Thanks for your interest in Sentinel! Full guidance lives on the Contributing wiki page; this file is the short version for first-time contributors landing in the repo.
- Bugs that aren't security issues: open a bug report.
- Security vulnerabilities: see SECURITY.md. Please don't open public issues for these.
git clone https://github.com/atayoez/sentinel
cd sentinel
# Build the workspace.
cargo build --release --workspace
# Run the test suite.
cargo test --workspace --locked
# Format + clippy (CI gate).
cargo fmt --all -- --check
cargo clippy --workspace --all-targets -- -D warningsTo exercise the PAM module + helper end-to-end on your own machine without affecting your live polkit setup, use the dev-test wrapper:
./scripts/dev-test.shThis installs into /usr/lib/security/, runs an isolated PAM probe,
and rolls back unconditionally on exit.
For installing for real (replaces your polkit auth path — keep a root
shell open until you've confirmed pkexec works):
pkexec ./install.shThe installer is transactional: every replaced file is backed up to
<path>.pre-sentinel.bak and the state is recorded in
/var/lib/sentinel/install.state. pkexec ./uninstall.sh rolls
everything back from that state file.
The pull-request template lists the checks reviewers will look for. The big ones:
- Sentinel sits in the PAM auth path. If you touch
pam-sentinel, the polkit agent, or the helper UI, please runpkexec ./install.sh && pkexec trueend-to-end before opening the PR. A regression here can lock people out ofsudo/ polkit. - i18n changes: test with
LANG=tr_TR.UTF-8 pkexec true(or any shipped locale) — theevery_bundle_has_required_keysandevery_bundle_has_matching_placeholderstests catch most issues but not all rendering quirks. - Install/uninstall: please test the rollback path too
(
pkexec ./uninstall.sh).
Open-ended questions — design tradeoffs, "would you take a PR for X", "is this in scope" — go in Discussions rather than issues.
By contributing you agree your changes ship under GPL-3.0-or-later, Sentinel's license.