refactor: use systemd.tmpfiles for GNOME Keyring, simplify reset scripts

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/71dab9c7-081f-4e45-80c2-080e88ae6207 Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
2026-04-30 13:52:27 +00:00
parent 953fb04671
commit c450dcab9e
3 changed files with 32 additions and 76 deletions
@@ -33,10 +33,8 @@ let
    echo "$NEW_PASS" > "$SECRET_FILE"
    chmod 600 "$SECRET_FILE"
    echo "Password for 'free' updated and saved."
-    # Delete the old GNOME Keyring so it is recreated with the new password on next GDM login.
-    rm -rf /home/free/.local/share/keyrings/*
-    # Recreate the default pointer so PAM knows which keyring to unlock.
-    su - free -c 'echo "login" > ~/.local/share/keyrings/default'
+    # Delete the old GNOME Keyring databases so a fresh one is created on next GDM login.
+    rm -f /home/free/.local/share/keyrings/*.keyring
    echo "GNOME Keyring files cleared — a fresh keyring will be created on next login."
  '';
 in
@@ -184,15 +182,6 @@ in
      echo "$FREE_PASS" > "$SECRET_FILE"
      chmod 600 "$SECRET_FILE"
      echo "free:$FREE_PASS" | chpasswd
-      # Seed the GNOME Keyring default pointer so PAM creates a fresh keyring
-      # on first login without prompting the user.  Guard with -f so we never
-      # overwrite an existing pointer on legacy machines that already have one.
-      su - free -c '
-        mkdir -p ~/.local/share/keyrings
-        if [ ! -f ~/.local/share/keyrings/default ]; then
-          echo "login" > ~/.local/share/keyrings/default
-        fi
-      '
    '';
  };