X2Go - everywhere@home

User Tools

Site Tools

Trace:
doc:howto:tce

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
doc:howto:tce [2021/01/25 00:19]
stefanbaur [Starting the Build] This is part two of the patch to create Images for the Raspberry Pi 		doc:howto:tce [2022/12/02 12:57]
stefanbaur [Configuring the Build] updated buildscript
Line 45: Line 45:
 # it's apt-cacher-ng and use it # it's apt-cacher-ng and use it
 # #
-if nc -z 127.0.0.1 3142 ; then+if nc -z 127.0.0.1 3142 ; then 
     # bad idea with apt-cacher-ng, but will work with e.g. squid     # bad idea with apt-cacher-ng, but will work with e.g. squid
-    # export https_proxy=http://127.0.0.1:3128/+    # export https_proxy=http://127.0.0.1:3128/ 
     # export http_proxy=http://127.0.0.1:3128/     # export http_proxy=http://127.0.0.1:3128/
     # export ftp_proxy=http://127.0.0.1:3128/     # export ftp_proxy=http://127.0.0.1:3128/
Line 61: Line 61:
 # Select ONE of the following git reposities # Select ONE of the following git reposities
 # this one loosely corresponds to "stable" # this one loosely corresponds to "stable"
-# export LBX2GO_CONFIG='git://code.x2go.org/live-build-x2go.git::feature/openbox-magic-pixel-workaround-buster'+#export LBX2GO_CONFIG='git://code.x2go.org/live-build-x2go.git::feature/openbox-magic-pixel-workaround-buster
 +#export LBX2GO_CONFIG='git://code.x2go.org/live-build-x2go.git::feature/mate-minidesktop-buster' 
 +export LBX2GO_CONFIG='git://code.x2go.org/live-build-x2go.git::feature/openbox-magic-pixel-workaround-bullseye' 
 +#export LBX2GO_CONFIG='git://code.x2go.org/live-build-x2go.git::feature/mate-minidesktop-bullseye'
 # this one loosely corresponds to "heuler" # this one loosely corresponds to "heuler"
-export LBX2GO_CONFIG='https://github.com/LinuxHaus/live-build-x2go::feature/openbox-magic-pixel-workaround-buster' +#export LBX2GO_CONFIG='https://github.com/LinuxHaus/live-build-x2go::feature/openbox-magic-pixel-workaround-buster
-# NOTE: Add "-stretch" to the end of the LBX2GO_CONFIG string to create a stretch build, and "-buster" for a buster build +#export LBX2GO_CONFIG='https://github.com/LinuxHaus/live-build-x2go::feature/openbox-mate-minidesktop-buster' 
-NOTE: As of 2019-08-27, buster builds are only available via the github repo and for the feature/openbox-magic-pixel-workaround-buster and feature/mate-minidesktop-buster branches+#export LBX2GO_CONFIG='https://github.com/LinuxHaus/live-build-x2go::feature/openbox-magic-pixel-workaround-bullseye' 
 +#export LBX2GO_CONFIG='https://github.com/LinuxHaus/live-build-x2go::feature/openbox-mate-minidesktop-bullseye
 +# NOTE: Add "-stretch" to the end of the LBX2GO_CONFIG string to create a stretch build, 
 +#       add "-buster" to the end of the LBX2GO_CONFIG string to create a buster build, 
 +      add "-bullseye" to the end of the LBX2GO_CONFIG string to create a bullseye build
  
 # Select ONE of the following LBX2GO_ARCH lines and comment out the others # Select ONE of the following LBX2GO_ARCH lines and comment out the others
 # (feel free to use long or short options) # (feel free to use long or short options)
 # for 64-Bit builds, use: # for 64-Bit builds, use:
-export LBX2GO_ARCH='-a amd64 -k amd64'+#export LBX2GO_ARCH='-a amd64 -k amd64'
 # 32-Bit, larger memory footprint, but faster performance on i686 and newer # 32-Bit, larger memory footprint, but faster performance on i686 and newer
-# export LBX2GO_ARCH='-a i386 -k 686-pae'+#export LBX2GO_ARCH='-a i386 -k 686-pae'
 # 32-Bit, smallest memory footprint - not available on buster # 32-Bit, smallest memory footprint - not available on buster
 # export LBX2GO_ARCH='--architectures i386 --linux-flavours 586' # export LBX2GO_ARCH='--architectures i386 --linux-flavours 586'
 # For ARM (Raspberry Pi): # For ARM (Raspberry Pi):
-#export LBX2GO_ARCH='-a arm64' +export LBX2GO_ARCH='-a arm64' 
-#export LBX2GO_ARCH_MODEL='Pi4' # you can also set this to 'Pi3'. Note that there must not be any whitespace between 'Pi' and the digit.+export LBX2GO_ARCH_MODEL='Pi4' # you can also set this to 'Pi3'. Note that there must not be any whitespace between 'Pi' and the digit.
  
 # If you want to use the stock ISO image as created by this script, add your boot parameters here # If you want to use the stock ISO image as created by this script, add your boot parameters here
 # export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent quiet pubkey=http://x2go/x2go-tce/config/authorized_keys sessionsurl=http://x2go/x2go-tce/config/sessions toram" # export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent quiet pubkey=http://x2go/x2go-tce/config/authorized_keys sessionsurl=http://x2go/x2go-tce/config/sessions toram"
 +export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent quiet sessionsurl=https://x2go.baur-itcs.de/.config/x2go-demo/config/sessions pubkey=https://x2go.baur-itcs.de/.config/x2go-demo/config/authorized_keys toram "
  
 if echo -e "$LBX2GO_CONFIG" | grep -q "openbox"; then if echo -e "$LBX2GO_CONFIG" | grep -q "openbox"; then
-        LBX2GO_BOOTAPPEND_LIVE+="fastpo " + LBX2GO_BOOTAPPEND_LIVE+="fastpo " 
-        export LBX2GO_BOOTAPPEND_LIVE+ export LBX2GO_BOOTAPPEND_LIVE
 elif echo -e "$LBX2GO_CONFIG" | grep -q "minidesktop"; then elif echo -e "$LBX2GO_CONFIG" | grep -q "minidesktop"; then
-        LBX2GO_BOOTAPPEND_LIVE+='timezone=Europe/Berlin noautologin ' # if you use nottyautologin instead of noautologin, an autologin will be set for the account "user", which conflicts our setting for the account "x2gothinclient" + LBX2GO_BOOTAPPEND_LIVE+='timezone=Europe/Berlin noautologin ' # if you use nottyautologin instead of noautologin, an autologin will be set for the account "user", which conflicts our setting for the account "x2gothinclient" 
-        export LBX2GO_BOOTAPPEND_LIVE+ export LBX2GO_BOOTAPPEND_LIVE
 fi fi
  
Line 102: Line 110:
 elif [ -z "${LBX2GO_CONFIG##*-buster}" ] ; then elif [ -z "${LBX2GO_CONFIG##*-buster}" ] ; then
     export LBX2GO_DEBVERSION="buster"     export LBX2GO_DEBVERSION="buster"
 +    export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
 +elif [ -z "${LBX2GO_CONFIG##*-bullseye}" ] ; then
 +    export LBX2GO_DEBVERSION="bullseye"
     export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"     export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
 else else
Line 125: Line 136:
 # These options are meant to reduce the image size. # These options are meant to reduce the image size.
 # Feel free to adapt them after consulting "man lb_config" # Feel free to adapt them after consulting "man lb_config"
-export LBX2GO_SPACE='--apt-indices none+# FIXME export LBX2GO_SPACE='--apt-indices none 
 +export LBX2GO_SPACE='--apt-indices false
                      --apt-recommends false                      --apt-recommends false
                      --cache false                      --cache false
Line 178: Line 190:
 # This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team # This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team
 # note that this will permanently change /usr/lib/live/build/binary_rootfs # note that this will permanently change /usr/lib/live/build/binary_rootfs
 +#
 +#
 if dpkg --print-architecture | grep -q 'arm'; then if dpkg --print-architecture | grep -q 'arm'; then
-        # on arm, these parameters must not be used; if they're there, we need to reinstall the package to undo our patch + # on arm, these parameters must not be used; if they're there, we need to reinstall the package to undo our patch 
-        if grep -q -- '-Xbcj x86 -b 1024K -Xdict-size 1024K' /usr/lib/live/build/binary_rootfs; then + if grep -q -- '-Xbcj x86 -b 1024K -Xdict-size 1024K' /usr/lib/live/build/binary_rootfs; then 
-                apt install --reinstall live-build + apt install --reinstall live-build 
-        fi+ fi 
 + # feel free to experiment with these options, but be prepared for subtle breakage  
 + #export MKSQUASHFS_OPTIONS=' -Xbcj arm ' 
 + #export MKSQUASHFS_OPTIONS=' -b 1024K -Xdict-size 1024K ' 
 + #export MKSQUASHFS_OPTIONS=' -Xbcj arm -b 1024K -Xdict-size 1024K ' 
 + export MKSQUASHFS_OPTIONS=''
 else else
-        sed -i -e 's#MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -comp xz"#MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K"#/usr/lib/live/build/binary_rootfs+ export MKSQUASHFS_OPTIONS=-Xbcj x86 -b 1024K -Xdict-size 1024K '
 fi fi
  
Line 194: Line 213:
 # This patches the squashfs file into the initrd. Only parsed when image type "netboot" is set. # This patches the squashfs file into the initrd. Only parsed when image type "netboot" is set.
 # Will require boot parameter live-media=/ instead of fetch=... # Will require boot parameter live-media=/ instead of fetch=...
-# Both TFTP client and TFTP server must support file transfers >32MB for this to work, if you want to deploy this initrd via TFTP,+# Both TFTP client and TFTP server must support file transfers >32MB for this to work, if you want to deploy this initrd via TFTP, 
 # so e.g. atftpd will not work - tftpd-hpa, however, seems to have no problem with larger files. # so e.g. atftpd will not work - tftpd-hpa, however, seems to have no problem with larger files.
 # When using iPXE, you can use http instead of TFTP. # When using iPXE, you can use http instead of TFTP.
 # This is especially helpful if you want to netboot via http and cannot use the server's IP, but must specify a DNS name - as "fetch=..." only understands IPs. # This is especially helpful if you want to netboot via http and cannot use the server's IP, but must specify a DNS name - as "fetch=..." only understands IPs.
-export LBX2GO_NOSQUASHFS="true"+#export LBX2GO_NOSQUASHFS="true"
  
 # Select ONE of the following LBX2GO_IMAGETYPE lines and comment out the others # Select ONE of the following LBX2GO_IMAGETYPE lines and comment out the others
 # to create an iso image: # to create an iso image:
-# export LBX2GO_IMAGETYPE='iso'+#export LBX2GO_IMAGETYPE='iso'
 # to create an iso image that can also be dd'ed to USB media: # to create an iso image that can also be dd'ed to USB media:
-export LBX2GO_IMAGETYPE='iso-hybrid'+export LBX2GO_IMAGETYPE='iso-hybrid'
 # to create a netboot-image: # to create a netboot-image:
-export LBX2GO_IMAGETYPE='netboot'+#export LBX2GO_IMAGETYPE='netboot'
 # /!\ the options below are NOT RECOMMENDED unless you use live-build from Debian Buster /!\ # /!\ the options below are NOT RECOMMENDED unless you use live-build from Debian Buster /!\
 # to create an image that can be written to a hard disk (for older live-build versions, this # to create an image that can be written to a hard disk (for older live-build versions, this
-# always results in a "build failed" message, even though the build might have worked - use+# always results in a "build failed" message, even though the build might have worked - use 
 # live-build from Buster and things will work): # live-build from Buster and things will work):
-# export LBX2GO_IMAGETYPE='hdd'+#export LBX2GO_IMAGETYPE='hdd' 
 +## DEBUG FIXME 
 +#export LBX2GO_BOOTLOADER="syslinux grub-pc grub-efi"
 # to create a tar file only (seems to be broken in older live-build versions - Buster works): # to create a tar file only (seems to be broken in older live-build versions - Buster works):
-# export LBX2GO_IMAGETYPE='tar'+#export LBX2GO_IMAGETYPE='tar'
  
 # This is part of our experimental ARM support # This is part of our experimental ARM support
 if echo "$LBX2GO_ARCH" | grep -q "arm" ; then if echo "$LBX2GO_ARCH" | grep -q "arm" ; then
-        # enforce hdd image for arm at the moment (might need to support netboot later on too) + # enforce hdd image for arm at the moment (might need to support netboot later on too) 
-        if ! [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then + if ! [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then 
-                echo "WARNING: Replacing selected image type with 'hdd' That's all we currently support on ARM." +         echo "WARNING: Replacing selected image type with 'hdd' That's all we currently support on ARM." 
-                LBX2GO_IMAGETYPE="hdd" + export LBX2GO_IMAGETYPE="hdd" 
-        fi+ fi
 fi fi
  
 if [ "$LBX2GO_IMAGETYPE" = "netboot" ]; then if [ "$LBX2GO_IMAGETYPE" = "netboot" ]; then
-        LBX2GO_DEFAULTS+=" $LBX2GO_BOOTLOADER"+        export LBX2GO_DEFAULTS+=" $LBX2GO_BOOTLOADER"
 fi fi
 </code> </code>
Line 948: Line 969:
   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.
-  * ''blankdpmsfix'' - This forces the TFT do black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)+  * ''blankdpmsfix'' - This forces the TFT to black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)
   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
   * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.   * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.
doc/howto/tce.txt · Last modified: 2024/01/26 19:49 by stefanbaur

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki