();