Apple Silicon Homebrew uses /opt/homebrew as prefix, so hardcoding
/usr/local/lib/ahfail/ahfail-display as DEFAULT_PATH breaks there.
build.rs now falls back to /usr/local/lib on macOS and /usr/lib on Linux
when AHFAIL_LIBDIR is not set; macOS uses the same concat!(env!(...))
approach as Linux.
install-macos.sh passes -Dlibdir so the baked-in path matches INSTALL_DIR.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Volume lock file now stores {pid}:{volume}:{muted} instead of "1":
- Allows recovery of saved volume state if the holder is SIGKILLed
- On stale lock detection (holder PID not alive), inherit saved volume state
and take ownership — prevents permanent volume loss and infinite lockout
PAM module DEFAULT_PATH now baked in at build time via AHFAIL_LIBDIR env var
passed by Meson, fixing the wrong path on multiarch Debian/Ubuntu where libdir
is /usr/lib/x86_64-linux-gnu rather than /usr/lib.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Implements a C-ABI PAM shared library that registers a pam_set_data
cleanup callback to detect auth failures and spawn/kill ahfail-display
via a double-fork, without ever touching credentials.
Replaces the single-crate Cargo.toml with a workspace containing
ahfail-gtklock (migrated from root src/) and three stub crates
(ahfail-ui, ahfail-pam, ahfail-display). Updates meson.build to
build with -p ahfail-gtklock.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
