Differences

This shows you the differences between two versions of the page.

--- doc:howto:tce [2024/09/12 17:40]
stefanbaur [Starting the Build] check for mksquashfs on foreign archs was wrong and never fired
+++ doc:howto:tce [2025/05/05 09:32] (current)
stefanbaur [What options are available under FURTHER-OPTIONS-GO-HERE?] added liveboot_params description
@@ Line 27: / Line 27: @@
   * A graphics card and input devices (Keyboard, Mouse/Trackball/Touchpad/Trackpoint/Touchscreen, ...) that are supported by the stock Debian X Server
 ===== Build system prerequisites for all variants =====
-  * You need a Debian Buster system to build the image. (Other distributions based on Debian might work, but this is untested.)
+  * You need a Debian Bookworm system to build the image. Other distributions based on Debian might work, but this is untested and may fail. At the moment, we know about the following limitations:
+    * If you try to build Debian Bookworm images on Debian Bullseye, you can only create netboot images, but no iso/iso-hybrid/hdd images.
+    * If you want to try to build Debian (Bookworm) images on Ubuntu, you will need to install the live-build, debootstrap and debian-archive-keyring packages from the Debian repo.
   * We suggest using a 64-Bit system, however, it is possible to use a 32-Bit system if you don't want to build a 64-Bit ThinClient image.
-  * We suggest leaving at least 4 GB of free disk space so the build won't abort due to insufficient disk space while packages are downloaded, unpacked and copied around.
+  * We suggest leaving at least 6 GB of free disk space so the build won't abort due to insufficient disk space while packages are downloaded, unpacked and copied around.
-  * Make sure your package list is up to date by running: <code>sudo apt-get update </code>
+  * Make sure your package list is up to date by running: <code>sudo apt update </code>
-  * Install the required package(s) by running: <code>sudo apt-get install genisoimage git-core live-build live-config-doc live-manual-html live-boot-doc lsb-release netcat-traditional</code>
+  * Install the required package(s) by running: <code>sudo apt install genisoimage git-core live-build live-config-doc live-manual-html live-boot-doc lsb-release netcat-traditional rsync</code>
-  * If you want to speed up subsequent builds, install the recommended package(s) by running: <code>sudo apt-get install apt-cacher-ng</code>
+  * If you want to speed up subsequent builds, install the recommended package(s) by running: <code>sudo apt install apt-cacher-ng</code>
-  * If you want to be prepared to be able to cross-build across different architectures (e.g. building an ARM image on an Intel/AMD build host) - a feature coming soon - install the optional package(s) by running: <code>sudo apt-get install qemu-user-static binfmt-support -y && update-binfmts --enable qemu-aarch64</code>
+  * If you want to be able to cross-build across different architectures (e.g. building an ARM image on an Intel/AMD build host), install the optional package(s) by running: <code>sudo apt install qemu-user-static binfmt-support squashfs-tools -y && update-binfmts --enable qemu-aarch64</code>
 ===== Building your own X2Go-TCE Image =====
 ==== Configuring the Build ====
 Change to a directory where you want to save your builds, and save the following file as x2go-tce-config:
-<code>
+<file - x2go-tce-config>
 # NOTE: This file gets sourced by the actual buildscript - so place it in the same directory as the buildscript or adjust the path in the buildscript.
@@ Line 45: / Line 47: @@
 # it's apt-cacher-ng and use it
 #
 if nc -z 127.0.0.1 3142 ; then
     # bad idea with apt-cacher-ng, but will work with e.g. squid
     # export https_proxy=http://127.0.0.1:3128/
     # export http_proxy=http://127.0.0.1:3128/
     # export ftp_proxy=http://127.0.0.1:3128/
@@ Line 60: / Line 62: @@
 # Select ONE of the following git reposities
-# this one loosely corresponds to "stable"
+#export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/openbox-magic-pixel-workaround-bullseye'
-#export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/openbox-magic-pixel-workaround-buster'
+export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/openbox-magic-pixel-workaround-bookworm'
-#export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/mate-minidesktop-buster'
-export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/openbox-magic-pixel-workaround-bullseye'
 #export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/mate-minidesktop-bullseye'
+#export LBX2GO_CONFIG='https://gitlab.x2go.org/x2go/live-build-x2go.git::feature/mate-minidesktop-bookworm'
 #export LBX2GO_CONFIG='https://github.com/bauritcs/live-build-x2go.git::feature/openbox-magic-pixel-workaround-bookworm'
+#export LBX2GO_CONFIG='https://github.com/bauritcs/live-build-x2go.git::feature/openbox-microdesktop-bookworm'
 #export LBX2GO_CONFIG='https://github.com/bauritcs/live-build-x2go.git::feature/mate-minidesktop-bookworm'
-# NOTES: 1) https://github.com/bauritcs loosely corresponds to "heuler"
+# NOTES: 1) https://gitlab.x2go.org/x2go loosely corresponds to "stable"
-#        2) Minidesktop builds are work in progress and not production-ready. Cont(r)act us if you need them; feel free to submit patches.
+#        2) https://github.com/bauritcs loosely corresponds to "heuler"
-#        3) Add "-stretch" to the end of the LBX2GO_CONFIG string to create a stretch build,
+#        3) Minidesktop builds are work in progress and not production-ready. Cont(r)act us if you need them; feel free to submit patches.
+#        4) Microdesktop builds are currently only available via https://github.com/bauritcs, but are actually more production-ready than
+#           the Minidesktop builds. Feel free to try them out!
+#        5) Add "-stretch" to the end of the LBX2GO_CONFIG string to create a stretch build,
 #           add "-buster" to the end of the LBX2GO_CONFIG string to create a buster build,
 #           add "-bullseye" to the end of the LBX2GO_CONFIG string to create a bullseye build
-#           add "-bookworm" to the end of the LBX2GO_CONFIG string to create a bookworm build (will be in gitlab repo $SOON - use github.com/bauritcs for now)
+#           add "-bookworm" to the end of the LBX2GO_CONFIG string to create a bookworm build
 # Select ONE of the following LBX2GO_ARCH lines and comment out the others
@@ Line 87: / Line 92: @@
 # If you want to use the stock ISO image as created by this script, add your boot parameters here
-# export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent quiet pubkey=http://x2go/x2go-tce/config/authorized_keys sessionsurl=http://x2go/x2go-tce/config/sessions toram"
+# Make sure to leave a trailing space at the end of your string(s)!
-export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent quiet sessionsurl=https://your_server_here/config/sessions pubkey=https://your_server_here/config/authorized_keys toram "
+export LBX2GO_BOOTAPPEND_LIVE="boot=live components noswap lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 silent "
+export LBX2GO_BOOTAPPEND_LIVE+="quiet essionsurl=https://your_server_here/config/sessions "
+export LBX2GO_BOOTAPPEND_LIVE+="pubkey=https://your_server_here/config/authorized_keys toram "
-if echo -e "$LBX2GO_CONFIG" | grep -q "openbox"; then
+if echo -e "$LBX2GO_CONFIG" | grep -q "minidesktop"; then
-	LBX2GO_BOOTAPPEND_LIVE+="fastpo "
+        # if you use nottyautologin instead of noautologin, an autologin will be set for the account "user"
-	export LBX2GO_BOOTAPPEND_LIVE
+        # this would conflict with our setting for the account "x2gothinclient"
-elif echo -e "$LBX2GO_CONFIG" | grep -q "minidesktop"; then
+        LBX2GO_BOOTAPPEND_LIVE+='timezone=Europe/Berlin noautologin '
-	LBX2GO_BOOTAPPEND_LIVE+='timezone=Europe/Berlin noautologin ' # if you use nottyautologin instead of noautologin, an autologin will be set for the account "user", which conflicts our setting for the account "x2gothinclient"
+        export LBX2GO_BOOTAPPEND_LIVE
-	export LBX2GO_BOOTAPPEND_LIVE
+elif echo -e "$LBX2GO_CONFIG" | grep -q "microdesktop"; then
+        LBX2GO_BOOTAPPEND_LIVE+='timezone=Europe/Berlin '
+        export LBX2GO_BOOTAPPEND_LIVE
+elif echo -e "$LBX2GO_CONFIG" | grep -q "openbox"; then
+        LBX2GO_BOOTAPPEND_LIVE+="fastpo "
+        export LBX2GO_BOOTAPPEND_LIVE
 fi
-# detect if the selected git repo is meant to build a buster, stretch or jessie image
+# make Backports default to true
+export LBX2GO_BACKPORTS="true"
+# detect if the selected git repo is meant to build a bookworm, bullseye, buster, stretch or jessie image
 if [ -z "${LBX2GO_CONFIG##*-stretch}" ] ; then
     export LBX2GO_DEBVERSION="stretch"
@@ Line 118: / Line 133: @@
     export LBX2GO_BOOTAPPEND_LIVE+=" net.ifnames=0 biosdevname=0"
     export LBX2GO_ARCHIVE_AREAS="non-free-firmware "
+    # disable Backports for Bookworm, as mate-minidesktop won't build with Backports enabled
+    export LBX2GO_BACKPORTS="false"
 else
     export LBX2GO_DEBVERSION="jessie"
@@ Line 153: / Line 170: @@
         [ -f /usr/lib/live/build/binary_rootfs ] || ln -s /usr/lib/live/build/lb_binary_rootfs /usr/lib/live/build/binary_rootfs
         export LBX2GO_MIRROR="  -m http://deb.debian.org/debian
-                                --mirror-chroot-security http://security.debian.org/debian/
+                                --mirror-chroot-security http://security.debian.org/debian-security/
-                                --mirror-binary-security http://security.debian.org/debian/
+                                --mirror-binary-security http://security.debian.org/debian-security/
-                                --parent-mirror-chroot-security http://security.debian.org/debian/
+                                --parent-mirror-chroot-security http://security.debian.org/debian-security/
-                                --parent-mirror-binary-security http://security.debian.org/debian/"
+                                --parent-mirror-binary-security http://security.debian.org/debian-security/"
 else
         export LBX2GO_UPDATES="--updates true"
@@ Line 162: / Line 179: @@
 # These are default values that should not require tuning
-export LBX2GO_DEFAULTS="--backports true
+export LBX2GO_DEFAULTS="--backports $LBX2GO_BACKPORTS
                         --firmware-chroot true
                         --initsystem sysvinit
@@ Line 189: / Line 206: @@
 export LBX2GO_ARCHIVE_AREAS="main contrib non-free $LBX2GO_ARCHIVE_AREAS"
-# This is for minidesktop builds and currently only adds firefox-esr language packs
+# This is for micro- and minidesktop builds and currently only adds firefox-esr language packs
-# export LBX2GO_LANG='de'
+# use this for autodetection based on your lang= selection
+export LBX2GO_LANG=$(echo "$LBX2GO_BOOTAPPEND_LIVE" | tr ' .' '\n' | awk -F'=' '$1=="lang" { print $2 }')
+# To override this and add several language packs at once, use something like:
+# export LBX2GO_LANG='de;en_uk;en-za'
+# Set the boot timeout for all syslinux/isolinux/extlinux bootloaders
+# Note that this is measured in 1/10 seconds!
+# So for 1 second, set the value to 10, for 10 seconds, set it to 100.
+# A value of 0 means "wait indefinitely", a value of 1 means "boot default entry straight away".
+# Leave it unset to use live-build's default setting.
+#export LBX2GO_BOOT_TIMEOUT='0'
+export LBX2GO_BOOT_TIMEOUT='1'
 # This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team
@@ Line 197: / Line 225: @@
 #
 if dpkg --print-architecture | grep -q 'arm' || echo $LBX2GO_ARCH | grep -q 'arm' ; then
-	# on arm, these parameters must not be used; if they're there, we need to reinstall the package to undo our patch
+        # on arm, these parameters must not be used; if they're there, we need to reinstall the package to undo our patch
-	if grep -q -- '-Xbcj x86 -b 1024K -Xdict-size 1024K' /usr/lib/live/build/binary_rootfs; then
+        if grep -q -- '-Xbcj x86 -b 1024K -Xdict-size 1024K' /usr/lib/live/build/binary_rootfs; then
-		apt install --reinstall live-build
+                apt install --reinstall live-build
-	fi
+        fi
-	# feel free to experiment with these options, but be prepared for subtle breakage
+        # feel free to experiment with these options, but be prepared for subtle breakage
-	#export MKSQUASHFS_OPTIONS=' -Xbcj arm '
+        #export MKSQUASHFS_OPTIONS=' -Xbcj arm '
-	#export MKSQUASHFS_OPTIONS=' -b 1024K -Xdict-size 1024K '
+        #export MKSQUASHFS_OPTIONS=' -b 1024K -Xdict-size 1024K '
-	#export MKSQUASHFS_OPTIONS=' -Xbcj arm -b 1024K -Xdict-size 1024K '
+        #export MKSQUASHFS_OPTIONS=' -Xbcj arm -b 1024K -Xdict-size 1024K '
-	export MKSQUASHFS_OPTIONS=''
+        export MKSQUASHFS_OPTIONS=''
 else
-	export MKSQUASHFS_OPTIONS=' -Xbcj x86 -b 1024K -Xdict-size 1024K '
+        export MKSQUASHFS_OPTIONS=' -Xbcj x86 -b 1024K -Xdict-size 1024K '
 fi
@@ Line 217: / Line 245: @@
 # This patches the squashfs file into the initrd. Only parsed when image type "netboot" is set.
 # Will require boot parameter live-media=/ instead of fetch=...
 # Both TFTP client and TFTP server must support file transfers >32MB for this to work, if you want to deploy this initrd via TFTP,
 # so e.g. atftpd will not work - tftpd-hpa, however, seems to have no problem with larger files.
 # When using iPXE, you can use http instead of TFTP.
@@ Line 225: / Line 253: @@
 # Select ONE of the following LBX2GO_IMAGETYPE lines and comment out the others
 # to create an iso image:
-#export LBX2GO_IMAGETYPE='iso'
+# export LBX2GO_IMAGETYPE='iso'
 # to create an iso image that can also be dd'ed to USB media:
-export LBX2GO_IMAGETYPE='iso-hybrid'
+# export LBX2GO_IMAGETYPE='iso-hybrid'
 # to create a netboot-image:
-#export LBX2GO_IMAGETYPE='netboot'
+export LBX2GO_IMAGETYPE='netboot'
-# /!\ the options below are NOT RECOMMENDED unless you use live-build from Debian Buster /!\
+# /!\ The options below are NOT RECOMMENDED unless you use live-build from Debian Buster/Debian 10 or newer /!\
-# (Debian 10) or newer to create an image that can be written to a hard disk (for older
+# to create an image that can be written to a hard disk (for older live-build versions, this always results
-# live-build versions, this always results in a "build failed" message, even though the build
+# in a "build failed" message, even though the build might have worked - use live-build from Buster or newer
-# might have worked - use live-build from Buster or newer and things will work):
+# and things will work):
 #export LBX2GO_IMAGETYPE='hdd'
 ## This might be required for hdd builds, especially for (u)efi
 #export LBX2GO_BOOTLOADER="syslinux grub-pc grub-efi"
 # to create a tar file only (seems to be broken in older live-build versions - Buster works):
-#export LBX2GO_IMAGETYPE='tar'
+# export LBX2GO_IMAGETYPE='tar'
 # This is part of our experimental ARM support
 if echo "$LBX2GO_ARCH" | grep -q "arm" ; then
-	# enforce hdd image for arm at the moment (might need to support netboot later on too)
+        # enforce hdd image for arm at the moment (might need to support netboot later on too)
-	if ! [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then
+        if ! [ "$LBX2GO_IMAGETYPE" = "hdd" ] ; then
-	        echo "WARNING: Replacing selected image type with 'hdd'.  That's all we currently support on ARM."
+                echo "WARNING: Replacing selected image type with 'hdd'.  That's all we currently support on ARM."
-		export LBX2GO_IMAGETYPE="hdd"
+                export LBX2GO_IMAGETYPE="hdd"
-	fi
+        fi
 fi
@@ Line 252: / Line 280: @@
         export LBX2GO_DEFAULTS+=" $LBX2GO_BOOTLOADER"
 fi
-</code>
+</file>
 ==== Live-Patching the Build ====
-To add patches that aren't part of any package yet, you can use the directory ./patch/ for patches that should be added to all versions, and ./patch-minidesktop/ for patches that should only be added to the MATE-MiniDesktop Edition.
+To add patches that aren't part of any package yet, you can use the directory <code>./patch/</code> for patches that should be added to all versions, and <code>./patch-minidesktop/</code> for patches that should only be added to the MATE-MiniDesktop Edition.
 You will need to create a directory structure like <code>./patch/includes.chroot/etc/</code> to create/overwrite a file in <code>/etc/</code> within the live environment.
 e.g. to override <code>/etc/x2go/x2gothinclient-minidesktop_start</code> with a custom version, run <code>mkdir -p ./patch-minidesktop/includes.chroot/etc/x2go/</code> and save the following file as <code>./patch-minidesktop/includes.chroot/etc/x2go/x2gothinclient-minidesktop_start</code>
-<code>
+<file - x2gothinclient-minidesktop_start>
 #!/bin/bash
@@ Line 313: / Line 342: @@
                          &
-</code>
+</file>
 ==== Starting the Build ====
 In the directory where you want to save your builds, save the following file as x2go-tce-build, and run it (e.g. via //sudo bash ./x2go-tce-build//):
-<code>
+<file - x2go-tce-build>
 #!/bin/bash
@@ Line 332: / Line 361: @@
 if [ -z "$LBX2GO_ARCH" ] ||
-	( echo "$LBX2GO_ARCH" | grep -q "arm" && [ -z "$LBX2GO_ARCH_MODEL" ] ) ||
+        ( echo "$LBX2GO_ARCH" | grep -q "arm" && [ -z "$LBX2GO_ARCH_MODEL" ] ) ||
    [ -z "$LBX2GO_SPACE" ] ||
    [ -z "$LBX2GO_CONFIG" ] ||
@@ Line 376: / Line 405: @@
     if [ -d "../patch" ] ; then
         cp -a ../patch/* config/
+    fi
+    # This will copy any patches we have prepared for microdesktop
+    if [ -d "../patch-microdesktop" ] && (echo "$LBX2GO_CONFIG" | grep -q microdesktop) ; then
+        cp -a ../patch-microdesktop/* config/
     fi
@@ Line 389: / Line 423: @@
         rsync -aPH --ignore-existing --exclude="splash.svg" /usr/share/live/build/bootloaders/* config/bootloaders
     fi
-    # When enabled, this silences the audible beep at syslinux/isolinux/pxelinux/extlinux startup.
+    # When enabled, this silences the audible beep at syslinux/isolinux/pxelinux/extlinux and grub2 startup.
     # Note that this is an accessibility feature for blind users, so use with care.
-    sed -e "s/$(echo -e "\07")//g" -i config/bootloaders/*/menu.cfg
+    sed -e "s/$(echo -e "\07")//g" -i config/bootloaders/*linux*/menu.cfg
+    sed -e "s/^insmod play//" -e "s/^play.*$//g" -i config/bootloaders/grub-pc/config.cfg
+    # this will set the boot timeout for all syslinux/isolinux/extlinux bootloaders
+    if [ -n "$LBX2GO_BOOT_TIMEOUT" ]; then
+        sed -e "s/timeout .*$/timeout $LBX2GO_BOOT_TIMEOUT/ig" -i config/bootloaders/*linux/*linux.cfg config/bootloaders/pxelinux.cfg/default
+    fi
     # This enables an i386-only package in the sources.list file when an i386 build is requested
@@ Line 402: / Line 443: @@
     if echo $LBX2GO_ARCH | grep -q "arm" ; then
-	# bullseye and newer do not need this
+        # bullseye and newer do not need this
-    	if [ "${LBX2GO_DEBVERSION}" = "buster" ]; then
+        if [ "${LBX2GO_DEBVERSION}" = "buster" ]; then
-		# firmware for wifi
+                # firmware for wifi
-		echo "firmware-brcm80211/buster-backports" >>config/package-lists/raspi.list.chroot
+                echo "firmware-brcm80211/buster-backports" >>config/package-lists/raspi.list.chroot
-	fi
+        fi
-	if [ "$LBX2GO_ARCH_MODEL" = "Pi3" ] ; then
+        if [ "$LBX2GO_ARCH_MODEL" = "Pi3" ] ; then
-		# modules required for Raspberry Pi 3 LAN
+                # modules required for Raspberry Pi 3 LAN
-		echo "crc16" >> config/includes.chroot/etc/initramfs-tools/modules
+                echo "crc16" >> config/includes.chroot/etc/initramfs-tools/modules
-		echo "mii" >> config/includes.chroot/etc/initramfs-tools/modules
+                echo "mii" >> config/includes.chroot/etc/initramfs-tools/modules
-		echo "smsc95xx" >> config/includes.chroot/etc/initramfs-tools/modules
+                echo "smsc95xx" >> config/includes.chroot/etc/initramfs-tools/modules
-		echo "usbcore" >> config/includes.chroot/etc/initramfs-tools/modules
+                echo "usbcore" >> config/includes.chroot/etc/initramfs-tools/modules
-		echo "usbnet" >> config/includes.chroot/etc/initramfs-tools/modules
+                echo "usbnet" >> config/includes.chroot/etc/initramfs-tools/modules
-		echo "fake-hwclock" >>config/package-lists/raspi.list.chroot
+                echo "fake-hwclock" >>config/package-lists/raspi.list.chroot
-		echo "usbutils" >>config/package-lists/raspi.list.chroot
+                echo "usbutils" >>config/package-lists/raspi.list.chroot
-		# firmware for basic raspi functions - required for boot on Pi3
+                # firmware for basic raspi functions - required for boot on Pi3
-		echo "raspi3-firmware/buster" >>config/package-lists/raspi.list.chroot
+                if [ "${LBX2GO_DEBVERSION}" = "buster" ]; then
-		# standard linux kernel - for Pi3
+                        echo "raspi3-firmware/buster" >>config/package-lists/raspi.list.chroot
-		echo "linux-image-arm64/buster" >>config/package-lists/raspi.list.chroot
+                        # standard linux kernel - for Pi3
+                        echo "linux-image-arm64/buster" >>config/package-lists/raspi.list.chroot
+                fi
-	elif [ "$LBX2GO_ARCH_MODEL" = "Pi4" ] ; then
+        elif [ "$LBX2GO_ARCH_MODEL" = "Pi4" ] ; then
-		# bullseye and newer do not need this
+                # bullseye and newer do not need this
-		if [ "${LBX2GO_DEBVERSION}" = "buster" ]; then
+                if [ "${LBX2GO_DEBVERSION}" = "buster" ]; then
-			# firmware for basic raspi functions - required for boot on Pi4
+                        # firmware for basic raspi functions - required for boot on Pi4
-			echo "raspi3-firmware/buster-backports" >>config/package-lists/raspi.list.chroot
+                        echo "raspi3-firmware/buster-backports" >>config/package-lists/raspi.list.chroot
-			echo "raspi-firmware/buster-backports" >>config/package-lists/raspi.list.chroot
+                        echo "raspi-firmware/buster-backports" >>config/package-lists/raspi.list.chroot
-			# newer linux kernel - required for pi4/pi400
+                        # newer linux kernel - required for pi4/pi400
-			echo "linux-image-arm64/buster-backports" >>config/package-lists/raspi.list.chroot
+                        echo "linux-image-arm64/buster-backports" >>config/package-lists/raspi.list.chroot
-		fi
+                fi
-	else
+        else
-		echo "WARNING: ARM Platform selected, but unknown model: '$LBX2GO_ARCH_MODEL'. Assuming no additional packages/patches are required."
+                echo "WARNING: ARM Platform selected, but unknown model: '$LBX2GO_ARCH_MODEL'. Assuming no additional packages/patches are required."
-	fi
+        fi
     fi
-    # This is for minidesktop builds only
+    # This is for micro- and minidesktop builds only
     if [ -f config/package-lists/firefox-langpacks.list.chroot ]; then
             if [ -n "$LBX2GO_LANG" ]; then
-                    for LBX2GO_SINGLE_LANG in $(echo "$LBX2GO_LANG" | tr ';' ' '); do
+                    for LBX2GO_SINGLE_LANG in $(echo "$LBX2GO_LANG" | tr ';,|' ' '); do
                             echo "LANG: '$LBX2GO_SINGLE_LANG'"
-                            sed -i -e 's/#firefox-esr-l10n-'$LBX2GO_SINGLE_LANG'$/firefox-esr-l10n-'$LBX2GO_SINGLE_LANG'/' config/package-lists/firefox-langpacks.list.chroot
+                            sed -i -e 's|#firefox-esr-l10n-'$LBX2GO_SINGLE_LANG'$|firefox-esr-l10n-'$LBX2GO_SINGLE_LANG'|' config/package-lists/firefox-langpacks.list.chroot
+                            if ! grep -v "^#" config/package-lists/firefox-langpacks.list.chroot | grep -q -- "-l10n-${LBX2GO_SINGLE_LANG//_/-}" ; then
+                                            echo "LANG: '${LBX2GO_SINGLE_LANG//_*/}'"
+                                        sed -i -e "s|^#firefox-esr-l10n-${LBX2GO_SINGLE_LANG//_*/}$|firefox-esr-l10n-${LBX2GO_SINGLE_LANG//_*/}|" config/package-lists/firefox-langpacks.list.chroot
+                            fi
                     done
             else
@@ Line 450: / Line 496: @@
             fi
     fi
     if [ "$LBX2GO_TCE_SHRINK" = "true" ] ; then
         echo '#!/bin/sh' >./config/hooks/0112-remove-folders.hook.chroot
@@ Line 469: / Line 516: @@
         # at files not being downloaded, disable these three entries.
         export https_proxy=$LB_APT_HTTP_PROXY
-	export http_proxy=$LB_APT_HTTP_PROXY
+        export http_proxy=$LB_APT_HTTP_PROXY
         export ftp_proxy=$LB_APT_FTP_PROXY
     fi
@@ Line 475: / Line 522: @@
     # This is part of our experimental ARM support
     # It is used when building for the ARM architecture (on Intel/AMD hardware and on ARM).
     # It makes some necessary changes, and also tries to speed up squashfs creation when it
     # detects a crossbuild environment.
     if echo $LBX2GO_ARCH | grep -q 'arm'; then
@@ Line 484: / Line 531: @@
         sed -e 's/^.*fuseext.*$//g' -e 's/^.*freerdp-nightly.*$//g' -e 's/^.*x2gothinclient.*$//g' -i ./config/package-lists/*
-	# This command removes the X2Go repository from the directory where additional
+        # This command removes the X2Go repository from the directory where additional
         # archives are stored.  Currently needed as the X2Go repository offers no arm64
         # packages, but Debian Buster does - so that's what we're falling back to.
         echo "WARNING: Removing all references to the X2Go repository from the build."
         rm ./config/archives/*x2go*
-	# The following is a hack to reduce squashfs creation time in a crossbuild environment.
+        # The following is a hack to reduce squashfs creation time in a crossbuild environment.
-	# We're replacing mksquashfs in the changeroot with a wrapper script that drops the
+        # We're replacing mksquashfs in the changeroot with a wrapper script that drops the
-	# original mksquashfs call into a file.
+        # original mksquashfs call into a file.
-	if (uname -m | grep -q 'i.86' || uname -m | grep -q 'x86_64' || uname -m | grep -q 'ppc64') ; then
+        if (uname -m | grep -q 'i.86' || uname -m | grep -q 'x86_64' || uname -m | grep -q 'ppc64') ; then
-		# We need to do this as a background task, waiting for the mksquashfs executable to
+                echo "INFO: using host-architecture mksquashfs from outside instead of the target-architecture one inside chroot."
-		# appear in the changeroot; as the changeroot will only be created later on, once
+                # We need to do this as a background task, waiting for the mksquashfs executable to
-		# lb build is called.
+                # appear in the changeroot; as the changeroot will only be created later on, once
+                # lb build is called.
-		# The other background task waits until the command file has been created, then
-		# it applies some necessary patches to it, and starts the mksquashfs command natively
-		# on the build host, rather than in the changeroot environment.
-		# This is because in the changeroot, we'd be running the ARM mksquashfs in a qemu
-		# software emulation of the ARM architecture, while on the host, we can use all the
-		# native, raw CPU power and cores available to us.
-		# To make sure we don't have any lingering processes in the background, we're passing
+                # The other background task waits until the command file has been created, then
-		# our own PID along to the background tasks, and tell them to terminate if our PID
+                # it applies some necessary patches to it, and starts the mksquashfs command natively
-		# disappears while they're still in their waiting/looping state.
+                # on the build host, rather than in the changeroot environment.
+                # This is because in the changeroot, we'd be running the ARM mksquashfs in a qemu
+                # software emulation of the ARM architecture, while on the host, we can use all the
+                # native, raw CPU power and cores available to us.
-		MASTERPID=$$
+                # To make sure we don't have any lingering processes in the background, we're passing
+                # our own PID along to the background tasks, and tell them to terminate if our PID
+                # disappears while they're still in their waiting/looping state.
-		# Replace mksquashfs in chroot with script
+                MASTERPID=$$
-		# (script will undo this upon completion)
-		(
-		    # wait until the chroot has been populated or until our parent process dies
-		    while ! [ -x ./chroot/usr/bin/mksquashfs ]; do
-			ps $MASTERPID >/dev/null || exit 1
-			sleep 1
-		    done
-		    # make sure we don't overwrite the real executable if it has already been
-		    # moved out of the way
-		    if ! [ -x ./chroot/usr/bin/mksquashfs.real ]; then
-			cp ./chroot/usr/bin/mksquashfs ./chroot/usr/bin/mksquashfs.real
-		    fi
-		   echo '#!/bin/bash' >./chroot/usr/bin/mksquashfs
-		   # log the name we've been called with and all parameters into this file
-		   echo 'echo "$0 $@" >/tmp/filesystem.squashfs.temp' >>./chroot/usr/bin/mksquashfs
-		   # once the native mksquashfs is complete, we will remove this file
-		   echo 'while [ -f /tmp/filesystem.squashfs.temp ]; do' >>./chroot/usr/bin/mksquashfs
-		   echo '        sleep 1' >>./chroot/usr/bin/mksquashfs
-		   echo 'done' >>./chroot/usr/bin/mksquashfs
-		   # so let's wait until it has been removed before deleting ourselves ...
-		   echo 'rm /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs
-		   # ... and moving the real executable back into its place
-		   echo 'mv /usr/bin/mksquashfs.real /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs
-		   chmod 755 ./chroot/usr/bin/mksquashfs
-		) &
-		# start the native mksquashfs after patching the parameters
+                # Replace mksquashfs in chroot with script
-		(
+                # (script will undo this upon completion)
-		    # wait until the trigger file has been created or until our parent process dies
+                (
-		    while ! [ -f ./chroot/tmp/filesystem.squashfs.temp ]; do
+                    # wait until the chroot has been populated or until our parent process dies
-			ps $MASTERPID >/dev/null || exit 1
+                    while ! [ -x ./chroot/usr/bin/mksquashfs ]; do
-			sleep 1
+                        ps $MASTERPID >/dev/null || exit 1
-		    done
+                        sleep 1
-		    # using any of the available filters (x86, arm, armthumb) for the
+                    done
-		    # -Xbcj command results in an unusable squashfs on arm, so we drop the
+                    # make sure we don't overwrite the real executable if it has already been
-		    # parameter completely if it's there.
+                    # moved out of the way
-		    # also, all absolute paths (detected by beginning with " /") need to be
+                    if ! [ -x ./chroot/usr/bin/mksquashfs.real ]; then
-		    # prefixed with "./chroot" so the mksquashfs outside the chroot knows where
+                        cp ./chroot/usr/bin/mksquashfs ./chroot/usr/bin/mksquashfs.real
-		    # to look for the corresponding paths/files.
+                    fi
-		    sed -e 's/ -Xbcj x86/ /g' -e 's# /# ./chroot/#g' -i \
+                   echo '#!/bin/bash' >./chroot/usr/bin/mksquashfs
-			./chroot/tmp/filesystem.squashfs.temp
+                   # log the name we've been called with and all parameters into this file
-		    #needs switch from e.g. /bin/mksquashfs to $(which mksquashfs)
+                   echo 'echo "$0 $@" >/tmp/filesystem.squashfs.temp' >>./chroot/usr/bin/mksquashfs
-		    sed -e "s#^.*mksquashfs#$(which mksquashfs)#g" -i \
+                   # once the native mksquashfs is complete, we will remove this file
-			./chroot/tmp/filesystem.squashfs.temp
+                   echo 'while [ -f /tmp/filesystem.squashfs.temp ]; do' >>./chroot/usr/bin/mksquashfs
-		    # now let's make this executable
+                   echo '        sleep 1' >>./chroot/usr/bin/mksquashfs
-		    chmod 755 ./chroot/tmp/filesystem.squashfs.temp
+                   echo 'done' >>./chroot/usr/bin/mksquashfs
+                   # so let's wait until it has been removed before deleting ourselves ...
+                   echo 'rm /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs
+                   # ... and moving the real executable back into its place
+                   echo 'mv /usr/bin/mksquashfs.real /usr/bin/mksquashfs' >>./chroot/usr/bin/mksquashfs
+                   chmod 755 ./chroot/usr/bin/mksquashfs
+                ) &
-		    # we also need to add some more excludes because they shouldn't end up
+                # start the native mksquashfs after patching the parameters
-		    # in the squashfs - no idea why we don't need them while inside the chroot ...
+                (
-		    echo 'proc/*' >>./chroot/excludes
+                    # wait until the trigger file has been created or until our parent process dies
-		    echo 'sys/*' >>./chroot/excludes
+                    while ! [ -f ./chroot/tmp/filesystem.squashfs.temp ]; do
-		    echo 'dev/pts/*' >>/.chroot.excludes
+                        ps $MASTERPID >/dev/null || exit 1
-		    # now let's execute the script and, if it terminates without an error,
+                        sleep 1
-		    # we'll move the newly created squashfs into the chroot where the chrooted
+                    done
-		    # mksquashfs command would have created it; if that worked as well, we'll
+                    # using any of the available filters (x86, arm, armthumb) for the
-		    # remove the script file so our dummy mksquashfs inside the chroot knows
+                    # -Xbcj command results in an unusable squashfs on arm, so we drop the
-		    # it's time to terminate itself.
+                    # parameter completely if it's there.
-		    ./chroot/tmp/filesystem.squashfs.temp && \
+                    # also, all absolute paths (detected by beginning with " /") need to be
-		    mv ./filesystem.squashfs ./chroot/ && \
+                    # prefixed with "./chroot" so the mksquashfs outside the chroot knows where
-		    rm ./chroot/tmp/filesystem.squashfs.temp
+                    # to look for the corresponding paths/files.
-		) &
+                    sed -e 's/ -Xbcj x86/ /g' -e 's# /# ./chroot/#g' -i \
-	fi
+                        ./chroot/tmp/filesystem.squashfs.temp
+                    #needs switch from e.g. /bin/mksquashfs to $(which mksquashfs)
+                    sed -e "s#^.*mksquashfs#$(which mksquashfs)#g" -i \
+                        ./chroot/tmp/filesystem.squashfs.temp
+                    # if the mksquashfs command was missing, add it
+                    grep -q mksquashfs ./chroot/tmp/filesystem.squashfs.temp || \
+                        sed -e "s#^ #$(which mksquashfs) #g" -i \
+                        ./chroot/tmp/filesystem.squashfs.temp
+                    # now let's make this executable
+                    chmod 755 ./chroot/tmp/filesystem.squashfs.temp
+                    # we also need to add some more excludes because they shouldn't end up
+                    # in the squashfs - no idea why we don't need them while inside the chroot ...
+                    echo 'proc/*' >>./chroot/excludes
+                    echo 'sys/*' >>./chroot/excludes
+                    echo 'dev/pts/*' >>/.chroot.excludes
+                    # now let's execute the script and, if it terminates without an error,
+                    # we'll move the newly created squashfs into the chroot where the chrooted
+                    # mksquashfs command would have created it; if that worked as well, we'll
+                    # remove the script file so our dummy mksquashfs inside the chroot knows
+                    # it's time to terminate itself.
+                    ./chroot/tmp/filesystem.squashfs.temp && \
+                    mv ./filesystem.squashfs ./chroot/ && \
+                    rm ./chroot/tmp/filesystem.squashfs.temp
+                ) &
+        fi
     fi
@@ Line 590: / Line 642: @@
         # This is part of our experimental ARM support
         if [ "$LBX2GO_IMAGETYPE" = "hdd" ] && echo $LBX2GO_ARCH | grep -q "arm" ; then
-		# after the build, let's determine the name of our image file ...
+                # after the build, let's determine the name of our image file ...
-		IMAGEFILE="./x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').img"
+                IMAGEFILE="./x2go-tce-live-image-$(echo $LBX2GO_ARCH | awk '{print $2}').img"
-		# ... and change the partition type to reflect the file system actually in use for partition 1
+                # ... and change the partition type to reflect the file system actually in use for partition 1
-		# ("b" is FAT32)
+                # ("b" is FAT32)
-		sfdisk --part-type $IMAGEFILE 1 b
+                sfdisk --part-type $IMAGEFILE 1 b
-		# next, we need to patch two things inside the image, so we need to set up a loop device for it.
+                # next, we need to patch two things inside the image, so we need to set up a loop device for it.
-		FREELOOP=$(losetup -f) # note that this could become a TOCTOU issue if more than 1 process tries to use loop devices
+                FREELOOP=$(losetup -f) # note that this could become a TOCTOU issue if more than 1 process tries to use loop devices
-		# as the image is a full disk image containing a partition, we need to jump to the position where the first partition starts
+                # as the image is a full disk image containing a partition, we need to jump to the position where the first partition starts
-		losetup -o 1048576 $FREELOOP $IMAGEFILE
+                losetup -o 1048576 $FREELOOP $IMAGEFILE
-		# now let's mount it
+                # now let's mount it
-		mkdir -p ./tempmount
+                mkdir -p ./tempmount
-		mount $FREELOOP ./tempmount
+                mount $FREELOOP ./tempmount
-		# purge this dir, so we have enough space; we'll return to fill it later
+                # purge this dir, so we have enough space; we'll return to fill it later
-		rm ./tempmount/live/*
+                rm ./tempmount/live/*
-		# first, we copy the contents of the boot/firmware/ folder to the root directory, because that is where these files are needed
+                # first, we copy the contents of the boot/firmware/ folder to the root directory, because that is where these files are needed
-		# see if inplace helps against out of space errors
+                # see if inplace helps against out of space errors
-		rsync -aP --inplace ./chroot/boot/firmware/* ./tempmount
+                rsync -aP --inplace ./chroot/boot/firmware/* ./tempmount
-		mkdir -p ./tempmount/live/
+                mkdir -p ./tempmount/live/
-		rsync -aP ./binary/live/*.squashfs ./tempmount/live/
+                rsync -aP ./binary/live/*.squashfs ./tempmount/live/
-		# next, we replace the "root=" parameter with the parameters needed for live-booting
+                # next, we replace the "root=" parameter with the parameters needed for live-booting
-		sed -e 's#root=/dev/mmcblk0p2 #'"$LBX2GO_BOOTAPPEND_LIVE"' #' -i ./tempmount/cmdline.txt
+                sed -e 's#root=/dev/mmcblk0p2 #'"$LBX2GO_BOOTAPPEND_LIVE"' #' -i ./tempmount/cmdline.txt
-		# here comes the cleanup part
+                # here comes the cleanup part
-		sync
+                sync
-		umount $FREELOOP
+                umount $FREELOOP
-		losetup -d $FREELOOP
+                losetup -d $FREELOOP
-		rmdir ./tempmount
+                rmdir ./tempmount
-	fi
+        fi
         if [ "$LBX2GO_IMAGETYPE" = "netboot" ] ; then
@@ Line 675: / Line 727: @@
 fi
+</file>
-</code>
 ===== Netbooting =====
@@ Line 827: / Line 878: @@
     * create a folder ''(mountpath)/boot/grub''
     * install grub-legacy into it:
-      * ''apt-get -y install grub-legacy'' # note this will remove grub2 from your system if it is installed, but will not cause any change to your boot sequence
+      * ''apt -y install grub-legacy'' # note this will remove grub2 from your system if it is installed, but will not cause any change to your boot sequence
       * ''grub-install --recheck --root-directory=(mountpath) /dev/targetdevice'' # entire device, not partition
       * check, and, if required, edit the contents of ''(mountpath)/boot/grub/device.map''
       * if you had to make changes, re-run ''grub-install --root-directory=(mountpath) /dev/targetdevice'' # entire device, not partition
-      * optional: ''apt-get -y install grub2'' # reinstall grub2 if that is what you were using before
+      * optional: ''apt -y install grub2'' # reinstall grub2 if that is what you were using before
       * create a boot loader configuration file using the following template:
 <file - menu.lst>
@@ Line 862: / Line 913: @@
 === Installing syslinux ===
-    * install syslinux and mbr: ''apt-get install -y syslinux mbr''
+    * install syslinux and mbr: ''apt install -y syslinux mbr''
     * run ''syslinux --install /dev/targetpartition'' # if that fails or media won't boot, try ''syslinux -s --install /dev/targetpartition''
     * note that you have to mark /dev/targetpartition as "active" in the partition table. You can do that e.g. by calling ''sfdisk -A number-of-target-partition /dev/targetdevice''
@@ Line 914: / Line 965: @@
 @echo off
 setlocal
-set BCDEDIT=%SYSTEM%\bcdedit.exe
+set BCDEDIT=%SYSTEMROOT%\system32\bcdedit.exe
 if not exist %BCDEDIT% exit 1
 for /f "tokens=3" %%A in ('%BCDEDIT% /create /d "PXE boot" /application bootsector') do set guid=%%A
@@ Line 1024: / Line 1075: @@
 === These are entirely optional ===
+  * ''allowedapps=app1[,app2[,app3[,...,appn]'' - a comma-separated list of applications that should be shown in the start button menu and on the task bar. Obviously, these apps need to be included in the image - apps that are not installed will be skipped. If this parameter isn't specified, it will default to ''x2goclient,firefox,firefox-esr,debian-uxterm''. Other apps you might want to add to the list are: ''chromium,debian-xterm,x5250,x3270''. Note that in case of x3270 and x5250, all sessions listed in the ''x3270servers=''/''x5250servers='' parameters will be added to the start menu and task bar. (As of 2025-05-01, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''audioout=list'' / ''audioout="alsa_card.something|output:something"'' - use this to list all available audio outputs / select a particular audio output. Note that when selecting one, the parameter consists of two values (as displayed in the output on /dev/tty8 when specifying ''list'') that need to be separated with a ''|'', and the set of the two values needs to be enclosed in double quotes. Do //not// enclose each value in double quotes separately! Correct example: ''audioout="alsa_card.pci-0000_00_1b.0|output:hdmi-stereo"''
+  * ''autostartapps=app1[,app2[,app3[,...,appn]'' - a comma-separated list of applications that should be shown in the start button menu and on the task bar. Obviously, these apps need to be included in the image - apps that are not installed will be skipped. If this parameter isn't specified, it will default to an empty string - note that X2GoClient will be started automatically anyway. Other apps you might want to add to the list are: ''chromium,debian-xterm,x5250,x3270''. Note that in case of x3270 and x5250, all sessions listed in the ''x3270servers=''/''x5250servers='' parameters will be autostarted. If the ''x3270servers=''/''x5250servers='' parameter is left empty, x3270/x5250 will start in offline mode with no sessions configured. (As of 2025-05-01, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.
-  * ''blankdpmsfix'' - This forces the TFT to black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. (feature available via github repo, soon via x2go repo too)
+  * ''blankdpmsfix'' - This forces the TFT to black for a few seconds during the X startup phase, then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again.
   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
-  * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.
+    * The SVG must be in SVG1.1 or SVG1.2 tiny format, or things may break
-  * ''earlyblankdpmsfix'' - This forces the TFT do black for a few seconds during the initial boot phase (right after the squashfs was downloaded), then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. Earlyblankdpmsfix can also be called as ''earlyblankdpmsfix=nnnn'', where ''nnnn'' is the blanking time in milliseconds (so, ''earlyblankdpmsfix=1500'' equals 1.5 seconds). (feature available via github repo, soon via x2go repo too)
+    * Newer versions of X2Go-TCE-Live will check for the strings ''BOOTEDENVPLACEHOLDER'', ''TIMESTAMPPLACEHOLDER'', ''IPPLACEHOLDER'', ''MACPLACEHOLDER'' in the plaintext of the SVG and will try to replace them. See [[doc:howto:tce:branding-with-placeholders-svg]] for a sample SVG that you can download and adapt to your needs. (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
+    * Newer versions of X2Go-TCE-Live also support ''branding=qrcode'', which will display a QR code containing information regarding the booted environment, version, IP(s) and MAC(s). (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
+  * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk, be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.
+  * ''earlyblankdpmsfix'' - This forces the TFT do black for a few seconds during the initial boot phase (right after the squashfs was downloaded), then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. Earlyblankdpmsfix can also be called as ''earlyblankdpmsfix=nnnn'', where ''nnnn'' is the blanking time in milliseconds (so, ''earlyblankdpmsfix=1500'' equals 1.5 seconds).
   * ''homepageurl="URL1[|URL2|URLn]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more web pages that show up on Browser start/when clicking the "Home" icon. URLs need to be separated with a ''|'', and the set of URLs needs to be enclosed in double quotes. Do //not// enclose each URL in double quotes separately! Correct example: ''homepageurl="https://www.google.de|https://wiki.x2go.org"''
-  * ''initrdblankdpmsfix'' is the same as ''earlyblankdpmsfix'', only that it activates in the initial ramdisk already. Like ''earlyblankdpmsfix'', it can also be called as ''initrdblankdpmsfix=nnnn''.  This parameter is useful if you are affected by the //black screen at boot// issue, and you are not combining squashfs and initrd into one file when netbooting. (feature available via github repo, soon via x2go repo too)
+  * ''initrdblankdpmsfix'' is the same as ''earlyblankdpmsfix'', only that it activates in the initial ramdisk already. Like ''earlyblankdpmsfix'', it can also be called as ''initrdblankdpmsfix=nnnn''.  This parameter is useful if you are affected by the //black screen at boot// issue, and you are not combining squashfs and initrd into one file when netbooting.
+  * ''launchicon=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-launchicon.png'' - use this to specify a PNG file to “brand” your X2Go-TCE with. It will replace the seal icon in the task bar's launch button on the lower left of the screen. See below for how to add this file to your HTTP, HTTPS, or FTP server. **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate. (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''ldap=ldap.example.com:389:cn=cngoeshere,dc=example,dc=com'' - this allows you to specify an LDAP server to connect to - note that this is not needed for LDAP-based authentication, only when you intend to store entire session profiles in LDAP. You should really consider using the X2Go Session Broker instead.
   * ''ldap1=ldap-backupserver-1.example.com:389'' - this allows you to specify the first of up to two LDAP backup servers when using LDAP authentication
   * ''ldap2=ldap-backupserver-2.example.com:389'' - this allows you to specify the second of up to two LDAP backup servers when using LDAP authentication
+  * ''liveboot_params=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/liveboot_params'' - this is an __experimental__ feature that allows you to put all boot parameters not used by the kernel, but by the userspace programs, into a configuration file. This file may be a single-line file, or list all parameters as ''name=value'' pairs, each pair on a separate line, for improved readability. You can either save it as includes.chroot/boot/liveboot_params, or offer it for download via this parameter. The local file will always take precedence over an URL. Be sure to keep essential parameters like ''nouser'' and ''noroot'' in the local boot parameters, rather than in the remote file, or bad things may happen! (As of 2025-05-04, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
+  * ''lprdest=host[:port]'' - this activeates a stub bash script posing as lpr - it will attempt to blindly forward all data passed on STDIN to the host and port specified here. If no port is given, port 9100 is assumed. You can combine this with ''tcpprint'' and point it at 127.0.0.1:9100, but this will only work if your printer is able to understand the raw data - no processing is taking place on the client. If you need some form of processing, point this at a network print server instead. (As of 2025-05-04, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''nodpms'' - Will not touch DPMS settings at all (by default, ''blank=0'' does both ''xset s off'' and ''xset -dpms''). Use this along with ''blank=n'' if you do want to blank the screen, but your screen is confused by DPMS settings.
   * ''nomagicpixel=1'' or ''nomagicpixel=2'' - you should set ''nomagicpixel=1'' while the "magic pixel" (clicking in the upper right corner of the screen will minimize a fullscreen session) is still active in thinclient mode (this feature is expected to be disabled at some point in the future). ''nomagicpixel=1'' will disable the window manager when exactly 3 windows are detected (that's the usual situation when a fullscreen session is active). It will re-enable openbox whenever more or less than 3 windows are detected. If this fails for you, you can try ''nomagicpixel=2'', which will try to trigger on the window-minimize command and restore it to fullscreen (this will cause a short screen flickering effect). Note that ''nomagicpixel=2'' will make your ThinClient unusable when trying to run the actual X2Go-TCE client as a virtual machine guest (the //X2GoServer// you connect to may be a VM guest, no problems there). To live with the magic pixel bug, simply do not add this option at all.
-  * ''ntp="server1 server2 ... servern"'' - this allows you to specify your own NTP server.  If this parameter is not used, time will be synced with standard Debian NTP servers.  To disable NTP syncing entirely, use ''ntp=false'' (feature available via github repo, soon via x2go repo too)
+  * ''ntp="server1 server2 ... servern"'' - this allows you to specify your own NTP server.  If this parameter is not used, time will be synced with standard Debian NTP servers.  To disable NTP syncing entirely, use ''ntp=false''
-  * ''pavol=[n:]volume%[|[n:]volume% ...]'' - Allows you to set default volume levels for one or more audio output devices. ''pavol=50%'' will set the default audio output device (#0) to 50%. ''pavol=1:99%'' will set audio output device #1 to 99%. ''pavol="0:50%|1:99%"'' will set audio output device #0 to 50%, and audio output device #1 to 99%. Note that this opion only makes sense in MATE-MiniDesktop mode, as regular TCE sessions get their volume levels restored from the host they connect to. (''pavol'' feature available via github repo, soon via x2go repo too).
+  * ''openboxbuttons=Text1,Text2,Text3'' - This will change the default "Logout,Reboot,Shutdown" entries in the Openbox-MicroDesktop flavor's launcher menu to whatever you define here. Try ''Abmelden,Neustart,Herunterfahren'' for German, or ''Déconnecter,Redémarrer,Arrêter'' for French. (As of 2025-05-04, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
+  * ''pavol=[n:]volume%[|[n:]volume% ...]'' - Allows you to set default volume levels for one or more audio output devices. ''pavol=50%'' will set the default audio output device (#0) to 50%. ''pavol=1:99%'' will set audio output device #1 to 99%. ''pavol="0:50%|1:99%"'' will set audio output device #0 to 50%, and audio output device #1 to 99%. Note that this opion only makes sense in MATE-MiniDesktop mode, as regular TCE sessions get their volume levels restored from the host they connect to.
   * ''pubkey=tftp|http|https|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce.authorized_keys'' - Allows you to add an ssh public key file to the ThinClient, so your administrators can log in remotely using SSH. Note that this file needs to be chmodded 644, not 600, on the web server.  **Attention: Whoever manages to spoof this server name will have root access to your ThinClients.** Using HTTPS will mitigate this - an attacker would not only have to spoof the server name, but also the matching certificate.
   *  ''session=sessionname'' - use this to specify a session by name that should be pre-selected on startup. The name must be listed in the sessions file and may only contain characters from the following charset: //a-zA-Z0-9.:/ _-// (We suggest naming the default session ''default'' and using ''session=default''.) When using a session name with blanks, please enclose the sessionname in either single or double quotes, like so: ''session="session name"'' / ''session='session name'''
+  * ''showbattstate'' - show battery charge/pop up a warning message when battery charge is nearing its end (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
+  * ''startupmsg="Your startup message here"'' - This will change the message text in the Openbox-MicroDesktop flavor's autostart popup to whatever you define here. Try ''System startet, bitte warten ...'' for German, or ''Démarrage du système en cours, un instant s'il vous plaît ...'' for French. (As of 2025-05-04, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''tcedebug'' - this switches X2GoClient into debug mode and will also lead to increased logging to /var/log/x2goclient and to tty9
   * ''tcpprint'' - Will allow you to use local LPT/USB printers like "dumb" network printers (listening to port 9100 and above). Requires MAC->IP mapping in DHCP server (and optionally, DNS->IP mapping), or static IPs - else your print jobs will end up on random devices. This setup is preferred over the X2GoClient's built-in printing for locally attached printers if X2GoServer and ThinClients are on the same network. It is not recommended when your X2Go connection goes across the internet or when the ThinClient is actually a laptop roaming between different networks. **Attention: When used without ''tcpprintonlyfrom'' (see below), this means anyone that can reach your thin client via e.g. ping can also send print jobs to it!**
@@ Line 1048: / Line 1110: @@
   * ''timezone=TIMEZONE'' - can be used to define a timezone other than UTC, e.g. 'Europe/Berlin'. This especially makes sense for MATE-MiniDesktop, but is nice to have in regular TCE-Live as well, because the timestamp of the log messages will show the local time instead of UTC. This is a standard parameter of live-boot, and not specific to X2Go.
   * ''windowwidth=[n-nnn]'' - this is only available in MiniDesktop mode. It allows you to set the width of the X2GoClient login window (which gets moved and resized to the right side of your screen during session startup) to any value between 0 and 100. Note that widths smaller than 30 are not recommended and may cause further resizing once the session starts.
-  * ''x3270servers="host[:port][|host[:port]...]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more hosts (with optional ports) for x3270 terminal emulation sessions that will be created as desktop shortcuts on the thinclient. For a default 3270 connection, the port is 23 (telnet) and does not need to be specified. For an SSL-encrypted connection (recommended), the port is 992. Hosts may be IP addresses or DNS names, and need to be separated with a ''|''. (feature available via github repo, soon via x2go repo too)
+  * ''x3270servers="host[:port][|host[:port]...]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more hosts (with optional ports) for x3270 terminal emulation sessions that will be created as desktop shortcuts on the thinclient. For a default 3270 connection, the port is 23 (telnet) and does not need to be specified. For an SSL-encrypted connection (recommended), the port is 992. Hosts may be IP addresses or DNS names, and need to be separated with a ''|''.
-  * ''x5250servers="host[:port][|host[:port]...]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more hosts (with optional ports) for x5250 terminal emulation sessions that will be created as desktop shortcuts on the thinclient. For a default 5250 connection, the port is 23 (telnet) and does not need to be specified. For an SSL-encrypted connection (recommended), the port is 992. Hosts may be IP addresses or DNS names, and need to be separated with a ''|''. Note that x5250 support is currently not part of the standard image available via git, as there is no x5250 executable in Debian. You can try using x3270 instead, most modern IBM i (System i, iSeries, AS/400) systems support 3270-type connections as well. If you need native 5250 support, say, with a commercial, closed-source 5250 terminal emulator, please leave a message on the X2Go-User Mailing List and we'll tell you if and how you can integrate that into your build. (feature available via github repo, soon via x2go repo too)
+  * ''x5250servers="host[:port][|host[:port]...]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more hosts (with optional ports) for x5250 terminal emulation sessions that will be created as desktop shortcuts on the thinclient. For a default 5250 connection, the port is 23 (telnet) and does not need to be specified. For an SSL-encrypted connection (recommended), the port is 992. Hosts may be IP addresses or DNS names, and need to be separated with a ''|''.
+    * Note that x5250 support is currently not part of the standard image available via git, as there is no x5250 executable in Debian. You can try using x3270 instead, most modern IBM i (System i, iSeries, AS/400) systems support 3270-type connections as well. Note that you need to specify "-model 2" or else you may run into problems, see [[https://x3270.miraheze.org/wiki/5250_support#The_NVT-Mode_Issue|here]].
+    * For a full mapping of x3270 keys to x5250 keys, see [[https://www.ibm.com/docs/en/i/7.6.0?topic=sessions-3270-keyboard-mapping-telnet-servers|here]].
+    * If you need native 5250 support, say, with a commercial, closed-source 5250 terminal emulator, you can create a directory structure ''patch-minidesktop/usr/bin/'' and place your executable there; the build script will pick up on that and copy all files from ''patch-minidesktop'' into the live image.
   * ''xinerama=left-of|right-of|above|below|same-as'' - Allows you to specify how multiple screens are handled (same-as clones the primary screen to all secondary screens, the other commands will cascade and thus expand the screen). Note that the current implementation will enforce "same-as" if it detects a touch screen driver (wacom) and no other pointing device. This is so you won't get stuck being unable to log off, for example, due to your touch device being limited to one screen.
   * ''xorg-driver=DRIVERNAME'' - will skip graphics driver autodetection and force the specified driver instead. This is a standard parameter of live-boot, and not specific to X2Go.
   * ''xorg-resolution=HRESxVRES'' - will force the horizontal resolution to HRES and the vertical resolution to VRES, e.g. ''xorg-resolution=1280x1024'', useful if autodetection for the correct screen size fails, but you do get as far as seeing the X2Go GUI. This is a standard parameter of live-boot, and not specific to X2Go.
   * ''xorgconfurl=tftp|http|https|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce.xorg.conf'' - when a client outright refuses to boot into the graphical X2Go login screen, but gets stuck at the console or a black screen instead, yet you can get the GUI to work using a regular Linux on the same hardware, you can disable the X Server's autodetection and force it to use the xorg.conf specified here.  Note that you should use a more descriptive name for the file, as described below. **Attention: Whoever manages to spoof the server name can inject rogue xorg config files into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
-  * ''xroot=[0xaabbcc|URI1[|URI2|...]]'' - can be used to set a local desktop background image or color (in hex format, with leading 0x, not leading #). On the main screen, this is only visible during startup, while additional screens will display whatever is set for them when there is no active session. The background also becomes visible for a short moment when the optional local screensaver activates or deactivates. Specifying more than one image will cause the first image to show up on the first screen, the second image on the second screen, and so on (feature available via github repo, soon via x2go repo too).
+  * ''xroot=[0xaabbcc|URI1[|URI2|...]]'' - can be used to set a local desktop background image or color (in hex format, with leading 0x, not leading #). On the main screen, this is only visible during startup, while additional screens will display whatever is set for them when there is no active session. The background also becomes visible for a short moment when the optional local screensaver activates or deactivates. Specifying more than one image will cause the first image to show up on the first screen, the second image on the second screen, and so on. 0x008080 will give you the Windows 95 background color, 0x3a6ea5 will give you the Windows 2000 background color.
-  * ''xrootmode=center|fill|scale|tile'' can be used to determine how the local desktop background image(s) should be positioned. If the parameter has been set, but something is wrong, it will default to a //grey mesh// background. (feature available via github repo, soon via x2go repo too). (feature available via github repo, soon via x2go repo too)
+  * ''xrootmode=center|fill|scale|tile'' can be used to determine how the local desktop background image(s) should be positioned. If the parameter has been set, but something is wrong, it will default to a //grey mesh// background.
-  * ''xsaveridletime=n'' - this value determines how long the screen should have been idle before the local slideshow screensaver sets in (value given in seconds). We recommend using 60 seconds less than for the server-sided, locking screensaver. (feature available via github repo, soon via x2go repo too)
+  * ''xsaveridletime=n'' - this value determines how long the screen should have been idle before the local slideshow screensaver sets in (value given in seconds). We recommend using 60 seconds less than for the server-sided, locking screensaver.
-  * ''xsaverimages=[URI1[|URI2|...]]'' - if you want a local, non-locking slideshow screensaver, you can specify image URLs here. These Images will be downloaded once, at boot. That way, one can display a slideshow without having to push the images across the network every time. Especially for slow links, this is the recommended way of running a slideshow screensaver. For security, combine this with a locking screensaver on the server with only one slide or a black background. (feature available via github repo, soon via x2go repo too)
+  * ''xsaverimages=[URI1[|URI2|...]]'' - if you want a local, non-locking slideshow screensaver, you can specify image URLs here. These Images will be downloaded once, at boot. That way, one can display a slideshow without having to push the images across the network every time. Especially for slow links, this is the recommended way of running a slideshow screensaver. For security, combine this with a locking screensaver on the server with only one slide or a black background.
-  * ''xsaverimgtime=n'' - this determines how long each slide of the local, non-locking screensaver will be shown. (feature available via github repo, soon via x2go repo too)
+  * ''xsaverimgtime=n'' - this determines how long each slide of the local, non-locking screensaver will be shown.
 === These are only intended to be used with TCE images stored on local media ===
   * ''bwlimit=nnn'' - Will allow you to specify a bandwidth limit (valid values: 1-100) in percent for the backgrounded update task.
@@ Line 1065: / Line 1130: @@
   * ''updateurl=rsync|https|http|ftp://your-http-server-ip-or-dns-here/path-to-update-files'' - Will allow you to update an image in the background when using local storage instead of PXE. Download task will start at a randomized interval to avoid unintentional dDOSing of the update server/network infrastructure. The updater will even work when using NTFS for local storage, but only if the //toram// boot option is used. Regardless of NTFS or not, the updater requires three directories: ''/boot/X2Go-live1, /boot/X2Go-live2, /boot/X2Go-live-download''. **Attention: Whoever manages to spoof the server name can deploy rogue images to your ThinClients.**  Even though it is slower, using an HTTPS web server is the safer way of doing this. Be sure that your web server delivers a last-modified header for all files.
-===== Client Branding/Theming using SVGs =====
+===== Client Branding/Theming using SVGs/PNGs =====
 It is possible to make X2Go-TCE-Live match your Corporate Design/Corporate Identity, using the "background" and "branding" parameters.
 This is actually a feature of X2GoClient itself, so it will also work on //fat client// installations, and even on Windows and macOS.
+Note that only **SVGs** are supported for these two parameters
 {{:wiki:advanced:x2goclientdefaultbranding.png?400|Before ...}} {{:wiki:advanced:x2goclientbranding.png?400| ... and after.}}
 You can find a more detailed explanation in the [[wiki:advanced:branding-theming|corresponding X2Go Wiki page]].
+For X2Go-TCE-Live-Openbox-MicroDesktop, you can also replace the start button with your company logo by pointing the "launchicon" parameter at a download URL for it. Note that unlike the previous two options, this one needs to be a PNG (**not** a SVG) that is at least 48 x 48 pixels in size.
 ===== Querying X2Go-TCE version info =====
-images built using the https://github.com/LinuxHaus/live-build-x2go::feature/openbox repository/branch after 2017-07-27 10:50 UTC will create a file ''/var/run/x2go-timestamps''.
+X2Go-TCE-Live will create a file ''/var/run/x2go-timestamps''.
 A command like <code>ssh -A root@ThinClientIPorDNS 'cat /var/run/x2go-tce-timestamps'</code>
@@ Line 1217: / Line 1285: @@
 Basically:
 <code>
-apt-get install ipxe
+apt install ipxe
 cd /your-tftp-root
 mkdir -p {bios,uefi}
@@ Line 1304: / Line 1372: @@
     * /usr/share/x2go-tcebuilder/template-scripts (scripts we ship, with a big fat header that they should not be changed, but copied)
   * store the results somewhere under /var/lib/x2go-tcebuilder/ or whatever the proper place according to FHS and Debian would be
-  * turning it into a package would mean we could add dependencies as well, so the manual apt-get install would not be neccessary
+  * turning it into a package would mean we could add dependencies as well, so the manual apt install would not be neccessary
   * additional scripts could be added that work "automagically" if there's no PXE/TFTP/HTTP/FTP server yet - maybe in a separate package x2go-tce-setup-aids.deb which then has dependencies on atftpd and apache|lighttpd, ...

X2Go - everywhere@home

User Tools

Site Tools

Differences

Page Tools