This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
doc:howto:tce [2018/02/12 14:41] stefanbaur [List of open ToDos/FIXMEs for this page] added partition label support |
doc:howto:tce [2019/01/30 21:18] stefanbaur [List of open ToDos/FIXMEs for this page] we need to keep some more packages to enable xset |
||
---|---|---|---|
Line 12: | Line 12: | ||
During the time of Debian Wheezy being Debian' | During the time of Debian Wheezy being Debian' | ||
- | The disadvantage is that your ThinClient now needs at least 1 GB of RAM (see below). | + | The disadvantage is that your ThinClient now needs at least 512 MB to 1 GB of RAM (see below). |
However, the huge advantage is that there no longer is a need for any high-availibility setup concerning NFS (nor HTTP/ | However, the huge advantage is that there no longer is a need for any high-availibility setup concerning NFS (nor HTTP/ | ||
Line 38: | Line 38: | ||
==== Configuring the Build ==== | ==== Configuring the Build ==== | ||
< | < | ||
+ | #!/bin/bash | ||
# Select ONE of the following git reposities | # Select ONE of the following git reposities | ||
# this one loosely corresponds to " | # this one loosely corresponds to " | ||
Line 144: | Line 145: | ||
< | < | ||
+ | #!/bin/bash | ||
mkdir -p ./ | mkdir -p ./ | ||
- | + | wget -O ./ | |
- | cat >./ | + | |
- | + | ||
- | # | + | |
- | # Copyright (C) 2007-2017 by X2Go project, http://wiki.x2go.org | + | |
- | # | + | |
- | + | ||
- | # X2Go is free software; you can redistribute it and/or modify | + | |
- | # it under the terms of the GNU General Public License as published by | + | |
- | # the Free Software Foundation; either version 2 of the License, or | + | |
- | # (at your option) any later version. | + | |
- | # | + | |
- | # X2Go is distributed in the hope that it will be useful, | + | |
- | # but WITHOUT ANY WARRANTY; without even the implied warranty of | + | |
- | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | + | |
- | # GNU General Public License for more details. | + | |
- | # | + | |
- | # You should have received a copy of the GNU General Public License | + | |
- | # along with this program; if not, write to the | + | |
- | # Free Software Foundation, Inc., | + | |
- | # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. | + | |
- | + | ||
- | use strict; | + | |
- | use File:: | + | |
- | # comment out this " | + | |
- | # uncomment the block below if you need to do early boot stage | + | |
- | # debugging of the automounter, | + | |
- | use Sys::Syslog qw( :standard :macros ); | + | |
- | openlog($0,' | + | |
- | setlogmask( LOG_UPTO(LOG_NOTICE) ); | + | |
- | #open (B,">>/ | + | |
- | #sub syslog { | + | |
- | # print B $_[0].': | + | |
- | #} | + | |
- | + | ||
- | my $user; | + | |
- | if ( -f "/ | + | |
- | # this is a minidesktop environment, | + | |
- | # username " | + | |
- | # it runs on X2Go-TCE-Live or X2Go-TCE-NFS | + | |
- | $user='x2gothinclient'; | + | |
- | } | + | |
- | elsif ( -d "/ | + | |
- | # this is X2Go-TCE-Live, | + | |
- | # (if it were, the first condition would have matched), | + | |
- | # so we use Debian-Live' | + | |
- | $user=' | + | |
- | } | + | |
- | else { | + | |
- | # this is X2Go-TCE-NFS or something completely different, | + | |
- | # so we'll play it safe and pick the username " | + | |
- | # just like previous versions of this script did | + | |
- | $user=' | + | |
- | } | + | |
- | + | ||
- | # We need this as chown requires numeric uid/gid | + | |
- | my ($login, | + | |
- | + | ||
- | # Some last-ditch efforts to fulfill the prerequisites for File Sharing: | + | |
- | # - This is stuff that should already have happened earlier in the boot process. | + | |
- | # - Also, if a directory already exists, we silently assume that ownership and | + | |
- | # | + | |
- | # | + | |
- | # | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | sub check_x2gothinclientmode { | + | |
- | my $ret = 0; | + | |
- | + | ||
- | # Check for x2gothinclientd first... | + | |
- | my $x=`ps ax | grep x2gothinclient`; | + | |
- | if ( $x=~m/ | + | |
- | $ret = 1; | + | |
- | } | + | |
- | + | ||
- | return $ret; | + | |
- | } | + | |
- | + | ||
- | # TCE-NFS | + | |
- | if ( check_x2gothinclientmode() || ( -x "/ | + | |
- | { | + | |
- | syslog('notice', | + | |
- | + | ||
- | open (F,">>/ | + | |
- | + | ||
- | my $dev=$ENV{' | + | |
- | my $model=$ENV{' | + | |
- | my $vendor=$ENV{' | + | |
- | my $action=$ENV{' | + | |
- | my @ldev=split("/"," | + | |
- | my $ldev=@ldev[@ldev-1]; | + | |
- | # mntdir is not the directory where the mountpoint will be rooted, | + | |
- | # but where tracking of mount states takes place | + | |
- | my $mntdir; | + | |
- | if ( -d expand_filename(" | + | |
- | $mntdir=expand_filename(" | + | |
- | } | + | |
- | elsif ( -d "/ | + | |
- | $mntdir="/ | + | |
- | } | + | |
- | elsif ( -d "/ | + | |
- | $mntdir="/ | + | |
- | } | + | |
- | else { | + | |
- | die "No directory found that we could use as \$mntdir..." | + | |
- | } | + | |
- | + | ||
- | my $name=" | + | |
- | $name=~s/ //g; | + | |
- | $name=~s/ | + | |
- | $name=~s/ | + | |
- | print F " | + | |
- | mkdir("/ | + | |
- | mkdir("/ | + | |
- | print F " | + | |
- | + | ||
- | if (`lsblk -ln -oRM $dev`=~/ | + | |
- | syslog(' | + | |
- | exit 0; | + | |
- | } | + | |
- | + | ||
- | if ( $action eq " | + | |
- | + | ||
- | ### | + | |
- | ### ACTION: mount device after it has been added to USB subsystem | + | |
- | ### | + | |
- | + | ||
- | syslog(' | + | |
- | + | ||
- | # prepare mount points | + | |
- | mkdir("/ | + | |
- | mkdir("/ | + | |
- | mkdir("/ | + | |
- | + | ||
- | # mount the USB device | + | |
- | # sync is supported by all file systems | + | |
- | # uid is supported by vfat (via fat), | + | |
- | # uni_xlate is supported by vfat,ntfs | + | |
- | # we must not trigger on iso9660 and udf, or else hybrid USB media | + | |
- | # would only cause a mount of the iso9660 raw device, | + | |
- | # blocking the mount of individual partitions | + | |
- | # real optical media -> | + | |
- | + | ||
- | if ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | elsif ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | elsif ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | elsif ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | elsif ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | else { | + | |
- | # the mount failed, let's assume that the device is encrypted... | + | |
- | my $enc=`ls -1 $mntdir | grep .encrypted`; | + | |
- | if ( $enc eq "" | + | |
- | # use cryptsetup to decrypt the device... | + | |
- | system("/ | + | |
- | + | ||
- | # mount the ,, | + | |
- | if ( system(" | + | |
- | # inform x2goclient about this... | + | |
- | system(" | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | print F " | + | |
- | } | + | |
- | else { | + | |
- | # on mount failures release the decrypted device again | + | |
- | system("/ | + | |
- | print F "mount failed ($ldev)\n"; | + | |
- | } | + | |
- | } | + | |
- | else { | + | |
- | print F " | + | |
- | } | + | |
- | } | + | |
- | if ( -e "/ | + | |
- | print F " | + | |
- | print F " | + | |
- | my $label=`/ | + | |
- | chomp($label); | + | |
- | if ($label) { | + | |
- | print F " | + | |
- | unlink "/ | + | |
- | symlink("/ | + | |
- | open (D,">>", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | } | + | |
- | + | ||
- | } | + | |
- | elsif ( $action eq " | + | |
- | + | ||
- | ### | + | |
- | ### ACTION: unmount device after it has been removed from the USB subsystem | + | |
- | ### | + | |
- | + | ||
- | syslog(' | + | |
- | + | ||
- | # we rely on our own mount logistics here... | + | |
- | if ( -e " | + | |
- | # inform x2goclient that the device has been removed | + | |
- | system (" | + | |
- | unlink (" | + | |
- | open ( D,">", | + | |
- | open (I,"<", | + | |
- | while (<I>) { | + | |
- | $_=~s/ | + | |
- | print D $_; | + | |
- | } | + | |
- | close (I); | + | |
- | close (D); | + | |
- | syslog(' | + | |
- | } | + | |
- | elsif ( -e " | + | |
- | # inform x2goclient that the device has been removed | + | |
- | # release the encrypted device mapping | + | |
- | unlink (" | + | |
- | open ( D,">", | + | |
- | print D " | + | |
- | system(" | + | |
- | system("/ | + | |
- | close (D); | + | |
- | } | + | |
- | } | + | |
- | + | ||
- | close (F); | + | |
- | } else { | + | |
- | + | ||
- | syslog(' | + | |
- | } | + | |
- | USBMOUNTPATCH | + | |
chmod 755 ./ | chmod 755 ./ | ||
</ | </ | ||
==== Starting the Build ==== | ==== Starting the Build ==== | ||
- | Change to a directory where you want to save your builds, and run the following commands:< | + | Change to a directory where you want to save your builds, and run the following commands: |
+ | < | ||
+ | #!/bin/bash | ||
# Create Timestamp | # Create Timestamp | ||
LBX2GO_TIMESTAMP=$(date +" | LBX2GO_TIMESTAMP=$(date +" | ||
Line 882: | Line 603: | ||
* '' | * '' | ||
* '' | * '' | ||
- | * '' | + | * '' |
- | * '' | + | * '' |
+ | * '' | ||
+ | * '' | ||
* '' | * '' | ||
* '' | * '' | ||
Line 896: | Line 619: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
* '' | * '' | ||
- | * '' | + | |
+ | | ||
* '' | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
=== These are only intended to be used with TCE images stored on local media === | === These are only intended to be used with TCE images stored on local media === | ||
* '' | * '' | ||
Line 962: | Line 693: | ||
* create a symlink matching " | * create a symlink matching " | ||
* In your boot configuration file (either " | * In your boot configuration file (either " | ||
+ | |||
+ | ==== The session itself works fine, but Audio is not working ==== | ||
+ | |||
+ | First, check that the audio isn't simply muted (some cards/ | ||
+ | |||
+ | If that doesn' | ||
+ | |||
+ | You might have to pick a different one from the list, by using boot parameter '' | ||
+ | |||
+ | If you need different settings for different manufacturers, | ||
===== Support Tools available in X2Go-TCE ===== | ===== Support Tools available in X2Go-TCE ===== | ||
Line 1113: | Line 854: | ||
</ | </ | ||
* after you have prepared all this, execute '' | * after you have prepared all this, execute '' | ||
- | * Note that whoever manages to spoof the server name can deploy rogue images to your ThinClients. | + | * Note that whoever manages to spoof the server name can deploy rogue images to your ThinClients. |
FIXME Some of the optional steps above could be moved to a separate subpage to reduce clutter. | FIXME Some of the optional steps above could be moved to a separate subpage to reduce clutter. | ||
Line 1130: | Line 871: | ||
* turning it into a package would mean we could add dependencies as well, so the manual apt-get install would not be neccessary | * turning it into a package would mean we could add dependencies as well, so the manual apt-get install would not be neccessary | ||
* additional scripts could be added that work " | * additional scripts could be added that work " | ||
- | |||
- | FIXME To be checked: Does the live-config " | ||
FIXME autodetection for SSH Private Keys might need some more bells and whistles. | FIXME autodetection for SSH Private Keys might need some more bells and whistles. | ||
- | < | ||
* how about a script that patches the sessions file to enable autologin for all sessions when keys have been found? | * how about a script that patches the sessions file to enable autologin for all sessions when keys have been found? | ||
* 2800-x2go-thinclientconfig needs to be changed so it uses the keyfile(s) when in broker mode ('' | * 2800-x2go-thinclientconfig needs to be changed so it uses the keyfile(s) when in broker mode ('' | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
* Situation: We have a working automounter, | * Situation: We have a working automounter, | ||
* If a session is set to "Try auto login (via SSH Agent or default SSH key)" and NO keyfile is set, then X2GoClient will try **all** secret keys in .ssh. Showing a password prompt if a key is password-protected is handled by X2GoClient, so needs no extra work. | * If a session is set to "Try auto login (via SSH Agent or default SSH key)" and NO keyfile is set, then X2GoClient will try **all** secret keys in .ssh. Showing a password prompt if a key is password-protected is handled by X2GoClient, so needs no extra work. | ||
* To specify a keyfile, either: | * To specify a keyfile, either: | ||
* use '' | * use '' | ||
- | * do not use '' | + | * do not use '' |
- | + | ||
- | FIXME 2200-xserver-xorg-getxorgconf should be taught | + | |
FIXME Parsing the output of e.g. < | FIXME Parsing the output of e.g. < | ||
Line 1160: | Line 886: | ||
Authentification and " | Authentification and " | ||
- | FIXME < | + | FIXME Automount script currently expects a LUKS password in ''/ |
- | + | ||
- | FIXME < | + | |
- | + | ||
- | FIXME Automount script currently expects a LUKS password in ''/ | + | |
FIXME '' | FIXME '' | ||
Line 1170: | Line 892: | ||
FIXME '' | FIXME '' | ||
- | FIXME Even though we set the hostname to localhost using the corresponding boot parameter, as recommended by Debian, changing the name via DHCP does not work for all image flavours. One way to fix this might be http:// | + | FIXME Even though we set the hostname to '' |
- | FIXME At least when building a stretch TCE on a jessie system, | + | FIXME When building a stretch TCE you need to add kernel parameters '' |
- | FIXME < | + | FIXME '' |
- | FIXME <del>Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter.</ | + | FIXME < |
- | FIXME < | + | FIXME it would be cool if most of the TCE-specific boot parameters could be placed into a file that in turn can be specified |
- | FIXME blank=, broker-url=, ldap=, ldap1=, ldap2=, session=, throttle=, xinerama=, are currently unsupported | + | FIXME A smaller image size can be achieved by removing the following packages from the squashfs: '' |
+ | - check if this could be turned into a build parameter. Note that this makes only sense for a netboot image that uses X2Go sessions only, and no NTFS media (neither fixed disk nor USB). Also, this causes an X startup failure during boot that needs to be worked around (by touching / | ||
+ | Here's a script to do all of this automatically (needs to be run as root in the builddir: | ||
+ | < | ||
+ | #!/bin/bash -e | ||
+ | if [ $UID -ne 0 ] ; then | ||
+ | echo " | ||
+ | exit 1 | ||
+ | fi | ||
+ | unsquashfs x2go-tce-filesystem.squashfs | ||
+ | mount --bind /proc squashfs-root/ | ||
+ | chroot squashfs-root apt purge -y acpi-support-base acpid acpi-support pm-utils powermgmt-base gnupg gnupg-agent whiptail vim vim-common vim-tiny xxd xinetd \ | ||
+ | libcroco3 libcurl3 libexif12 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgif7 libid3tag0 libimlib2 libnghttp2-14 \ | ||
+ | libobrender32v5 libobt2v5 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 librsvg2-2 librtmp1 \ | ||
+ | libssh2-1 libstartup-notification0 libxft2 libxss1 vim-runtime rsync xserver-xorg-input-wacom xserver-xorg-video-all \ | ||
+ | xserver-xorg-video-amdgpu xserver-xorg-video-ati xserver-xorg-video-nouveau xserver-xorg-video-qxl \ | ||
+ | xserver-xorg-video-radeon xserver-xorg-video-vmware libdrm-amdgpu1 libdrm-nouveau2 libdrm-radeon1 libllvm3.9 libsensors4 \ | ||
+ | libxatracker2 xprintidle feh xdotool openbox libxapian30 libpipeline1 libnpth0 libksba8 libseccomp2 libsqlite3-0 libxdo3 \ | ||
+ | libnewt0.52 libslang2 libxinerama1 keyutils libassuan0 libdatrie1 libevent-2.0-5 libthai-data libthai0 libxcursor1 \ | ||
+ | pinentry-curses trickle libxapian30 libpcsclite1 libdbus-glib-1-2 libfuse2 libpipeline1 libusb-1.0-0 libxv1 xnest \ | ||
+ | xserver-xephyr rdesktop freerdp-x11 traceroute screen net-tools less ntfs-3g fuse locales cifs-utils xterm libgssglue1 \ | ||
+ | libntfs-3g871 libtalloc2 libtcl8.6 libtk8.6 libutempter0 libvncclient1 libvncserver1 libwbclient0 libxcb-xf86dri0 \ | ||
+ | libxcb-xv0 samba-common tcl tcl8.6 tk tk8.6 xbitmaps nfs-common rpcbind atmel-firmware bluez-firmware \ | ||
+ | dahdi-firmware-nonfree hdmi2usb-fx2-firmware iso-codes ixo-usb-jtag libc-l10n libnfsidmap2 libtirpc1 x11vnc x11vnc-data \ | ||
+ | libapparmor1 systemd apt-utils libapt-inst2.0 libfreerdp-cache1.1 libfreerdp-client1.1 libfreerdp-codec1.1 \ | ||
+ | libfreerdp-common1.1.0 libfreerdp-core1.1 libfreerdp-crypto1.1 libfreerdp-gdi1.1 libfreerdp-locale1.1 \ | ||
+ | libfreerdp-primitives1.1 libfreerdp-rail1.1 libfreerdp-utils1.1 libwinpr-crt0.1 libwinpr-crypto0.1 libwinpr-dsparse0.1 \ | ||
+ | libwinpr-environment0.1 libwinpr-file0.1 libwinpr-handle0.1 libwinpr-heap0.1 libwinpr-input0.1 libwinpr-interlocked0.1 \ | ||
+ | libwinpr-library0.1 libwinpr-path0.1 libwinpr-pool0.1 libwinpr-registry0.1 libwinpr-rpc0.1 libwinpr-sspi0.1 \ | ||
+ | libwinpr-synch0.1 libwinpr-sysinfo0.1 libwinpr-thread0.1 libwinpr-utils0.1 firmware-amd-graphics firmware-atheros \ | ||
+ | firmware-bnx2 firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-crystalhd firmware-intel-sound \ | ||
+ | firmware-intelwimax firmware-ipw2x00 firmware-ivtv firmware-iwlwifi firmware-libertas firmware-linux firmware-linux-free \ | ||
+ | firmware-linux-nonfree firmware-misc-nonfree firmware-myricom firmware-netxen firmware-qlogic firmware-realtek \ | ||
+ | firmware-samsung firmware-siano firmware-ti-connectivity firmware-zd1211 | ||
+ | chroot squashfs-root dpkg -P apt tasksel tasksel-data | ||
+ | rm squashfs-root/ | ||
+ | (cd squashfs-root/ | ||
+ | mkdir -p squashfs-root/ | ||
+ | touch squashfs-root/ | ||
+ | umount squashfs-root/ | ||
+ | if ! grep '^eval $THROTTLINGCOMMAND' | ||
+ | sed -i -e ' | ||
+ | squashfs-root/ | ||
+ | fi | ||
+ | if [ -f binary/ | ||
+ | mv binary/ | ||
+ | fi | ||
+ | mkdir -p binary/ | ||
+ | mksquashfs squashfs-root binary/ | ||
+ | rm -rf squashfs-root | ||
+ | ln -f binary/ | ||
+ | (cd binary; echo live$' | ||
+ | cat ./ | ||
+ | rm ./ | ||
+ | </ | ||
- | FIXME nomagicpixel= is currently unsupported in MiniDesktop-Mode and probably will be unsupported there forever, as it doesn' | + | FIXME for MATE-MiniDesktop, it might make sense to teach the image how to do LDAP auth (preferably with LDAPS or LDAP+TLS) and use lightdm without the auto-login. That way, a local screensaver //with// locking functionality (prompting |
- | FIXME bg= and branding= are currently unsupported in MiniDesktop-Mode. | + | FIXME Scripts triggered by if-up should check if a new download is really necessary. |
+ | |||
+ | FIXME in MiniDesktop mode, some local sound control features required (taskbar or app like pavucontrol; | ||
+ | ===== List of closed ToDos/ | ||
+ | * '' | ||
+ | * It would be nice to have a boot parameter '' | ||
+ | * It would also be nice to have boot parameters '' | ||
+ | * Boot parameters '' | ||
+ | * There might be a race condition between the scripts handling the sshd keyfile and the ssh private key file copy task (/config ...), causing one to umount the fixed disk before the other is done reading/ | ||
+ | * Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter. - fixed in github repo, soon in x2go repo | ||
+ | * '' | ||
+ | * copying ssh private keys seems to fail in MiniDesktop-Mode | ||
+ | * Automount script expansion is in the works. Will fully support VFAT, NTFS, hfs, hpfs, will offer read-only support | ||
+ | * '' | ||
+ | * Maybe we should add symlinks to the mount points created by the automounter: | ||
+ | * '' | ||
+ | |||
+ | < | ||
+ | </ | ||
- | FIXME homepageurl= (only available in MiniDesktop-Mode) is currently undocumented. Supports multiple URLs separated with pipes. |