display manager - lightdm, gdm3, sddm or no display manager (startx)

Patrick · September 27, 2021, 1:31pm

Whonix 15 was using lightdm. It was removed due to autologin heisenbug. [1] [2] [3]

Therefore Whonix 16 is using gdm3. It is also a good choice because it supports wayland (and fits with Gnome, which Whonix might be ported to, depending on many things such as feasibility, resource use, please use a dedicated forum thread (none might exist yet, see [4]).

[1] autologin not work sometimes · Issue #210 · canonical/lightdm · GitHub

[2] autologin is not working every time · Issue #191 · canonical/lightdm · GitHub

[3] Heisenbug - Wikipedia

[4] Search results for 'wayland' - Whonix Forum

HulaHoop · September 27, 2021, 3:09pm

If this is doable during this release cycle, then it would exceed any other benefit of switching away including reduced resource usage.

Patrick · September 27, 2021, 3:41pm

Dunno. I’ll know when I get to it. Depends on how many / any issues caused by wayland.

Patrick · June 24, 2022, 11:10pm

github.com/sddm/sddm

`Session=` autodetection broken / auto detect desktop environment

opened 11:10PM - 24 Jun 22 UTC

adrelanos

sddm when using `[Autologin]` currently requires the desktop environment to be h…ardcoded in the `Session=xfce`. broken: ``` [Autologin] User=user ``` functional: ``` [Autologin] User=user Session=xfce ``` environment: * Debian `bullseye` * sddm `0.19.0` * File `/usr/share/xsessions/xfce.desktop` exits. * No other desktop environment besides Xfce installed. bug report: Even if `Session=xfce` is not set, sddm should autologin into Xfce. Seems like auto detection of the desktop environment is failing. By comparison, gdm3 display manager does not require a hardcoded `Session=xfce` setting. But of course sddm is nicer because it has much leaner dependencies.

github.com/sddm/sddm

Autologin in X11 does not work if session name is absolute path

opened 08:14PM - 29 Oct 22 UTC

arvidjaar

sddm tries to detect session type by searching for session name in corresponding… directories: https://github.com/sddm/sddm/blob/fc24321541f6f65b7d1aac89cd82336ffd53e1a0/src/daemon/Display.cpp#L198 `findSessionEntry` simply calls `dir.exists` for session name: https://github.com/sddm/sddm/blob/fc24321541f6f65b7d1aac89cd82336ffd53e1a0/src/daemon/Display.cpp#L345 which always returns `TRUE` for an absolute pathname. It means autologin is always attempted as Wayland, resulting in ``` Oct 29 19:32:04 uefi sddm-helper[1152]: Starting: "/usr/share/sddm/scripts/wayland-session /usr/bin/startplasma-x11" ``` Which obviously fails. The problem is, by default autologin session is `NULL` and so sddm reads the last session from state file. But last session name is always stored as the absolute pathname: ``` uefi:~ # cat /var/lib/sddm/ .cache/ .config/ .local/ state.conf uefi:~ # cat /var/lib/sddm/state.conf [Last] # Name of the last logged-in user. # This user will be preselected when the login screen appears User=user # Name of the session for the last logged-in user. # This session will be preselected when the login screen appears. Session=/usr/share/xsessions/plasma5.desktop uefi:~ # ``` so if the last session was X11, subsequent autologin will always fail.

Patrick · June 24, 2022, 11:14pm

Patrick · June 24, 2022, 11:15pm

Patrick · June 28, 2022, 11:56am

display manager requirements:

in packages.debian.org
no dependency hell
wayland support
autologin supported without heisenbug
no hardcoding of desktop environment required in config for autologin

Not easy to find…

Patrick · June 28, 2022, 11:58am

gdm3:

in packages.debian.org
wayland support
dependency hell, depends on gnome-session which depends on evolution-data-server
stable autologin
complicated to configure disable auto logout - Configure automatic logout
bug: Whonix-KVM after some time of inactivity request User login - unwanted automatic logout

sddm:

in packages.debian.org
no dependency hell
wayland support
autologin supported
hardcoded Session=xfce config required (would be a technical debt making porting to other desktop environments harder)

lightdm:

in packages.debian.org
no dependency hell
wayland support
failed autologin heisenbug
- fixable using pam_autologin?
- fixable using Debian -- Details of package lightdm-autologin-greeter in bullseye?

Patrick · June 28, 2022, 12:30pm

Patrick · June 28, 2022, 6:55pm

Debian bug report:
lightdm-autologin-greeter: out-comment defunct autologin-user=AUTOLOGIN-USER-NOT-CONFIGURED in /etc/lightdm/lightdm.conf.d/lightdm-autologin-greeter.conf

Patrick · June 28, 2022, 7:27pm

Yet another option might be not using any display manager and instead use startx (or its wayland equivalent).

For that purpose RAM Adjusted Desktop Starter - Kicksecure (rads) could be modified.
(Whonix is based on Kicksecure.)
If no display manager is installed and if there is enough RAM and if startx is available, start it.
(Configurable.)

How about Whonix-Host?
(Would equally apply to Kicksecure host.)

Pre-configured style: Should have display manager and no default autologin? Also for logon password at every boot required.
Minimal style: autologin using startx by default. Display manager installation, logon password setup should be left to the user?

Display manager login password has limited use anyhow when already using Full Disk Encryption (FDE) → Protection against Physical Attacks.

Patrick · May 6, 2023, 8:11am

Might be fixed in Debian bookworm or bookworm + 1 as per Autologin in X11 does not work if session name is absolute path · Issue #1607 · sddm/sddm · GitHub.

Patrick · June 23, 2023, 10:10am

Fixed in Debian bookworm.

Automatically rebooted a VM a few hundred times and no autologin heisenbug so far.

Whonix 15 was using gdm3.
Whonix 16 will switch back to lightdm.

Patrick · September 18, 2024, 10:52am

add accountservice to kicksecure-desktop-environment-essential-xfce

fixes:

localhost lightdm[911]: Error getting user list from org.freedesktop.Accounts: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.Accounts was not provided by any .service files

package lightdm Suggests: accountservice

add `accountservice` to `kicksecure-desktop-environment-essential-xfce` · Kicksecure/kicksecure-meta-packages@1f544bf · GitHub