This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
doc:howto:tce [2018/12/16 02:28] stefanbaur [List of open ToDos/FIXMEs for this page] updated info regarding network interface names |
doc:howto:tce [2019/01/30 20:38] stefanbaur [List of open ToDos/FIXMEs for this page] more formatting |
||
---|---|---|---|
Line 12: | Line 12: | ||
During the time of Debian Wheezy being Debian' | During the time of Debian Wheezy being Debian' | ||
- | The disadvantage is that your ThinClient now needs at least 1 GB of RAM (see below). | + | The disadvantage is that your ThinClient now needs at least 512 MB to 1 GB of RAM (see below). |
However, the huge advantage is that there no longer is a need for any high-availibility setup concerning NFS (nor HTTP/ | However, the huge advantage is that there no longer is a need for any high-availibility setup concerning NFS (nor HTTP/ | ||
Line 38: | Line 38: | ||
==== Configuring the Build ==== | ==== Configuring the Build ==== | ||
< | < | ||
+ | #!/bin/bash | ||
# Select ONE of the following git reposities | # Select ONE of the following git reposities | ||
# this one loosely corresponds to " | # this one loosely corresponds to " | ||
Line 144: | Line 145: | ||
< | < | ||
+ | #!/bin/bash | ||
mkdir -p ./ | mkdir -p ./ | ||
- | + | wget -O ./ | |
- | cat >./ | + | |
- | + | ||
- | # | + | |
- | # Copyright (C) 2007-2017 by X2Go project, http://wiki.x2go.org | + | |
- | # | + | |
- | + | ||
- | # X2Go is free software; you can redistribute it and/or modify | + | |
- | # it under the terms of the GNU General Public License as published by | + | |
- | # the Free Software Foundation; either version 2 of the License, or | + | |
- | # (at your option) any later version. | + | |
- | # | + | |
- | # X2Go is distributed in the hope that it will be useful, | + | |
- | # but WITHOUT ANY WARRANTY; without even the implied warranty of | + | |
- | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | + | |
- | # GNU General Public License for more details. | + | |
- | # | + | |
- | # You should have received a copy of the GNU General Public License | + | |
- | # along with this program; if not, write to the | + | |
- | # Free Software Foundation, Inc., | + | |
- | # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. | + | |
- | + | ||
- | use strict; | + | |
- | use File:: | + | |
- | # comment out this " | + | |
- | # uncomment the block below if you need to do early boot stage | + | |
- | # debugging of the automounter, | + | |
- | use Sys::Syslog qw( :standard :macros ); | + | |
- | openlog($0,' | + | |
- | setlogmask( LOG_UPTO(LOG_NOTICE) ); | + | |
- | #open (B,">>/ | + | |
- | #sub syslog { | + | |
- | # print B $_[0].': | + | |
- | #} | + | |
- | + | ||
- | my $user; | + | |
- | if ( -f "/ | + | |
- | # this is a minidesktop environment, | + | |
- | # username " | + | |
- | # it runs on X2Go-TCE-Live or X2Go-TCE-NFS | + | |
- | $user='x2gothinclient'; | + | |
- | } | + | |
- | elsif ( -d "/ | + | |
- | # this is X2Go-TCE-Live, | + | |
- | # (if it were, the first condition would have matched), | + | |
- | # so we use Debian-Live' | + | |
- | $user=' | + | |
- | } | + | |
- | else { | + | |
- | # this is X2Go-TCE-NFS or something completely different, | + | |
- | # so we'll play it safe and pick the username " | + | |
- | # just like previous versions of this script did | + | |
- | $user=' | + | |
- | } | + | |
- | + | ||
- | # We need this as chown requires numeric uid/gid | + | |
- | my ($login, | + | |
- | + | ||
- | # Some last-ditch efforts to fulfill the prerequisites for File Sharing: | + | |
- | # - This is stuff that should already have happened earlier in the boot process. | + | |
- | # - Also, if a directory already exists, we silently assume that ownership and | + | |
- | # | + | |
- | # | + | |
- | # | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | sub check_x2gothinclientmode { | + | |
- | my $ret = 0; | + | |
- | + | ||
- | # Check for x2gothinclientd first... | + | |
- | my $x=`ps ax | grep x2gothinclient`; | + | |
- | if ( $x=~m/ | + | |
- | $ret = 1; | + | |
- | } | + | |
- | + | ||
- | return $ret; | + | |
- | } | + | |
- | + | ||
- | # TCE-NFS | + | |
- | if ( check_x2gothinclientmode() || ( -x "/ | + | |
- | { | + | |
- | syslog('notice', | + | |
- | + | ||
- | open (F,">>/ | + | |
- | + | ||
- | my $dev=$ENV{' | + | |
- | my $model=$ENV{' | + | |
- | my $vendor=$ENV{' | + | |
- | my $action=$ENV{' | + | |
- | my @ldev=split("/"," | + | |
- | my $ldev=@ldev[@ldev-1]; | + | |
- | # mntdir is not the directory where the mountpoint will be rooted, | + | |
- | # but where tracking of mount states takes place | + | |
- | my $mntdir; | + | |
- | if ( -d expand_filename(" | + | |
- | $mntdir=expand_filename(" | + | |
- | } | + | |
- | elsif ( -d "/ | + | |
- | $mntdir="/ | + | |
- | } | + | |
- | elsif ( -d "/ | + | |
- | $mntdir="/ | + | |
- | } | + | |
- | else { | + | |
- | die "No directory found that we could use as \$mntdir..." | + | |
- | } | + | |
- | + | ||
- | my $name=" | + | |
- | $name=~s/ //g; | + | |
- | $name=~s/ | + | |
- | $name=~s/ | + | |
- | print F " | + | |
- | mkdir("/ | + | |
- | mkdir("/ | + | |
- | print F " | + | |
- | + | ||
- | if (`lsblk -ln -oRM $dev`=~/ | + | |
- | syslog(' | + | |
- | exit 0; | + | |
- | } | + | |
- | + | ||
- | if ( $action eq " | + | |
- | + | ||
- | ### | + | |
- | ### ACTION: mount device after it has been added to USB subsystem | + | |
- | ### | + | |
- | + | ||
- | syslog(' | + | |
- | + | ||
- | # prepare mount points | + | |
- | mkdir("/ | + | |
- | mkdir("/ | + | |
- | mkdir("/ | + | |
- | + | ||
- | # mount the USB device | + | |
- | # sync is supported by all file systems | + | |
- | # uid is supported by vfat (via fat), | + | |
- | # uni_xlate is supported by vfat,ntfs | + | |
- | # we must not trigger on iso9660 and udf, or else hybrid USB media | + | |
- | # would only cause a mount of the iso9660 raw device, | + | |
- | # blocking the mount of individual partitions | + | |
- | # real optical media -> | + | |
- | + | ||
- | if ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | elsif ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | elsif ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | elsif ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | elsif ( system(" | + | |
- | syslog(' | + | |
- | # if mounted, inform x2goclient about it... | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | else { | + | |
- | # the mount failed, let's assume that the device is encrypted... | + | |
- | my $enc=`ls -1 $mntdir | grep .encrypted`; | + | |
- | if ( $enc eq "" | + | |
- | # use cryptsetup to decrypt the device... | + | |
- | system("/ | + | |
- | + | ||
- | # mount the ,, | + | |
- | if ( system(" | + | |
- | # inform x2goclient about this... | + | |
- | system(" | + | |
- | system(" | + | |
- | open (D,">", | + | |
- | print D " | + | |
- | close (D); | + | |
- | print F " | + | |
- | } | + | |
- | else { | + | |
- | # on mount failures release the decrypted device again | + | |
- | system("/ | + | |
- | print F "mount failed ($ldev)\n"; | + | |
- | } | + | |
- | } | + | |
- | else { | + | |
- | print F " | + | |
- | } | + | |
- | } | + | |
- | if ( -e "/ | + | |
- | print F " | + | |
- | print F " | + | |
- | my $label=`/ | + | |
- | chomp($label); | + | |
- | if ($label) { | + | |
- | print F " | + | |
- | unlink "/ | + | |
- | symlink("/ | + | |
- | open (D,">>", | + | |
- | print D " | + | |
- | close (D); | + | |
- | } | + | |
- | } | + | |
- | + | ||
- | } | + | |
- | elsif ( $action eq " | + | |
- | + | ||
- | ### | + | |
- | ### ACTION: unmount device after it has been removed from the USB subsystem | + | |
- | ### | + | |
- | + | ||
- | syslog(' | + | |
- | + | ||
- | # we rely on our own mount logistics here... | + | |
- | if ( -e " | + | |
- | # inform x2goclient that the device has been removed | + | |
- | system (" | + | |
- | unlink (" | + | |
- | open ( D,">", | + | |
- | open (I,"<", | + | |
- | while (<I>) { | + | |
- | $_=~s/ | + | |
- | print D $_; | + | |
- | } | + | |
- | close (I); | + | |
- | close (D); | + | |
- | syslog(' | + | |
- | } | + | |
- | elsif ( -e " | + | |
- | # inform x2goclient that the device has been removed | + | |
- | # release the encrypted device mapping | + | |
- | unlink (" | + | |
- | open ( D,">", | + | |
- | print D " | + | |
- | system(" | + | |
- | system("/ | + | |
- | close (D); | + | |
- | } | + | |
- | } | + | |
- | + | ||
- | close (F); | + | |
- | } else { | + | |
- | + | ||
- | syslog(' | + | |
- | } | + | |
- | USBMOUNTPATCH | + | |
chmod 755 ./ | chmod 755 ./ | ||
</ | </ | ||
==== Starting the Build ==== | ==== Starting the Build ==== | ||
- | Change to a directory where you want to save your builds, and run the following commands:< | + | Change to a directory where you want to save your builds, and run the following commands: |
+ | < | ||
+ | #!/bin/bash | ||
# Create Timestamp | # Create Timestamp | ||
LBX2GO_TIMESTAMP=$(date +" | LBX2GO_TIMESTAMP=$(date +" | ||
Line 883: | Line 604: | ||
* '' | * '' | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
+ | * '' | ||
* '' | * '' | ||
* '' | * '' | ||
Line 897: | Line 619: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
* '' | * '' | ||
- | * '' | + | |
+ | | ||
* '' | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
=== These are only intended to be used with TCE images stored on local media === | === These are only intended to be used with TCE images stored on local media === | ||
* '' | * '' | ||
Line 963: | Line 693: | ||
* create a symlink matching " | * create a symlink matching " | ||
* In your boot configuration file (either " | * In your boot configuration file (either " | ||
+ | |||
+ | ==== The session itself works fine, but Audio is not working ==== | ||
+ | |||
+ | First, check that the audio isn't simply muted (some cards/ | ||
+ | |||
+ | If that doesn' | ||
+ | |||
+ | You might have to pick a different one from the list, by using boot parameter '' | ||
+ | |||
+ | If you need different settings for different manufacturers, | ||
===== Support Tools available in X2Go-TCE ===== | ===== Support Tools available in X2Go-TCE ===== | ||
Line 1114: | Line 854: | ||
</ | </ | ||
* after you have prepared all this, execute '' | * after you have prepared all this, execute '' | ||
- | * Note that whoever manages to spoof the server name can deploy rogue images to your ThinClients. | + | * Note that whoever manages to spoof the server name can deploy rogue images to your ThinClients. |
FIXME Some of the optional steps above could be moved to a separate subpage to reduce clutter. | FIXME Some of the optional steps above could be moved to a separate subpage to reduce clutter. | ||
Line 1133: | Line 873: | ||
FIXME autodetection for SSH Private Keys might need some more bells and whistles. | FIXME autodetection for SSH Private Keys might need some more bells and whistles. | ||
- | < | ||
* how about a script that patches the sessions file to enable autologin for all sessions when keys have been found? | * how about a script that patches the sessions file to enable autologin for all sessions when keys have been found? | ||
* 2800-x2go-thinclientconfig needs to be changed so it uses the keyfile(s) when in broker mode ('' | * 2800-x2go-thinclientconfig needs to be changed so it uses the keyfile(s) when in broker mode ('' | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
* Situation: We have a working automounter, | * Situation: We have a working automounter, | ||
* If a session is set to "Try auto login (via SSH Agent or default SSH key)" and NO keyfile is set, then X2GoClient will try **all** secret keys in .ssh. Showing a password prompt if a key is password-protected is handled by X2GoClient, so needs no extra work. | * If a session is set to "Try auto login (via SSH Agent or default SSH key)" and NO keyfile is set, then X2GoClient will try **all** secret keys in .ssh. Showing a password prompt if a key is password-protected is handled by X2GoClient, so needs no extra work. | ||
Line 1151: | Line 880: | ||
* use '' | * use '' | ||
* do not use '' | * do not use '' | ||
- | |||
- | FIXME < | ||
- | |||
- | FIXME '' | ||
FIXME Parsing the output of e.g. < | FIXME Parsing the output of e.g. < | ||
Line 1161: | Line 886: | ||
Authentification and " | Authentification and " | ||
- | FIXME < | + | FIXME Automount script currently expects a LUKS password in ''/ |
- | + | ||
- | FIXME < | + | |
- | + | ||
- | FIXME Automount script currently expects a LUKS password in ''/ | + | |
FIXME '' | FIXME '' | ||
Line 1173: | Line 894: | ||
FIXME Even though we set the hostname to '' | FIXME Even though we set the hostname to '' | ||
- | FIXME < | + | FIXME When building a stretch TCE you need to add kernel parameters '' |
- | FIXME < | + | FIXME '' |
- | FIXME <del>Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter.</ | + | FIXME < |
- | FIXME < | + | FIXME it would be cool if most of the TCE-specific boot parameters could be placed into a file that in turn can be specified |
- | FIXME '' | + | FIXME A smaller image size can be achieved by removing the following packages from the squashfs: |
+ | - check if this could be turned into a build parameter. Note that this makes only sense for a netboot image that uses X2Go sessions only, and no NTFS media (neither fixed disk nor USB). Also, this causes an X startup failure during boot that needs to be worked around (by touching / | ||
+ | Here's a script | ||
+ | <file - stripimage.sh> | ||
+ | #!/bin/bash -e | ||
+ | if [ $UID -ne 0 ] ; then | ||
+ | echo "Must be root." | ||
+ | exit 1 | ||
+ | fi | ||
+ | unsquashfs x2go-tce-filesystem.squashfs | ||
+ | mount --bind /proc squashfs-root/ | ||
+ | chroot squashfs-root apt purge -y acpi-support-base acpid acpi-support pm-utils powermgmt-base gnupg gnupg-agent whiptail vim vim-common vim-tiny xxd xinetd \ | ||
+ | libcroco3 libcurl3 libexif12 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgif7 libid3tag0 libimlib2 libnghttp2-14 \ | ||
+ | libobrender32v5 libobt2v5 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 librsvg2-2 librtmp1 \ | ||
+ | libssh2-1 libstartup-notification0 libxft2 libxss1 vim-runtime rsync xserver-xorg-input-wacom xserver-xorg-video-all \ | ||
+ | xserver-xorg-video-amdgpu xserver-xorg-video-ati xserver-xorg-video-nouveau xserver-xorg-video-qxl \ | ||
+ | xserver-xorg-video-radeon xserver-xorg-video-vmware libdrm-amdgpu1 libdrm-nouveau2 libdrm-radeon1 libllvm3.9 libsensors4 \ | ||
+ | libxatracker2 xprintidle feh xdotool openbox libxapian30 libpipeline1 libnpth0 libksba8 libseccomp2 libsqlite3-0 libxdo3 \ | ||
+ | libnewt0.52 libxmuu1 libxrandr2 libslang2 libxinerama1 libxcursor1 cpp cpp-6 keyutils libassuan0 libdatrie1 libevent-2.0-5 \ | ||
+ | libisl15 libmpc3 libmpfr4 libthai-data libthai0 libxcursor1 pinentry-curses trickle libxapian30 libpcsclite1 \ | ||
+ | libdbus-glib-1-2 libfuse2 libpipeline1 libusb-1.0-0 libxv1 xnest xserver-xephyr rdesktop freerdp-x11 traceroute screen \ | ||
+ | net-tools less ntfs-3g fuse locales cifs-utils xterm libgssglue1 libntfs-3g871 libtalloc2 libtcl8.6 libtk8.6 libutempter0 \ | ||
+ | libvncclient1 libvncserver1 libwbclient0 libxcb-xf86dri0 libxcb-xv0 samba-common tcl tcl8.6 tk tk8.6 xbitmaps nfs-common \ | ||
+ | rpcbind atmel-firmware bluez-firmware dahdi-firmware-nonfree hdmi2usb-fx2-firmware iso-codes ixo-usb-jtag libc-l10n \ | ||
+ | libnfsidmap2 libtirpc1 x11vnc x11vnc-data libapparmor1 systemd apt-utils libapt-inst2.0 libfreerdp-cache1.1 \ | ||
+ | libfreerdp-client1.1 libfreerdp-codec1.1 libfreerdp-common1.1.0 libfreerdp-core1.1 libfreerdp-crypto1.1 libfreerdp-gdi1.1 \ | ||
+ | libfreerdp-locale1.1 libfreerdp-primitives1.1 libfreerdp-rail1.1 libfreerdp-utils1.1 libwinpr-crt0.1 libwinpr-crypto0.1 \ | ||
+ | libwinpr-dsparse0.1 libwinpr-environment0.1 libwinpr-file0.1 libwinpr-handle0.1 libwinpr-heap0.1 libwinpr-input0.1 \ | ||
+ | libwinpr-interlocked0.1 libwinpr-library0.1 libwinpr-path0.1 libwinpr-pool0.1 libwinpr-registry0.1 libwinpr-rpc0.1 \ | ||
+ | libwinpr-sspi0.1 libwinpr-synch0.1 libwinpr-sysinfo0.1 libwinpr-thread0.1 libwinpr-utils0.1 firmware-amd-graphics \ | ||
+ | firmware-atheros firmware-bnx2 firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-crystalhd firmware-intel-sound \ | ||
+ | firmware-intelwimax firmware-ipw2x00 firmware-ivtv firmware-iwlwifi firmware-libertas firmware-linux firmware-linux-free \ | ||
+ | firmware-linux-nonfree firmware-misc-nonfree firmware-myricom firmware-netxen firmware-qlogic firmware-realtek \ | ||
+ | firmware-samsung firmware-siano firmware-ti-connectivity firmware-zd1211 | ||
+ | chroot squashfs-root dpkg -P apt tasksel tasksel-data | ||
+ | rm squashfs-root/ | ||
+ | (cd squashfs-root/ | ||
+ | mkdir -p squashfs-root/ | ||
+ | touch squashfs-root/ | ||
+ | umount squashfs-root/ | ||
+ | if ! grep '^eval $THROTTLINGCOMMAND' | ||
+ | sed -i -e 's#eval \$THROTTLINGCOMMAND x2goclient# | ||
+ | squashfs-root/etc/ | ||
+ | fi | ||
+ | if [ -f binary/live/filesystem.squashfs ] ; then | ||
+ | mv binary/live/ | ||
+ | fi | ||
+ | mkdir -p binary/ | ||
+ | mksquashfs squashfs-root binary/ | ||
+ | rm -rf squashfs-root | ||
+ | ln binary/ | ||
+ | (cd binary; echo live$'\n'live/filesystem.squashfs |cpio -o -H newc | gzip --fast) > | ||
+ | cat ./ | ||
+ | rm ./ | ||
+ | </ | ||
- | FIXME '' | + | FIXME for MATE-MiniDesktop, it might make sense to teach the image how to do LDAP auth (preferably with LDAPS or LDAP+TLS) and use lightdm without the auto-login. That way, a local screensaver //with// locking functionality (prompting |
- | FIXME '' | + | FIXME Scripts triggered by if-up should check if a new download is really necessary. |
- | FIXME <del>'' | + | FIXME in MiniDesktop mode, some local sound control features required (taskbar or app like pavucontrol; |
+ | ===== List of closed ToDos/ | ||
+ | * '' | ||
+ | * It would be nice to have a boot parameter '' | ||
+ | * It would also be nice to have boot parameters '' | ||
+ | * Boot parameters '' | ||
+ | * There might be a race condition between the scripts handling the sshd keyfile and the ssh private key file copy task (/config ...), causing one to umount the fixed disk before the other is done reading/ | ||
+ | * Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter. - fixed in github repo, soon in x2go repo | ||
+ | * '' | ||
+ | * copying ssh private keys seems to fail in MiniDesktop-Mode - possibly because of the priming/ | ||
+ | * Automount script expansion is in the works. Will fully support VFAT, NTFS, hfs, hpfs, will offer read-only support for ext* via fuseext2 (that way, file ownership/ | ||
+ | * '' | ||
+ | * Maybe we should add symlinks to the mount points created by the automounter: | ||
+ | * '' | ||
< | < | ||
</ | </ | ||