X2Go - everywhere@home

User Tools

Site Tools

Trace:
doc:howto:tce

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
doc:howto:tce [2018/02/12 14:54]
stefanbaur [What options are available under FURTHER-OPTIONS-GO-HERE?] - added homepageurl description 		doc:howto:tce [2018/04/30 10:03]
stefanbaur
Line 882: Line 882:
   * ''blankdpmsfix'' - This forces the TFT do black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)   * ''blankdpmsfix'' - This forces the TFT do black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)
   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
-  * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the VAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.+  * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.
   * ''earlyblankdpmsfix'' - This forces the TFT do black for a few seconds during the initial boot phase (right after the squashfs was downloaded), then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)   * ''earlyblankdpmsfix'' - This forces the TFT do black for a few seconds during the initial boot phase (right after the squashfs was downloaded), then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)
   * ''homepageurl="URL1[|URL2|URLn]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more web pages that show up on Browser start/when clicking the "Home" icon. URLs need to be separated with a ''|'', and the set of URLs needs to be enclosed in double quotes. Do //not// enclose each URL in double quotes separately! Correct example: ''homepageurl="https://www.google.de|https://wiki.x2go.org"''   * ''homepageurl="URL1[|URL2|URLn]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more web pages that show up on Browser start/when clicking the "Home" icon. URLs need to be separated with a ''|'', and the set of URLs needs to be enclosed in double quotes. Do //not// enclose each URL in double quotes separately! Correct example: ''homepageurl="https://www.google.de|https://wiki.x2go.org"''
Line 1152: Line 1152:
     * To specify a keyfile, either:     * To specify a keyfile, either:
       * use ''~/.ssh/keyfilename'' as path and use ''copysecring'', or       * use ''~/.ssh/keyfilename'' as path and use ''copysecring'', or
-      * do not use ''copysecring'' and use ''/media/vendor_model_name/sdxn/path/to/keyfile'' as keyfile path/name+      * do not use ''copysecring'' and use ''/media/vendor_model_name/sdxn/path/to/keyfile'' (or ''/media/vendor_model_name/partlabel/path/to/keyfile'', if you assigned a partition label - which is recommended for this use case) as keyfile path/name
  
 FIXME copying ssh private keys seems to fail in MiniDesktop-Mode - possibly because of the priming/pruning/cleanup action performed on the homedirectory by the minidesktop init scripts? FIXME copying ssh private keys seems to fail in MiniDesktop-Mode - possibly because of the priming/pruning/cleanup action performed on the homedirectory by the minidesktop init scripts?
  
-FIXME 2200-xserver-xorg-getxorgconf should be taught to understand file:<nowiki>//</nowiki> URLs.+FIXME ''2200-xserver-xorg-getxorgconf'' should be taught to understand ''file:<nowiki>//</nowiki>'' URLs.
  
 FIXME Parsing the output of e.g. <code>udevadm info --query path /dev/sdb FIXME Parsing the output of e.g. <code>udevadm info --query path /dev/sdb
Line 1173: Line 1173:
 FIXME ''pinentry-x2go'' and ''x2gosmartcardrules'' probably need further investigation to make smartcard authentication work. FIXME ''pinentry-x2go'' and ''x2gosmartcardrules'' probably need further investigation to make smartcard authentication work.
  
-FIXME Even though we set the hostname to localhost using the corresponding boot parameter, as recommended by Debian, changing the name via DHCP does not work for all image flavours. One way to fix this might be http://blog.schlomo.schapiro.org/2013/11/setting-hostname-from-dhcp-in-debian.html+FIXME Even though we set the hostname to ''localhost'' using the corresponding boot parameter, as recommended by Debian, changing the name via DHCP does not work for all image flavours. One way to fix this might be http://blog.schlomo.schapiro.org/2013/11/setting-hostname-from-dhcp-in-debian.html
  
 FIXME At least when building a stretch TCE on a jessie system, you need to add kernel parameters ''net.ifnames=0 biosdevname=0'' to the image's kernel parameters, else you will receive error messages about the hostname script being unable to find eth0. This might not be necessary when building a stretch TCE on stretch. For a jessie TCE on jessie, it is not required. FIXME At least when building a stretch TCE on a jessie system, you need to add kernel parameters ''net.ifnames=0 biosdevname=0'' to the image's kernel parameters, else you will receive error messages about the hostname script being unable to find eth0. This might not be necessary when building a stretch TCE on stretch. For a jessie TCE on jessie, it is not required.
Line 1181: Line 1181:
 FIXME <del>Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter.</del> fixed in github repo, soon in x2go repo FIXME <del>Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter.</del> fixed in github repo, soon in x2go repo
  
-FIXME <del>copysecring currently does not work in MiniDesktop-Mode, as it copies the keys to the wrong user's homedir.</del> fixed in github repo, soon in x2go repo+FIXME <del>''copysecring'' currently does not work in MiniDesktop-Mode, as it copies the keys to the wrong user's homedir.</del> fixed in github repo, soon in x2go repo
  
 FIXME ''audioout='', ''blank='', ''blankdpmsfix'', ''broker-url='', ''ldap='', ''ldap1='', ''ldap2='', ''nodpms'', ''session='', ''throttle='', ''xinerama='', are currently unsupported in MiniDesktop-Mode. This could be changed, given enough tuits. Probably the easiest way would be to outsource as many of them as possible into scripts under ''/etc/X11/Xsession.d/'' (currently, they reside in ''/lib/live/config/2900-x2go-thinclientconfig'' - which doesn't exist in the MiniDesktop branches - and from there, they get written to ''~/.xsession'' FIXME ''audioout='', ''blank='', ''blankdpmsfix'', ''broker-url='', ''ldap='', ''ldap1='', ''ldap2='', ''nodpms'', ''session='', ''throttle='', ''xinerama='', are currently unsupported in MiniDesktop-Mode. This could be changed, given enough tuits. Probably the easiest way would be to outsource as many of them as possible into scripts under ''/etc/X11/Xsession.d/'' (currently, they reside in ''/lib/live/config/2900-x2go-thinclientconfig'' - which doesn't exist in the MiniDesktop branches - and from there, they get written to ''~/.xsession''
  
-FIXME nomagicpixel= is currently unsupported in MiniDesktop-Mode and probably will be unsupported there forever, as it doesn't make sense for MiniDesktop-Mode.+FIXME ''nomagicpixel='' is currently unsupported in MiniDesktop-Mode and probably will be unsupported there forever, as it doesn't make sense for MiniDesktop-Mode.
  
-FIXME bg= and branding= are currently unsupported in MiniDesktop-Mode. Adding support for these doesn't need many tuits. A third option for the desktop background could be added as well - possibly for regular TCE mode as well, overriding our default blue.+FIXME ''bg='' and ''branding='' are currently unsupported in MiniDesktop-Mode. Adding support for these doesn't need many tuits. A third option for the desktop background could be added as well - possibly for regular TCE mode as well, overriding our default blue.
  
-FIXME homepageurl= (only available in MiniDesktop-Mode) is currently undocumented. Supports multiple URLs separated with pipes.+FIXME <del>''homepageurl='' (only available in MiniDesktop-Mode) is currently undocumented. Supports multiple URLs separated with pipes.</del>
doc/howto/tce.txt ยท Last modified: 2024/01/26 19:49 by stefanbaur

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki