User Tools

Site Tools


doc:howto:tce

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:tce [2019/11/14 00:37]
stefanbaur [Configuring the Build]
doc:howto:tce [2024/01/26 19:49] (current)
stefanbaur [Client Branding/Theming using SVGs] added before and after images
Line 44: Line 44:
 # we have a successful connect on port 3142, assume # we have a successful connect on port 3142, assume
 # it's apt-cacher-ng and use it # it's apt-cacher-ng and use it
 +#
 if nc -z 127.0.0.1 3142 ; then  if nc -z 127.0.0.1 3142 ; then 
     # bad idea with apt-cacher-ng, but will work with e.g. squid     # bad idea with apt-cacher-ng, but will work with e.g. squid
Line 54: Line 54:
     export LB_APT_HTTP_PROXY=http://127.0.0.1:3142/     export LB_APT_HTTP_PROXY=http://127.0.0.1:3142/
 fi fi
 +
 +# set these to true to save source files
 +#export LB_SOURCE="true"
 +#export LBX2GO_GETSRC="true"
  
 # Select ONE of the following git reposities # Select ONE of the following git reposities
 # this one loosely corresponds to "stable" # this one loosely corresponds to "stable"
-# export LBX2GO_CONFIG='git://code.x2go.org/live-build-x2go.git::feature/openbox-magic-pixel-workaround-buster' +#export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/openbox-magic-pixel-workaround-buster' 
-this one loosely corresponds to "heuler" +#export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/mate-minidesktop-buster' 
-export LBX2GO_CONFIG='https://github.com/LinuxHaus/live-build-x2go::feature/openbox-magic-pixel-workaround-buster+export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/openbox-magic-pixel-workaround-bullseye' 
-NOTE: Add "-stretch" to the end of the LBX2GO_CONFIG string to create a stretch build, and "-buster" for a buster build +#export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/mate-minidesktop-bullseye' 
-NOTE: As of 2019-08-27, buster builds are only available via the github repo and for the feature/openbox-magic-pixel-workaround-buster and feature/mate-minidesktop-buster branches+#export LBX2GO_CONFIG='https://github.com/bauritcs/live-build-x2go.git::feature/openbox-magic-pixel-workaround-bookworm
 +#export LBX2GO_CONFIG='https://github.com/bauritcs/live-build-x2go.git::feature/mate-minidesktop-bookworm' 
 +# NOTES: 1) https://github.com/bauritcs loosely corresponds to "heuler" 
 +#        2) Minidesktop builds are work in progress and not production-ready. Cont(r)act us if you need them; feel free to submit patches. 
 +#        3) Add "-stretch" to the end of the LBX2GO_CONFIG string to create a stretch build, 
 +#           add "-buster" to the end of the LBX2GO_CONFIG string to create a buster build, 
 +          add "-bullseye" to the end of the LBX2GO_CONFIG string to create a bullseye build 
 +#           add "-bookworm" to the end of the LBX2GO_CONFIG string to create a bookworm build (will be in gitlab repo $SOON use github.com/bauritcs for now)
  
 # Select ONE of the following LBX2GO_ARCH lines and comment out the others # Select ONE of the following LBX2GO_ARCH lines and comment out the others
Line 68: Line 79:
 export LBX2GO_ARCH='-a amd64 -k amd64' export LBX2GO_ARCH='-a amd64 -k amd64'
 # 32-Bit, larger memory footprint, but faster performance on i686 and newer # 32-Bit, larger memory footprint, but faster performance on i686 and newer
-# export LBX2GO_ARCH='-a i386 -k 686-pae'+#export LBX2GO_ARCH='-a i386 -k 686-pae'
 # 32-Bit, smallest memory footprint - not available on buster # 32-Bit, smallest memory footprint - not available on buster
 # export LBX2GO_ARCH='--architectures i386 --linux-flavours 586' # export LBX2GO_ARCH='--architectures i386 --linux-flavours 586'
-EXPERIMENTAL: For ARM (Raspberry Pi), try+# For ARM (Raspberry Pi): 
-# export LBX2GO_ARCH='-a arm64' +#export LBX2GO_ARCH='-a arm64' 
-# Note that ARM builds are currently not working, at least not on the Pi.+#export LBX2GO_ARCH_MODEL='Pi4' # you can also set this to 'Pi3'Note that there must not be any whitespace between 'Pi' and the digit.
  
 # If you want to use the stock ISO image as created by this script, add your boot parameters here # If you want to use the stock ISO image as created by this script, add your boot parameters here
 # export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent quiet pubkey=http://x2go/x2go-tce/config/authorized_keys sessionsurl=http://x2go/x2go-tce/config/sessions toram" # export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent quiet pubkey=http://x2go/x2go-tce/config/authorized_keys sessionsurl=http://x2go/x2go-tce/config/sessions toram"
 +export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent quiet sessionsurl=https://x2go.baur-itcs.de/.config/x2go-demo/config/sessions pubkey=https://x2go.baur-itcs.de/.config/x2go-demo/config/authorized_keys toram "
 +
 +if echo -e "$LBX2GO_CONFIG" | grep -q "openbox"; then
 + LBX2GO_BOOTAPPEND_LIVE+="fastpo "
 + export LBX2GO_BOOTAPPEND_LIVE
 +elif echo -e "$LBX2GO_CONFIG" | grep -q "minidesktop"; then
 + LBX2GO_BOOTAPPEND_LIVE+='timezone=Europe/Berlin noautologin ' # if you use nottyautologin instead of noautologin, an autologin will be set for the account "user", which conflicts our setting for the account "x2gothinclient"
 + export LBX2GO_BOOTAPPEND_LIVE
 +fi
  
 # detect if the selected git repo is meant to build a buster, stretch or jessie image # detect if the selected git repo is meant to build a buster, stretch or jessie image
 if [ -z "${LBX2GO_CONFIG##*-stretch}" ] ; then if [ -z "${LBX2GO_CONFIG##*-stretch}" ] ; then
     export LBX2GO_DEBVERSION="stretch"     export LBX2GO_DEBVERSION="stretch"
 +    export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
 +elif [ -z "${LBX2GO_CONFIG##*-buster-heuler}" ] ; then
 +    export LBX2GO_DEBVERSION="buster"
 +    export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
 +elif [ -z "${LBX2GO_CONFIG##*-buster-heuler-bpo}" ] ; then
 +    export LBX2GO_DEBVERSION="buster"
     export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"     export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
 elif [ -z "${LBX2GO_CONFIG##*-buster}" ] ; then elif [ -z "${LBX2GO_CONFIG##*-buster}" ] ; then
     export LBX2GO_DEBVERSION="buster"     export LBX2GO_DEBVERSION="buster"
     export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"     export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
 +elif [ -z "${LBX2GO_CONFIG##*-bullseye}" ] ; then
 +    export LBX2GO_DEBVERSION="bullseye"
 +    export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
 +elif [ -z "${LBX2GO_CONFIG##*-bookworm}" ] ; then
 +    export LBX2GO_DEBVERSION="bookworm"
 +    export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
 +    export LBX2GO_ARCHIVE_AREAS="non-free-firmware "
 else else
     export LBX2GO_DEBVERSION="jessie"     export LBX2GO_DEBVERSION="jessie"
Line 97: Line 130:
  
 # set boot loader type - leave this unchanged unless you really know what you're doing # set boot loader type - leave this unchanged unless you really know what you're doing
-if echo "$LBX2GO_ARCH| awk '{print $2}' | grep -q "arm" ; then+if echo $LBX2GO_ARCH | awk '{print $2}' | grep -q "arm" ; then
     # This is part of our experimental ARM support     # This is part of our experimental ARM support
     LBX2GO_BOOTLOADERPARAMNAME=" "     LBX2GO_BOOTLOADERPARAMNAME=" "
Line 107: Line 140:
 # These options are meant to reduce the image size. # These options are meant to reduce the image size.
 # Feel free to adapt them after consulting "man lb_config" # Feel free to adapt them after consulting "man lb_config"
-export LBX2GO_SPACE='--apt-indices none+# FIXME export LBX2GO_SPACE='--apt-indices none 
 +export LBX2GO_SPACE='--apt-indices false
                      --apt-recommends false                      --apt-recommends false
                      --cache false                      --cache false
Line 138: Line 172:
  
 # This is part of our experimental ARM support # This is part of our experimental ARM support
-if echo "$LBX2GO_ARCH| grep -q 'arm'; then+if echo $LBX2GO_ARCH | grep -q 'arm' && ! dpkg --print-architecture | grep -q 'arm' ; then
     export LBX2GO_DEFAULTS+=" --bootstrap-qemu-arch arm64 \     export LBX2GO_DEFAULTS+=" --bootstrap-qemu-arch arm64 \
-                              --bootstrap-qemu-static /usr/bin/qemu-arm-static"+                              --bootstrap-qemu-static /usr/bin/qemu-aarch64-static 
 +                              --apt-options \"--yes -oAPT::Default-Release=${LBX2GO_DEBVERSION} -oAPT::Immediate-Configure=false\" "
 fi fi
  
-export LBX2GO_ARCHIVE_AREAS="main contrib non-free"+# This is part of our experimental ARM support 
 +# This makes sure the resulting disk image is at least 1GB in size, even though our build currently requires way less. 
 +# It's unlikely that anyone will need to boot from a smaller partition; but if we let live-build pick the minimum size automatically, 
 +# we will not have enough space left to copy the firmware blobs into the right location. 
 +if echo $LBX2GO_ARCH | grep -q 'arm' ; then 
 +    export LBX2GO_DEFAULTS+=" --binary-filesystem fat32 \ 
 +                              --hdd-size 1024" 
 +fi 
 + 
 +export LBX2GO_ARCHIVE_AREAS="main contrib non-free $LBX2GO_ARCHIVE_AREAS"
  
 # This is for minidesktop builds and currently only adds firefox-esr language packs # This is for minidesktop builds and currently only adds firefox-esr language packs
Line 150: Line 194:
 # This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team # This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team
 # note that this will permanently change /usr/lib/live/build/binary_rootfs # note that this will permanently change /usr/lib/live/build/binary_rootfs
-sed --'s#MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -comp xz"#MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K"#' /usr/lib/live/build/binary_rootfs+
 +
 +if dpkg --print-architecture | grep -q 'arm'; then 
 + on arm, these parameters must not be used; if they're there, we need to reinstall the package to undo our patch 
 + if grep --- '-Xbcj x86 -b 1024K -Xdict-size 1024K' /usr/lib/live/build/binary_rootfs; then 
 + apt install --reinstall live-build 
 + fi 
 + # feel free to experiment with these options, but be prepared for subtle breakage  
 + #export MKSQUASHFS_OPTIONS=' -Xbcj arm ' 
 + #export MKSQUASHFS_OPTIONS=' -b 1024K -Xdict-size 1024K ' 
 + #export MKSQUASHFS_OPTIONS=' -Xbcj arm -b 1024K -Xdict-size 1024K ' 
 + export MKSQUASHFS_OPTIONS='' 
 +else 
 + export MKSQUASHFS_OPTIONS=' -Xbcj x86 -b 1024K -Xdict-size 1024K ' 
 +fi
  
 # This removes documentation, locales and man pages # This removes documentation, locales and man pages
Line 163: Line 221:
 # When using iPXE, you can use http instead of TFTP. # When using iPXE, you can use http instead of TFTP.
 # This is especially helpful if you want to netboot via http and cannot use the server's IP, but must specify a DNS name - as "fetch=..." only understands IPs. # This is especially helpful if you want to netboot via http and cannot use the server's IP, but must specify a DNS name - as "fetch=..." only understands IPs.
-export LBX2GO_NOSQUASHFS="true"+#export LBX2GO_NOSQUASHFS="true"
  
 # Select ONE of the following LBX2GO_IMAGETYPE lines and comment out the others # Select ONE of the following LBX2GO_IMAGETYPE lines and comment out the others
 # to create an iso image: # to create an iso image:
-# export LBX2GO_IMAGETYPE='iso'+#export LBX2GO_IMAGETYPE='iso'
 # to create an iso image that can also be dd'ed to USB media: # to create an iso image that can also be dd'ed to USB media:
-export LBX2GO_IMAGETYPE='iso-hybrid'+export LBX2GO_IMAGETYPE='iso-hybrid'
 # to create a netboot-image: # to create a netboot-image:
-export LBX2GO_IMAGETYPE='netboot'+#export LBX2GO_IMAGETYPE='netboot'
 # /!\ the options below are NOT RECOMMENDED unless you use live-build from Debian Buster /!\ # /!\ the options below are NOT RECOMMENDED unless you use live-build from Debian Buster /!\
-# to create an image that can be written to a hard disk (for older live-build versions, this +(Debian 10) or newer to create an image that can be written to a hard disk (for older  
-always results in a "build failed" message, even though the build might have worked - use  +live-build versions, this always results in a "build failed" message, even though the build 
-live-build from Buster and things will work): +might have worked - use live-build from Buster or newer and things will work): 
-# export LBX2GO_IMAGETYPE='hdd'+#export LBX2GO_IMAGETYPE='hdd' 
 +## This might be required for hdd builds, especially for (u)efi 
 +#export LBX2GO_BOOTLOADER="syslinux grub-pc grub-efi"
 # to create a tar file only (seems to be broken in older live-build versions - Buster works): # to create a tar file only (seems to be broken in older live-build versions - Buster works):
-# export LBX2GO_IMAGETYPE='tar'+#export LBX2GO_IMAGETYPE='tar' 
 + 
 +# This is part of our experimental ARM support 
 +if echo "$LBX2GO_ARCH" | grep -q "arm" ; then 
 + # enforce hdd image for arm at the moment (might need to support netboot later on too) 
 + if ! [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then 
 +         echo "WARNING: Replacing selected image type with 'hdd' That's all we currently support on ARM." 
 + export LBX2GO_IMAGETYPE="hdd" 
 + fi 
 +fi
  
 if [ "$LBX2GO_IMAGETYPE" = "netboot" ]; then if [ "$LBX2GO_IMAGETYPE" = "netboot" ]; then
-        LBX2GO_DEFAULTS+=" $LBX2GO_BOOTLOADER"+        export LBX2GO_DEFAULTS+=" $LBX2GO_BOOTLOADER"
 fi fi
 </code> </code>
  
 ==== Live-Patching the Build ==== ==== Live-Patching the Build ====
-This patch is required if you need USB mount capability on the ThinClient while [[http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1136|Bug #1136]] is still unresolved. +To add patches that aren't part of any package yet, you can use the directory ./patchfor patches that should be added to all versions, and ./patch-minidesktopfor patches that should only be added to the MATE-MiniDesktop Edition.
-Save this script in the directory where you want to save your builds and run it before calling the buildscript.+
  
 +You will need to create a directory structure like <code>./patch/includes.chroot/etc/</code> to create/overwrite a file in <code>/etc/</code> within the live environment.
 +
 +e.g. to override <code>/etc/x2go/x2gothinclient-minidesktop_start</code> with a custom version, run <code>mkdir -p ./patch-minidesktop/includes.chroot/etc/x2go/</code> and save the following file as <code>./patch-minidesktop/includes.chroot/etc/x2go/x2gothinclient-minidesktop_start</code>
 <code> <code>
 #!/bin/bash #!/bin/bash
-mkdir -p ./patch/includes.chroot/usr/lib/x2go/tce/ 
-wget -O ./patch/includes.chroot/usr/lib/x2go/tce/x2gousbmount 'https://code.x2go.org/gitweb?p=x2gothinclient.git;a=blob_plain;f=usbmount/x2gousbmount;hb=c6106bd12ca0278b8706e87813ff782c0bbb6132'   
-chmod 755 ./patch/includes.chroot/usr/lib/x2go/tce/x2gousbmount 
-</code> 
  
 +# Copyright (C) 2010-2024 by X2Go project, https://wiki.x2go.org
 +#       Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>
 +#       Moritz 'Morty' Struebe <Moritz.Struebe@informatik.uni-erlangen.de>
 +#       Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
 +#       Stefan Baur <X2Go-ML-1@baur-itcs.de>
 +#
 +# X2Go is free software; you can redistribute it and/or modify
 +# it under the terms of the GNU General Public License as published by
 +# the Free Software Foundation; either version 2 of the License, or
 +# (at your option) any later version.
 +#
 +# X2Go is distributed in the hope that it will be useful,
 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +# GNU General Public License for more details.
 +#
 +# You should have received a copy of the GNU General Public License
 +# along with this program; if not, write to the
 +# Free Software Foundation, Inc.,
 +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
 +
 +# make sure pulseaudio can be reached via TCP from the X2Go Server side...
 +if ! /usr/bin/pactl list modules | grep -A1 'module-native-protocol-tcp' | grep -q 'auth-ip-acl=127.0.0.1;::1' ; then
 +        /usr/bin/pactl 'load-module' 'module-native-protocol-tcp' 'auth-ip-acl=127.0.0.1;::1'
 +fi
 +
 +# make sure we don't start before sessions and settings files exist - avoids race conditions
 +while ! [ -e ~x2gothinclient/.x2goclient/sessions ] ; do
 +        sleep 1;
 +done
 +
 +while ! [ -e ~x2gothinclient/.x2goclient/settings ]; do
 +        sleep 1
 +done
 +
 +[ -s /etc/x2go/x2gothinclient_bg.svg ] && X2GO_BG='--background="/etc/x2go/x2gothinclient_bg.svg'
 +[ -s /etc/x2go/x2gothinclient_branding.svg ] && X2GO_BRAND='--branding="/etc/x2go/x2gothinclient_branding.svg'
 +
 +
 +/usr/lib/x2go/x2goclient --no-menu \
 +                         $X2GO_BG \
 +                         $X2GO_BRAND \
 +                         --kbd-type=auto \
 +                         --set-kbd=1 \
 +                         --tray-icon \
 +                         --read-exports-from=~/export \
 +                         --no-session-edit \
 +                         --add-to-known-hosts \
 +                         &
 +
 +</code>
 ==== Starting the Build ==== ==== Starting the Build ====
 In the directory where you want to save your builds, save the following file as x2go-tce-build, and run it (e.g. via //sudo bash ./x2go-tce-build//): In the directory where you want to save your builds, save the following file as x2go-tce-build, and run it (e.g. via //sudo bash ./x2go-tce-build//):
Line 206: Line 324:
 # Create Timestamp # Create Timestamp
 LBX2GO_TIMESTAMP=$(date +"%Y%m%d%H%M%S") LBX2GO_TIMESTAMP=$(date +"%Y%m%d%H%M%S")
 +
 +# Log all output to a logfile in /tmp
 +exec > >(tee "/tmp/$LBX2GO_TIMESTAMP.log") 2>&1
  
 # Set Directory name # Set Directory name
-LBX2GO_TCEDIR="./live-build-x2go-${LBX2GO_TIMESTAMP}-${LBX2GO_IMAGETYPE}-$(echo "$LBX2GO_ARCH| awk '{print $2}')-${LBX2GO_CONFIG##*/}"+LBX2GO_TCEDIR="./live-build-x2go-${LBX2GO_TIMESTAMP}-${LBX2GO_IMAGETYPE}-$(echo $LBX2GO_ARCH | awk '{print $2}')-${LBX2GO_CONFIG##*/}"
  
 if [ -z "$LBX2GO_ARCH" ] || if [ -z "$LBX2GO_ARCH" ] ||
 + ( echo "$LBX2GO_ARCH" | grep -q "arm" && [ -z "$LBX2GO_ARCH_MODEL" ] ) || 
    [ -z "$LBX2GO_SPACE" ] ||    [ -z "$LBX2GO_SPACE" ] ||
    [ -z "$LBX2GO_CONFIG" ] ||    [ -z "$LBX2GO_CONFIG" ] ||
Line 222: Line 344:
     echo -e "One or more of the following variables is unset:"     echo -e "One or more of the following variables is unset:"
     echo -e "LBX2GO_ARCH: '${LBX2GO_ARCH}'"     echo -e "LBX2GO_ARCH: '${LBX2GO_ARCH}'"
 +    echo "$LBX2GO_ARCH" | grep -q "arm" && echo -e "LBX2GO_ARCH_MODEL: '${LBX2GO_ARCH_MODEL}'"
     echo -e "LBX2GO_SPACE: '${LBX2GO_SPACE}'"     echo -e "LBX2GO_SPACE: '${LBX2GO_SPACE}'"
     echo -e "LBX2GO_DEFAULTS: '${LBX2GO_DEFAULTS}'"     echo -e "LBX2GO_DEFAULTS: '${LBX2GO_DEFAULTS}'"
Line 238: Line 361:
     cd $LBX2GO_TCEDIR     cd $LBX2GO_TCEDIR
  
 +    X2GO_LBCONFIG_STRING=$(cat <<X2GOLBCONFIGSTRING
     lb config $LBX2GO_ARCH $LBX2GO_SPACE $LBX2GO_DEFAULTS \     lb config $LBX2GO_ARCH $LBX2GO_SPACE $LBX2GO_DEFAULTS \
        --config $LBX2GO_CONFIG --binary-images $LBX2GO_IMAGETYPE \        --config $LBX2GO_CONFIG --binary-images $LBX2GO_IMAGETYPE \
        --archive-areas "$LBX2GO_ARCHIVE_AREAS" \        --archive-areas "$LBX2GO_ARCHIVE_AREAS" \
        --bootappend-live "$LBX2GO_BOOTAPPEND_LIVE"        --bootappend-live "$LBX2GO_BOOTAPPEND_LIVE"
 +X2GOLBCONFIGSTRING
 +)
 +    # Our previous way of doing this had issues with newlines and multiple blanks. So we're now doing a bit
 +    # of sanitizing, then we eval the variable.
 +    X2GO_LBCONFIG_STRING=$(echo "$X2GO_LBCONFIG_STRING" | tr '\n' ' ' | tr -s ' ')
 +    eval "$X2GO_LBCONFIG_STRING"
 +
     # This will copy any patches we have prepared     # This will copy any patches we have prepared
     if [ -d "../patch" ] ; then     if [ -d "../patch" ] ; then
         cp -a ../patch/* config/         cp -a ../patch/* config/
     fi     fi
 +
     # This will copy any patches we have prepared for minidesktop     # This will copy any patches we have prepared for minidesktop
     if [ -d "../patch-minidesktop" ] && (echo "$LBX2GO_CONFIG" | grep -q minidesktop) ; then     if [ -d "../patch-minidesktop" ] && (echo "$LBX2GO_CONFIG" | grep -q minidesktop) ; then
         cp -a ../patch-minidesktop/* config/         cp -a ../patch-minidesktop/* config/
     fi     fi
 +
 +    # This checks if a bootloader directory is present (e.g. because of a custom splash.svg)
 +    # and adds all other files that might be missing (live-build won't add them automatically
 +    # if the directory already exists)
 +    if [ -d config/bootloaders ] ; then
 +        rsync -aPH --ignore-existing --exclude="splash.svg" /usr/share/live/build/bootloaders/* config/bootloaders
 +    fi
 +    # When enabled, this silences the audible beep at syslinux/isolinux/pxelinux/extlinux startup.
 +    # Note that this is an accessibility feature for blind users, so use with care.
 +    sed -e "s/$(echo -e "\07")//g" -i config/bootloaders/*/menu.cfg
 +
     # This enables an i386-only package in the sources.list file when an i386 build is requested     # This enables an i386-only package in the sources.list file when an i386 build is requested
-    if echo "$LBX2GO_ARCH| grep -q -i "i386" ; then+    if echo $LBX2GO_ARCH | grep -q -i "i386" ; then
         sed -i -e 's/# for i386 only #//' config/package-lists/desktop.list.chroot         sed -i -e 's/# for i386 only #//' config/package-lists/desktop.list.chroot
     fi     fi
 +
 +    # This is part of our experimental ARM support
 +    # It adds required arm64-only packages when an arm64 build is requested
 +    if echo $LBX2GO_ARCH | grep -q "arm" ; then
 +
 + # bullseye and newer do not need this
 +    if [ "${LBX2GO_DEBVERSION}" = "buster" ]; then 
 + # firmware for wifi 
 + echo "firmware-brcm80211/buster-backports" >>config/package-lists/raspi.list.chroot
 + fi
 +
 + if [ "$LBX2GO_ARCH_MODEL" = "Pi3" ] ; then
 + # modules required for Raspberry Pi 3 LAN
 + echo "crc16" >> config/includes.chroot/etc/initramfs-tools/modules
 + echo "mii" >> config/includes.chroot/etc/initramfs-tools/modules
 + echo "smsc95xx" >> config/includes.chroot/etc/initramfs-tools/modules
 + echo "usbcore" >> config/includes.chroot/etc/initramfs-tools/modules
 + echo "usbnet" >> config/includes.chroot/etc/initramfs-tools/modules
 + echo "fake-hwclock" >>config/package-lists/raspi.list.chroot
 + echo "usbutils" >>config/package-lists/raspi.list.chroot
 +
 + # firmware for basic raspi functions - required for boot on Pi3
 + echo "raspi3-firmware/buster" >>config/package-lists/raspi.list.chroot
 + # standard linux kernel - for Pi3
 + echo "linux-image-arm64/buster" >>config/package-lists/raspi.list.chroot
 +
 + elif [ "$LBX2GO_ARCH_MODEL" = "Pi4" ] ; then
 + # bullseye and newer do not need this
 + if [ "${LBX2GO_DEBVERSION}" = "buster" ]; then
 + # firmware for basic raspi functions - required for boot on Pi4
 + echo "raspi3-firmware/buster-backports" >>config/package-lists/raspi.list.chroot
 + echo "raspi-firmware/buster-backports" >>config/package-lists/raspi.list.chroot
 +
 + # newer linux kernel - required for pi4/pi400
 + echo "linux-image-arm64/buster-backports" >>config/package-lists/raspi.list.chroot
 + fi
 + else
 + echo "WARNING: ARM Platform selected, but unknown model: '$LBX2GO_ARCH_MODEL'. Assuming no additional packages/patches are required."
 + fi
 +    fi
 + 
 +
     # This is for minidesktop builds only     # This is for minidesktop builds only
     if [ -f config/package-lists/firefox-langpacks.list.chroot ]; then     if [ -f config/package-lists/firefox-langpacks.list.chroot ]; then
Line 288: Line 473:
     fi     fi
  
-    # This is a crude hack to detect crossbuilds for ARM on Intel/AMD hardware. +    # This is part of our experimental ARM support 
-    # It makes some necessary changes, and also tries to speed up squashfs creation. +    # It is used when building for the ARM architecture (on Intel/AMD hardware and on ARM)
-    if (uname -r | grep -q 'i.86' || uname -r | grep -q 'amd64') && \ +    # It makes some necessary changes, and also tries to speed up squashfs creation when it  
-       echo "$LB_X2GO_ARCH" | grep -q 'arm'; then+    # detects a crossbuild environment
 +    if echo $LBX2GO_ARCH | grep -q 'arm'; then
  
-        # This command removes all references to fuseext and x2gothinclient from the +        # This command removes all references to fuseext, freerdp-nightly, and x2gothinclient from the 
-        # package list files.  Currently needed as there are no ARM packages for either+        # package list files.  Currently needed as there are no ARM packages for any of these
-        echo "WARNING: Removing all references to fuseext and x2gothinclient from the build." +        echo "WARNING: Removing all references to fuseext,freerdp-nightly and x2gothinclient from the build." 
-        sed -e 's/^.*fuseext.*$//g' -e 's/^.*x2gothinclient.*$//g' -i ./config/package-lists/*+        sed -e 's/^.*fuseext.*$//g' -e 's/^.*freerdp-nightly.*$//g' -e 's/^.*x2gothinclient.*$//g' -i ./config/package-lists/*
  
  # This command removes the X2Go repository from the directory where additional  # This command removes the X2Go repository from the directory where additional
Line 304: Line 490:
         rm ./config/archives/*x2go*         rm ./config/archives/*x2go*
  
- # The following is a hack to reduce squashfs creation time. We're replacing mksquashfs + # The following is a hack to reduce squashfs creation time in a crossbuild environment. 
-        # in the changeroot environment with a wrapper script that drops the original  +We're replacing mksquashfs in the changeroot with a wrapper script that drops the  
-        # mksquashfs call into a file.+original mksquashfs call into a file.
  
-        # We need to do this as a background task, waiting for the mksquashfs executable to + if (uname -r | grep -q 'i.86' || uname -r | grep -q 'amd64') ; then 
-        # appear in the changeroot; as the changeroot will only be created later on, once + # We need to do this as a background task, waiting for the mksquashfs executable to 
-        # lb build is called. + # appear in the changeroot; as the changeroot will only be created later on, once 
-                 + # lb build is called. 
-        # The other background task waits until the command file has been created, then +  
-        # it applies some necessary patches to it, and starts the mksquashfs command natively + # The other background task waits until the command file has been created, then 
-        # on the build host, rather than in the changeroot environment. + # it applies some necessary patches to it, and starts the mksquashfs command natively 
-        # This is because in the changeroot, we'd be running the ARM mksquashfs in a qemu + # on the build host, rather than in the changeroot environment. 
-        # software emulation of the ARM architecture, while on the host, we can use all the + # This is because in the changeroot, we'd be running the ARM mksquashfs in a qemu 
-        # native, raw CPU power and cores available to us.+ # software emulation of the ARM architecture, while on the host, we can use all the 
 + # native, raw CPU power and cores available to us.
  
-        # To make sure we don't have any lingering processes in the background, we're passing + # To make sure we don't have any lingering processes in the background, we're passing 
-        # our own PID along to the background tasks, and tell them to terminate if our PID + # our own PID along to the background tasks, and tell them to terminate if our PID 
-        # disappears while they're still in their waiting/looping state.+ # disappears while they're still in their waiting/looping state.
  
-        MASTERPID=$$+ MASTERPID=$$
  
-        # Replace mksquashfs in chroot with script + # Replace mksquashfs in chroot with script 
-        # (script will undo this upon completion) + # (script will undo this upon completion) 
-        +
-            # wait until the chroot has been populated or until our parent process dies +     # wait until the chroot has been populated or until our parent process dies 
-            while ! [ -x ./chroot/usr/bin/mksquashfs ]; do +     while ! [ -x ./chroot/usr/bin/mksquashfs ]; do 
-                ps $MASTERPID >/dev/null || exit 1 + ps $MASTERPID >/dev/null || exit 1 
-                sleep 1 + sleep 1 
-            done +     done 
-            # make sure we don't overwrite the real executable if it has already been +     # make sure we don't overwrite the real executable if it has already been 
-            # moved out of the way +     # moved out of the way 
-            if ! [ -x ./chroot/usr/bin/mksquashfs.real ]; then +     if ! [ -x ./chroot/usr/bin/mksquashfs.real ]; then 
-                cp ./chroot/usr/bin/mksquashfs ./chroot/usr/bin/mksquashfs.real + cp ./chroot/usr/bin/mksquashfs ./chroot/usr/bin/mksquashfs.real 
-            fi +     fi 
-           echo '#!/bin/bash' >./chroot/usr/bin/mksquashfs +    echo '#!/bin/bash' >./chroot/usr/bin/mksquashfs 
-           # log the name we've been called with and all parameters into this file +    # log the name we've been called with and all parameters into this file 
-           echo 'echo "$0 $@" >/tmp/filesystem.squashfs.temp' >>./chroot/usr/bin/mksquashfs +    echo 'echo "$0 $@" >/tmp/filesystem.squashfs.temp' >>./chroot/usr/bin/mksquashfs 
-           # once the native mksquashfs is complete, we will remove this file +    # once the native mksquashfs is complete, we will remove this file 
-           echo 'while [ -f /tmp/filesystem.squashfs.temp ]; do' >>./chroot/usr/bin/mksquashfs +    echo 'while [ -f /tmp/filesystem.squashfs.temp ]; do' >>./chroot/usr/bin/mksquashfs 
-           echo '        sleep 1' >>./chroot/usr/bin/mksquashfs +    echo '        sleep 1' >>./chroot/usr/bin/mksquashfs 
-           echo 'done' >>./chroot/usr/bin/mksquashfs +    echo 'done' >>./chroot/usr/bin/mksquashfs 
-           # so let's wait until it has been removed before deleting ourselves ... +    # so let's wait until it has been removed before deleting ourselves ... 
-           echo 'rm /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs +    echo 'rm /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs 
-           # ... and moving the real executable back into its place +    # ... and moving the real executable back into its place 
-           echo 'mv /usr/bin/mksquashfs.real /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs +    echo 'mv /usr/bin/mksquashfs.real /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs 
-           chmod 755 ./chroot/usr/bin/mksquashfs +    chmod 755 ./chroot/usr/bin/mksquashfs 
-        ) &+ ) &
  
-        # start the native mksquashfs after patching the parameters + # start the native mksquashfs after patching the parameters 
-        +
-            # wait until the trigger file has been created or until our parent process dies +     # wait until the trigger file has been created or until our parent process dies 
-            while ! [ -f ./chroot/tmp/filesystem.squashfs.temp ]; do +     while ! [ -f ./chroot/tmp/filesystem.squashfs.temp ]; do 
-                ps $MASTERPID >/dev/null || exit 1 + ps $MASTERPID >/dev/null || exit 1 
-                sleep 1 + sleep 1 
-            done +     done 
-            # using any of the available filters (x86, arm, armthumb) for the  +     # using any of the available filters (x86, arm, armthumb) for the  
-            # -Xbcj command results in an unusable squashfs on arm, so we drop the  +     # -Xbcj command results in an unusable squashfs on arm, so we drop the  
-            # parameter completely if it's there. +     # parameter completely if it's there. 
-            # also, all absolute paths (detected by beginning with " /") need to be +     # also, all absolute paths (detected by beginning with " /") need to be 
-            # prefixed with "./chroot" so the mksquashfs outside the chroot knows where +     # prefixed with "./chroot" so the mksquashfs outside the chroot knows where 
-            # to look for the corresponding paths/files. +     # to look for the corresponding paths/files. 
-            sed -e 's/ -Xbcj x86/ /g' -e 's# /# ./chroot/#g' -i \ +     sed -e 's/ -Xbcj x86/ /g' -e 's# /# ./chroot/#g' -i \ 
-                ./chroot/tmp/filesystem.squashfs.temp + ./chroot/tmp/filesystem.squashfs.temp 
-            # now let's make this executable +     #needs switch from e.g. /bin/mksquashfs to $(which mksquashfs) 
-            chmod 755 ./chroot/tmp/filesystem.squashfs.temp+     sed -e "s#^.*mksquashfs#$(which mksquashfs)#g" -i \ 
 + ./chroot/tmp/filesystem.squashfs.temp 
 +     # now let's make this executable 
 +     chmod 755 ./chroot/tmp/filesystem.squashfs.temp
  
-            # we also need to add some more excludes because they shouldn't end up +     # we also need to add some more excludes because they shouldn't end up 
-            # in the squashfs - no idea why we don't need them while inside the chroot ... +     # in the squashfs - no idea why we don't need them while inside the chroot ... 
-            echo 'proc/*' >>./chroot/excludes +     echo 'proc/*' >>./chroot/excludes 
-            echo 'sys/*' >>./chroot/excludes +     echo 'sys/*' >>./chroot/excludes 
-            echo 'dev/pts/*' >>/.chroot.excludes +     echo 'dev/pts/*' >>/.chroot.excludes 
-            # now let's execute the script and, if it terminates without an error, +     # now let's execute the script and, if it terminates without an error, 
-            # we'll move the newly created squashfs into the chroot where the chrooted +     # we'll move the newly created squashfs into the chroot where the chrooted 
-            # mksquashfs command would have created it; if that worked as well, we'll +     # mksquashfs command would have created it; if that worked as well, we'll 
-            # remove the script file so our dummy mksquashfs inside the chroot knows +     # remove the script file so our dummy mksquashfs inside the chroot knows 
-            # it's time to terminate itself. +     # it's time to terminate itself. 
-            ./chroot/tmp/filesystem.squashfs.temp && \ +     ./chroot/tmp/filesystem.squashfs.temp && \ 
-            mv ./filesystem.squashfs ./chroot/ && \ +     mv ./filesystem.squashfs ./chroot/ && \ 
-            rm ./chroot/tmp/filesystem.squashfs.temp +     rm ./chroot/tmp/filesystem.squashfs.temp 
-        ) &+ ) & 
 + fi
     fi     fi
  
Line 393: Line 584:
  
         if [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then         if [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then
-                ln ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').img \ +                ln ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').img \ 
-                   ./x2go-tce-live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').img+                   ./x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').img
         fi         fi
 +
 +        # This is part of our experimental ARM support
 +        if [ "$LBX2GO_IMAGETYPE" = "hdd" ] && echo $LBX2GO_ARCH | grep -q "arm" ; then
 + # after the build, let's determine the name of our image file ...
 + IMAGEFILE="./x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').img"
 +
 + # ... and change the partition type to reflect the file system actually in use for partition 1
 + # ("b" is FAT32)
 + sfdisk --part-type $IMAGEFILE 1 b
 +
 + # next, we need to patch two things inside the image, so we need to set up a loop device for it.
 + FREELOOP=$(losetup -f) # note that this could become a TOCTOU issue if more than 1 process tries to use loop devices
 +
 + # as the image is a full disk image containing a partition, we need to jump to the position where the first partition starts
 + losetup -o 1048576 $FREELOOP $IMAGEFILE
 +
 + # now let's mount it
 + mkdir -p ./tempmount
 + mount $FREELOOP ./tempmount
 +
 + # purge this dir, so we have enough space; we'll return to fill it later
 + rm ./tempmount/live/*
 +
 + # first, we copy the contents of the boot/firmware/ folder to the root directory, because that is where these files are needed
 + # see if inplace helps against out of space errors
 + rsync -aP --inplace ./chroot/boot/firmware/* ./tempmount
 +
 + mkdir -p ./tempmount/live/
 + rsync -aP ./binary/live/*.squashfs ./tempmount/live/
 +
 + # next, we replace the "root=" parameter with the parameters needed for live-booting
 + sed -e 's#root=/dev/mmcblk0p2 #'"$LBX2GO_BOOTAPPEND_LIVE"' #' -i ./tempmount/cmdline.txt
 +
 + # here comes the cleanup part
 + sync
 + umount $FREELOOP
 + losetup -d $FREELOOP
 + rmdir ./tempmount
 + fi
 +
         if [ "$LBX2GO_IMAGETYPE" = "netboot" ] ; then         if [ "$LBX2GO_IMAGETYPE" = "netboot" ] ; then
             if [ "$LBX2GO_NOSQUASHFS" = "true" ] ; then             if [ "$LBX2GO_NOSQUASHFS" = "true" ] ; then
Line 407: Line 638:
         if [ "$LBX2GO_IMAGETYPE" = "iso" ] || [ "$LBX2GO_IMAGETYPE" = "iso-hybrid" ] ; then         if [ "$LBX2GO_IMAGETYPE" = "iso" ] || [ "$LBX2GO_IMAGETYPE" = "iso-hybrid" ] ; then
             genisoimage -o ./x2go-tce-squashfs-only.iso -R -J -graft-points live/filesystem.squashfs=./x2go-tce-filesystem.squashfs             genisoimage -o ./x2go-tce-squashfs-only.iso -R -J -graft-points live/filesystem.squashfs=./x2go-tce-filesystem.squashfs
-            if [ -e ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').hybrid.iso ] ; then +            if [ -e ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').hybrid.iso ] ; then 
-                    ln ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').hybrid.iso \ +                    ln ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').hybrid.iso \ 
-                       ./original-x2go-tce-live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').hybrid.iso +                       ./original-x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').hybrid.iso 
-            elif [ -e ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').iso ] ; then +            elif [ -e ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').iso ] ; then 
-                    ln ./live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').iso \ +                    ln ./live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').iso \ 
-                       ./original-x2go-tce-live-image-$(echo "$LBX2GO_ARCH| awk '{print $2}').iso+                       ./original-x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').iso
             fi             fi
             mv ./x2go-tce-filesystem.squashfs ./original-x2go-tce-filesystem.squashfs             mv ./x2go-tce-filesystem.squashfs ./original-x2go-tce-filesystem.squashfs
Line 443: Line 674:
     cd ..     cd ..
 fi fi
 +
  
 </code> </code>
Line 516: Line 748:
 === Required unless using the X2Go Session Broker: Adding the x2go-tce.sessions session configuration file to your HTTP or FTP Server === === Required unless using the X2Go Session Broker: Adding the x2go-tce.sessions session configuration file to your HTTP or FTP Server ===
 Again, this is assuming you already have an existing, working HTTP or FTP server setup. Again, this is assuming you already have an existing, working HTTP or FTP server setup.
-  * run X2GoClient on any computer you like, and configure a session the same way it should appear on the ThinClient <note tip>when using a Windows client, run x2goclient.exe --portable, or it will store the session information in the registry, rather than in a "sessions" file.</note>+  * run X2GoClient on any computer you like, and configure a session the same way it should appear on the ThinClient 
 + <note tip>when using a Windows client, run x2goclient.exe --portable, or it will store the session information in the registry, rather than in a "sessions" file.</note> 
   * locate the "sessions" file you just created - it should be at ~/.x2goclient/sessions   * locate the "sessions" file you just created - it should be at ~/.x2goclient/sessions
   * copy it to x2go-tce.sessions   * copy it to x2go-tce.sessions
Line 793: Line 1027:
   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.
-  * ''blankdpmsfix'' - This forces the TFT do black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)+  * ''blankdpmsfix'' - This forces the TFT to black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)
   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
   * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.   * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.
Line 813: Line 1047:
   * ''throttle=n|n:n:n:n:n'' - Will throttle down- and upload speed (''throttle=n'') or set throttling limits as follows: download:upload:smoothingtime:smoothinglength:latency. Defaults for up- and download are 10 (KiloBytes/s), 3.0 (seconds, using decimals is permitted) smoothingtime, 20 (KiloBytes), 0 (ms). for a detailed description of these parameters, see "man trickle". You can use the first 1, 2, 3, 4 or all 5 parameters. To set down- and/or upload speed to unlimited, use the letter "u" instead of a numeric value.   * ''throttle=n|n:n:n:n:n'' - Will throttle down- and upload speed (''throttle=n'') or set throttling limits as follows: download:upload:smoothingtime:smoothinglength:latency. Defaults for up- and download are 10 (KiloBytes/s), 3.0 (seconds, using decimals is permitted) smoothingtime, 20 (KiloBytes), 0 (ms). for a detailed description of these parameters, see "man trickle". You can use the first 1, 2, 3, 4 or all 5 parameters. To set down- and/or upload speed to unlimited, use the letter "u" instead of a numeric value.
   * ''timezone=TIMEZONE'' - can be used to define a timezone other than UTC, e.g. 'Europe/Berlin'. This especially makes sense for MATE-MiniDesktop, but is nice to have in regular TCE-Live as well, because the timestamp of the log messages will show the local time instead of UTC. This is a standard parameter of live-boot, and not specific to X2Go.   * ''timezone=TIMEZONE'' - can be used to define a timezone other than UTC, e.g. 'Europe/Berlin'. This especially makes sense for MATE-MiniDesktop, but is nice to have in regular TCE-Live as well, because the timestamp of the log messages will show the local time instead of UTC. This is a standard parameter of live-boot, and not specific to X2Go.
 +  * ''windowwidth=[n-nnn]'' - this is only available in MiniDesktop mode. It allows you to set the width of the X2GoClient login window (which gets moved and resized to the right side of your screen during session startup) to any value between 0 and 100. Note that widths smaller than 30 are not recommended and may cause further resizing once the session starts.
   * ''x3270servers="host[:port][|host[:port]...]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more hosts (with optional ports) for x3270 terminal emulation sessions that will be created as desktop shortcuts on the thinclient. For a default 3270 connection, the port is 23 (telnet) and does not need to be specified. For an SSL-encrypted connection (recommended), the port is 992. Hosts may be IP addresses or DNS names, and need to be separated with a ''|''. (feature available via github repo, soon via x2go repo too)   * ''x3270servers="host[:port][|host[:port]...]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more hosts (with optional ports) for x3270 terminal emulation sessions that will be created as desktop shortcuts on the thinclient. For a default 3270 connection, the port is 23 (telnet) and does not need to be specified. For an SSL-encrypted connection (recommended), the port is 992. Hosts may be IP addresses or DNS names, and need to be separated with a ''|''. (feature available via github repo, soon via x2go repo too)
   * ''x5250servers="host[:port][|host[:port]...]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more hosts (with optional ports) for x5250 terminal emulation sessions that will be created as desktop shortcuts on the thinclient. For a default 5250 connection, the port is 23 (telnet) and does not need to be specified. For an SSL-encrypted connection (recommended), the port is 992. Hosts may be IP addresses or DNS names, and need to be separated with a ''|''. Note that x5250 support is currently not part of the standard image available via git, as there is no x5250 executable in Debian. You can try using x3270 instead, most modern IBM i (System i, iSeries, AS/400) systems support 3270-type connections as well. If you need native 5250 support, say, with a commercial, closed-source 5250 terminal emulator, please leave a message on the X2Go-User Mailing List and we'll tell you if and how you can integrate that into your build. (feature available via github repo, soon via x2go repo too)   * ''x5250servers="host[:port][|host[:port]...]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more hosts (with optional ports) for x5250 terminal emulation sessions that will be created as desktop shortcuts on the thinclient. For a default 5250 connection, the port is 23 (telnet) and does not need to be specified. For an SSL-encrypted connection (recommended), the port is 992. Hosts may be IP addresses or DNS names, and need to be separated with a ''|''. Note that x5250 support is currently not part of the standard image available via git, as there is no x5250 executable in Debian. You can try using x3270 instead, most modern IBM i (System i, iSeries, AS/400) systems support 3270-type connections as well. If you need native 5250 support, say, with a commercial, closed-source 5250 terminal emulator, please leave a message on the X2Go-User Mailing List and we'll tell you if and how you can integrate that into your build. (feature available via github repo, soon via x2go repo too)
Line 830: Line 1065:
   * ''updateurl=rsync|https|http|ftp://your-http-server-ip-or-dns-here/path-to-update-files'' - Will allow you to update an image in the background when using local storage instead of PXE. Download task will start at a randomized interval to avoid unintentional dDOSing of the update server/network infrastructure. The updater will even work when using NTFS for local storage, but only if the //toram// boot option is used. Regardless of NTFS or not, the updater requires three directories: ''/boot/X2Go-live1, /boot/X2Go-live2, /boot/X2Go-live-download''. **Attention: Whoever manages to spoof the server name can deploy rogue images to your ThinClients.**  Even though it is slower, using an HTTPS web server is the safer way of doing this. Be sure that your web server delivers a last-modified header for all files.    * ''updateurl=rsync|https|http|ftp://your-http-server-ip-or-dns-here/path-to-update-files'' - Will allow you to update an image in the background when using local storage instead of PXE. Download task will start at a randomized interval to avoid unintentional dDOSing of the update server/network infrastructure. The updater will even work when using NTFS for local storage, but only if the //toram// boot option is used. Regardless of NTFS or not, the updater requires three directories: ''/boot/X2Go-live1, /boot/X2Go-live2, /boot/X2Go-live-download''. **Attention: Whoever manages to spoof the server name can deploy rogue images to your ThinClients.**  Even though it is slower, using an HTTPS web server is the safer way of doing this. Be sure that your web server delivers a last-modified header for all files. 
  
 +===== Client Branding/Theming using SVGs =====
 +It is possible to make X2Go-TCE-Live match your Corporate Design/Corporate Identity, using the "background" and "branding" parameters.
 +This is actually a feature of X2GoClient itself, so it will also work on //fat client// installations, and even on Windows and macOS.
 +
 +{{:wiki:advanced:x2goclientdefaultbranding.png?400|Before ...}} {{:wiki:advanced:x2goclientbranding.png?400| ... and after.}}
 +
 +You can find a more detailed explanation in the [[wiki:advanced:branding-theming|corresponding X2Go Wiki page]].
 ===== Querying X2Go-TCE version info =====  ===== Querying X2Go-TCE version info ===== 
 images built using the https://github.com/LinuxHaus/live-build-x2go::feature/openbox repository/branch after 2017-07-27 10:50 UTC will create a file ''/var/run/x2go-timestamps''. images built using the https://github.com/LinuxHaus/live-build-x2go::feature/openbox repository/branch after 2017-07-27 10:50 UTC will create a file ''/var/run/x2go-timestamps''.
Line 1155: Line 1397:
 FIXME Scripts triggered by if-up should check if a new download is really necessary. FIXME Scripts triggered by if-up should check if a new download is really necessary.
  
-FIXME Feature request: In TCE (not MMD), use <code>+===== List of closed ToDos/FIXMEs for this page =====  
 +  * Feature request: In TCE (not MMD), use <code>
 while ! (grep "^/dev/" /etc/mtab | grep -q rw ) ; do # rw-mounted physical devices detected while ! (grep "^/dev/" /etc/mtab | grep -q rw ) ; do # rw-mounted physical devices detected
  echo s >/proc/sysrq-trigger # sync all  echo s >/proc/sysrq-trigger # sync all
Line 1162: Line 1405:
 echo o >/proc/sysrq-trigger # force fast shutdown/poweroff echo o >/proc/sysrq-trigger # force fast shutdown/poweroff
 </code> for faster poweroff when boot parameter ''fastpo'' is set </code> for faster poweroff when boot parameter ''fastpo'' is set
-===== List of closed ToDos/FIXMEs for this page ===== +
   * ''audioout='', ''blank='', ''*blankdpmsfix'', ''nodpms'', ''xinerama='', are currently unsupported in MiniDesktop-Mode, but this is being worked on, by outsourcing them into scripts under ''/etc/X11/Xsession.d/'' (currently, they reside in ''/lib/live/config/2900-x2go-thinclientconfig'' - which doesn't exist in the MiniDesktop branches - and from there, they get written to ''~/.xsession'' - fixed in github repo, soon in x2go repo   * ''audioout='', ''blank='', ''*blankdpmsfix'', ''nodpms'', ''xinerama='', are currently unsupported in MiniDesktop-Mode, but this is being worked on, by outsourcing them into scripts under ''/etc/X11/Xsession.d/'' (currently, they reside in ''/lib/live/config/2900-x2go-thinclientconfig'' - which doesn't exist in the MiniDesktop branches - and from there, they get written to ''~/.xsession'' - fixed in github repo, soon in x2go repo
   * It would be nice to have a boot parameter ''xroot=[0xaabbcc|URI1[|URI2|...]]'' for the desktop background image/color, and a boot parameter ''xrootmode=center|fill|scale|tile'' to determine how the image(s) should be positioned (if the parameter has been set, but something is wrong, it should default to the "grey mesh" background) - fixed in github repo, soon in x2go repo   * It would be nice to have a boot parameter ''xroot=[0xaabbcc|URI1[|URI2|...]]'' for the desktop background image/color, and a boot parameter ''xrootmode=center|fill|scale|tile'' to determine how the image(s) should be positioned (if the parameter has been set, but something is wrong, it should default to the "grey mesh" background) - fixed in github repo, soon in x2go repo
doc/howto/tce.1573691864.txt.gz · Last modified: 2019/11/14 00:37 by stefanbaur