This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
doc:howto:tce [2018/12/04 21:13] stefanbaur [List of open ToDos/FIXMEs for this page] - tested nottyautologon |
doc:howto:tce [2024/01/26 19:49] (current) stefanbaur [Client Branding/Theming using SVGs] added before and after images |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== X2Go-ThinClientEditon-Live (TCE-Live, formerly known as TCE-NG) ====== | ====== X2Go-ThinClientEditon-Live (TCE-Live, formerly known as TCE-NG) ====== | ||
<columns 75% -> | <columns 75% -> | ||
- | <note important> | ||
<note tip>If you are looking for installation instructions for the classic, NFS-filesystem-based X2Go-ThinClient, | <note tip>If you are looking for installation instructions for the classic, NFS-filesystem-based X2Go-ThinClient, | ||
Line 12: | Line 11: | ||
During the time of Debian Wheezy being Debian' | During the time of Debian Wheezy being Debian' | ||
- | The disadvantage is that your ThinClient now needs at least 1 GB of RAM (see below). | + | The disadvantage is that your ThinClient now needs at least 512 MB to 1 GB of RAM (see below). |
However, the huge advantage is that there no longer is a need for any high-availibility setup concerning NFS (nor HTTP/ | However, the huge advantage is that there no longer is a need for any high-availibility setup concerning NFS (nor HTTP/ | ||
- | Besides, making changes to/updating the classic, NFS-based TCE (henceforth referred to as TCE-Classic) with the entire filesystem, not just its compressed image, spread out over the NFS share was rather finicky - with the current TCE-Live, you build and deploy a new image every time you make a change, and you can test it on a single client without interrupting your production environment. | + | Besides, making changes to/updating the classic, NFS-based TCE (henceforth referred to as TCE-Classic) with the entire filesystem, not just its compressed image, spread out over the NFS share was rather finicky - with the current TCE-Live, you build and deploy a new image every time you make a change, and you can test it on a single client without interrupting your production environment. |
We've also received reports that TCE-Classic wouldn' | We've also received reports that TCE-Classic wouldn' | ||
- | Our TCE-Live works just fine with Jessie, | + | Our TCE-Live works just fine with Jessie, Stretch, and Buster as well. |
- | The one catch is that the live-build package in Debian/the Debian-Live project is currently looking for a new maintainer - so there is a slim chance that live-build might be removed from Debian Buster, especially if no new maintainer steps up and the live-build replacement that is currently in the works (called live-wrapper) contains all the required functionality of live-build by then. | + | |
===== ThinClient prerequisites for all TCE-Live variants ===== | ===== ThinClient prerequisites for all TCE-Live variants ===== | ||
* At least 1 GB of RAM //unless// you use non-NTFS local storage, in that case, 512MB or even 256MB might work - but would you really want to use a Client that has 4 Megabytes of free RAM (our test result with 256 MB RAM total) and no swapspace? | * At least 1 GB of RAM //unless// you use non-NTFS local storage, in that case, 512MB or even 256MB might work - but would you really want to use a Client that has 4 Megabytes of free RAM (our test result with 256 MB RAM total) and no swapspace? | ||
Line 29: | Line 27: | ||
* A graphics card and input devices (Keyboard, Mouse/ | * A graphics card and input devices (Keyboard, Mouse/ | ||
===== Build system prerequisites for all variants ===== | ===== Build system prerequisites for all variants ===== | ||
- | * You need a Debian | + | * You need a Debian |
* We suggest using a 64-Bit system, however, it is possible to use a 32-Bit system if you don't want to build a 64-Bit ThinClient image. | * We suggest using a 64-Bit system, however, it is possible to use a 32-Bit system if you don't want to build a 64-Bit ThinClient image. | ||
* We suggest leaving at least 4 GB of free disk space so the build won't abort due to insufficient disk space while packages are downloaded, unpacked and copied around. | * We suggest leaving at least 4 GB of free disk space so the build won't abort due to insufficient disk space while packages are downloaded, unpacked and copied around. | ||
* Make sure your package list is up to date by running: < | * Make sure your package list is up to date by running: < | ||
- | * Install the required | + | * Install the required |
+ | * If you want to speed up subsequent builds, install the recommended package(s) by running: < | ||
+ | * If you want to be prepared to be able to cross-build across different architectures (e.g. building an ARM image on an Intel/AMD build host) - a feature coming soon - install the optional package(s) by running: < | ||
===== Building your own X2Go-TCE Image ===== | ===== Building your own X2Go-TCE Image ===== | ||
==== Configuring the Build ==== | ==== Configuring the Build ==== | ||
+ | Change to a directory where you want to save your builds, and save the following file as x2go-tce-config: | ||
< | < | ||
+ | # NOTE: This file gets sourced by the actual buildscript - so place it in the same directory as the buildscript or adjust the path in the buildscript. | ||
+ | |||
+ | # simple check for apt-cacher-ng being active - if | ||
+ | # we have a successful connect on port 3142, assume | ||
+ | # it's apt-cacher-ng and use it | ||
+ | # | ||
+ | if nc -z 127.0.0.1 3142 ; then | ||
+ | # bad idea with apt-cacher-ng, | ||
+ | # export https_proxy=http:// | ||
+ | # export http_proxy=http:// | ||
+ | # export ftp_proxy=http:// | ||
+ | |||
+ | export LB_APT_FTP_PROXY=http:// | ||
+ | export LB_APT_HTTP_PROXY=http:// | ||
+ | fi | ||
+ | |||
+ | # set these to true to save source files | ||
+ | #export LB_SOURCE=" | ||
+ | #export LBX2GO_GETSRC=" | ||
+ | |||
# Select ONE of the following git reposities | # Select ONE of the following git reposities | ||
# this one loosely corresponds to " | # this one loosely corresponds to " | ||
- | export LBX2GO_CONFIG=' | + | #export LBX2GO_CONFIG=' |
- | # this one loosely corresponds to " | + | #export LBX2GO_CONFIG=' |
- | #export LBX2GO_CONFIG=' | + | export LBX2GO_CONFIG=' |
- | # NOTE: Add " | + | #export LBX2GO_CONFIG=' |
+ | #export LBX2GO_CONFIG=' | ||
+ | #export LBX2GO_CONFIG=' | ||
+ | # NOTES: 1) https:// | ||
+ | # 2) Minidesktop builds are work in progress and not production-ready. Cont(r)act us if you need them; feel free to submit patches. | ||
+ | # 3) Add " | ||
+ | # add " | ||
+ | # add " | ||
+ | # add " | ||
# Select ONE of the following LBX2GO_ARCH lines and comment out the others | # Select ONE of the following LBX2GO_ARCH lines and comment out the others | ||
Line 50: | Line 79: | ||
export LBX2GO_ARCH=' | export LBX2GO_ARCH=' | ||
# 32-Bit, larger memory footprint, but faster performance on i686 and newer | # 32-Bit, larger memory footprint, but faster performance on i686 and newer | ||
- | # export LBX2GO_ARCH=' | + | #export LBX2GO_ARCH=' |
- | # 32-Bit, smallest memory footprint | + | # 32-Bit, smallest memory footprint |
# export LBX2GO_ARCH=' | # export LBX2GO_ARCH=' | ||
+ | # For ARM (Raspberry Pi): | ||
+ | #export LBX2GO_ARCH=' | ||
+ | #export LBX2GO_ARCH_MODEL=' | ||
- | # detect if the selected git repo is meant to build a stretch or jessie image | + | # If you want to use the stock ISO image as created by this script, add your boot parameters here |
+ | # export LBX2GO_BOOTAPPEND_LIVE=" | ||
+ | export LBX2GO_BOOTAPPEND_LIVE=" | ||
+ | |||
+ | if echo -e " | ||
+ | LBX2GO_BOOTAPPEND_LIVE+=" | ||
+ | export LBX2GO_BOOTAPPEND_LIVE | ||
+ | elif echo -e " | ||
+ | LBX2GO_BOOTAPPEND_LIVE+=' | ||
+ | export LBX2GO_BOOTAPPEND_LIVE | ||
+ | fi | ||
+ | |||
+ | # detect if the selected git repo is meant to build a buster, | ||
if [ -z " | if [ -z " | ||
- | | + | |
+ | export LBX2GO_BOOTAPPEND_LIVE+=" | ||
+ | elif [ -z " | ||
+ | export LBX2GO_DEBVERSION=" | ||
+ | export LBX2GO_BOOTAPPEND_LIVE+=" | ||
+ | elif [ -z " | ||
+ | export LBX2GO_DEBVERSION=" | ||
+ | export LBX2GO_BOOTAPPEND_LIVE+=" | ||
+ | elif [ -z " | ||
+ | export LBX2GO_DEBVERSION=" | ||
+ | export LBX2GO_BOOTAPPEND_LIVE+=" | ||
+ | elif [ -z " | ||
+ | export LBX2GO_DEBVERSION=" | ||
+ | export LBX2GO_BOOTAPPEND_LIVE+=" | ||
+ | elif [ -z " | ||
+ | export LBX2GO_DEBVERSION=" | ||
+ | export LBX2GO_BOOTAPPEND_LIVE+=" | ||
+ | export LBX2GO_ARCHIVE_AREAS=" | ||
else | else | ||
- | | + | |
fi | fi | ||
# newer versions of live-build use the plural form of this parameter | # newer versions of live-build use the plural form of this parameter | ||
if $(LANG=C lb config --help | grep -q bootloaders) ; then | if $(LANG=C lb config --help | grep -q bootloaders) ; then | ||
- | | + | |
else | else | ||
- | | + | |
fi | fi | ||
# set boot loader type - leave this unchanged unless you really know what you're doing | # set boot loader type - leave this unchanged unless you really know what you're doing | ||
- | export LBX2GO_BOOTLOADER=" | + | if echo $LBX2GO_ARCH | awk ' |
+ | # This is part of our experimental ARM support | ||
+ | LBX2GO_BOOTLOADERPARAMNAME=" | ||
+ | LBX2GO_BOOTLOADER=" | ||
+ | else | ||
+ | | ||
+ | fi | ||
# These options are meant to reduce the image size. | # These options are meant to reduce the image size. | ||
# Feel free to adapt them after consulting "man lb_config" | # Feel free to adapt them after consulting "man lb_config" | ||
- | export LBX2GO_SPACE=' | + | # FIXME export LBX2GO_SPACE=' |
+ | export LBX2GO_SPACE=' | ||
| | ||
| | ||
Line 103: | Line 171: | ||
--distribution $LBX2GO_DEBVERSION" | --distribution $LBX2GO_DEBVERSION" | ||
+ | # This is part of our experimental ARM support | ||
+ | if echo $LBX2GO_ARCH | grep -q ' | ||
+ | export LBX2GO_DEFAULTS+=" | ||
+ | --bootstrap-qemu-static / | ||
+ | --apt-options \" | ||
+ | fi | ||
+ | |||
+ | # This is part of our experimental ARM support | ||
+ | # This makes sure the resulting disk image is at least 1GB in size, even though our build currently requires way less. | ||
+ | # It's unlikely that anyone will need to boot from a smaller partition; but if we let live-build pick the minimum size automatically, | ||
+ | # we will not have enough space left to copy the firmware blobs into the right location. | ||
+ | if echo $LBX2GO_ARCH | grep -q ' | ||
+ | export LBX2GO_DEFAULTS+=" | ||
+ | --hdd-size 1024" | ||
+ | fi | ||
- | export LBX2GO_ARCHIVE_AREAS=" | + | export LBX2GO_ARCHIVE_AREAS=" |
# This is for minidesktop builds and currently only adds firefox-esr language packs | # This is for minidesktop builds and currently only adds firefox-esr language packs | ||
- | #export LBX2GO_LANG=' | + | # export LBX2GO_LANG=' |
# This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team | # This is to optimize squashfs size, based on a suggestion by intrigeri from the TAILS team | ||
# note that this will permanently change / | # note that this will permanently change / | ||
- | sed -i -e 's#MKSQUASHFS_OPTIONS=" | + | # |
+ | # | ||
+ | if dpkg --print-architecture | grep -q 'arm'; then | ||
+ | # on arm, these parameters must not be used; if they' | ||
+ | if grep -q -- '-Xbcj x86 -b 1024K -Xdict-size 1024K' / | ||
+ | apt install --reinstall live-build | ||
+ | fi | ||
+ | # feel free to experiment with these options, but be prepared for subtle breakage | ||
+ | #export MKSQUASHFS_OPTIONS=' | ||
+ | #export MKSQUASHFS_OPTIONS=' | ||
+ | #export MKSQUASHFS_OPTIONS=' | ||
+ | export MKSQUASHFS_OPTIONS='' | ||
+ | else | ||
+ | export MKSQUASHFS_OPTIONS=' | ||
+ | fi | ||
# This removes documentation, | # This removes documentation, | ||
Line 120: | Line 217: | ||
# This patches the squashfs file into the initrd. Only parsed when image type " | # This patches the squashfs file into the initrd. Only parsed when image type " | ||
# Will require boot parameter live-media=/ | # Will require boot parameter live-media=/ | ||
- | # Both TFTP client and TFTP server must support file transfers >32MB for this to work, if you want to deploy this initrd via TFTP. | + | # Both TFTP client and TFTP server must support file transfers >32MB for this to work, if you want to deploy this initrd via TFTP, |
+ | # so e.g. atftpd will not work - tftpd-hpa, however, seems to have no problem with larger files. | ||
# When using iPXE, you can use http instead of TFTP. | # When using iPXE, you can use http instead of TFTP. | ||
# This is especially helpful if you want to netboot via http and cannot use the server' | # This is especially helpful if you want to netboot via http and cannot use the server' | ||
- | export LBX2GO_NOSQUASHFS=" | + | #export LBX2GO_NOSQUASHFS=" |
# Select ONE of the following LBX2GO_IMAGETYPE lines and comment out the others | # Select ONE of the following LBX2GO_IMAGETYPE lines and comment out the others | ||
# to create an iso image: | # to create an iso image: | ||
- | # export LBX2GO_IMAGETYPE=' | + | #export LBX2GO_IMAGETYPE=' |
# to create an iso image that can also be dd'ed to USB media: | # to create an iso image that can also be dd'ed to USB media: | ||
- | # export LBX2GO_IMAGETYPE=' | + | export LBX2GO_IMAGETYPE=' |
# to create a netboot-image: | # to create a netboot-image: | ||
- | export LBX2GO_IMAGETYPE=' | + | #export LBX2GO_IMAGETYPE=' |
- | # NOT RECOMMENDED: | + | # /!\ the options below are NOT RECOMMENDED |
- | # to create an image that can be written to a hard disk (always results | + | # (Debian 10) or newer to create an image that can be written to a hard disk (for older |
- | # in a "build failed" | + | # live-build versions, this always results |
- | # export LBX2GO_IMAGETYPE=' | + | # might have worked |
- | # to create a tar file only (seems to be broken in live-build): | + | #export LBX2GO_IMAGETYPE=' |
- | # export LBX2GO_IMAGETYPE=' | + | ## This might be required for hdd builds, especially for (u)efi |
+ | #export LBX2GO_BOOTLOADER=" | ||
+ | # to create a tar file only (seems to be broken in older live-build | ||
+ | #export LBX2GO_IMAGETYPE=' | ||
+ | |||
+ | # This is part of our experimental ARM support | ||
+ | if echo " | ||
+ | # enforce hdd image for arm at the moment (might need to support netboot later on too) | ||
+ | if ! [ " | ||
+ | echo " | ||
+ | export LBX2GO_IMAGETYPE=" | ||
+ | fi | ||
+ | fi | ||
+ | |||
+ | if [ " | ||
+ | export LBX2GO_DEFAULTS+=" | ||
+ | fi | ||
</ | </ | ||
==== Live-Patching the Build ==== | ==== Live-Patching the Build ==== | ||
- | This patch is required if you need USB mount capability on the ThinClient while [[http://bugs.x2go.org/cgi-bin/bugreport.cgi? | + | To add patches that aren't part of any package yet, you can use the directory ./patch/ for patches that should be added to all versions, and ./patch-minidesktop/ for patches that should only be added to the MATE-MiniDesktop Edition. |
+ | You will need to create a directory structure like < | ||
+ | |||
+ | e.g. to override < | ||
< | < | ||
- | mkdir -p ./ | + | #!/bin/bash |
- | + | ||
- | cat > | + | |
- | + | ||
- | #!/usr/bin/perl | + | |
- | # Copyright (C) 2007-2017 by X2Go project, http:// | + | |
- | # | + | |
+ | # Copyright (C) 2010-2024 by X2Go project, https:// | ||
+ | # | ||
+ | # | ||
+ | # Mike Gabriel < | ||
+ | # | ||
+ | # | ||
# X2Go is free software; you can redistribute it and/or modify | # X2Go is free software; you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | # it under the terms of the GNU General Public License as published by | ||
Line 167: | Line 284: | ||
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. | # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. | ||
- | use strict; | + | # make sure pulseaudio can be reached via TCP from the X2Go Server side... |
- | use File:: | + | if ! /usr/bin/pactl list modules | grep -A1 ' |
- | # comment out this " | + | /usr/bin/pactl 'load-module' 'module-native-protocol-tcp' 'auth-ip-acl=127.0.0.1;::1' |
- | # uncomment the block below if you need to do early boot stage | + | fi |
- | # debugging of the automounter, | + | |
- | use Sys::Syslog qw( :standard :macros ); | + | |
- | openlog($0,' | + | |
- | setlogmask( LOG_UPTO(LOG_NOTICE) ); | + | |
- | #open (B,">>/ | + | |
- | #sub syslog { | + | |
- | # print B $_[0].': '.$_[1]." | + | |
- | #} | + | |
- | + | ||
- | my $user; | + | |
- | if ( -f "/etc/x2go/x2gothinclient-minidesktop_start" | + | |
- | # this is a minidesktop environment, | + | |
- | # username " | + | |
- | # it runs on X2Go-TCE-Live or X2Go-TCE-NFS | + | |
- | $user=' | + | |
- | } | + | |
- | elsif ( -d "/lib/live/config" | + | |
- | # this is X2Go-TCE-Live, but not with a minidesktop | + | |
- | # (if it were, the first condition would have matched), | + | |
- | # so we use Debian-Live's standard username " | + | |
- | $user='user'; | + | |
- | } | + | |
- | else { | + | |
- | # this is X2Go-TCE-NFS or something completely different, | + | |
- | # so we'll play it safe and pick the username " | + | |
- | # just like previous versions of this script did | + | |
- | $user='x2gothinclient'; | + | |
- | } | + | |
- | + | ||
- | # We need this as chown requires numeric uid/gid | + | |
- | my ($login, | + | |
- | + | ||
- | # Some last-ditch efforts to fulfill the prerequisites for File Sharing: | + | |
- | # - This is stuff that should already have happened earlier in the boot process. | + | |
- | # - Also, if a directory already exists, we silently assume that ownership and | + | |
- | # | + | |
- | # | + | |
- | # | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | unless ( -d expand_filename(" | + | |
- | mkdir expand_filename(" | + | |
- | chmod 0700, expand_filename(" | + | |
- | chown $uid, $gid, expand_filename(" | + | |
- | } | + | |
- | + | ||
- | sub check_x2gothinclientmode { | + | |
- | my $ret = 0; | + | |
- | | + | # make sure we don't start before sessions and settings files exist - avoids race conditions |
- | my $x=`ps ax | grep x2gothinclient`; | + | while ! [ -e ~x2gothinclient/ |
- | | + | |
- | $ret = 1; | + | done |
- | } | + | |
- | return $ret; | + | while ! [ -e ~x2gothinclient/ |
- | } | + | sleep 1 |
+ | done | ||
- | # TCE-NFS TCE-Live MMD-Live | + | [ -s / |
- | if ( check_x2gothinclientmode() || ( -x "/lib/live/config/2900-x2go-thinclientconfig" | + | [ -s /etc/x2go/ |
- | { | + | |
- | syslog('notice', | + | |
- | open (F,">>/ | ||
- | my $dev=$ENV{' | + | / |
- | | + | |
- | | + | |
- | my $action=$ENV{' | + | --kbd-type=auto \ |
- | my @ldev=split("/"," | + | --set-kbd=1 \ |
- | my $ldev=@ldev[@ldev-1]; | + | |
- | # mntdir is not the directory where the mountpoint will be rooted, | + | |
- | # but where tracking of mount states takes place | + | |
- | my $mntdir; | + | |
- | if ( -d expand_filename(" | + | & |
- | $mntdir=expand_filename(" | + | |
- | } | + | |
- | elsif ( -d "/ | + | |
- | | + | |
- | } | + | |
- | elsif ( -d "/ | + | |
- | $mntdir="/ | + | |
- | } | + | |
- | else { | + | |
- | die "No directory found that we could use as \$mntdir..." | + | |
- | } | + | |
- | my $name=" | ||
- | $name=~s/ //g; | ||
- | $name=~s/ | ||
- | $name=~s/ | ||
- | print F " | ||
- | mkdir("/ | ||
- | mkdir("/ | ||
- | print F " | ||
- | |||
- | if (`lsblk -ln -oRM $dev`=~/ | ||
- | syslog(' | ||
- | exit 0; | ||
- | } | ||
- | |||
- | if ( $action eq " | ||
- | |||
- | ### | ||
- | ### ACTION: mount device after it has been added to USB subsystem | ||
- | ### | ||
- | |||
- | syslog(' | ||
- | |||
- | # prepare mount points | ||
- | mkdir("/ | ||
- | mkdir("/ | ||
- | mkdir("/ | ||
- | |||
- | # mount the USB device | ||
- | # sync is supported by all file systems | ||
- | # uid is supported by vfat (via fat), | ||
- | # uni_xlate is supported by vfat,ntfs | ||
- | # we must not trigger on iso9660 and udf, or else hybrid USB media | ||
- | # would only cause a mount of the iso9660 raw device, | ||
- | # blocking the mount of individual partitions | ||
- | # real optical media -> | ||
- | |||
- | if ( system(" | ||
- | syslog(' | ||
- | # if mounted, inform x2goclient about it... | ||
- | system(" | ||
- | open (D,">", | ||
- | print D " | ||
- | close (D); | ||
- | } | ||
- | elsif ( system(" | ||
- | syslog(' | ||
- | # if mounted, inform x2goclient about it... | ||
- | system(" | ||
- | open (D,">", | ||
- | print D " | ||
- | close (D); | ||
- | } | ||
- | elsif ( system(" | ||
- | syslog(' | ||
- | # if mounted, inform x2goclient about it... | ||
- | system(" | ||
- | open (D,">", | ||
- | print D " | ||
- | close (D); | ||
- | } | ||
- | elsif ( system(" | ||
- | syslog(' | ||
- | # if mounted, inform x2goclient about it... | ||
- | system(" | ||
- | open (D,">", | ||
- | print D " | ||
- | close (D); | ||
- | } | ||
- | elsif ( system(" | ||
- | syslog(' | ||
- | # if mounted, inform x2goclient about it... | ||
- | system(" | ||
- | open (D,">", | ||
- | print D " | ||
- | close (D); | ||
- | } | ||
- | else { | ||
- | # the mount failed, let's assume that the device is encrypted... | ||
- | my $enc=`ls -1 $mntdir | grep .encrypted`; | ||
- | if ( $enc eq "" | ||
- | # use cryptsetup to decrypt the device... | ||
- | system("/ | ||
- | |||
- | # mount the ,, | ||
- | if ( system(" | ||
- | # inform x2goclient about this... | ||
- | system(" | ||
- | system(" | ||
- | open (D,">", | ||
- | print D " | ||
- | close (D); | ||
- | print F " | ||
- | } | ||
- | else { | ||
- | # on mount failures release the decrypted device again | ||
- | system("/ | ||
- | print F "mount failed ($ldev)\n"; | ||
- | } | ||
- | } | ||
- | else { | ||
- | print F " | ||
- | } | ||
- | } | ||
- | if ( -e "/ | ||
- | print F " | ||
- | print F " | ||
- | my $label=`/ | ||
- | chomp($label); | ||
- | if ($label) { | ||
- | print F " | ||
- | unlink "/ | ||
- | symlink("/ | ||
- | open (D,">>", | ||
- | print D " | ||
- | close (D); | ||
- | } | ||
- | } | ||
- | |||
- | } | ||
- | elsif ( $action eq " | ||
- | |||
- | ### | ||
- | ### ACTION: unmount device after it has been removed from the USB subsystem | ||
- | ### | ||
- | |||
- | syslog(' | ||
- | |||
- | # we rely on our own mount logistics here... | ||
- | if ( -e " | ||
- | # inform x2goclient that the device has been removed | ||
- | system (" | ||
- | unlink (" | ||
- | open ( D,">", | ||
- | open (I,"<", | ||
- | while (<I>) { | ||
- | $_=~s/ | ||
- | print D $_; | ||
- | } | ||
- | close (I); | ||
- | close (D); | ||
- | syslog(' | ||
- | } | ||
- | elsif ( -e " | ||
- | # inform x2goclient that the device has been removed | ||
- | # release the encrypted device mapping | ||
- | unlink (" | ||
- | open ( D,">", | ||
- | print D " | ||
- | system(" | ||
- | system("/ | ||
- | close (D); | ||
- | } | ||
- | } | ||
- | |||
- | close (F); | ||
- | } else { | ||
- | |||
- | syslog(' | ||
- | } | ||
- | USBMOUNTPATCH | ||
- | chmod 755 ./ | ||
</ | </ | ||
- | |||
==== Starting the Build ==== | ==== Starting the Build ==== | ||
- | Change to a directory where you want to save your builds, | + | In the directory where you want to save your builds, |
+ | < | ||
+ | # | ||
+ | |||
+ | # read (source) the config file | ||
+ | . ./ | ||
# Create Timestamp | # Create Timestamp | ||
LBX2GO_TIMESTAMP=$(date +" | LBX2GO_TIMESTAMP=$(date +" | ||
+ | |||
+ | # Log all output to a logfile in /tmp | ||
+ | exec > >(tee "/ | ||
# Set Directory name | # Set Directory name | ||
- | LBX2GO_TCEDIR=./ | + | LBX2GO_TCEDIR="./ |
if [ -z " | if [ -z " | ||
+ | ( echo " | ||
[ -z " | [ -z " | ||
[ -z " | [ -z " | ||
Line 452: | Line 344: | ||
echo -e "One or more of the following variables is unset:" | echo -e "One or more of the following variables is unset:" | ||
echo -e " | echo -e " | ||
+ | echo " | ||
echo -e " | echo -e " | ||
echo -e " | echo -e " | ||
Line 468: | Line 361: | ||
cd $LBX2GO_TCEDIR | cd $LBX2GO_TCEDIR | ||
+ | X2GO_LBCONFIG_STRING=$(cat << | ||
lb config $LBX2GO_ARCH $LBX2GO_SPACE $LBX2GO_DEFAULTS \ | lb config $LBX2GO_ARCH $LBX2GO_SPACE $LBX2GO_DEFAULTS \ | ||
| | ||
- | | + | |
+ | | ||
+ | X2GOLBCONFIGSTRING | ||
+ | ) | ||
+ | # Our previous way of doing this had issues with newlines and multiple blanks. So we're now doing a bit | ||
+ | # of sanitizing, then we eval the variable. | ||
+ | X2GO_LBCONFIG_STRING=$(echo " | ||
+ | eval " | ||
# This will copy any patches we have prepared | # This will copy any patches we have prepared | ||
if [ -d " | if [ -d " | ||
cp -a ../patch/* config/ | cp -a ../patch/* config/ | ||
fi | fi | ||
+ | |||
+ | # This will copy any patches we have prepared for minidesktop | ||
+ | if [ -d " | ||
+ | cp -a ../ | ||
+ | fi | ||
+ | |||
+ | # This checks if a bootloader directory is present (e.g. because of a custom splash.svg) | ||
+ | # and adds all other files that might be missing (live-build won't add them automatically | ||
+ | # if the directory already exists) | ||
+ | if [ -d config/ | ||
+ | rsync -aPH --ignore-existing --exclude=" | ||
+ | fi | ||
+ | # When enabled, this silences the audible beep at syslinux/ | ||
+ | # Note that this is an accessibility feature for blind users, so use with care. | ||
+ | sed -e " | ||
+ | |||
# This enables an i386-only package in the sources.list file when an i386 build is requested | # This enables an i386-only package in the sources.list file when an i386 build is requested | ||
- | if echo "$LBX2GO_ARCH" | + | if echo $LBX2GO_ARCH | grep -q -i " |
sed -i -e 's/# for i386 only #//' config/ | sed -i -e 's/# for i386 only #//' config/ | ||
fi | fi | ||
- | | + | |
- | if [ -f config/ | + | # This is part of our experimental ARM support |
- | for LBX2GO_SINGLE_LANG in $(echo $LBX2GO_LANG | tr ';' | + | # It adds required arm64-only packages when an arm64 build is requested |
- | echo "LANG: ' | + | if echo $LBX2GO_ARCH | grep -q " |
- | sed -i -e ' | + | |
- | done | + | # bullseye and newer do not need this |
- | fi | + | if [ " |
+ | # firmware for wifi | ||
+ | echo " | ||
+ | fi | ||
+ | |||
+ | if [ " | ||
+ | # modules required for Raspberry Pi 3 LAN | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | |||
+ | # firmware for basic raspi functions - required for boot on Pi3 | ||
+ | echo " | ||
+ | # standard linux kernel - for Pi3 | ||
+ | echo " | ||
+ | |||
+ | elif [ " | ||
+ | # bullseye and newer do not need this | ||
+ | if [ " | ||
+ | # firmware for basic raspi functions - required for boot on Pi4 | ||
+ | echo " | ||
+ | echo " | ||
+ | |||
+ | # newer linux kernel - required for pi4/pi400 | ||
+ | echo " | ||
+ | fi | ||
+ | else | ||
+ | echo " | ||
+ | fi | ||
+ | fi | ||
+ | |||
+ | |||
+ | | ||
+ | if [ -f config/ | ||
+ | if [ -n " | ||
+ | for LBX2GO_SINGLE_LANG in $(echo | ||
+ | echo "LANG: ' | ||
+ | sed -i -e ' | ||
+ | done | ||
+ | | ||
+ | rm config/ | ||
+ | fi | ||
+ | | ||
if [ " | if [ " | ||
echo '# | echo '# | ||
Line 496: | Line 460: | ||
chmod 755 ./ | chmod 755 ./ | ||
fi | fi | ||
+ | |||
+ | if [ -n " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | # Here, we should have reached a point where it is safe to point all proxy variables | ||
+ | # at the apt-cacher-ng proxy. | ||
+ | # at files not being downloaded, disable these three entries. | ||
+ | export https_proxy=$LB_APT_HTTP_PROXY | ||
+ | export http_proxy=$LB_APT_HTTP_PROXY | ||
+ | export ftp_proxy=$LB_APT_FTP_PROXY | ||
+ | fi | ||
+ | |||
+ | # This is part of our experimental ARM support | ||
+ | # It is used when building for the ARM architecture (on Intel/AMD hardware and on ARM). | ||
+ | # It makes some necessary changes, and also tries to speed up squashfs creation when it | ||
+ | # detects a crossbuild environment. | ||
+ | if echo $LBX2GO_ARCH | grep -q ' | ||
+ | |||
+ | # This command removes all references to fuseext, freerdp-nightly, | ||
+ | # package list files. | ||
+ | echo " | ||
+ | sed -e ' | ||
+ | |||
+ | # This command removes the X2Go repository from the directory where additional | ||
+ | # archives are stored. | ||
+ | # packages, but Debian Buster does - so that's what we're falling back to. | ||
+ | echo " | ||
+ | rm ./ | ||
+ | |||
+ | # The following is a hack to reduce squashfs creation time in a crossbuild environment. | ||
+ | # We're replacing mksquashfs in the changeroot with a wrapper script that drops the | ||
+ | # original mksquashfs call into a file. | ||
+ | |||
+ | if (uname -r | grep -q ' | ||
+ | # We need to do this as a background task, waiting for the mksquashfs executable to | ||
+ | # appear in the changeroot; as the changeroot will only be created later on, once | ||
+ | # lb build is called. | ||
+ | |||
+ | # The other background task waits until the command file has been created, then | ||
+ | # it applies some necessary patches to it, and starts the mksquashfs command natively | ||
+ | # on the build host, rather than in the changeroot environment. | ||
+ | # This is because in the changeroot, we'd be running the ARM mksquashfs in a qemu | ||
+ | # software emulation of the ARM architecture, | ||
+ | # native, raw CPU power and cores available to us. | ||
+ | |||
+ | # To make sure we don't have any lingering processes in the background, we're passing | ||
+ | # our own PID along to the background tasks, and tell them to terminate if our PID | ||
+ | # disappears while they' | ||
+ | |||
+ | MASTERPID=$$ | ||
+ | |||
+ | # Replace mksquashfs in chroot with script | ||
+ | # (script will undo this upon completion) | ||
+ | ( | ||
+ | # wait until the chroot has been populated or until our parent process dies | ||
+ | while ! [ -x ./ | ||
+ | ps $MASTERPID >/ | ||
+ | sleep 1 | ||
+ | done | ||
+ | # make sure we don't overwrite the real executable if it has already been | ||
+ | # moved out of the way | ||
+ | if ! [ -x ./ | ||
+ | cp ./ | ||
+ | fi | ||
+ | echo '# | ||
+ | # log the name we've been called with and all parameters into this file | ||
+ | echo 'echo "$0 $@" >/ | ||
+ | # once the native mksquashfs is complete, we will remove this file | ||
+ | echo 'while [ -f / | ||
+ | echo ' | ||
+ | echo ' | ||
+ | # so let's wait until it has been removed before deleting ourselves ... | ||
+ | echo 'rm / | ||
+ | # ... and moving the real executable back into its place | ||
+ | echo 'mv / | ||
+ | chmod 755 ./ | ||
+ | ) & | ||
+ | |||
+ | # start the native mksquashfs after patching the parameters | ||
+ | ( | ||
+ | # wait until the trigger file has been created or until our parent process dies | ||
+ | while ! [ -f ./ | ||
+ | ps $MASTERPID >/ | ||
+ | sleep 1 | ||
+ | done | ||
+ | # using any of the available filters (x86, arm, armthumb) for the | ||
+ | # -Xbcj command results in an unusable squashfs on arm, so we drop the | ||
+ | # parameter completely if it's there. | ||
+ | # also, all absolute paths (detected by beginning with " /") need to be | ||
+ | # prefixed with " | ||
+ | # to look for the corresponding paths/ | ||
+ | sed -e 's/ -Xbcj x86/ /g' -e 's# /# ./ | ||
+ | ./ | ||
+ | #needs switch from e.g. / | ||
+ | sed -e " | ||
+ | ./ | ||
+ | # now let's make this executable | ||
+ | chmod 755 ./ | ||
+ | |||
+ | # we also need to add some more excludes because they shouldn' | ||
+ | # in the squashfs - no idea why we don't need them while inside the chroot ... | ||
+ | echo ' | ||
+ | echo ' | ||
+ | echo ' | ||
+ | # now let's execute the script and, if it terminates without an error, | ||
+ | # we'll move the newly created squashfs into the chroot where the chrooted | ||
+ | # mksquashfs command would have created it; if that worked as well, we'll | ||
+ | # remove the script file so our dummy mksquashfs inside the chroot knows | ||
+ | # it's time to terminate itself. | ||
+ | ./ | ||
+ | mv ./ | ||
+ | rm ./ | ||
+ | ) & | ||
+ | fi | ||
+ | fi | ||
+ | |||
if lb build ; then | if lb build ; then | ||
echo -e "Build is done: ' | echo -e "Build is done: ' | ||
+ | ln $(realpath ./ | ||
+ | ln $(realpath ./ | ||
ln ./ | ln ./ | ||
+ | |||
+ | if [ " | ||
+ | ln ./ | ||
+ | | ||
+ | fi | ||
+ | |||
+ | # This is part of our experimental ARM support | ||
+ | if [ " | ||
+ | # after the build, let's determine the name of our image file ... | ||
+ | IMAGEFILE=" | ||
+ | |||
+ | # ... and change the partition type to reflect the file system actually in use for partition 1 | ||
+ | # (" | ||
+ | sfdisk --part-type $IMAGEFILE 1 b | ||
+ | |||
+ | # next, we need to patch two things inside the image, so we need to set up a loop device for it. | ||
+ | FREELOOP=$(losetup -f) # note that this could become a TOCTOU issue if more than 1 process tries to use loop devices | ||
+ | |||
+ | # as the image is a full disk image containing a partition, we need to jump to the position where the first partition starts | ||
+ | losetup -o 1048576 $FREELOOP $IMAGEFILE | ||
+ | |||
+ | # now let's mount it | ||
+ | mkdir -p ./tempmount | ||
+ | mount $FREELOOP ./tempmount | ||
+ | |||
+ | # purge this dir, so we have enough space; we'll return to fill it later | ||
+ | rm ./ | ||
+ | |||
+ | # first, we copy the contents of the boot/ | ||
+ | # see if inplace helps against out of space errors | ||
+ | rsync -aP --inplace ./ | ||
+ | |||
+ | mkdir -p ./ | ||
+ | rsync -aP ./ | ||
+ | |||
+ | # next, we replace the " | ||
+ | sed -e ' | ||
+ | |||
+ | # here comes the cleanup part | ||
+ | sync | ||
+ | umount $FREELOOP | ||
+ | losetup -d $FREELOOP | ||
+ | rmdir ./tempmount | ||
+ | fi | ||
+ | |||
if [ " | if [ " | ||
- | ln ./ | ||
- | ln ./ | ||
if [ " | if [ " | ||
(cd binary; echo live$' | (cd binary; echo live$' | ||
- | cat ./ | + | cat ./ |
- | rm ./ | + | rm ./ |
+ | # keeping these doesn' | ||
+ | # rm ./ | ||
fi | fi | ||
fi | fi | ||
if [ " | if [ " | ||
- | ln ./ | ||
- | ln ./ | ||
genisoimage -o ./ | genisoimage -o ./ | ||
- | [ -e ./ | + | |
- | [ -e ./ | + | |
- | [ -e ./ | + | ./ |
- | | + | |
+ | | ||
+ | | ||
+ | | ||
mv ./ | mv ./ | ||
fi | fi | ||
Line 521: | Line 650: | ||
stat -c %Y ./ | stat -c %Y ./ | ||
touch -m -d @$(cat x2go-tce-timestamp) x2go-tce-timestamp | touch -m -d @$(cat x2go-tce-timestamp) x2go-tce-timestamp | ||
- | lb clean | + | |
- | rm -rf ./cache | + | if lb source debian ; |
+ | then | ||
+ | echo -e " | ||
+ | else | ||
+ | echo -e " | ||
+ | fi | ||
+ | | ||
+ | lb clean | ||
+ | | ||
+ | fi | ||
else | else | ||
- | # note that imagetype hdd always ends here, | ||
- | # due to a harmless error that can be safely ignored, but which sets the error code to != 0 | ||
echo -e "Build failed: ' | echo -e "Build failed: ' | ||
+ | if [ " | ||
+ | echo "Looks like you tried to build an hdd image." | ||
+ | echo "Older (pre-Debian-Buster) releases of live-build show a harmless error during" | ||
+ | echo "the build, that can be safely ignored - but will still get you a 'Build failed'" | ||
+ | echo " | ||
+ | echo "look at the content of your build directory - maybe your build was successful" | ||
+ | echo "after all, and this script was merely unable to detect it (computers are dumb)." | ||
+ | fi | ||
fi | fi | ||
cd .. | cd .. | ||
fi | fi | ||
+ | |||
</ | </ | ||
Line 539: | Line 684: | ||
* It **might** be possible to already use HTTPS in this early stage when using iPXE. This is untested and requires building your own iPXE image. see http:// | * It **might** be possible to already use HTTPS in this early stage when using iPXE. This is untested and requires building your own iPXE image. see http:// | ||
* You will also need an HTTP/ | * You will also need an HTTP/ | ||
- | * This image cannot be deployed via TFTP as it is too large - some TFTP servers refuse to serve files lager than 32MB, and some TFTP clients have problems with that as well. | + | * This image cannot be deployed via TFTP as it is too large - some TFTP servers |
* Also, even if you have a TFTP server/ | * Also, even if you have a TFTP server/ | ||
* Note that whoever manages to spoof this server name can deploy rogue images to your ThinClients. | * Note that whoever manages to spoof this server name can deploy rogue images to your ThinClients. | ||
Line 603: | Line 748: | ||
=== Required unless using the X2Go Session Broker: Adding the x2go-tce.sessions session configuration file to your HTTP or FTP Server === | === Required unless using the X2Go Session Broker: Adding the x2go-tce.sessions session configuration file to your HTTP or FTP Server === | ||
Again, this is assuming you already have an existing, working HTTP or FTP server setup. | Again, this is assuming you already have an existing, working HTTP or FTP server setup. | ||
- | * run X2GoClient on any computer you like, and configure a session the same way it should appear on the ThinClient <note tip>when using a Windows client, run x2goclient.exe --portable, or it will store the session information in the registry, rather than in a " | + | * run X2GoClient on any computer you like, and configure a session the same way it should appear on the ThinClient |
+ | <note tip>when using a Windows client, run x2goclient.exe --portable, or it will store the session information in the registry, rather than in a " | ||
* locate the " | * locate the " | ||
* copy it to x2go-tce.sessions | * copy it to x2go-tce.sessions | ||
Line 880: | Line 1027: | ||
* '' | * '' | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
+ | * '' | ||
* '' | * '' | ||
* '' | * '' | ||
Line 891: | Line 1039: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | * '' | ||
* '' | * '' | ||
* '' | * '' | ||
Line 897: | Line 1046: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
* '' | * '' | ||
- | * '' | + | |
+ | | ||
* '' | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
=== These are only intended to be used with TCE images stored on local media === | === These are only intended to be used with TCE images stored on local media === | ||
* '' | * '' | ||
Line 907: | Line 1065: | ||
* '' | * '' | ||
+ | ===== Client Branding/ | ||
+ | It is possible to make X2Go-TCE-Live match your Corporate Design/ | ||
+ | This is actually a feature of X2GoClient itself, so it will also work on //fat client// installations, | ||
+ | |||
+ | {{: | ||
+ | |||
+ | You can find a more detailed explanation in the [[wiki: | ||
===== Querying X2Go-TCE version info ===== | ===== Querying X2Go-TCE version info ===== | ||
images built using the https:// | images built using the https:// | ||
Line 963: | Line 1128: | ||
* create a symlink matching " | * create a symlink matching " | ||
* In your boot configuration file (either " | * In your boot configuration file (either " | ||
+ | |||
+ | ==== The session itself works fine, but Audio is not working ==== | ||
+ | |||
+ | First, check that the audio isn't simply muted (some cards/ | ||
+ | |||
+ | If that doesn' | ||
+ | |||
+ | You might have to pick a different one from the list, by using boot parameter '' | ||
+ | |||
+ | If you need different settings for different manufacturers, | ||
===== Support Tools available in X2Go-TCE ===== | ===== Support Tools available in X2Go-TCE ===== | ||
Line 1114: | Line 1289: | ||
</ | </ | ||
* after you have prepared all this, execute '' | * after you have prepared all this, execute '' | ||
- | * Note that whoever manages to spoof the server name can deploy rogue images to your ThinClients. | + | * Note that whoever manages to spoof the server name can deploy rogue images to your ThinClients. |
FIXME Some of the optional steps above could be moved to a separate subpage to reduce clutter. | FIXME Some of the optional steps above could be moved to a separate subpage to reduce clutter. | ||
Line 1133: | Line 1308: | ||
FIXME autodetection for SSH Private Keys might need some more bells and whistles. | FIXME autodetection for SSH Private Keys might need some more bells and whistles. | ||
- | < | ||
* how about a script that patches the sessions file to enable autologin for all sessions when keys have been found? | * how about a script that patches the sessions file to enable autologin for all sessions when keys have been found? | ||
* 2800-x2go-thinclientconfig needs to be changed so it uses the keyfile(s) when in broker mode ('' | * 2800-x2go-thinclientconfig needs to be changed so it uses the keyfile(s) when in broker mode ('' | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
- | * < | ||
* Situation: We have a working automounter, | * Situation: We have a working automounter, | ||
* If a session is set to "Try auto login (via SSH Agent or default SSH key)" and NO keyfile is set, then X2GoClient will try **all** secret keys in .ssh. Showing a password prompt if a key is password-protected is handled by X2GoClient, so needs no extra work. | * If a session is set to "Try auto login (via SSH Agent or default SSH key)" and NO keyfile is set, then X2GoClient will try **all** secret keys in .ssh. Showing a password prompt if a key is password-protected is handled by X2GoClient, so needs no extra work. | ||
Line 1151: | Line 1315: | ||
* use '' | * use '' | ||
* do not use '' | * do not use '' | ||
- | |||
- | FIXME copying ssh private keys seems to fail in MiniDesktop-Mode - possibly because of the priming/ | ||
- | |||
- | FIXME '' | ||
FIXME Parsing the output of e.g. < | FIXME Parsing the output of e.g. < | ||
Line 1161: | Line 1321: | ||
Authentification and " | Authentification and " | ||
- | FIXME < | + | FIXME Automount script currently expects a LUKS password in ''/ |
- | + | ||
- | FIXME < | + | |
- | + | ||
- | FIXME Automount script currently expects a LUKS password in ''/ | + | |
FIXME '' | FIXME '' | ||
Line 1173: | Line 1329: | ||
FIXME Even though we set the hostname to '' | FIXME Even though we set the hostname to '' | ||
- | FIXME At least when building a stretch TCE on a jessie system, | + | FIXME When building a stretch TCE you need to add kernel parameters '' |
- | FIXME < | + | FIXME '' |
- | FIXME <del>Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter.</ | + | FIXME < |
- | FIXME < | + | FIXME it would be cool if most of the TCE-specific boot parameters could be placed into a file that in turn can be specified |
- | FIXME '' | + | FIXME A smaller image size can be achieved by removing the following packages from the squashfs: |
+ | - check if this could be turned into a build parameter. Note that this makes only sense for a netboot image that uses X2Go sessions only, and no NTFS media (neither fixed disk nor USB). Also, this causes an X startup failure during boot that needs to be worked around (by touching / | ||
+ | Here's a script | ||
+ | <file - stripimage.sh> | ||
+ | #!/bin/bash -e | ||
+ | if [ $UID -ne 0 ] ; then | ||
+ | echo "Must be root." | ||
+ | exit 1 | ||
+ | fi | ||
+ | unsquashfs x2go-tce-filesystem.squashfs | ||
+ | mount --bind /proc squashfs-root/ | ||
+ | chroot squashfs-root apt purge -y acpi-support-base acpid acpi-support pm-utils powermgmt-base gnupg gnupg-agent whiptail vim vim-common vim-tiny xxd xinetd \ | ||
+ | libcroco3 libcurl3 libexif12 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgif7 libid3tag0 libimlib2 libnghttp2-14 \ | ||
+ | libobrender32v5 libobt2v5 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 librsvg2-2 librtmp1 \ | ||
+ | libssh2-1 libstartup-notification0 libxft2 libxss1 vim-runtime rsync xserver-xorg-input-wacom xserver-xorg-video-all \ | ||
+ | xserver-xorg-video-amdgpu xserver-xorg-video-ati xserver-xorg-video-nouveau xserver-xorg-video-qxl \ | ||
+ | xserver-xorg-video-radeon xserver-xorg-video-vmware libdrm-amdgpu1 libdrm-nouveau2 libdrm-radeon1 libllvm3.9 libsensors4 \ | ||
+ | libxatracker2 xprintidle feh xdotool openbox libxapian30 libpipeline1 libnpth0 libksba8 libseccomp2 libsqlite3-0 libxdo3 \ | ||
+ | libnewt0.52 libslang2 keyutils libassuan0 libdatrie1 libevent-2.0-5 libthai-data libthai0 \ | ||
+ | pinentry-curses trickle libxapian30 libpcsclite1 libdbus-glib-1-2 libfuse2 libpipeline1 libusb-1.0-0 libxv1 xnest \ | ||
+ | xserver-xephyr rdesktop freerdp-x11 traceroute screen net-tools less ntfs-3g fuse locales cifs-utils xterm libgssglue1 \ | ||
+ | libntfs-3g871 libtalloc2 libtcl8.6 libtk8.6 libutempter0 libvncclient1 libvncserver1 libwbclient0 libxcb-xf86dri0 \ | ||
+ | libxcb-xv0 samba-common tcl tcl8.6 tk tk8.6 xbitmaps nfs-common rpcbind atmel-firmware bluez-firmware \ | ||
+ | dahdi-firmware-nonfree hdmi2usb-fx2-firmware iso-codes ixo-usb-jtag libc-l10n libnfsidmap2 libtirpc1 x11vnc x11vnc-data \ | ||
+ | libapparmor1 systemd apt-utils libapt-inst2.0 libfreerdp-cache1.1 libfreerdp-client1.1 libfreerdp-codec1.1 \ | ||
+ | libfreerdp-common1.1.0 libfreerdp-core1.1 libfreerdp-crypto1.1 libfreerdp-gdi1.1 libfreerdp-locale1.1 \ | ||
+ | libfreerdp-primitives1.1 libfreerdp-rail1.1 libfreerdp-utils1.1 libwinpr-crt0.1 libwinpr-crypto0.1 libwinpr-dsparse0.1 \ | ||
+ | libwinpr-environment0.1 libwinpr-file0.1 libwinpr-handle0.1 libwinpr-heap0.1 libwinpr-input0.1 libwinpr-interlocked0.1 \ | ||
+ | libwinpr-library0.1 libwinpr-path0.1 libwinpr-pool0.1 libwinpr-registry0.1 libwinpr-rpc0.1 libwinpr-sspi0.1 \ | ||
+ | libwinpr-synch0.1 libwinpr-sysinfo0.1 libwinpr-thread0.1 libwinpr-utils0.1 firmware-amd-graphics firmware-atheros \ | ||
+ | firmware-bnx2 firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-crystalhd firmware-intel-sound \ | ||
+ | firmware-intelwimax firmware-ipw2x00 firmware-ivtv firmware-iwlwifi firmware-libertas firmware-linux firmware-linux-free \ | ||
+ | firmware-linux-nonfree firmware-misc-nonfree firmware-myricom firmware-netxen firmware-qlogic firmware-realtek \ | ||
+ | firmware-samsung firmware-siano firmware-ti-connectivity firmware-zd1211 | ||
+ | chroot squashfs-root dpkg -P apt tasksel tasksel-data | ||
+ | rm squashfs-root/ | ||
+ | (cd squashfs-root/ | ||
+ | mkdir -p squashfs-root/ | ||
+ | touch squashfs-root/ | ||
+ | umount squashfs-root/ | ||
+ | if ! grep '^eval $THROTTLINGCOMMAND' | ||
+ | sed -i -e 's#eval \$THROTTLINGCOMMAND x2goclient# | ||
+ | squashfs-root/etc/ | ||
+ | fi | ||
+ | if [ -f binary/live/filesystem.squashfs ] ; then | ||
+ | mv binary/live/ | ||
+ | fi | ||
+ | mkdir -p binary/ | ||
+ | mksquashfs squashfs-root binary/ | ||
+ | rm -rf squashfs-root | ||
+ | ln -f binary/ | ||
+ | (cd binary; echo live$'\n'live/filesystem.squashfs |cpio -o -H newc | gzip --fast) > | ||
+ | cat ./ | ||
+ | rm ./ | ||
+ | </ | ||
- | FIXME '' | + | FIXME for MATE-MiniDesktop, it might make sense to teach the image how to do LDAP auth (preferably with LDAPS or LDAP+TLS) and use lightdm without the auto-login. That way, a local screensaver //with// locking functionality (prompting |
- | FIXME '' | + | FIXME Scripts triggered by if-up should check if a new download is really necessary. |
- | FIXME <del>'' | + | ===== List of closed ToDos/ |
+ | * Feature request: In TCE (not MMD), use <code> | ||
+ | while ! (grep " | ||
+ | echo s >/ | ||
+ | echo u >/ | ||
+ | done | ||
+ | echo o >/ | ||
+ | </code> for faster poweroff when boot parameter '' | ||
+ | * '' | ||
+ | * It would be nice to have a boot parameter '' | ||
+ | * It would also be nice to have boot parameters '' | ||
+ | * Boot parameters '' | ||
+ | * There might be a race condition between the scripts handling the sshd keyfile and the ssh private key file copy task (/config ...), causing one to umount the fixed disk before the other is done reading/ | ||
+ | * Setting the time via NTP will fail if the TC can't establish a connection to an NTP server via the internet. It would make sense to allow specifying an internal NTP server via a boot parameter. - fixed in github repo, soon in x2go repo | ||
+ | * '' | ||
+ | * copying ssh private keys seems to fail in MiniDesktop-Mode - possibly because of the priming/ | ||
+ | * Automount script expansion is in the works. Will fully support VFAT, NTFS, hfs, hpfs, will offer read-only support for ext* via fuseext2 (that way, file ownership/ | ||
+ | * '' | ||
+ | * Maybe we should add symlinks to the mount points created by the automounter: | ||
+ | * '' | ||
+ | * volume control applet for MiniDesktop mode has been added - fixed in github repo, soon in x2go repo (to save/ | ||
< | < | ||
</ | </ | ||