From d9875909c081f05871aee625388cfb133fa62369 Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory

Also add necessary customizations:
    - Void-compatible PAM configuration
    - fallback Xsession wrapper script
    - define conf_files
    - README.voidlinux file
    - patch vncsession.c to prevent it from forking

The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue #1649: https://github.com/TigerVNC/tigervnc/issues/1649

Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
 srcpkgs/tigervnc/files/README.voidlinux       | 56 +++++++++++++
 srcpkgs/tigervnc/files/vncserver-1/log/run    |  5 ++
 srcpkgs/tigervnc/files/vncserver-1/run        | 28 +++++++
 .../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
 srcpkgs/tigervnc/template                     | 24 +++++-
 5 files changed, 193 insertions(+), 2 deletions(-)
 create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
 create mode 100755 srcpkgs/tigervnc/files/vncserver-1/log/run
 create mode 100644 srcpkgs/tigervnc/files/vncserver-1/run
 create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch

diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 0000000000000..e0610b315b2b1
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,56 @@
+The system service /etc/sv/vncserver-1 runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver-1 /var/service
+
+B: Creating more services
+
+The administrator can create services for other displays. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo ln -s /etc/sv/vncserver-1/run /etc/sv/vncserver-2/run
+$ sudo ln -s /etc/sv/vncserver-1/log/run /etc/sv/vncserver-2/log/run
+
+creates a system service on display :2.
+
+C: Enabling a service
+
+$ sudo ln -s /etc/sv/vncserver-1 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Please read the comments in the /etc/sv/vncserver-1/run script which reproduces
+the security warning and a workaround that upstream provides in its systemd unit
+file. This warning and workaround is moved to the run script because Void does
+not use systemd units.
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver-1/log/run b/srcpkgs/tigervnc/files/vncserver-1/log/run
new file mode 100755
index 0000000000000..51bf2146434f8
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver-1/log/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+PARENT_DIR=$(cd .. && echo $PWD)
+# Display number
+i=${PARENT_DIR##*-}
+exec vlogger -t vncserver-$i -p daemon
diff --git a/srcpkgs/tigervnc/files/vncserver-1/run b/srcpkgs/tigervnc/files/vncserver-1/run
new file mode 100644
index 0000000000000..28224ffb7e9c6
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver-1/run
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# DO NOT RUN THIS SERVICE if your local area network is
+# untrusted!  For a secure way of using VNC, you should
+# limit connections to the local host and then tunnel from
+# the machine you want to view VNC on (host A) to the machine
+# whose VNC output you want to view (host B)
+#
+# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
+#
+# this will open a connection on port 590N of your hostA to hostB's port 590M
+# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
+# See the ssh man page for details on port forwarding)
+#
+# You can then point a VNC client on hostA at vncdisplay N of localhost and with
+# the help of ssh, you end up seeing what hostB makes available on port 590M
+#
+# Use "nolisten=tcp" to prevent X connections to your VNC server via TCP.
+#
+# Use "localhost" to prevent remote VNC clients connecting except when
+# doing so through a secure tunnel.  See the "-via" option in the
+# 'man vncviewer' manual page.
+#
+sv check dbus >/dev/null || exit 1
+# Display number
+i=${PWD##*-}
+exec 2>&1
+exec /usr/libexec/vncsession-start ":$i"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 0000000000000..d54c4b24ed70e
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c	2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c	2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+ 
+     const char *username, *display;
+ 
+-    if ((argc != 3) || (argv[2][0] != ':')) {
++    int forking = 1;
++    if (argc == 4) {
++        if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++            forking = 0;
++        else {
++            fprintf(stderr, "Syntax:\n");
++            fprintf(stderr, "    %s [-D] <username> <display>\n", argv[0]);
++            return EX_USAGE;
++        }
++    } else if ((argc != 3) || (argv[2][0] != ':')) {
+         fprintf(stderr, "Syntax:\n");
+-        fprintf(stderr, "    %s <username> <display>\n", argv[0]);
++        fprintf(stderr, "    %s [-D] <username> <display>\n", argv[0]);
+         return EX_USAGE;
+     }
+ 
+-    username = argv[1];
+-    display = argv[2];
++    username = argv[argc - 2];
++    display = argv[argc - 1];
+ 
+     if (geteuid() != 0) {
+         fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+         return EX_OSERR;
+     }
+ 
+-    if (begin_daemon() == -1)
+-        return EX_OSERR;
++    if (forking) {
++        if (begin_daemon() == -1)
++            return EX_OSERR;
++    }
+ 
+     openlog("vncsession", LOG_PID, LOG_AUTH);
+ 
+@@ -581,7 +592,8 @@
+         fclose(f);
+     }
+ 
+-    finish_daemon();
++    if (forking)
++        finish_daemon();
+ 
+     while (1) {
+         int status;
+--- a/unix/vncserver/vncsession.man.in	2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in	2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+ 
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f1..ea0763c503df8 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
 # Template file for 'tigervnc'
 pkgname=tigervnc
-version=1.12.0
+version=1.13.1
 revision=1
 _xorg_version=1.20.0
 create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
 homepage="https://www.tigervnc.org"
 distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
  ${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
  9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
 conflicts="turbovnc>=0"
 skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+	/etc/tigervnc/vncserver-config-defaults
+	/etc/tigervnc/vncserver-config-mandatory
+	/etc/tigervnc/vncserver.users"
 
 post_extract() {
 	mv tigervnc-${version}/* .
@@ -33,6 +37,16 @@ post_patch() {
 	patch -p1 <../xserver${_xorg_version}.patch
 	# glvnd changed versioning
 	vsed -i configure.ac -e '/LIBGL/s/[79]\..\.0/1.2/'
+	# Essential Void customizations
+	cd ../vncserver
+	# Void-compatible PAM configuration
+	vsed -i tigervnc.pam -e "s/systemd/elogind/; /pam_selinux/s/required/optional/"
+	# Provide a fallback Xsession wrapper
+	vsed -i vncserver.in -e s.sion\"\).sion\",\"/etc/tigervnc/Xsession-fallback\"\).
+	# Fix whitespace
+	vsed -i vncserver.in -e "s/\",\"/\", \"/g"
+	# Use the -D option of vncsession to prevent it from forking / detaching
+	vsed -i vncsession-start.in -e "s/vncsession\"/vncsession\" -D/"
 }
 
 post_configure() {
@@ -58,6 +72,12 @@ post_build() {
 }
 
 post_install() {
+	# More Void customizations
+	cd ${FILESDIR}/../..
+	vinstall lightdm/files/xsession 755 etc/tigervnc Xsession-fallback
+	# runit unit for display 1
+	vsv vncserver-1
+	vdoc "${FILESDIR}/README.voidlinux"
 	cd ${wrksrc}/unix/xserver/hw/vnc
 	make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
 }