X2Go - everywhere@home

User Tools

Site Tools

Trace:
doc:howto:tce

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
doc:howto:tce [2025/04/22 20:28]
stefanbaur [Installing a boot loader] fixed path 		doc:howto:tce [2025/05/05 09:32] (current)
stefanbaur [What options are available under FURTHER-OPTIONS-GO-HERE?] added liveboot_params description
Line 72: Line 72:
 #        2) https://github.com/bauritcs loosely corresponds to "heuler" #        2) https://github.com/bauritcs loosely corresponds to "heuler"
 #        3) Minidesktop builds are work in progress and not production-ready. Cont(r)act us if you need them; feel free to submit patches. #        3) Minidesktop builds are work in progress and not production-ready. Cont(r)act us if you need them; feel free to submit patches.
-#        4) Microdesktop builds are currently only available via https://github.com/bauritcs, but are actually more production-ready than +#        4) Microdesktop builds are currently only available via https://github.com/bauritcs, but are actually more production-ready than
 #           the Minidesktop builds. Feel free to try them out! #           the Minidesktop builds. Feel free to try them out!
 #        5) Add "-stretch" to the end of the LBX2GO_CONFIG string to create a stretch build, #        5) Add "-stretch" to the end of the LBX2GO_CONFIG string to create a stretch build,
Line 113: Line 113:
 export LBX2GO_BACKPORTS="true" export LBX2GO_BACKPORTS="true"
  
-# detect if the selected git repo is meant to build a buster, stretch or jessie image+# detect if the selected git repo is meant to build a bookworm, bullseye, buster, stretch or jessie image
 if [ -z "${LBX2GO_CONFIG##*-stretch}" ] ; then if [ -z "${LBX2GO_CONFIG##*-stretch}" ] ; then
     export LBX2GO_DEBVERSION="stretch"     export LBX2GO_DEBVERSION="stretch"
Line 179: Line 179:
  
 # These are default values that should not require tuning # These are default values that should not require tuning
-export LBX2GO_DEFAULTS="--backports true+export LBX2GO_DEFAULTS="--backports $LBX2GO_BACKPORTS
                         --firmware-chroot true                         --firmware-chroot true
                         --initsystem sysvinit                         --initsystem sysvinit
Line 206: Line 206:
 export LBX2GO_ARCHIVE_AREAS="main contrib non-free $LBX2GO_ARCHIVE_AREAS" export LBX2GO_ARCHIVE_AREAS="main contrib non-free $LBX2GO_ARCHIVE_AREAS"
  
-# This is for minidesktop builds and currently only adds firefox-esr language packs +# This is for micro- and minidesktop builds and currently only adds firefox-esr language packs 
-# export LBX2GO_LANG='de'+# use this for autodetection based on your lang= selection 
 +export LBX2GO_LANG=$(echo "$LBX2GO_BOOTAPPEND_LIVE" | tr ' .' '\n' | awk -F'=' '$1=="lang" { print $2 }') 
 +# To override this and add several language packs at once, use something like: 
 +# export LBX2GO_LANG='de;en_uk;en-za' 
 + 
 +# Set the boot timeout for all syslinux/isolinux/extlinux bootloaders 
 +# Note that this is measured in 1/10 seconds! 
 +# So for 1 second, set the value to 10, for 10 seconds, set it to 100. 
 +# A value of 0 means "wait indefinitely", a value of 1 means "boot default entry straight away"
 +# Leave it unset to use live-build's default setting. 
 +#export LBX2GO_BOOT_TIMEOUT='0' 
 +export LBX2GO_BOOT_TIMEOUT='1'
  
 # This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team # This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team
Line 269: Line 280:
         export LBX2GO_DEFAULTS+=" $LBX2GO_BOOTLOADER"         export LBX2GO_DEFAULTS+=" $LBX2GO_BOOTLOADER"
 fi fi
 +
 </file> </file>
  
Line 411: Line 423:
         rsync -aPH --ignore-existing --exclude="splash.svg" /usr/share/live/build/bootloaders/* config/bootloaders         rsync -aPH --ignore-existing --exclude="splash.svg" /usr/share/live/build/bootloaders/* config/bootloaders
     fi     fi
-    # When enabled, this silences the audible beep at syslinux/isolinux/pxelinux/extlinux startup.+ 
 +    # When enabled, this silences the audible beep at syslinux/isolinux/pxelinux/extlinux and grub2 startup.
     # Note that this is an accessibility feature for blind users, so use with care.     # Note that this is an accessibility feature for blind users, so use with care.
-    sed -e "s/$(echo -e "\07")//g" -i config/bootloaders/*/menu.cfg+    sed -e "s/$(echo -e "\07")//g" -i config/bootloaders/*linux*/menu.cfg 
 +    sed -e "s/^insmod play//" -e "s/^play.*$//g" -i config/bootloaders/grub-pc/config.cfg 
 + 
 +    # this will set the boot timeout for all syslinux/isolinux/extlinux bootloaders 
 +    if [ -n "$LBX2GO_BOOT_TIMEOUT" ]; then 
 +        sed -e "s/timeout .*$/timeout $LBX2GO_BOOT_TIMEOUT/ig" -i config/bootloaders/*linux/*linux.cfg config/bootloaders/pxelinux.cfg/default 
 +    fi
  
     # This enables an i386-only package in the sources.list file when an i386 build is requested     # This enables an i386-only package in the sources.list file when an i386 build is requested
Line 462: Line 481:
     fi     fi
  
- +    # This is for micro- and minidesktop builds only
-    # This is for minidesktop builds only+
     if [ -f config/package-lists/firefox-langpacks.list.chroot ]; then     if [ -f config/package-lists/firefox-langpacks.list.chroot ]; then
             if [ -n "$LBX2GO_LANG" ]; then             if [ -n "$LBX2GO_LANG" ]; then
-                    for LBX2GO_SINGLE_LANG in $(echo "$LBX2GO_LANG" | tr ';' ' '); do+                    for LBX2GO_SINGLE_LANG in $(echo "$LBX2GO_LANG" | tr ';,|' ' '); do
                             echo "LANG: '$LBX2GO_SINGLE_LANG'"                             echo "LANG: '$LBX2GO_SINGLE_LANG'"
-                            sed -i -e 's/#firefox-esr-l10n-'$LBX2GO_SINGLE_LANG'$/firefox-esr-l10n-'$LBX2GO_SINGLE_LANG'/' \ +                            sed -i -e 's|#firefox-esr-l10n-'$LBX2GO_SINGLE_LANG'$|firefox-esr-l10n-'$LBX2GO_SINGLE_LANG'|' config/package-lists/firefox-langpacks.list.chroot 
-                              config/package-lists/firefox-langpacks.list.chroot+                            if ! grep -v "^#" config/package-lists/firefox-langpacks.list.chroot | grep -q -- "-l10n-${LBX2GO_SINGLE_LANG//_/-}" ; then 
 +                                            echo "LANG: '${LBX2GO_SINGLE_LANG//_*/}'" 
 +                                        sed -i -e "s|^#firefox-esr-l10n-${LBX2GO_SINGLE_LANG//_*/}$|firefox-esr-l10n-${LBX2GO_SINGLE_LANG//_*/}|" config/package-lists/firefox-langpacks.list.chroot 
 +                            fi
                     done                     done
             else             else
Line 475: Line 496:
             fi             fi
     fi     fi
 +
     if [ "$LBX2GO_TCE_SHRINK" = "true" ] ; then     if [ "$LBX2GO_TCE_SHRINK" = "true" ] ; then
         echo '#!/bin/sh' >./config/hooks/0112-remove-folders.hook.chroot         echo '#!/bin/sh' >./config/hooks/0112-remove-folders.hook.chroot
Line 704: Line 726:
     cd ..     cd ..
 fi fi
 +
 </file> </file>
 ===== Netbooting ===== ===== Netbooting =====
Line 1052: Line 1075:
  
 === These are entirely optional === === These are entirely optional ===
 +  * ''allowedapps=app1[,app2[,app3[,...,appn]'' - a comma-separated list of applications that should be shown in the start button menu and on the task bar. Obviously, these apps need to be included in the image - apps that are not installed will be skipped. If this parameter isn't specified, it will default to ''x2goclient,firefox,firefox-esr,debian-uxterm''. Other apps you might want to add to the list are: ''chromium,debian-xterm,x5250,x3270''. Note that in case of x3270 and x5250, all sessions listed in the ''x3270servers=''/''x5250servers='' parameters will be added to the start menu and task bar. (As of 2025-05-01, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''audioout=list'' / ''audioout="alsa_card.something|output:something"'' - use this to list all available audio outputs / select a particular audio output. Note that when selecting one, the parameter consists of two values (as displayed in the output on /dev/tty8 when specifying ''list'') that need to be separated with a ''|'', and the set of the two values needs to be enclosed in double quotes. Do //not// enclose each value in double quotes separately! Correct example: ''audioout="alsa_card.pci-0000_00_1b.0|output:hdmi-stereo"''   * ''audioout=list'' / ''audioout="alsa_card.something|output:something"'' - use this to list all available audio outputs / select a particular audio output. Note that when selecting one, the parameter consists of two values (as displayed in the output on /dev/tty8 when specifying ''list'') that need to be separated with a ''|'', and the set of the two values needs to be enclosed in double quotes. Do //not// enclose each value in double quotes separately! Correct example: ''audioout="alsa_card.pci-0000_00_1b.0|output:hdmi-stereo"''
 +  * ''autostartapps=app1[,app2[,app3[,...,appn]'' - a comma-separated list of applications that should be shown in the start button menu and on the task bar. Obviously, these apps need to be included in the image - apps that are not installed will be skipped. If this parameter isn't specified, it will default to an empty string - note that X2GoClient will be started automatically anyway. Other apps you might want to add to the list are: ''chromium,debian-xterm,x5250,x3270''. Note that in case of x3270 and x5250, all sessions listed in the ''x3270servers=''/''x5250servers='' parameters will be autostarted. If the ''x3270servers=''/''x5250servers='' parameter is left empty, x3270/x5250 will start in offline mode with no sessions configured. (As of 2025-05-01, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the blue background theme of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.   * ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout. Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.
Line 1058: Line 1083:
   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.   * ''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg'' - use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace the seal icon in the lower left of the login screen. See below for how to add this file to your HTTP, HTTPS, or FTP server.  **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.**  To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.
     * The SVG must be in SVG1.1 or SVG1.2 tiny format, or things may break     * The SVG must be in SVG1.1 or SVG1.2 tiny format, or things may break
-    * Newer versions of X2Go-TCE-Live will check for the strings ''BOOTEDENVPLACEHOLDER'', ''TIMESTAMPPLACEHOLDER'', ''IPPLACEHOLDER'', ''MACPLACEHOLDER'' in the plaintext of the SVG and will try to replace them. (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)+    * Newer versions of X2Go-TCE-Live will check for the strings ''BOOTEDENVPLACEHOLDER'', ''TIMESTAMPPLACEHOLDER'', ''IPPLACEHOLDER'', ''MACPLACEHOLDER'' in the plaintext of the SVG and will try to replace them. See [[doc:howto:tce:branding-with-placeholders-svg]] for a sample SVG that you can download and adapt to your needs. (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
     * Newer versions of X2Go-TCE-Live also support ''branding=qrcode'', which will display a QR code containing information regarding the booted environment, version, IP(s) and MAC(s). (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)     * Newer versions of X2Go-TCE-Live also support ''branding=qrcode'', which will display a QR code containing information regarding the booted environment, version, IP(s) and MAC(s). (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
-  * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk,be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.+  * ''copysecring'' - this will scan for USB media and fixed disk media (with USB media taking precedence) at boot for one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled ''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any SSH Secret Keys found there will be copied into ''/home/user/.ssh'' (in the ramdisk), with proper permissions and ownerships for the default user account. This may come in handy when you are using SSH Secret Keys on USB media, but need to log in and out of sessions often, and don't want to leave the USB media plugged in all the time/don't want to have to re-insert it before each session startup. **Attention: This poses a security risk when other people are using your ThinClient afterwards (as they will have access to your keys).**  To mitigate this risk, be sure to power-cycle the ThinClient once you are done. You //should// specify this parameter when booting X2Go-TCE-Live from portable media when you want to use SSH Secret Keys, to make sure your secret key on the FAT/NTFS partition is available. But as stated above, be sure to power-cycle the machine once you're done.
   * ''earlyblankdpmsfix'' - This forces the TFT do black for a few seconds during the initial boot phase (right after the squashfs was downloaded), then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. Earlyblankdpmsfix can also be called as ''earlyblankdpmsfix=nnnn'', where ''nnnn'' is the blanking time in milliseconds (so, ''earlyblankdpmsfix=1500'' equals 1.5 seconds).   * ''earlyblankdpmsfix'' - This forces the TFT do black for a few seconds during the initial boot phase (right after the squashfs was downloaded), then forces it back on again.  This fixes an occasional "black screen" issue that occurs with some flaky client/TFT hardware combinations when using DisplayPort connectors, and could otherwise only be remediated by manually turning the TFT off and back on again. Earlyblankdpmsfix can also be called as ''earlyblankdpmsfix=nnnn'', where ''nnnn'' is the blanking time in milliseconds (so, ''earlyblankdpmsfix=1500'' equals 1.5 seconds).
   * ''homepageurl="URL1[|URL2|URLn]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more web pages that show up on Browser start/when clicking the "Home" icon. URLs need to be separated with a ''|'', and the set of URLs needs to be enclosed in double quotes. Do //not// enclose each URL in double quotes separately! Correct example: ''homepageurl="https://www.google.de|https://wiki.x2go.org"''   * ''homepageurl="URL1[|URL2|URLn]"'' - this is only available in MiniDesktop mode. It allows you to specify one or more web pages that show up on Browser start/when clicking the "Home" icon. URLs need to be separated with a ''|'', and the set of URLs needs to be enclosed in double quotes. Do //not// enclose each URL in double quotes separately! Correct example: ''homepageurl="https://www.google.de|https://wiki.x2go.org"''
   * ''initrdblankdpmsfix'' is the same as ''earlyblankdpmsfix'', only that it activates in the initial ramdisk already. Like ''earlyblankdpmsfix'', it can also be called as ''initrdblankdpmsfix=nnnn'' This parameter is useful if you are affected by the //black screen at boot// issue, and you are not combining squashfs and initrd into one file when netbooting.    * ''initrdblankdpmsfix'' is the same as ''earlyblankdpmsfix'', only that it activates in the initial ramdisk already. Like ''earlyblankdpmsfix'', it can also be called as ''initrdblankdpmsfix=nnnn'' This parameter is useful if you are affected by the //black screen at boot// issue, and you are not combining squashfs and initrd into one file when netbooting. 
 +  * ''launchicon=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-launchicon.png'' - use this to specify a PNG file to “brand” your X2Go-TCE with. It will replace the seal icon in the task bar's launch button on the lower left of the screen. See below for how to add this file to your HTTP, HTTPS, or FTP server. **Attention: Whoever manages to spoof the server name can inject rogue images into your ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate. (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''ldap=ldap.example.com:389:cn=cngoeshere,dc=example,dc=com'' - this allows you to specify an LDAP server to connect to - note that this is not needed for LDAP-based authentication, only when you intend to store entire session profiles in LDAP. You should really consider using the X2Go Session Broker instead.   * ''ldap=ldap.example.com:389:cn=cngoeshere,dc=example,dc=com'' - this allows you to specify an LDAP server to connect to - note that this is not needed for LDAP-based authentication, only when you intend to store entire session profiles in LDAP. You should really consider using the X2Go Session Broker instead.
   * ''ldap1=ldap-backupserver-1.example.com:389'' - this allows you to specify the first of up to two LDAP backup servers when using LDAP authentication   * ''ldap1=ldap-backupserver-1.example.com:389'' - this allows you to specify the first of up to two LDAP backup servers when using LDAP authentication
   * ''ldap2=ldap-backupserver-2.example.com:389'' - this allows you to specify the second of up to two LDAP backup servers when using LDAP authentication    * ''ldap2=ldap-backupserver-2.example.com:389'' - this allows you to specify the second of up to two LDAP backup servers when using LDAP authentication 
 +  * ''liveboot_params=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/liveboot_params'' - this is an __experimental__ feature that allows you to put all boot parameters not used by the kernel, but by the userspace programs, into a configuration file. This file may be a single-line file, or list all parameters as ''name=value'' pairs, each pair on a separate line, for improved readability. You can either save it as includes.chroot/boot/liveboot_params, or offer it for download via this parameter. The local file will always take precedence over an URL. Be sure to keep essential parameters like ''nouser'' and ''noroot'' in the local boot parameters, rather than in the remote file, or bad things may happen! (As of 2025-05-04, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
 +  * ''lprdest=host[:port]'' - this activeates a stub bash script posing as lpr - it will attempt to blindly forward all data passed on STDIN to the host and port specified here. If no port is given, port 9100 is assumed. You can combine this with ''tcpprint'' and point it at 127.0.0.1:9100, but this will only work if your printer is able to understand the raw data - no processing is taking place on the client. If you need some form of processing, point this at a network print server instead. (As of 2025-05-04, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''nodpms'' - Will not touch DPMS settings at all (by default, ''blank=0'' does both ''xset s off'' and ''xset -dpms''). Use this along with ''blank=n'' if you do want to blank the screen, but your screen is confused by DPMS settings.   * ''nodpms'' - Will not touch DPMS settings at all (by default, ''blank=0'' does both ''xset s off'' and ''xset -dpms''). Use this along with ''blank=n'' if you do want to blank the screen, but your screen is confused by DPMS settings.
   * ''nomagicpixel=1'' or ''nomagicpixel=2'' - you should set ''nomagicpixel=1'' while the "magic pixel" (clicking in the upper right corner of the screen will minimize a fullscreen session) is still active in thinclient mode (this feature is expected to be disabled at some point in the future). ''nomagicpixel=1'' will disable the window manager when exactly 3 windows are detected (that's the usual situation when a fullscreen session is active). It will re-enable openbox whenever more or less than 3 windows are detected. If this fails for you, you can try ''nomagicpixel=2'', which will try to trigger on the window-minimize command and restore it to fullscreen (this will cause a short screen flickering effect). Note that ''nomagicpixel=2'' will make your ThinClient unusable when trying to run the actual X2Go-TCE client as a virtual machine guest (the //X2GoServer// you connect to may be a VM guest, no problems there). To live with the magic pixel bug, simply do not add this option at all.   * ''nomagicpixel=1'' or ''nomagicpixel=2'' - you should set ''nomagicpixel=1'' while the "magic pixel" (clicking in the upper right corner of the screen will minimize a fullscreen session) is still active in thinclient mode (this feature is expected to be disabled at some point in the future). ''nomagicpixel=1'' will disable the window manager when exactly 3 windows are detected (that's the usual situation when a fullscreen session is active). It will re-enable openbox whenever more or less than 3 windows are detected. If this fails for you, you can try ''nomagicpixel=2'', which will try to trigger on the window-minimize command and restore it to fullscreen (this will cause a short screen flickering effect). Note that ''nomagicpixel=2'' will make your ThinClient unusable when trying to run the actual X2Go-TCE client as a virtual machine guest (the //X2GoServer// you connect to may be a VM guest, no problems there). To live with the magic pixel bug, simply do not add this option at all.
   * ''ntp="server1 server2 ... servern"'' - this allows you to specify your own NTP server.  If this parameter is not used, time will be synced with standard Debian NTP servers.  To disable NTP syncing entirely, use ''ntp=false''   * ''ntp="server1 server2 ... servern"'' - this allows you to specify your own NTP server.  If this parameter is not used, time will be synced with standard Debian NTP servers.  To disable NTP syncing entirely, use ''ntp=false''
 +  * ''openboxbuttons=Text1,Text2,Text3'' - This will change the default "Logout,Reboot,Shutdown" entries in the Openbox-MicroDesktop flavor's launcher menu to whatever you define here. Try ''Abmelden,Neustart,Herunterfahren'' for German, or ''Déconnecter,Redémarrer,Arrêter'' for French. (As of 2025-05-04, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''pavol=[n:]volume%[|[n:]volume% ...]'' - Allows you to set default volume levels for one or more audio output devices. ''pavol=50%'' will set the default audio output device (#0) to 50%. ''pavol=1:99%'' will set audio output device #1 to 99%. ''pavol="0:50%|1:99%"'' will set audio output device #0 to 50%, and audio output device #1 to 99%. Note that this opion only makes sense in MATE-MiniDesktop mode, as regular TCE sessions get their volume levels restored from the host they connect to.   * ''pavol=[n:]volume%[|[n:]volume% ...]'' - Allows you to set default volume levels for one or more audio output devices. ''pavol=50%'' will set the default audio output device (#0) to 50%. ''pavol=1:99%'' will set audio output device #1 to 99%. ''pavol="0:50%|1:99%"'' will set audio output device #0 to 50%, and audio output device #1 to 99%. Note that this opion only makes sense in MATE-MiniDesktop mode, as regular TCE sessions get their volume levels restored from the host they connect to.
   * ''pubkey=tftp|http|https|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce.authorized_keys'' - Allows you to add an ssh public key file to the ThinClient, so your administrators can log in remotely using SSH. Note that this file needs to be chmodded 644, not 600, on the web server.  **Attention: Whoever manages to spoof this server name will have root access to your ThinClients.** Using HTTPS will mitigate this - an attacker would not only have to spoof the server name, but also the matching certificate.   * ''pubkey=tftp|http|https|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce.authorized_keys'' - Allows you to add an ssh public key file to the ThinClient, so your administrators can log in remotely using SSH. Note that this file needs to be chmodded 644, not 600, on the web server.  **Attention: Whoever manages to spoof this server name will have root access to your ThinClients.** Using HTTPS will mitigate this - an attacker would not only have to spoof the server name, but also the matching certificate.
   *  ''session=sessionname'' - use this to specify a session by name that should be pre-selected on startup. The name must be listed in the sessions file and may only contain characters from the following charset: //a-zA-Z0-9.:/ _-// (We suggest naming the default session ''default'' and using ''session=default''.) When using a session name with blanks, please enclose the sessionname in either single or double quotes, like so: ''session="session name"'' / ''session='session name'''   *  ''session=sessionname'' - use this to specify a session by name that should be pre-selected on startup. The name must be listed in the sessions file and may only contain characters from the following charset: //a-zA-Z0-9.:/ _-// (We suggest naming the default session ''default'' and using ''session=default''.) When using a session name with blanks, please enclose the sessionname in either single or double quotes, like so: ''session="session name"'' / ''session='session name'''
 +  * ''showbattstate'' - show battery charge/pop up a warning message when battery charge is nearing its end (As of 2025-04-21, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
 +  * ''startupmsg="Your startup message here"'' - This will change the message text in the Openbox-MicroDesktop flavor's autostart popup to whatever you define here. Try ''System startet, bitte warten ...'' for German, or ''Démarrage du système en cours, un instant s'il vous plaît ...'' for French. (As of 2025-05-04, only available in openbox-microdesktop-bookworm on gitlab.com/bauritcs)
   * ''tcedebug'' - this switches X2GoClient into debug mode and will also lead to increased logging to /var/log/x2goclient and to tty9   * ''tcedebug'' - this switches X2GoClient into debug mode and will also lead to increased logging to /var/log/x2goclient and to tty9
   * ''tcpprint'' - Will allow you to use local LPT/USB printers like "dumb" network printers (listening to port 9100 and above). Requires MAC->IP mapping in DHCP server (and optionally, DNS->IP mapping), or static IPs - else your print jobs will end up on random devices. This setup is preferred over the X2GoClient's built-in printing for locally attached printers if X2GoServer and ThinClients are on the same network. It is not recommended when your X2Go connection goes across the internet or when the ThinClient is actually a laptop roaming between different networks. **Attention: When used without ''tcpprintonlyfrom'' (see below), this means anyone that can reach your thin client via e.g. ping can also send print jobs to it!**     * ''tcpprint'' - Will allow you to use local LPT/USB printers like "dumb" network printers (listening to port 9100 and above). Requires MAC->IP mapping in DHCP server (and optionally, DNS->IP mapping), or static IPs - else your print jobs will end up on random devices. This setup is preferred over the X2GoClient's built-in printing for locally attached printers if X2GoServer and ThinClients are on the same network. It is not recommended when your X2Go connection goes across the internet or when the ThinClient is actually a laptop roaming between different networks. **Attention: When used without ''tcpprintonlyfrom'' (see below), this means anyone that can reach your thin client via e.g. ping can also send print jobs to it!**  
Line 1099: Line 1130:
   * ''updateurl=rsync|https|http|ftp://your-http-server-ip-or-dns-here/path-to-update-files'' - Will allow you to update an image in the background when using local storage instead of PXE. Download task will start at a randomized interval to avoid unintentional dDOSing of the update server/network infrastructure. The updater will even work when using NTFS for local storage, but only if the //toram// boot option is used. Regardless of NTFS or not, the updater requires three directories: ''/boot/X2Go-live1, /boot/X2Go-live2, /boot/X2Go-live-download''. **Attention: Whoever manages to spoof the server name can deploy rogue images to your ThinClients.**  Even though it is slower, using an HTTPS web server is the safer way of doing this. Be sure that your web server delivers a last-modified header for all files.    * ''updateurl=rsync|https|http|ftp://your-http-server-ip-or-dns-here/path-to-update-files'' - Will allow you to update an image in the background when using local storage instead of PXE. Download task will start at a randomized interval to avoid unintentional dDOSing of the update server/network infrastructure. The updater will even work when using NTFS for local storage, but only if the //toram// boot option is used. Regardless of NTFS or not, the updater requires three directories: ''/boot/X2Go-live1, /boot/X2Go-live2, /boot/X2Go-live-download''. **Attention: Whoever manages to spoof the server name can deploy rogue images to your ThinClients.**  Even though it is slower, using an HTTPS web server is the safer way of doing this. Be sure that your web server delivers a last-modified header for all files. 
  
-===== Client Branding/Theming using SVGs =====+===== Client Branding/Theming using SVGs/PNGs =====
 It is possible to make X2Go-TCE-Live match your Corporate Design/Corporate Identity, using the "background" and "branding" parameters. It is possible to make X2Go-TCE-Live match your Corporate Design/Corporate Identity, using the "background" and "branding" parameters.
 This is actually a feature of X2GoClient itself, so it will also work on //fat client// installations, and even on Windows and macOS. This is actually a feature of X2GoClient itself, so it will also work on //fat client// installations, and even on Windows and macOS.
 +Note that only **SVGs** are supported for these two parameters
  
 {{:wiki:advanced:x2goclientdefaultbranding.png?400|Before ...}} {{:wiki:advanced:x2goclientbranding.png?400| ... and after.}} {{:wiki:advanced:x2goclientdefaultbranding.png?400|Before ...}} {{:wiki:advanced:x2goclientbranding.png?400| ... and after.}}
  
 You can find a more detailed explanation in the [[wiki:advanced:branding-theming|corresponding X2Go Wiki page]]. You can find a more detailed explanation in the [[wiki:advanced:branding-theming|corresponding X2Go Wiki page]].
 +
 +For X2Go-TCE-Live-Openbox-MicroDesktop, you can also replace the start button with your company logo by pointing the "launchicon" parameter at a download URL for it. Note that unlike the previous two options, this one needs to be a PNG (**not** a SVG) that is at least 48 x 48 pixels in size.
 ===== Querying X2Go-TCE version info =====  ===== Querying X2Go-TCE version info ===== 
 X2Go-TCE-Live will create a file ''/var/run/x2go-timestamps''. X2Go-TCE-Live will create a file ''/var/run/x2go-timestamps''.
doc/howto/tce.1745353728.txt.gz · Last modified: 2025/04/22 20:28 by stefanbaur

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki