X2Go - everywhere@home

User Tools

Site Tools

Trace:
doc:howto:tce

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
doc:howto:tce [2019/01/06 13:09]
stefanbaur [List of open ToDos/FIXMEs for this page] moved fixed issues to bottom of page 		doc:howto:tce [2019/01/06 13:12]
stefanbaur [List of open ToDos/FIXMEs for this page] -> moved fixed fixmes to [List of closed ToDos/FIXMEs for this page]
Line 1159: Line 1159:
 cat /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/serial</code> allows to determine the serial number of a USB device. Those SHOULD be unique, but sadly, they aren't (and sometimes, they are missing entirely). Therefore, a USB serial number can't be used for authentication, but it could be used for "weak" identification - so it could be used to set a default user name or a default session, or to download a particular sessions file. cat /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/serial</code> allows to determine the serial number of a USB device. Those SHOULD be unique, but sadly, they aren't (and sometimes, they are missing entirely). Therefore, a USB serial number can't be used for authentication, but it could be used for "weak" identification - so it could be used to set a default user name or a default session, or to download a particular sessions file.
 Authentification and "hard" identification could be implemented using OpenPGP cards, ''scdaemon'' and a script based on ''/usr/share/doc/scdaemon/examples/scd-event''. For Status ''NOCARD'', suspend the session (kill x2goclient or send a signal that means "suspend", if available, or maybe sighup nxproxy), for status ''USABLE'', run ''gpg --card-status 2>&1 | awk '$1=="Serial" && $2=="number" {print $4}''' to determine the card's serial number, then act based on that (pull new sessions file or set default user, for example, and restart x2goclient). Authentification and "hard" identification could be implemented using OpenPGP cards, ''scdaemon'' and a script based on ''/usr/share/doc/scdaemon/examples/scd-event''. For Status ''NOCARD'', suspend the session (kill x2goclient or send a signal that means "suspend", if available, or maybe sighup nxproxy), for status ''USABLE'', run ''gpg --card-status 2>&1 | awk '$1=="Serial" && $2=="number" {print $4}''' to determine the card's serial number, then act based on that (pull new sessions file or set default user, for example, and restart x2goclient).
- 
-FIXME <del>Automount script expansion is in the works. Will fully support VFAT, NTFS, hfs, hpfs, will offer read-only support for ext* via fuseext2 (that way, file ownership/permissions are ignored).</del> fixed. 
  
 FIXME <del>Maybe we should add symlinks to the mount points created by the automounter: Currently, we create ''/media/vendor_model_name/sdxn'' as a mount point. The idea is to allow the user to find their portable device using the vendor/model name description. However, this is unusable for scripting, as the ''//x//'' in ''sdxn'' may change any time. We should replace ''//sdx//'' with ''//partition//'' (or have corresponding symlinks created), but what should we do for //superfloppies// that only have ''sdx'' with no partition number? We could mount them as ''/media/vendor_model_name/partition/'' or directly at ''/media/vendor_model_name/''. Also, symlinks using labels and uuids, similar to ''/dev/by-*'' would be handy for scripting. Another problem: when replacing ''sdx'', what will happen when a user inserts two media with the same vendor/model name at the same time? Blindly replacing the string would make one of them inaccessible due to overwriting the symlink(s). We'd have to start checking active mounts and enumerate them like ''/media/vendor_model_name/1/partitionn'' or ''/media/vendor_model_name-1/partitionn''</del> Fixed. When a label is detected, a symlink is now created under ''/media/vendor_model_name/label'' that points to ''/media/vendor_model_name/partitionn''. FIXME <del>Maybe we should add symlinks to the mount points created by the automounter: Currently, we create ''/media/vendor_model_name/sdxn'' as a mount point. The idea is to allow the user to find their portable device using the vendor/model name description. However, this is unusable for scripting, as the ''//x//'' in ''sdxn'' may change any time. We should replace ''//sdx//'' with ''//partition//'' (or have corresponding symlinks created), but what should we do for //superfloppies// that only have ''sdx'' with no partition number? We could mount them as ''/media/vendor_model_name/partition/'' or directly at ''/media/vendor_model_name/''. Also, symlinks using labels and uuids, similar to ''/dev/by-*'' would be handy for scripting. Another problem: when replacing ''sdx'', what will happen when a user inserts two media with the same vendor/model name at the same time? Blindly replacing the string would make one of them inaccessible due to overwriting the symlink(s). We'd have to start checking active mounts and enumerate them like ''/media/vendor_model_name/1/partitionn'' or ''/media/vendor_model_name-1/partitionn''</del> Fixed. When a label is detected, a symlink is now created under ''/media/vendor_model_name/label'' that points to ''/media/vendor_model_name/partitionn''.
Line 1182: Line 1180:
 FIXME ''bg='' and ''branding='' are currently unsupported in MiniDesktop-Mode. Adding support for these doesn't need many tuits. A third option for the desktop background could be added as well - possibly for regular TCE mode as well, overriding our default blue. FIXME ''bg='' and ''branding='' are currently unsupported in MiniDesktop-Mode. Adding support for these doesn't need many tuits. A third option for the desktop background could be added as well - possibly for regular TCE mode as well, overriding our default blue.
  
-FIXME <del>There might be a race condition between the scripts handling the sshd keyfile and the ssh private key file copy task (/config ...), causing one to umount the fixed disk before the other is done reading/copying. What's weird is that there already is code that is supposed to keep this from happening, but it doesn't.</del> fixed in github repo, soon in x2go repo+===== List of closed ToDos/FIXMEs for this page =====  
 + 
 +  * There might be a race condition between the scripts handling the sshd keyfile and the ssh private key file copy task (/config ...), causing one to umount the fixed disk before the other is done reading/copying. What's weird is that there already is code that is supposed to keep this from happening, but it doesn't. fixed in github repo, soon in x2go repo
  
-FIXME <del>Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter.</del> fixed in github repo, soon in x2go repo+  * <del>Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter. fixed in github repo, soon in x2go repo
  
-FIXME <del>''copysecring'' currently does not work in MiniDesktop-Mode, as it copies the keys to the wrong user's homedir.</del> fixed in github repo, soon in x2go repo+  * ''copysecring'' currently does not work in MiniDesktop-Mode, as it copies the keys to the wrong user's homedir. fixed in github repo, soon in x2go repo
  
-FIXME <del>copying ssh private keys seems to fail in MiniDesktop-Mode - possibly because of the priming/pruning/cleanup action performed on the homedirectory by the minidesktop init scripts?</del> should already be fixed in github repo, soon in x2go repo +  * copying ssh private keys seems to fail in MiniDesktop-Mode - possibly because of the priming/pruning/cleanup action performed on the homedirectory by the minidesktop init scripts? -  should already be fixed in github repo, soon in x2go repo 
  
-FIXME <del>''homepageurl='' (only available in MiniDesktop-Mode) is currently undocumented. Supports multiple URLs separated with pipes.</del>+  * Automount script expansion is in the works. Will fully support VFAT, NTFS, hfs, hpfs, will offer read-only support for ext* via fuseext2 (that way, file ownership/permissions are ignored). - fixed. 
 +  * ''homepageurl='' (only available in MiniDesktop-Mode) is currently undocumented. Supports multiple URLs separated with pipes. - fixed
  
 <note>The live-config "builtin" command ''live-config.nottyautologin'' does not do the same as our ''nouser'' command. ''live-config.nottyautologin'' means "there's a login prompt, but you just need to enter username ''user'' and password ''live'' to login" - this is not what we want.  We need a solution to entirely block user logons. <note>The live-config "builtin" command ''live-config.nottyautologin'' does not do the same as our ''nouser'' command. ''live-config.nottyautologin'' means "there's a login prompt, but you just need to enter username ''user'' and password ''live'' to login" - this is not what we want.  We need a solution to entirely block user logons.
 </note> </note>
  
doc/howto/tce.txt · Last modified: 2024/01/26 19:49 by stefanbaur

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki