From 87ddcf2e700c2a062cbe5c9ff4bb09e5ac533d17 Mon Sep 17 00:00:00 2001
From: Jarred Wilson <jarred.wilson12@gmail.com>
Date: Sun, 15 Sep 2024 19:08:51 +0000
Subject: [PATCH] Rework notification to not be sent from systemd service

---
 build_files/systemd.sh                           |  2 +-
 .../etc/profile.d/sb-key-notify-autostart.sh     |  6 ++++++
 .../skel/.config/autostart/sb-key-notify.desktop | 10 ++++++++++
 system_files/shared/usr/bin/sb-key-notify        |  9 +++++++++
 ...b-key-notify.service => check-sb-key.service} |  6 +-----
 .../{sb-key-notify.sh => check-sb-key.sh}        | 16 ----------------
 6 files changed, 27 insertions(+), 22 deletions(-)
 create mode 100644 system_files/shared/etc/profile.d/sb-key-notify-autostart.sh
 create mode 100644 system_files/shared/etc/skel/.config/autostart/sb-key-notify.desktop
 create mode 100644 system_files/shared/usr/bin/sb-key-notify
 rename system_files/shared/usr/lib/systemd/system/{sb-key-notify.service => check-sb-key.service} (62%)
 rename system_files/shared/usr/libexec/{sb-key-notify.sh => check-sb-key.sh} (59%)

diff --git a/build_files/systemd.sh b/build_files/systemd.sh
index 89e69fab324..9055c3abe6e 100755
--- a/build_files/systemd.sh
+++ b/build_files/systemd.sh
@@ -14,4 +14,4 @@ systemctl enable brew-upgrade.timer
 systemctl enable brew-update.timer
 systemctl --global enable ublue-user-setup.service
 systemctl --global enable podman-auto-update.timer
-systemctl enable sb-key-notify.service
+systemctl enable check-sb-key.service
diff --git a/system_files/shared/etc/profile.d/sb-key-notify-autostart.sh b/system_files/shared/etc/profile.d/sb-key-notify-autostart.sh
new file mode 100644
index 00000000000..776850fd83e
--- /dev/null
+++ b/system_files/shared/etc/profile.d/sb-key-notify-autostart.sh
@@ -0,0 +1,6 @@
+if test "$(id -u)" -gt "0" && test -d "$HOME"; then
+    if test ! -e "$HOME"/.config/autostart/sb-key-notify.desktop; then
+        mkdir -p "$HOME"/.config/autostart
+        cp -f /etc/skel/.config/autostart/sb-key-notify.desktop "$HOME"/.config/autostart
+    fi
+fi
\ No newline at end of file
diff --git a/system_files/shared/etc/skel/.config/autostart/sb-key-notify.desktop b/system_files/shared/etc/skel/.config/autostart/sb-key-notify.desktop
new file mode 100644
index 00000000000..0d93775498e
--- /dev/null
+++ b/system_files/shared/etc/skel/.config/autostart/sb-key-notify.desktop
@@ -0,0 +1,10 @@
+[Desktop Entry]
+Name=Secure boot Notify
+Comment=Autostart secure boot key notification
+Exec=/usr/bin/sb-key-notify
+Icon=org.gnome.Terminal
+Type=Application
+Categories=Utility;System;
+Name[en_US]=secure-boot-notify
+
+
diff --git a/system_files/shared/usr/bin/sb-key-notify b/system_files/shared/usr/bin/sb-key-notify
new file mode 100644
index 00000000000..75eed6f3ae4
--- /dev/null
+++ b/system_files/shared/usr/bin/sb-key-notify
@@ -0,0 +1,9 @@
+KEY_WARN_FILE="/run/user-motd-sbkey-warn.md"
+
+if [ -e $KEY_WARN_FILE ]; then
+    WARNING_MSG=$(cat "$KEY_WARN_FILE")
+
+    notify-send "WARNING" "$(echo "$WARNING_MSG" | tr -d '*~')" -i dialog-warning -u critical -a mokutil --wait
+else
+    echo "No secure boot key warning file.  Skipping...
+fi
\ No newline at end of file
diff --git a/system_files/shared/usr/lib/systemd/system/sb-key-notify.service b/system_files/shared/usr/lib/systemd/system/check-sb-key.service
similarity index 62%
rename from system_files/shared/usr/lib/systemd/system/sb-key-notify.service
rename to system_files/shared/usr/lib/systemd/system/check-sb-key.service
index e84a5430a7c..58f164bd9e3 100644
--- a/system_files/shared/usr/lib/systemd/system/sb-key-notify.service
+++ b/system_files/shared/usr/lib/systemd/system/check-sb-key.service
@@ -2,11 +2,7 @@
 Description=Service to check for secure boot key enrollment and send notifications
 
 [Service]
-ExecStart=/usr/libexec/sb-key-notify.sh
+ExecStart=/usr/libexec/check-sb-key.sh
 
 [Install]
 WantedBy=multi-user.target
-
-[Timer]
-OnBootSec=1min
-OnUnitActiveSec=3h
\ No newline at end of file
diff --git a/system_files/shared/usr/libexec/sb-key-notify.sh b/system_files/shared/usr/libexec/check-sb-key.sh
similarity index 59%
rename from system_files/shared/usr/libexec/sb-key-notify.sh
rename to system_files/shared/usr/libexec/check-sb-key.sh
index db21221f66a..e918fe177f8 100644
--- a/system_files/shared/usr/libexec/sb-key-notify.sh
+++ b/system_files/shared/usr/libexec/check-sb-key.sh
@@ -18,22 +18,6 @@ if [ $SB_ENABLED -ne 0 ]; then
 fi
 
 if mokutil --test-key "$KEY_DER_FILE"; then 
-    if loginctl --help | grep -q "json=MODE"; then
-        JSON_ARG="--json=short"
-    fi
-    USER_ID=$(loginctl list-users --output=json ${JSON_ARG:+$JSON_ARG} | jq -r '.[] | .user')
-    XDG_DIR=$(loginctl show-user "$USER_ID" | grep RuntimePath | cut -c 13-)
-    sudo -u "$USER_ID" \
-        "DISPLAY=:0" \
-        "DBUS_SESSION_BUS_ADDRESS=unix:path=$XDG_DIR/bus" \
-        notify-send \
-        "WARNING" \
-        "$(echo "$WARNING_MSG" | tr -d '*~')" \
-        -i dialog-warning \
-        -u critical \
-        -a mokutil \
-        --wait
-
     echo "**WARNING**: $WARNING_MSG" > $KEY_WARN_FILE
 else
     [ -e $KEY_WARN_FILE ] && rm $KEY_WARN_FILE