Hello, I would like to submit the pinhead project for consideration to be listed in the "Rocks" section of the suckless.org website.
The project act as a minimal, secure 2FA/PIN gatekeeper designed to sit directly in /etc/passwd. It enforces a secondary verification layer for interactive environments (TTY and SSH) while gracefully multiplexing graphical display manager handshakes (such as GDM/GNOME Shell) without adding overhead or keeping zombie processes in memory. Key features (most) aligned with the suckless philosophy: - Zero bloat: written in pure, idiomatic ANSI C. No complex external library dependencies. No PAM stuff. No bloated QR-code libraries nor TOTP. I deliver these ones by myself, too. - No autotools: build system avoids autoconf/automake bloat, relying strictly on clean, human-readable Makefiles. - Strictly POSIX compliant: compiles and runs out of the box with 100% success across Linux, FreeBSD, NetBSD, OpenBSD, and Minix. - Build dependency: the build process is based on gmake (GNU Make) across all supported platforms. - Secure by design: static bounds checking on I/O buffers, explicit memory handling, and clean process image replacement via execvp, TOTP uses SHA-2 instead of SHA-1. - License: BSD-3. The repository and current code base are hosted on a sovereign instance at Codeberg: https://codeberg.org/rafael-santiago/pinhead I am highly open to feedback, technical critique, and suggestions reggarding the code structure, portability, or any style improvements that better align with the community standards. Thank you for your time and for maintaining the suckless philosophy. Best regards, Rafael Santiago https://codeberg.org/rafael-santiago
