Skip to content

feat: improve linux support #289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lgalabru merged 5 commits into from
Mar 30, 2026
Merged

feat: improve linux support #289

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
35549c3
feat: implement gnome-keyring keystore
Mar 27, 2026
006ba07
docs: polkit note
Mar 27, 2026
a8d51cd
fix: use infallible From instead of try_from for OwnedValue conversion
lgalabru Mar 27, 2026
14c1f19
Update rust/crates/keystore/src/backends/gnome_keyring.rs
lgalabru Mar 27, 2026
e0b6a0e
fix: use EncryptionType::Dh in Secret Service connect() for encrypted…
Copilot Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions .github/workflows/release-cli.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,31 @@ jobs:
artifacts/*.zip
artifacts/sha256sums.txt

# ── Publish to Snap Store ────────────────────────────────────────────────
snap:
name: Snap
needs: [preflight, release]
if: ${{ !(github.event_name == 'workflow_dispatch' && inputs.dry-run) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.preflight.outputs.tag }}

- name: Set snap version
run: |
sed -i "s/^version:.*/version: \"${{ needs.preflight.outputs.version }}\"/" snap/snapcraft.yaml

- uses: snapcore/action-build@v1
id: build

- uses: snapcore/action-publish@v1
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
with:
snap: ${{ steps.build.outputs.snap }}
release: stable

# ── Update Homebrew tap ──────────────────────────────────────────────────
# Disabled: the first Homebrew submission must be manual.
# Uncomment after solana-foundation/homebrew-tap has the pay formula.
Expand Down
19 changes: 16 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,19 +30,26 @@ Supports both live payment standards on Solana:

SOL and SPL tokens (USDC, USDT, etc.) are supported out of the box.

### Touch ID & 1Password Key Storage
### Touch ID, GNOME Keyring & 1Password Key Storage

Your keys never touch disk in plaintext. `pay` stores keypairs in:

- **macOS Keychain** with Touch ID biometric protection
- **GNOME Keyring** with password/fingerprint prompt on every use (Linux)
- **1Password** vault integration (cross-platform)
- **File-based** fallback for CI and scripting

```sh
pay setup --backend keychain # Touch ID protected
pay setup --backend 1password # Cross-platform vault
pay setup # Touch ID on macOS, GNOME Keyring on Linux, or choose 1Password
```

> **Linux note:** GNOME Keyring auth uses polkit, which requires a one-time setup step:
> ```sh
> sudo cp rust/config/polkit/sh.pay.unlock-keypair.policy /usr/share/polkit-1/actions/
> ```
> This grants `pay` the right to prompt for your password or fingerprint before
> accessing the keypair. Without it, `pay topup` and `pay curl` will error.

### Session Budgets via TUI

Set a spending cap and expiration before making requests. The interactive TUI lets you control exactly how much you're willing to spend per session — no surprise charges.
Expand Down Expand Up @@ -79,6 +86,12 @@ cd pay/rust
cargo install --path crates/cli
```

**Linux only** — install the polkit action to enable keypair auth:

```sh
sudo cp rust/config/polkit/sh.pay.unlock-keypair.policy /usr/share/polkit-1/actions/
```

### Verify

```sh
Expand Down
Loading
Loading