X2Go - everywhere@home

User Tools

Site Tools

Trace:
doc:howto:tce

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
doc:howto:tce [2021/01/25 00:18]
stefanbaur [Configuring the Build] This is part one of the patch to create Images for the Raspberry Pi 		doc:howto:tce [2022/09/21 10:59]
stefanbaur Typofix
Line 250: Line 250:
 # Create Timestamp # Create Timestamp
 LBX2GO_TIMESTAMP=$(date +"%Y%m%d%H%M%S") LBX2GO_TIMESTAMP=$(date +"%Y%m%d%H%M%S")
 +
 +exec > >(tee "/tmp/$LBX2GO_TIMESTAMP.log") 2>&1
  
 # Set Directory name # Set Directory name
-LBX2GO_TCEDIR="./live-build-x2go-${LBX2GO_TIMESTAMP}-${LBX2GO_IMAGETYPE}-$(echo "$LBX2GO_ARCH| awk '{print $2}')-${LBX2GO_CONFIG##*/}"+LBX2GO_TCEDIR="./live-build-x2go-${LBX2GO_TIMESTAMP}-${LBX2GO_IMAGETYPE}-$(echo $LBX2GO_ARCH | awk '{print $2}')-${LBX2GO_CONFIG##*/}"
  
 if [ -z "$LBX2GO_ARCH" ] || if [ -z "$LBX2GO_ARCH" ] ||
 +        ( echo "$LBX2GO_ARCH" | grep -q "arm" && [ -z "$LBX2GO_ARCH_MODEL" ] ) ||
    [ -z "$LBX2GO_SPACE" ] ||    [ -z "$LBX2GO_SPACE" ] ||
    [ -z "$LBX2GO_CONFIG" ] ||    [ -z "$LBX2GO_CONFIG" ] ||
Line 266: Line 269:
     echo -e "One or more of the following variables is unset:"     echo -e "One or more of the following variables is unset:"
     echo -e "LBX2GO_ARCH: '${LBX2GO_ARCH}'"     echo -e "LBX2GO_ARCH: '${LBX2GO_ARCH}'"
 +    echo "$LBX2GO_ARCH" | grep -q "arm" && echo -e "LBX2GO_ARCH_MODEL: '${LBX2GO_ARCH_MODEL}'"
     echo -e "LBX2GO_SPACE: '${LBX2GO_SPACE}'"     echo -e "LBX2GO_SPACE: '${LBX2GO_SPACE}'"
     echo -e "LBX2GO_DEFAULTS: '${LBX2GO_DEFAULTS}'"     echo -e "LBX2GO_DEFAULTS: '${LBX2GO_DEFAULTS}'"
Line 282: Line 286:
     cd $LBX2GO_TCEDIR     cd $LBX2GO_TCEDIR
  
 +    X2GO_LBCONFIG_STRING=$(cat <<X2GOLBCONFIGSTRING
     lb config $LBX2GO_ARCH $LBX2GO_SPACE $LBX2GO_DEFAULTS \     lb config $LBX2GO_ARCH $LBX2GO_SPACE $LBX2GO_DEFAULTS \
        --config $LBX2GO_CONFIG --binary-images $LBX2GO_IMAGETYPE \        --config $LBX2GO_CONFIG --binary-images $LBX2GO_IMAGETYPE \
        --archive-areas "$LBX2GO_ARCHIVE_AREAS" \        --archive-areas "$LBX2GO_ARCHIVE_AREAS" \
        --bootappend-live "$LBX2GO_BOOTAPPEND_LIVE"        --bootappend-live "$LBX2GO_BOOTAPPEND_LIVE"
 +X2GOLBCONFIGSTRING
 +)
 +    # Our previous way of doing this had issues with newlines and multiple blanks. So we're now doing a bit
 +    # of sanitizing, then we eval the variable.
 +    X2GO_LBCONFIG_STRING=$(echo "$X2GO_LBCONFIG_STRING" | tr '\n' ' ' | tr -s ' ')
 +    eval "$X2GO_LBCONFIG_STRING"
 +
     # This will copy any patches we have prepared     # This will copy any patches we have prepared
     if [ -d "../patch" ] ; then     if [ -d "../patch" ] ; then
         cp -a ../patch/* config/         cp -a ../patch/* config/
     fi     fi
 +
     # This will copy any patches we have prepared for minidesktop     # This will copy any patches we have prepared for minidesktop
     if [ -d "../patch-minidesktop" ] && (echo "$LBX2GO_CONFIG" | grep -q minidesktop) ; then     if [ -d "../patch-minidesktop" ] && (echo "$LBX2GO_CONFIG" | grep -q minidesktop) ; then
         cp -a ../patch-minidesktop/* config/         cp -a ../patch-minidesktop/* config/
     fi     fi
 +
 +    # This checks if a bootloader directory is present (e.g. because of a custom splash.svg)
 +    # and adds all other files that might be missing (live-build won't add them automatically
 +    # if the directory already exists)
 +    if [ -d config/bootloaders ] ; then
 +        rsync -aPH --ignore-existing --exclude="splash.svg" /usr/share/live/build/bootloaders/* config/bootloaders
 +    fi
 +    # When enabled, this silences the audible beep at syslinux/isolinux/pxelinux/extlinux startup.
 +    # Note that this is an accessibility feature for blind users, so use with care.
 +    sed -e "s/$(echo -e "\07")//g" -i config/bootloaders/*/menu.cfg
 +
     # This enables an i386-only package in the sources.list file when an i386 build is requested     # This enables an i386-only package in the sources.list file when an i386 build is requested
-    if echo "$LBX2GO_ARCH| grep -q -i "i386" ; then+    if echo $LBX2GO_ARCH | grep -q -i "i386" ; then
         sed -i -e 's/# for i386 only #//' config/package-lists/desktop.list.chroot         sed -i -e 's/# for i386 only #//' config/package-lists/desktop.list.chroot
     fi     fi
 +
 +    # This is part of our experimental ARM support
 +    # It adds required arm64-only packages when an arm64 build is requested
 +    if echo $LBX2GO_ARCH | grep -q "arm" ; then
 +
 +        # firmware for wifi
 +        echo "firmware-brcm80211/buster-backports" >>config/package-lists/raspi.list.chroot
 +
 +        if [ "$LBX2GO_ARCH_MODEL" = "Pi3" ] ; then
 +                # modules required for Raspberry Pi 3 LAN
 +                echo "crc16" >> config/includes.chroot/etc/initramfs-tools/modules
 +                echo "mii" >> config/includes.chroot/etc/initramfs-tools/modules
 +                echo "smsc95xx" >> config/includes.chroot/etc/initramfs-tools/modules
 +                echo "usbcore" >> config/includes.chroot/etc/initramfs-tools/modules
 +                echo "usbnet" >> config/includes.chroot/etc/initramfs-tools/modules
 +                echo "fake-hwclock" >>config/package-lists/raspi.list.chroot
 +                echo "usbutils" >>config/package-lists/raspi.list.chroot
 +
 +                # firmware for basic raspi functions - required for boot on Pi3
 +                echo "raspi3-firmware/buster" >>config/package-lists/raspi.list.chroot
 +                # standard linux kernel - for Pi3
 +                echo "linux-image-arm64/buster" >>config/package-lists/raspi.list.chroot
 +
 +        elif [ "$LBX2GO_ARCH_MODEL" = "Pi4" ] ; then
 +                # firmware for basic raspi functions - required for boot on Pi4
 +                echo "raspi3-firmware/buster-backports" >>config/package-lists/raspi.list.chroot
 +                echo "raspi-firmware/buster-backports" >>config/package-lists/raspi.list.chroot
 +
 +                # newer linux kernel - required for pi4/pi400
 +                echo "linux-image-arm64/buster-backports" >>config/package-lists/raspi.list.chroot
 +
 +        else
 +                echo "WARNING: ARM Platform selected, but unknown model: '$LBX2GO_ARCH_MODEL'. Assuming no additional packages/patches are required."
 +        fi
 +
 +    fi
 +
 +
     # This is for minidesktop builds only     # This is for minidesktop builds only
     if [ -f config/package-lists/firefox-langpacks.list.chroot ]; then     if [ -f config/package-lists/firefox-langpacks.list.chroot ]; then
Line 328: Line 390:
         # at files not being downloaded, disable these three entries.         # at files not being downloaded, disable these three entries.
         export https_proxy=$LB_APT_HTTP_PROXY         export https_proxy=$LB_APT_HTTP_PROXY
- export http_proxy=$LB_APT_HTTP_PROXY+        export http_proxy=$LB_APT_HTTP_PROXY
         export ftp_proxy=$LB_APT_FTP_PROXY         export ftp_proxy=$LB_APT_FTP_PROXY
     fi     fi
  
-    # This is a crude hack to detect crossbuilds for ARM on Intel/AMD hardware. +    # This is part of our experimental ARM support 
-    # It makes some necessary changes, and also tries to speed up squashfs creation. +    # It is used when building for the ARM architecture (on Intel/AMD hardware and on ARM)
-    if (uname -r | grep -q 'i.86' || uname -r | grep -q 'amd64') && \ +    # It makes some necessary changes, and also tries to speed up squashfs creation when it 
-       echo "$LBX2GO_ARCH| grep -q 'arm'; then+    # detects a crossbuild environment
 +    if echo $LBX2GO_ARCH | grep -q 'arm'; then
  
-        # This command removes all references to fuseext and x2gothinclient from the +        # This command removes all references to fuseext, freerdp-nightly, and x2gothinclient from the 
-        # package list files.  Currently needed as there are no ARM packages for either+        # package list files.  Currently needed as there are no ARM packages for any of these
-        echo "WARNING: Removing all references to fuseext and x2gothinclient from the build." +        echo "WARNING: Removing all references to fuseext,freerdp-nightly and x2gothinclient from the build." 
-        sed -e 's/^.*fuseext.*$//g' -e 's/^.*x2gothinclient.*$//g' -i ./config/package-lists/*+        sed -e 's/^.*fuseext.*$//g' -e 's/^.*freerdp-nightly.*$//g' -e 's/^.*x2gothinclient.*$//g' -i ./config/package-lists/*
  
- # This command removes the X2Go repository from the directory where additional +        # This command removes the X2Go repository from the directory where additional 
-        # archives are stored.  Currently needed as the X2Go repository offers no arm64 +        # archives are stored.  Currently needed as the X2Go repository offers no arm64
         # packages, but Debian Buster does - so that's what we're falling back to.         # packages, but Debian Buster does - so that's what we're falling back to.
         echo "WARNING: Removing all references to the X2Go repository from the build."         echo "WARNING: Removing all references to the X2Go repository from the build."
         rm ./config/archives/*x2go*         rm ./config/archives/*x2go*
  
- # The following is a hack to reduce squashfs creation time. We're replacing mksquashfs +        # The following is a hack to reduce squashfs creation time in a crossbuild environment. 
-        # in the changeroot environment with a wrapper script that drops the original  +        # We're replacing mksquashfs in the changeroot with a wrapper script that drops the 
-        # mksquashfs call into a file.+        # original mksquashfs call into a file.
  
-        # We need to do this as a background task, waiting for the mksquashfs executable to +        if (uname -r | grep -q 'i.86' || uname -r | grep -q 'amd64') ; then 
-        # appear in the changeroot; as the changeroot will only be created later on, once +                # We need to do this as a background task, waiting for the mksquashfs executable to 
-        # lb build is called+                # appear in the changeroot; as the changeroot will only be created later on, once 
-                 +                # lb build is called.
-        # The other background task waits until the command file has been created, then +
-        # it applies some necessary patches to it, and starts the mksquashfs command natively +
-        # on the build host, rather than in the changeroot environment. +
-        # This is because in the changeroot, we'd be running the ARM mksquashfs in a qemu +
-        # software emulation of the ARM architecture, while on the host, we can use all the +
-        # native, raw CPU power and cores available to us.+
  
-        To make sure we don't have any lingering processes in the background, we're passing +                The other background task waits until the command file has been createdthen 
-        our own PID along to the background tasks, and tell them to terminate if our PID +                it applies some necessary patches to it, and starts the mksquashfs command natively 
-        disappears while they're still in their waiting/looping state.+                on the build host, rather than in the changeroot environment. 
 +                # This is because in the changeroot, we'd be running the ARM mksquashfs in a qemu 
 +                # software emulation of the ARM architecture, while on the host, we can use all the 
 +                # native, raw CPU power and cores available to us.
  
-        MASTERPID=$$+                # To make sure we don't have any lingering processes in the background, we're passing 
 +                # our own PID along to the background tasks, and tell them to terminate if our PID 
 +                # disappears while they're still in their waiting/looping state.
  
-        # Replace mksquashfs in chroot with script +                MASTERPID=$$
-        # (script will undo this upon completion) +
-        ( +
-            # wait until the chroot has been populated or until our parent process dies +
-            while ! [ -x ./chroot/usr/bin/mksquashfs ]; do +
-                ps $MASTERPID >/dev/null || exit 1 +
-                sleep 1 +
-            done +
-            # make sure we don't overwrite the real executable if it has already been +
-            # moved out of the way +
-            if ! [ -x ./chroot/usr/bin/mksquashfs.real ]; then +
-                cp ./chroot/usr/bin/mksquashfs ./chroot/usr/bin/mksquashfs.real +
-            fi +
-           echo '#!/bin/bash' >./chroot/usr/bin/mksquashfs +
-           # log the name we've been called with and all parameters into this file +
-           echo 'echo "$$@" >/tmp/filesystem.squashfs.temp' >>./chroot/usr/bin/mksquashfs +
-           # once the native mksquashfs is complete, we will remove this file +
-           echo 'while [ -f /tmp/filesystem.squashfs.temp ]; do' >>./chroot/usr/bin/mksquashfs +
-           echo '        sleep 1' >>./chroot/usr/bin/mksquashfs +
-           echo 'done' >>./chroot/usr/bin/mksquashfs +
-           # so let's wait until it has been removed before deleting ourselves ... +
-           echo 'rm /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs +
-           # ... and moving the real executable back into its place +
-           echo 'mv /usr/bin/mksquashfs.real /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs +
-           chmod 755 ./chroot/usr/bin/mksquashfs +
-        ) &+
  
-        start the native mksquashfs after patching the parameters +                Replace mksquashfs in chroot with script 
-        +                # (script will undo this upon completion) 
-            # wait until the trigger file has been created or until our parent process dies +                ( 
-            while ! [ -./chroot/tmp/filesystem.squashfs.temp ]; do +                    # wait until the chroot has been populated or until our parent process dies 
-                ps $MASTERPID >/dev/null || exit 1 +                    while ! [ -./chroot/usr/bin/mksquashfs ]; do 
-                sleep 1 +                        ps $MASTERPID >/dev/null || exit 1 
-            done +                        sleep 1 
-            using any of the available filters (x86, arm, armthumb) for the  +                    done 
-            -Xbcj command results in an unusable squashfs on arm, so we drop the  +                    make sure we don't overwrite the real executable if it has already been 
-            # parameter completely if it's there+                    moved out of the way 
-            also, all absolute paths (detected by beginning with " /") need to be +                    if ! [ -x ./chroot/usr/bin/mksquashfs.real ]; then 
-            prefixed with "./chroot" so the mksquashfs outside the chroot knows where +                        cp ./chroot/usr/bin/mksquashfs ./chroot/usr/bin/mksquashfs.real 
-            to look for the corresponding paths/files. +                    fi 
-            sed -'s-Xbcj x86/ /g-e 's# /./chroot/#g-i \ +                   echo '#!/bin/bash' >./chroot/usr/bin/mksquashfs 
-                ./chroot/tmp/filesystem.squashfs.temp +                   log the name we've been called with and all parameters into this file 
-            # now let's make this executable +                   echo 'echo "$0 $@" >/tmp/filesystem.squashfs.temp' >>./chroot/usr/bin/mksquashfs 
-            chmod 755 ./chroot/tmp/filesystem.squashfs.temp+                   once the native mksquashfs is complete, we will remove this file 
 +                   echo 'while [ -f /tmp/filesystem.squashfs.temp ]; do>>./chroot/usr/bin/mksquashfs 
 +                   echo        sleep 1>>./chroot/usr/bin/mksquashfs 
 +                   echo 'done' >>./chroot/usr/bin/mksquashfs 
 +                   so let's wait until it has been removed before deleting ourselves ... 
 +                   echo 'rm /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs 
 +                   # ... and moving the real executable back into its place 
 +                   echo 'mv /usr/bin/mksquashfs.real /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs 
 +                   chmod 755 ./chroot/usr/bin/mksquashfs 
 +                ) &
  
-            # we also need to add some more excludes because they shouldn't end up +                # start the native mksquashfs after patching the parameters 
-            # in the squashfs - no idea why we don't need them while inside the chroot ... +                ( 
-            echo 'proc/*' >>./chroot/excludes +                    # wait until the trigger file has been created or until our parent process dies 
-            echo 'sys/*' >>./chroot/excludes +                    while ! [ -f ./chroot/tmp/filesystem.squashfs.temp ]; do 
-            echo 'dev/pts/*' >>/.chroot.excludes +                        ps $MASTERPID >/dev/null || exit 1 
-            # now let's execute the script and, if it terminates without an error, +                        sleep 1 
-            # we'll move the newly created squashfs into the chroot where the chrooted +                    done 
-            # mksquashfs command would have created it; if that worked as well, we'll +                    # using any of the available filters (x86, arm, armthumb) for the 
-            # remove the script file so our dummy mksquashfs inside the chroot knows +                    # -Xbcj command results in an unusable squashfs on arm, so we drop the 
-            # it's time to terminate itself. +                    # parameter completely if it's there. 
-            ./chroot/tmp/filesystem.squashfs.temp && \ +                    # also, all absolute paths (detected by beginning with " /") need to be 
-            mv ./filesystem.squashfs ./chroot/ && \ +                    # prefixed with "./chroot" so the mksquashfs outside the chroot knows where 
-            rm ./chroot/tmp/filesystem.squashfs.temp +                    # to look for the corresponding paths/files. 
-        ) &+                    sed -e 's/ -Xbcj x86/ /g' -e 's# /# ./chroot/#g' -i \ 
 +                        ./chroot/tmp/filesystem.squashfs.temp 
 +                    #needs switch from e.g. /bin/mksquashfs to $(which mksquashfs) 
 +                    sed -e "s#^.*mksquashfs#$(which mksquashfs)#g" -i \ 
 +                        ./chroot/tmp/filesystem.squashfs.temp 
 +                    # now let's make this executable 
 +                    chmod 755 ./chroot/tmp/filesystem.squashfs.temp 
 + 
 +                    # we also need to add some more excludes because they shouldn't end up 
 +                    # in the squashfs - no idea why we don't need them while inside the chroot ... 
 +                    echo 'proc/*' >>./chroot/excludes 
 +                    echo 'sys/*' >>./chroot/excludes 
 +                    echo 'dev/pts/*' >>/.chroot.excludes 
 +                    # now let's execute the script and, if it terminates without an error, 
 +                    # we'll move the newly created squashfs into the chroot where the chrooted 
 +                    # mksquashfs command would have created it; if that worked as well, we'll 
 +                    # remove the script file so our dummy mksquashfs inside the chroot knows 
 +                    # it's time to terminate itself. 
 +                    ./chroot/tmp/filesystem.squashfs.temp && \ 
 +                    mv ./filesystem.squashfs ./chroot/ && \ 
 +                    rm ./chroot/tmp/filesystem.squashfs.temp 
 +                ) & 
 +        fi
     fi     fi
  
Line 437: Line 505:
  
         if [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then         if [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then
-                ln ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').img \ +                ln ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').img \ 
-                   ./x2go-tce-live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').img+                   ./x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').img
         fi         fi
 +
 +        # This is part of our experimental ARM support
 +        if [ "$LBX2GO_IMAGETYPE" = "hdd" ] && echo $LBX2GO_ARCH | grep -q "arm" ; then
 +                # after the build, let's determine the name of our image file ...
 +                IMAGEFILE="./x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').img"
 +
 +                # ... and change the partition type to reflect the file system actually in use for partition 1
 +                # ("b" is FAT32)
 +                sfdisk --part-type $IMAGEFILE 1 b
 +
 +                # next, we need to patch two things inside the image, so we need to set up a loop device for it.
 +                FREELOOP=$(losetup -f) # note that this could become a TOCTOU issue if more than 1 process tries to use loop devices
 +
 +                # as the image is a full disk image containing a partition, we need to jump to the position where the first partition starts
 +                losetup -o 1048576 $FREELOOP $IMAGEFILE
 +
 +                # now let's mount it
 +                mkdir -p ./tempmount
 +                mount $FREELOOP ./tempmount
 +
 +                # purge this dir, so we have enough space; we'll return to fill it later
 +                rm ./tempmount/live/*
 +
 +                # first, we copy the contents of the boot/firmware/ folder to the root directory, because that is where these files are needed
 +                # see if inplace helps against out of space errors
 +                rsync -aP --inplace ./chroot/boot/firmware/* ./tempmount
 +
 +                mkdir -p ./tempmount/live/
 +                rsync -aP ./binary/live/*.squashfs ./tempmount/live/
 +
 +                # next, we replace the "root=" parameter with the parameters needed for live-booting
 +                sed -e 's#root=/dev/mmcblk0p2 #'"$LBX2GO_BOOTAPPEND_LIVE"' #' -i ./tempmount/cmdline.txt
 +
 +                # here comes the cleanup part
 +                sync
 +                umount $FREELOOP
 +                losetup -d $FREELOOP
 +                rmdir ./tempmount
 +        fi
 +
         if [ "$LBX2GO_IMAGETYPE" = "netboot" ] ; then         if [ "$LBX2GO_IMAGETYPE" = "netboot" ] ; then
             if [ "$LBX2GO_NOSQUASHFS" = "true" ] ; then             if [ "$LBX2GO_NOSQUASHFS" = "true" ] ; then
Line 451: Line 559:
         if [ "$LBX2GO_IMAGETYPE" = "iso" ] || [ "$LBX2GO_IMAGETYPE" = "iso-hybrid" ] ; then         if [ "$LBX2GO_IMAGETYPE" = "iso" ] || [ "$LBX2GO_IMAGETYPE" = "iso-hybrid" ] ; then
             genisoimage -o ./x2go-tce-squashfs-only.iso -R -J -graft-points live/filesystem.squashfs=./x2go-tce-filesystem.squashfs             genisoimage -o ./x2go-tce-squashfs-only.iso -R -J -graft-points live/filesystem.squashfs=./x2go-tce-filesystem.squashfs
-            if [ -e ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').hybrid.iso ] ; then +            if [ -e ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').hybrid.iso ] ; then 
-                    ln ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').hybrid.iso \ +                    ln ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').hybrid.iso \ 
-                       ./original-x2go-tce-live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').hybrid.iso +                       ./original-x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').hybrid.iso 
-            elif [ -e ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').iso ] ; then +            elif [ -e ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').iso ] ; then 
-                    ln ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').iso \ +                    ln ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').iso \ 
-                       ./original-x2go-tce-live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').iso+                       ./original-x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').iso
             fi             fi
             mv ./x2go-tce-filesystem.squashfs ./original-x2go-tce-filesystem.squashfs             mv ./x2go-tce-filesystem.squashfs ./original-x2go-tce-filesystem.squashfs
Line 487: Line 595:
     cd ..     cd ..
 fi fi
 +
  
 </code> </code>
Line 839: Line 948:
   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.
-  * ''blankdpmsfix'' - This forces the TFT do black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)+  * ''blankdpmsfix'' - This forces the TFT to black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)
   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
   * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.   * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.
doc/howto/tce.txt · Last modified: 2024/01/26 19:49 by stefanbaur

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki