In the Part 10 of the FreeBSD Desktop series I would like to describe key components of self made custom desktop environment such as:
- Window Manager
- Status Bar
- Task Bar
- Wallpaper Handling
- Application Launcher
- Keyboard/Mouse Shortcuts
- Locking Solution
- Blue Light Spectrum Suppress
Today we will focus on the sixth part – the Locking Solution. In the next series each of these components configuration would also be described along with eventual needed scripts.
You may want to check other articles in the FreeBSD Desktop series on the FreeBSD Desktop – Global Page where you will find links to all episodes of the series along with table of contents for each episodeβs contents.
While screen locking feature is obvious for popular operating systems like Mac OS X (macOS) and Windows (or complete desktop environments such as KDE Plasma) its not when you build your desktop environment from the ground up. Similarly like in Part 9 about Keyboard/Mouse Shortcuts I will describe what light solutions will work here instead of focusing on all available solutions and choosing the best ones from them.
The tools we will embrace in this process are:
mate-screensaverxlockxautolock
The roles of mate-screensaver and xlock are redundant but we will keep xlock as fallback when mate-screensaver will fail for some reason. For example after upgrade some library may not be available (or will be present but in different version or filename) so mate-screensaver will fail and then xlock will take the role to securely lock the screen.
The xautolock will be used to automatically lock the screen (invoke mate-screensaver or xlock command) after defined period of inactivity time, for example when You would forgot to lock the screen and left the laptop ‘open’ to the World. π
mate-screensaver
From all the nice looking solutions providing screen lock on the X11 I found mate-screensaver the best choice for this task. By default it does not display any fancy screensaver, just plain old blank screen, which is good for laptops, saves battery time.
The mate-screensaver has to be started and run in the background with, well mate-screensaver command – placed somewhere in the ~/.xinitrc or ~/.xsession file. Then we would be able to invoke mate-screensaver-command --lock command to make the actual screen lock.
xlock
When mate-screensaver will not be available or functional we will use xlock as failover solution.
Its not very pretty and does not support FreeType fonts, but with clean or fixed font face its not that bad either, as they are quite nice and usable bitmap fonts.
The xlock tool appearance can be configured by specifying arguments. Below you will find example configuration with gray background and clean bitmap font.
% xlock \
-mode blank \
-planfont '-*-clean-*-*-*-*-*-*-*-*-*-*-iso8859-2' \
-font '-*-clean-*-*-*-*-*-*-*-*-*-*-iso8859-2' \
-username 'USERNAME: ' \
-password 'PASSWORD: ' \
-background gray30 \
-dpmsoff 1 \
-message ' ' \
-info ' '
Here is how it looks after configuration.
xautolock
We have addressed the on demand screen locking case but now we also need to make sure, that our screen will automatically lock after some period of time while we are away from the computer. Small utility called xautolock does exactly that and does it very efficiently.
Example invocation is presented below.
% xautolock \
-time 1 \
-locker \
~/bin/example-lock-handler.sh \
-resetsaver
The xautolock also has to be started and run in the background using the ~/.xinitrc or ~/.xsession file.
UPDATE 1 – Nice Looking xlock Configuration
After messing with xlock(1) little more I found a way to make it look a lot better. One of the reasons to use xlock(1) may be the mate-screensaver(1) memory footprint. While xlock(1) uses about 8 MB RAM the mate-screensaver(1) uses more them 5 times more which can be seen in the FreeBSD’s top(1) command output below.
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 55861 vermaden 4 33 0 65M 48M select 0 0:01 0.00% mate-screensaver 33761 vermaden 1 32 10 18M 8256K select 1 0:00 0.00% xlock
This 48 MB of RAM is more then entire openbox(1) and tint2(1) desktop ‘stack’.
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 42629 root 3 21 0 88M 56M select 0 1:34 0.00% Xorg 55861 vermaden 4 33 0 65M 48M select 0 0:01 0.00% mate-screensaver 70890 vermaden 1 20 0 53M 26M select 0 0:03 0.00% openbox 82040 vermaden 1 20 0 37M 21M select 1 0:01 0.00% tint2 89833 vermaden 1 20 0 18M 8908K select 0 0:00 0.00% dzen2 33761 vermaden 1 32 10 18M 8256K select 1 0:00 0.00% xlock 43585 root 1 28 0 17M 7700K wait 0 0:00 0.00% xdm 24399 vermaden 1 20 0 17M 6900K nanslp 1 0:03 0.00% redshift 42014 root 1 35 0 14M 4560K pause 0 0:00 0.00% xdm 74897 vermaden 1 20 0 13M 3720K select 1 0:01 0.00% xbindkeys
The new locking script is available on GitHub page – __openbox_lock.sh – here.
Here is the new xlock(1) config along with new more readable fixed font.
FONT='-*-fixed-*-*-*-*-10-*-*-*-*-*-iso8859-2'
xlock \
-mode image \
-planfont "${FONT}" \
-font "${FONT}" \
-username 'user: ' \
-password 'pass:' \
-info ' ' \
-validate 'Checking.' \
-invalid 'Nope. ' \
-background gray20 \
-foreground gray60 \
-dpmsoff 1 \
-icongeometry 64x64 \
-echokeys \
-echokey '*' \
-bitmap /home/vermaden/.icons/vermaden/xlock.xpm \
-count 1 \
-delay 10000000 \
-erasemode no_fade \
+showdate \
+description
The used above bitmap is also available on GitHub page – xlock.xpm – here.
Its just my logo on the black background, but You may of course use your own image/logo on black (#000000) background.
Now when screen is locked with xlock(1) it looks like that image below. It also quite fast does into DPMS off mode which means turned off screen for more battery life.
When you will want to enter the password to unlock the screen it will look like that.
I liked it so much that I have disabled mate-screensaver(1) entirely π
ππππππππ 
Pingback: FreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress | vermaden
Pingback: FreeBSD Desktop – Part 12 – Configuration – Openbox | vermaden
Pingback: FreeBSD Desktop – Part 13 – Configuration – Dzen2 | vermaden
Pingback: FreeBSD desktop (10) | 0ddn1x: tricks with *nix
Pingback: FreeBSD Desktop – Part 14 – Configuration – Tint2 | vermaden
Pingback: FreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts | vermaden
Pingback: FreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling | vermaden
Pingback: FreeBSD Desktop – Part 8 – Key Components – Application Launcher | vermaden
Pingback: FreeBSD Desktop – Part 6 – Key Components – Task Bar | vermaden
Pingback: FreeBSD Desktop – Part 5 – Key Components – Status Bar | vermaden
Pingback: FreeBSD Desktop – Part 4 – Key Components – Window Manager | vermaden
Pingback: FreeBSD Desktop – Part 15 – Configuration – Fonts & Frameworks | vermaden
Pingback: FreeBSD Desktop – Part 1 – Simplified Boot | vermaden
Pingback: FreeBSD Desktop – Part 2 – Install | vermaden
Pingback: FreeBSD Desktop – Part 3 – X11 Window System | vermaden
Pingback: FreeBSD Desktop – Part 16 – Configuration – Pause Any Application | vermaden
Pingback: FreeBSD Desktop – Part 17 – Automount Removable Media | π π ΄ππΌπ°π³π π
Pingback: FreeBSD Desktop – Part 2.1 – Install FreeBSD 12 | ππππππππ
Pingback: FreeBSD Desktop – Part 18 – Global Dashboard | ππππππππ
I have a little mod for your XDM write-up, for those of us who having the comfort of a “Reboot” / “Shutdown” buttons on the XDM login screen.
Add to Xsetup_0:
This results in two ‘buttons’ at the bottom right of the screen, as per the geometry provided. These buttons have an oval shape. If one is neurotic about the rounded shapes, you can have rectangular ‘buttons’, by adding to (in /usr/local/etc/X11/xdm/) Xresources:
Add to Xresources:
Result: http://bitcrusher.org/xdm.png
EOF
LikeLike
Nice!
Thank You for this nice addition π
Regards.
LikeLike
CzeΕΔ,
I know this post has been here for quite some time and you might not see this comment, but what is your solution to waking up the laptop from standby/hibernate with the screen locked?
Currently if I
– close the lid
– use zzz/ZZZ command
my system’s unlocked screen is preserved. So when someone wakes it up, they have access to my user’s session.
Any ideas?
LikeLike
Hi,
I have notifications for all comments that are new so do not worry π
I have quite different ‘lock’ scenarios because I do not like if laptop goes to sleep/suspend when I close the laptop lid – so when I close it – nothing happens.
I sleep/suspend my laptop with [CTRL]+[SUPER]+[ALT]+[L] shortcut and then close the lid.
That means everytime I open the lid and laptop wakes up it has screen locked with xlock(1) command.
It is taken care of by this script:
– https://github.com/vermaden/scripts/blob/master/__openbox_lock_zzz.sh
But … if you want to have your system locked when you just close the lid – then I would try using the /etc/rc.suspend script and add there something like that:
FONT='-*-fixed-*-*-*-*-10-*-*-*-*-*-iso8859-2' FONT='-*-clean-*-*-*-*-*-*-*-*-*-*-iso8859-2' env DISPLAY=:0.0 \ xlock \ -mode image \ -planfontset "${FONT}" \ -fontset "${FONT}" \ -username 'user: ' \ -password 'pass:' \ -info ' ' \ -validate 'Checking.' \ -invalid 'Nope. ' \ -background gray20 \ -foreground gray60 \ -dpmsoff 1 \ -icongeometry 64x64 \ -echokeys \ -echokey '*' \ -bitmap /home/vermaden/.icons/vermaden/xlock.xpm \ -count 1 \ -delay 10000000 \ -erasemode no_fade \ +showdate \ +descriptionMaybe it would require additional su(1) before the env(1) command but that should lock your system after you have close the lid and when you open the lid to resume then it should be locked.
Let me know how it went.
Hope that helps.
Regards.
LikeLike
Hi,
Thanks for your quick response. Unfortunately it didn’t help. I tried editing rc.suspend and rc.resume. Also tried modifying zzz(8) to execute my locking program – /usr/local/bin/slock.
There are not many information on this in the internet. I also tried my luck with /etc/apmd.conf – I didn’t have this file so I had to create it.
Also tried experimenting with devd.conf.
I was using tips from those two sites:
– https://forums.freebsd.org/threads/resume-after-suspend-vulnerable-to-break-in.78089/
– https://forums.freebsd.org/threads/execute-command-after-acpi-resume.52971/
LikeLike
I did it! π
I had to add “permit nopass root as myusername” to doas.conf and then in rc.suspend I used the following line:
env DISPLAY=:0.0 /usr/local/bin/doas -u myusername /usr/local/bin/slock
Many thanks for your help.
LikeLike
Great to hear that π
Please also add that information on these FreeBSD Forums threads.
Regards.
LikeLike
Posted on the forums, just awaiting moderator approval:
– https://forums.freebsd.org/threads/execute-command-after-acpi-resume.52971/
BTW, in your post, instead of using xautolock, you can achieve the same thing with xidle – I think it’s already in the system, so you don’t need to install additional software. Just add this line to your .xsession:
After 5 minutes of inactivity, I am executing my own script which shows me a warning dialog before locking my screen. I do it this way, because very often I am staring at my screen for a few minutes while thinking about something, and in the meantime my screen will lock. Then I have to enter my password to unlock it. So this behavior gives me 15 seconds to react before my screen gets locked. I quite like it π It uses rofi to display a dialog box. Here’s the script:
#!/bin/sh timeout 15 rofi -config $DOTFILES/rofi/message.rasi -width 320 -e "$(printf '\r The screen is about to lock...\r')" -markup || slock exit 0So if the timeout command kills rofi and it exits with non-zero status – slock is executed. If I manage to press escape or click anywhere outside the rofi dialog box, rofi exits with 0 status and slock is not executed.
LikeLike
Thanks for sharing those.
The xidle is available from x11/xidle package – so the same as with xautolock – you need to install it π
I do not know which one is better – but good to know that both of them work properly.
Regards.
LikeLike