From 0b506ac67c33939732bdd91d39a8a632bcbe0841 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Thu, 14 May 2026 10:58:38 +0100 Subject: refactor(snxctl-chromium): drop daemon drop-in, override snxctl's PATH snx-rs.service is a system unit, not --user, so the prior approach of overriding the daemon's PATH via a systemd drop-in could never apply. And it wasn't needed anyway: snxctl itself runs opener::open(url) in-process, so prepending the shim dir to snxctl's PATH is enough. - Drop dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf. - snxctl-chromium now just sets PATH and exec's snxctl connect. - xdg-open shim no longer forces --new-window so chromium can reuse a warm window (faster SAML round-trip). --- dot_local/share/snx-rs/bin/executable_xdg-open | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'dot_local/share/snx-rs') diff --git a/dot_local/share/snx-rs/bin/executable_xdg-open b/dot_local/share/snx-rs/bin/executable_xdg-open index 5577b10..f646200 100644 --- a/dot_local/share/snx-rs/bin/executable_xdg-open +++ b/dot_local/share/snx-rs/bin/executable_xdg-open @@ -1,11 +1,10 @@ #!/bin/sh # xdg-open shim that hands every URL to the flatpak ungoogled-chromium. # -# Used by snx-rs (which calls `xdg-open` via the `opener` crate) to land -# the SAML callback inside a browser that won't HTTPS-upgrade or LNA-block -# the loopback handoff to 127.0.0.1:7779. Wired up via a systemd --user -# drop-in (dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf) -# that prepends this directory to the daemon's PATH — it does NOT shadow +# Used by `snxctl connect` (via the snxctl-chromium wrapper) so the +# Check Point SAML callback lands in a browser that won't HTTPS-upgrade +# or LNA-block the loopback handoff to 127.0.0.1:7779. The wrapper +# prepends this directory to snxctl's PATH — this file does NOT shadow # the system-wide xdg-open for any other process. exec flatpak run io.github.ungoogled_software.ungoogled_chromium \ - --new-window "$@" + "$@" -- cgit v1.3.1