Capturing a screenshot of the GDM login screen

These days GDM on Debian is running using Wayland, so the classic way of taking a screenshot using the X protocol does not work:

# Sleeping before launching the command allows to switch to the login screen
# before the screen gets actually captured.
#
# Otherwise if the login screen is not visible, only a black image will be
# captured.
sleep 6

sudo -u Debian-gdm\
  DISPLAY=:0 \
  XAUTHORITY=/var/run/user/109/gdm/Xauthority \
  import -display :0 -win root /tmp/GDM-screenshot.png"

Capturing the screen of the Xwayland instance, which uses the display name :1024, does not work either.

From what I read Wayland does not have a standardized way to let clients access the content of the whole screen, probably for security reasons, instead compositors (or toolkits acting as compositors) are left with the choice to provide a mechanism for that themselves.

The Wayland reference compositor, named Weston, provides a “screenshooter” interface, and some software like VLC can use it to capture the screen, but the Gtk+ wayland backend does not provide such a protocol, and so capturing a screenshot of gnome-shell —which GDM is based on— is not possible using the wayland client API.

However gnome-shell can still capture the whole screen using the toolkit functions, and it exposes this functionality via DBus under the org.gnome.Shell.Screenshot interface.

So a screenshot of gnome-shell can be captured with a script like this:

#!/bin/sh

set -e

OUTPUT_FILE=/tmp/GDM-screenshot.png

# Under Debian GDM is executed as the Debian-gdm user.
# On other distributions you'll need to adjust the value.
USERNAME=Debian-gdm

GNOME_SHELL_PID=$(pgrep -U $USERNAME gnome-shell)

# The tr command at the end is to strip the trailing NUL byte, which can cause
# some shells to emit a warning like:
#   bash: warning: command substitution: ignored null byte in input
DBUS_ADDRESS_ENV=$(sudo -u $USERNAME grep -z DBUS_SESSION_BUS_ADDRESS /proc/$GNOME_SHELL_PID/environ | tr -d '\0')

sudo -u $USERNAME $DBUS_ADDRESS_ENV \
  dbus-send --type=method_call --print-reply \
    --dest=org.gnome.Shell.Screenshot \
    /org/gnome/Shell/Screenshot \
    org.gnome.Shell.Screenshot.Screenshot boolean:true boolean:false string:$OUTPUT_FILE

However this is still not enough for GDM, the DBus method returns always false with the default GDM config.

This happens because saving files to the disk is forbidden by default:

$ sudo -u Debian-gdm DCONF_PROFILE=gdm gsettings get org.gnome.desktop.lockdown disable-save-to-disk
true

Setting the GSetting key to false interactively does not work because the key is marked as read-only.

It is necessary to change the value in the configuration file /etc/gdm3/greeter.dconf-defaults, by adding these two lines:

[org/gnome/desktop/lockdown]
disable-save-to-disk=false

After that, and after a restart, it is possible to capture screenshots of the GDM login screen using the DBus interface.


CommentiCondividi contenuti

Invia nuovo commento

Il contenuto di questo campo è privato e non verrà mostrato pubblicamente. If you have a Gravatar account associated with the e-mail address you provide, it will be used to display your avatar.
  • Indirizzi web o e-mail vengono trasformati in link automaticamente
  • Elementi HTML permessi: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Linee e paragrafi vanno a capo automaticamente.

Ulteriori informazioni sulle opzioni di formattazione

CAPTCHA
Questa domanda serve a verificare che il form non venga inviato da procedure automatizzate
7
h
y
f
X
S
Enter the code without spaces.