* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
@ 2023-07-29 16:21 ` classabbyamp
2023-07-29 16:21 ` classabbyamp
` (40 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: classabbyamp @ 2023-07-29 16:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 266 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278309101
Comment:
this is not necessary, `vsv` in templates will automatically create a log service based on the name of the parent
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
2023-07-29 16:21 ` [PR REVIEW] " classabbyamp
@ 2023-07-29 16:21 ` classabbyamp
2023-07-29 16:21 ` classabbyamp
` (39 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: classabbyamp @ 2023-07-29 16:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 171 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278313570
Comment:
```suggestion
```
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
2023-07-29 16:21 ` [PR REVIEW] " classabbyamp
2023-07-29 16:21 ` classabbyamp
@ 2023-07-29 16:21 ` classabbyamp
2023-07-29 16:21 ` classabbyamp
` (38 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: classabbyamp @ 2023-07-29 16:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 263 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278312419
Comment:
this service should just be called `vncserver`. users can copy it and change `./conf` if they want to add more
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (2 preceding siblings ...)
2023-07-29 16:21 ` classabbyamp
@ 2023-07-29 16:21 ` classabbyamp
2023-07-29 16:21 ` classabbyamp
` (37 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: classabbyamp @ 2023-07-29 16:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 207 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278313483
Comment:
```suggestion
vsv vncserver
```
per comments above
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (3 preceding siblings ...)
2023-07-29 16:21 ` classabbyamp
@ 2023-07-29 16:21 ` classabbyamp
2023-07-29 16:21 ` classabbyamp
` (36 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: classabbyamp @ 2023-07-29 16:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 200 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278309177
Comment:
this should go in README.voidlinux, if anywhere
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (4 preceding siblings ...)
2023-07-29 16:21 ` classabbyamp
@ 2023-07-29 16:21 ` classabbyamp
2023-07-29 16:21 ` classabbyamp
` (35 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: classabbyamp @ 2023-07-29 16:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 243 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278313462
Comment:
relying on something from another package is a bad idea. if you want it here, copy it here
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (5 preceding siblings ...)
2023-07-29 16:21 ` classabbyamp
@ 2023-07-29 16:21 ` classabbyamp
2023-07-29 16:21 ` classabbyamp
` (34 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: classabbyamp @ 2023-07-29 16:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 510 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278309579
Comment:
```suggestion
exec 2>&1
[ -r ./conf ] && . ./conf
exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
```
the `./conf` convention allows users to customise the service by setting variables like this. For example, a user could add a `conf` file with the contents:
```sh
DISPLAY=":3"
```
if they wanted the vnc server to run on a different `DISPLAY`
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (6 preceding siblings ...)
2023-07-29 16:21 ` classabbyamp
@ 2023-07-29 16:21 ` classabbyamp
2023-07-29 16:46 ` zmudc
` (33 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: classabbyamp @ 2023-07-29 16:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 221 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278312779
Comment:
these would be much easier to understand and more precise as patches
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (7 preceding siblings ...)
2023-07-29 16:21 ` classabbyamp
@ 2023-07-29 16:46 ` zmudc
2023-07-29 16:56 ` zmudc
` (32 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-29 16:46 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 248 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278341194
Comment:
OK, I will remove this from the run script and maybe just put a link to this info in README.voidlinux.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (8 preceding siblings ...)
2023-07-29 16:46 ` zmudc
@ 2023-07-29 16:56 ` zmudc
2023-07-29 16:59 ` zmudc
` (31 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-29 16:56 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 277 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278341972
Comment:
No problem. That file from lightdm is very stable, ten years old, I think. I will just add it directly in this package's FILESDIR.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (9 preceding siblings ...)
2023-07-29 16:56 ` zmudc
@ 2023-07-29 16:59 ` zmudc
2023-07-29 17:01 ` zmudc
` (30 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-29 16:59 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 386 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278342175
Comment:
OK. No need for that if we are going to use patch files for the Void-specific changes.
Also, I also successfully cross-compiled the new version for armv7l.
I will redo the PR probably early next week.
Thanks for the quick review.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (10 preceding siblings ...)
2023-07-29 16:59 ` zmudc
@ 2023-07-29 17:01 ` zmudc
2023-07-29 17:09 ` [PR REVIEW] " zmudc
` (29 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-29 17:01 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 212 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1656790008
Comment:
I forget to mention cross compiling for armv7l also tested successfully.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (11 preceding siblings ...)
2023-07-29 17:01 ` zmudc
@ 2023-07-29 17:09 ` zmudc
2023-07-29 17:15 ` zmudc
` (28 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-29 17:09 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 703 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278342885
Comment:
I think I can make it work that way. It may take a little time for me to test. I thought the way agetty-ttyN services do it was OK. I think I will just have the vncserver service always be for display :1, but it seems the services on the other displays will need to have a different name such as vncserver-2, vncserver-3, and I can explain how to create them in README.voidlinux. I might spend a little time thinking if it is possible for a single vncserver service to run more than one display and implement that if possible. I will have to think about it.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (12 preceding siblings ...)
2023-07-29 17:09 ` [PR REVIEW] " zmudc
@ 2023-07-29 17:15 ` zmudc
2023-07-29 17:17 ` zmudc
` (27 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-29 17:15 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 770 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278343336
Comment:
The automatic log service creation did not pull in the correct service name, i.e., it was -t vncserver-1 for display 2, so I added the run file for the log service to ensure the logs for vncserver are tagged as vncserver-2, not vncserver-1. I think to do it your way, I will not be able to use just a symbolic link to the run script of vncserver for vncservers on other displays. I will experiment with some other approaches, perhaps without using symbolic links to the run service of vncserver for the other displays. I was using the technique used in the agetty-ttyN services here, but I guess that is not appropriate now?
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (13 preceding siblings ...)
2023-07-29 17:15 ` zmudc
@ 2023-07-29 17:17 ` zmudc
2023-07-29 17:20 ` zmudc
` (26 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-29 17:17 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 366 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278343466
Comment:
I will try to make it work that way. I think vncserver, without a reference in the service name to the display will need to be something like the agetty-generic service which agetty-ttyN services use with symbolic links.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (14 preceding siblings ...)
2023-07-29 17:17 ` zmudc
@ 2023-07-29 17:20 ` zmudc
2023-07-30 19:27 ` [PR PATCH] [Updated] " zmudc
` (25 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-29 17:20 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 796 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278343336
Comment:
The automatic log service creation did not pull in the correct service name, i.e., it was -t vncserver-1 for display 2, so I added the run file for the log service to ensure the logs for vncserver on display :2 are tagged as vncserver-2, not vncserver-1 in the logs. I think to do it your way, I will not be able to use just a symbolic link to the run script of vncserver for vncservers on other displays. I will experiment with some other approaches, perhaps without using symbolic links to the run service of vncserver for the other displays. I was using the technique used in the agetty-ttyN services here, but I guess that is not appropriate now?
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (15 preceding siblings ...)
2023-07-29 17:20 ` zmudc
@ 2023-07-30 19:27 ` zmudc
2023-07-30 19:57 ` zmudc
` (24 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 19:27 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1565 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 10204 bytes --]
From d9875909c081f05871aee625388cfb133fa62369 Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue #1649: https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 56 +++++++++++++
srcpkgs/tigervnc/files/vncserver-1/log/run | 5 ++
srcpkgs/tigervnc/files/vncserver-1/run | 28 +++++++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 24 +++++-
5 files changed, 193 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100755 srcpkgs/tigervnc/files/vncserver-1/log/run
create mode 100644 srcpkgs/tigervnc/files/vncserver-1/run
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 0000000000000..e0610b315b2b1
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,56 @@
+The system service /etc/sv/vncserver-1 runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver-1 /var/service
+
+B: Creating more services
+
+The administrator can create services for other displays. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo ln -s /etc/sv/vncserver-1/run /etc/sv/vncserver-2/run
+$ sudo ln -s /etc/sv/vncserver-1/log/run /etc/sv/vncserver-2/log/run
+
+creates a system service on display :2.
+
+C: Enabling a service
+
+$ sudo ln -s /etc/sv/vncserver-1 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Please read the comments in the /etc/sv/vncserver-1/run script which reproduces
+the security warning and a workaround that upstream provides in its systemd unit
+file. This warning and workaround is moved to the run script because Void does
+not use systemd units.
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver-1/log/run b/srcpkgs/tigervnc/files/vncserver-1/log/run
new file mode 100755
index 0000000000000..51bf2146434f8
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver-1/log/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+PARENT_DIR=$(cd .. && echo $PWD)
+# Display number
+i=${PARENT_DIR##*-}
+exec vlogger -t vncserver-$i -p daemon
diff --git a/srcpkgs/tigervnc/files/vncserver-1/run b/srcpkgs/tigervnc/files/vncserver-1/run
new file mode 100644
index 0000000000000..28224ffb7e9c6
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver-1/run
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# DO NOT RUN THIS SERVICE if your local area network is
+# untrusted! For a secure way of using VNC, you should
+# limit connections to the local host and then tunnel from
+# the machine you want to view VNC on (host A) to the machine
+# whose VNC output you want to view (host B)
+#
+# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
+#
+# this will open a connection on port 590N of your hostA to hostB's port 590M
+# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
+# See the ssh man page for details on port forwarding)
+#
+# You can then point a VNC client on hostA at vncdisplay N of localhost and with
+# the help of ssh, you end up seeing what hostB makes available on port 590M
+#
+# Use "nolisten=tcp" to prevent X connections to your VNC server via TCP.
+#
+# Use "localhost" to prevent remote VNC clients connecting except when
+# doing so through a secure tunnel. See the "-via" option in the
+# 'man vncviewer' manual page.
+#
+sv check dbus >/dev/null || exit 1
+# Display number
+i=${PWD##*-}
+exec 2>&1
+exec /usr/libexec/vncsession-start ":$i"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 0000000000000..d54c4b24ed70e
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f1..ea0763c503df8 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -33,6 +37,16 @@ post_patch() {
patch -p1 <../xserver${_xorg_version}.patch
# glvnd changed versioning
vsed -i configure.ac -e '/LIBGL/s/[79]\..\.0/1.2/'
+ # Essential Void customizations
+ cd ../vncserver
+ # Void-compatible PAM configuration
+ vsed -i tigervnc.pam -e "s/systemd/elogind/; /pam_selinux/s/required/optional/"
+ # Provide a fallback Xsession wrapper
+ vsed -i vncserver.in -e s.sion\"\).sion\",\"/etc/tigervnc/Xsession-fallback\"\).
+ # Fix whitespace
+ vsed -i vncserver.in -e "s/\",\"/\", \"/g"
+ # Use the -D option of vncsession to prevent it from forking / detaching
+ vsed -i vncsession-start.in -e "s/vncsession\"/vncsession\" -D/"
}
post_configure() {
@@ -58,6 +72,12 @@ post_build() {
}
post_install() {
+ # More Void customizations
+ cd ${FILESDIR}/../..
+ vinstall lightdm/files/xsession 755 etc/tigervnc Xsession-fallback
+ # runit unit for display 1
+ vsv vncserver-1
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (16 preceding siblings ...)
2023-07-30 19:27 ` [PR PATCH] [Updated] " zmudc
@ 2023-07-30 19:57 ` zmudc
2023-07-30 22:39 ` zmudc
` (23 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 19:57 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1565 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 10204 bytes --]
From d9875909c081f05871aee625388cfb133fa62369 Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue #1649: https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 56 +++++++++++++
srcpkgs/tigervnc/files/vncserver-1/log/run | 5 ++
srcpkgs/tigervnc/files/vncserver-1/run | 28 +++++++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 24 +++++-
5 files changed, 193 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100755 srcpkgs/tigervnc/files/vncserver-1/log/run
create mode 100644 srcpkgs/tigervnc/files/vncserver-1/run
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 0000000000000..e0610b315b2b1
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,56 @@
+The system service /etc/sv/vncserver-1 runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver-1 /var/service
+
+B: Creating more services
+
+The administrator can create services for other displays. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo ln -s /etc/sv/vncserver-1/run /etc/sv/vncserver-2/run
+$ sudo ln -s /etc/sv/vncserver-1/log/run /etc/sv/vncserver-2/log/run
+
+creates a system service on display :2.
+
+C: Enabling a service
+
+$ sudo ln -s /etc/sv/vncserver-1 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Please read the comments in the /etc/sv/vncserver-1/run script which reproduces
+the security warning and a workaround that upstream provides in its systemd unit
+file. This warning and workaround is moved to the run script because Void does
+not use systemd units.
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver-1/log/run b/srcpkgs/tigervnc/files/vncserver-1/log/run
new file mode 100755
index 0000000000000..51bf2146434f8
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver-1/log/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+PARENT_DIR=$(cd .. && echo $PWD)
+# Display number
+i=${PARENT_DIR##*-}
+exec vlogger -t vncserver-$i -p daemon
diff --git a/srcpkgs/tigervnc/files/vncserver-1/run b/srcpkgs/tigervnc/files/vncserver-1/run
new file mode 100644
index 0000000000000..28224ffb7e9c6
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver-1/run
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# DO NOT RUN THIS SERVICE if your local area network is
+# untrusted! For a secure way of using VNC, you should
+# limit connections to the local host and then tunnel from
+# the machine you want to view VNC on (host A) to the machine
+# whose VNC output you want to view (host B)
+#
+# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
+#
+# this will open a connection on port 590N of your hostA to hostB's port 590M
+# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
+# See the ssh man page for details on port forwarding)
+#
+# You can then point a VNC client on hostA at vncdisplay N of localhost and with
+# the help of ssh, you end up seeing what hostB makes available on port 590M
+#
+# Use "nolisten=tcp" to prevent X connections to your VNC server via TCP.
+#
+# Use "localhost" to prevent remote VNC clients connecting except when
+# doing so through a secure tunnel. See the "-via" option in the
+# 'man vncviewer' manual page.
+#
+sv check dbus >/dev/null || exit 1
+# Display number
+i=${PWD##*-}
+exec 2>&1
+exec /usr/libexec/vncsession-start ":$i"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 0000000000000..d54c4b24ed70e
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f1..ea0763c503df8 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -33,6 +37,16 @@ post_patch() {
patch -p1 <../xserver${_xorg_version}.patch
# glvnd changed versioning
vsed -i configure.ac -e '/LIBGL/s/[79]\..\.0/1.2/'
+ # Essential Void customizations
+ cd ../vncserver
+ # Void-compatible PAM configuration
+ vsed -i tigervnc.pam -e "s/systemd/elogind/; /pam_selinux/s/required/optional/"
+ # Provide a fallback Xsession wrapper
+ vsed -i vncserver.in -e s.sion\"\).sion\",\"/etc/tigervnc/Xsession-fallback\"\).
+ # Fix whitespace
+ vsed -i vncserver.in -e "s/\",\"/\", \"/g"
+ # Use the -D option of vncsession to prevent it from forking / detaching
+ vsed -i vncsession-start.in -e "s/vncsession\"/vncsession\" -D/"
}
post_configure() {
@@ -58,6 +72,12 @@ post_build() {
}
post_install() {
+ # More Void customizations
+ cd ${FILESDIR}/../..
+ vinstall lightdm/files/xsession 755 etc/tigervnc Xsession-fallback
+ # runit unit for display 1
+ vsv vncserver-1
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (17 preceding siblings ...)
2023-07-30 19:57 ` zmudc
@ 2023-07-30 22:39 ` zmudc
2023-07-30 22:48 ` zmudc
` (22 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 22:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1565 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 13727 bytes --]
From 645379bc221b1a4148fb74526d680cc715f8355a Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 65 +++++++++++++++
srcpkgs/tigervnc/files/vncserver/conf | 4 +
srcpkgs/tigervnc/files/vncserver/run | 5 ++
srcpkgs/tigervnc/files/xsession | 58 +++++++++++++
.../tigervnc/patches/Xsession-fallback.patch | 15 ++++
.../tigervnc/patches/pam-configuration.patch | 19 +++++
.../patches/use-no-fork-vncsession.patch | 10 +++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 12 ++-
9 files changed, 268 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100644 srcpkgs/tigervnc/files/vncserver/conf
create mode 100644 srcpkgs/tigervnc/files/vncserver/run
create mode 100644 srcpkgs/tigervnc/files/xsession
create mode 100644 srcpkgs/tigervnc/patches/Xsession-fallback.patch
create mode 100644 srcpkgs/tigervnc/patches/pam-configuration.patch
create mode 100644 srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 000000000000..657a90c695e0
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,65 @@
+The system service /etc/sv/vncserver-1 runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver /var/service
+4. To use another display instead of :1, map the user to the alternate display
+ in /etc/tigervnc/vncserver.users and set DISPLAY to the alternate display
+ in /etc/sv/vncserver/conf
+
+B: Running multiple vncserver services
+
+The administrator can create multiple vncserver services. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo cp /etc/sv/vncserver/run /etc/sv/vncserver-2/run
+$ sudo cp /etc/sv/vncserver/log/run /etc/sv/vncserver-2/log/run
+$ echo DISPLAY=\":2\" > conf.tmp && sudo mv conf.tmp /etc/sv/vncserver-2/conf
+
+creates a system service named vncserver-2 that runs on display :2.
+
+C: Enabling services
+
+For example, to enable two two vncserver services, vncserver and vncserver-2:
+
+$ sudo ln -s /etc/sv/vncserver /var/service
+$ sudo ln -s /etc/sv/vncserver-2 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Upstream warns that vncserver should not be run on an untrusted LAN. Upstream
+has some suggestions for securing vncserver on an untrusted network at these links:
+
+https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/vncserver%40.service.in
+
+https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver/conf b/srcpkgs/tigervnc/files/vncserver/conf
new file mode 100644
index 000000000000..42a4e437a46e
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/conf
@@ -0,0 +1,4 @@
+# Set alternate display
+# If not set, vncserver will use DISPLAY=":1"
+# E.g.:
+# DISPLAY=":2"
diff --git a/srcpkgs/tigervnc/files/vncserver/run b/srcpkgs/tigervnc/files/vncserver/run
new file mode 100644
index 000000000000..401d31d41af2
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+sv check dbus >/dev/null || exit 1
+exec 2>&1
+[ -r ./conf ] && . ./conf
+exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
diff --git a/srcpkgs/tigervnc/files/xsession b/srcpkgs/tigervnc/files/xsession
new file mode 100644
index 000000000000..f61a76b146b0
--- /dev/null
+++ b/srcpkgs/tigervnc/files/xsession
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Fallback TigerVNC wrapper to run around X sessions.
+# Used on systems that do not have /etc/X11/xinit/Xsession or /etc/X11/Xsession
+
+echo "Running X session wrapper"
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ . "$file"
+ fi
+done
+
+# Load resources
+for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
+ if [ -f "$file" ]; then
+ echo "Loading resource: $file"
+ xrdb -nocpp -merge "$file"
+ fi
+done
+
+# Load keymaps
+for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading keymap: $file"
+ setxkbmap `cat "$file"`
+ XKB_IN_USE=yes
+ fi
+done
+
+# Load xmodmap if not using XKB
+if [ -z "$XKB_IN_USE" ]; then
+ for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading modmap: $file"
+ xmodmap "$file"
+ fi
+ done
+fi
+
+unset XKB_IN_USE
+
+# Run all system xinitrc shell scripts.
+xinitdir="/etc/X11/xinit/xinitrc.d"
+if [ -d "$xinitdir" ]; then
+ for script in $xinitdir/*; do
+ echo "Loading xinit script $script"
+ if [ -x "$script" -a ! -d "$script" ]; then
+ . "$script"
+ fi
+ done
+fi
+
+echo "X session wrapper complete, running session $@"
+
+exec $@
diff --git a/srcpkgs/tigervnc/patches/Xsession-fallback.patch b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
new file mode 100644
index 000000000000..0dc837548fe0
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
@@ -0,0 +1,15 @@
+Some Void systems, inluding an installation from the live image, do not have an
+Xsession script where upstream expects it to be, so use the fallback Xsession
+script provided by the Void tigervnc package.
+
+--- a/unix/vncserver/vncserver.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncserver.in 2023-07-30 17:55:47.604000000 -0400
+@@ -439,7 +439,7 @@
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
++ foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession", "/etc/tigervnc/Xsession-fallback") {
+ if (-x "$cmd") {
+ $Xsession = $cmd;
+ last;
diff --git a/srcpkgs/tigervnc/patches/pam-configuration.patch b/srcpkgs/tigervnc/patches/pam-configuration.patch
new file mode 100644
index 000000000000..42046c49860f
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/pam-configuration.patch
@@ -0,0 +1,19 @@
+Void requires some tweaks to the default upstream PAM configuration.
+
+--- a/unix/vncserver/tigervnc.pam 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/tigervnc.pam 2023-07-30 17:54:21.281000000 -0400
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ # pam_selinux.so close should be the first session rule
+--session required pam_selinux.so close
++-session optional pam_selinux.so close
+ session required pam_loginuid.so
+--session required pam_selinux.so open
++-session optional pam_selinux.so open
+ session required pam_namespace.so
+ session optional pam_keyinit.so force revoke
+ session required pam_limits.so
+--session optional pam_systemd.so
++-session optional pam_elogind.so
+ session required pam_unix.so
+ -session optional pam_reauthorize.so prepare
diff --git a/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
new file mode 100644
index 000000000000..fcdd5cf59cfb
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
@@ -0,0 +1,10 @@
+On Void, use the non-forking option -D when starting vncsession
+
+--- a/unix/vncserver/vncsession-start.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncsession-start.in 2023-07-30 17:53:09.330000000 -0400
+@@ -40,4 +40,4 @@
+ exit 1
+ fi
+
+-exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" "${USER}" "${DISPLAY}"
++exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" -D "${USER}" "${DISPLAY}"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 000000000000..d54c4b24ed70
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f..1258cc44c8b3 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -58,6 +62,10 @@ post_build() {
}
post_install() {
+ vinstall ${FILESDIR}/xsession 755 etc/tigervnc Xsession-fallback
+ # runit unit for display 1
+ vsv vncserver
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (18 preceding siblings ...)
2023-07-30 22:39 ` zmudc
@ 2023-07-30 22:48 ` zmudc
2023-07-30 22:48 ` zmudc
` (21 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 22:48 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1565 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 13727 bytes --]
From 645379bc221b1a4148fb74526d680cc715f8355a Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 65 +++++++++++++++
srcpkgs/tigervnc/files/vncserver/conf | 4 +
srcpkgs/tigervnc/files/vncserver/run | 5 ++
srcpkgs/tigervnc/files/xsession | 58 +++++++++++++
.../tigervnc/patches/Xsession-fallback.patch | 15 ++++
.../tigervnc/patches/pam-configuration.patch | 19 +++++
.../patches/use-no-fork-vncsession.patch | 10 +++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 12 ++-
9 files changed, 268 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100644 srcpkgs/tigervnc/files/vncserver/conf
create mode 100644 srcpkgs/tigervnc/files/vncserver/run
create mode 100644 srcpkgs/tigervnc/files/xsession
create mode 100644 srcpkgs/tigervnc/patches/Xsession-fallback.patch
create mode 100644 srcpkgs/tigervnc/patches/pam-configuration.patch
create mode 100644 srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 000000000000..657a90c695e0
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,65 @@
+The system service /etc/sv/vncserver-1 runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver /var/service
+4. To use another display instead of :1, map the user to the alternate display
+ in /etc/tigervnc/vncserver.users and set DISPLAY to the alternate display
+ in /etc/sv/vncserver/conf
+
+B: Running multiple vncserver services
+
+The administrator can create multiple vncserver services. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo cp /etc/sv/vncserver/run /etc/sv/vncserver-2/run
+$ sudo cp /etc/sv/vncserver/log/run /etc/sv/vncserver-2/log/run
+$ echo DISPLAY=\":2\" > conf.tmp && sudo mv conf.tmp /etc/sv/vncserver-2/conf
+
+creates a system service named vncserver-2 that runs on display :2.
+
+C: Enabling services
+
+For example, to enable two two vncserver services, vncserver and vncserver-2:
+
+$ sudo ln -s /etc/sv/vncserver /var/service
+$ sudo ln -s /etc/sv/vncserver-2 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Upstream warns that vncserver should not be run on an untrusted LAN. Upstream
+has some suggestions for securing vncserver on an untrusted network at these links:
+
+https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/vncserver%40.service.in
+
+https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver/conf b/srcpkgs/tigervnc/files/vncserver/conf
new file mode 100644
index 000000000000..42a4e437a46e
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/conf
@@ -0,0 +1,4 @@
+# Set alternate display
+# If not set, vncserver will use DISPLAY=":1"
+# E.g.:
+# DISPLAY=":2"
diff --git a/srcpkgs/tigervnc/files/vncserver/run b/srcpkgs/tigervnc/files/vncserver/run
new file mode 100644
index 000000000000..401d31d41af2
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+sv check dbus >/dev/null || exit 1
+exec 2>&1
+[ -r ./conf ] && . ./conf
+exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
diff --git a/srcpkgs/tigervnc/files/xsession b/srcpkgs/tigervnc/files/xsession
new file mode 100644
index 000000000000..f61a76b146b0
--- /dev/null
+++ b/srcpkgs/tigervnc/files/xsession
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Fallback TigerVNC wrapper to run around X sessions.
+# Used on systems that do not have /etc/X11/xinit/Xsession or /etc/X11/Xsession
+
+echo "Running X session wrapper"
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ . "$file"
+ fi
+done
+
+# Load resources
+for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
+ if [ -f "$file" ]; then
+ echo "Loading resource: $file"
+ xrdb -nocpp -merge "$file"
+ fi
+done
+
+# Load keymaps
+for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading keymap: $file"
+ setxkbmap `cat "$file"`
+ XKB_IN_USE=yes
+ fi
+done
+
+# Load xmodmap if not using XKB
+if [ -z "$XKB_IN_USE" ]; then
+ for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading modmap: $file"
+ xmodmap "$file"
+ fi
+ done
+fi
+
+unset XKB_IN_USE
+
+# Run all system xinitrc shell scripts.
+xinitdir="/etc/X11/xinit/xinitrc.d"
+if [ -d "$xinitdir" ]; then
+ for script in $xinitdir/*; do
+ echo "Loading xinit script $script"
+ if [ -x "$script" -a ! -d "$script" ]; then
+ . "$script"
+ fi
+ done
+fi
+
+echo "X session wrapper complete, running session $@"
+
+exec $@
diff --git a/srcpkgs/tigervnc/patches/Xsession-fallback.patch b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
new file mode 100644
index 000000000000..0dc837548fe0
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
@@ -0,0 +1,15 @@
+Some Void systems, inluding an installation from the live image, do not have an
+Xsession script where upstream expects it to be, so use the fallback Xsession
+script provided by the Void tigervnc package.
+
+--- a/unix/vncserver/vncserver.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncserver.in 2023-07-30 17:55:47.604000000 -0400
+@@ -439,7 +439,7 @@
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
++ foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession", "/etc/tigervnc/Xsession-fallback") {
+ if (-x "$cmd") {
+ $Xsession = $cmd;
+ last;
diff --git a/srcpkgs/tigervnc/patches/pam-configuration.patch b/srcpkgs/tigervnc/patches/pam-configuration.patch
new file mode 100644
index 000000000000..42046c49860f
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/pam-configuration.patch
@@ -0,0 +1,19 @@
+Void requires some tweaks to the default upstream PAM configuration.
+
+--- a/unix/vncserver/tigervnc.pam 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/tigervnc.pam 2023-07-30 17:54:21.281000000 -0400
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ # pam_selinux.so close should be the first session rule
+--session required pam_selinux.so close
++-session optional pam_selinux.so close
+ session required pam_loginuid.so
+--session required pam_selinux.so open
++-session optional pam_selinux.so open
+ session required pam_namespace.so
+ session optional pam_keyinit.so force revoke
+ session required pam_limits.so
+--session optional pam_systemd.so
++-session optional pam_elogind.so
+ session required pam_unix.so
+ -session optional pam_reauthorize.so prepare
diff --git a/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
new file mode 100644
index 000000000000..fcdd5cf59cfb
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
@@ -0,0 +1,10 @@
+On Void, use the non-forking option -D when starting vncsession
+
+--- a/unix/vncserver/vncsession-start.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncsession-start.in 2023-07-30 17:53:09.330000000 -0400
+@@ -40,4 +40,4 @@
+ exit 1
+ fi
+
+-exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" "${USER}" "${DISPLAY}"
++exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" -D "${USER}" "${DISPLAY}"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 000000000000..d54c4b24ed70
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f..1258cc44c8b3 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -58,6 +62,10 @@ post_build() {
}
post_install() {
+ vinstall ${FILESDIR}/xsession 755 etc/tigervnc Xsession-fallback
+ # runit unit for display 1
+ vsv vncserver
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (19 preceding siblings ...)
2023-07-30 22:48 ` zmudc
@ 2023-07-30 22:48 ` zmudc
2023-07-30 23:31 ` [PR REVIEW] " zmudc
` (20 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 22:48 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1565 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 13727 bytes --]
From 645379bc221b1a4148fb74526d680cc715f8355a Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 65 +++++++++++++++
srcpkgs/tigervnc/files/vncserver/conf | 4 +
srcpkgs/tigervnc/files/vncserver/run | 5 ++
srcpkgs/tigervnc/files/xsession | 58 +++++++++++++
.../tigervnc/patches/Xsession-fallback.patch | 15 ++++
.../tigervnc/patches/pam-configuration.patch | 19 +++++
.../patches/use-no-fork-vncsession.patch | 10 +++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 12 ++-
9 files changed, 268 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100644 srcpkgs/tigervnc/files/vncserver/conf
create mode 100644 srcpkgs/tigervnc/files/vncserver/run
create mode 100644 srcpkgs/tigervnc/files/xsession
create mode 100644 srcpkgs/tigervnc/patches/Xsession-fallback.patch
create mode 100644 srcpkgs/tigervnc/patches/pam-configuration.patch
create mode 100644 srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 000000000000..657a90c695e0
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,65 @@
+The system service /etc/sv/vncserver-1 runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver /var/service
+4. To use another display instead of :1, map the user to the alternate display
+ in /etc/tigervnc/vncserver.users and set DISPLAY to the alternate display
+ in /etc/sv/vncserver/conf
+
+B: Running multiple vncserver services
+
+The administrator can create multiple vncserver services. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo cp /etc/sv/vncserver/run /etc/sv/vncserver-2/run
+$ sudo cp /etc/sv/vncserver/log/run /etc/sv/vncserver-2/log/run
+$ echo DISPLAY=\":2\" > conf.tmp && sudo mv conf.tmp /etc/sv/vncserver-2/conf
+
+creates a system service named vncserver-2 that runs on display :2.
+
+C: Enabling services
+
+For example, to enable two two vncserver services, vncserver and vncserver-2:
+
+$ sudo ln -s /etc/sv/vncserver /var/service
+$ sudo ln -s /etc/sv/vncserver-2 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Upstream warns that vncserver should not be run on an untrusted LAN. Upstream
+has some suggestions for securing vncserver on an untrusted network at these links:
+
+https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/vncserver%40.service.in
+
+https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver/conf b/srcpkgs/tigervnc/files/vncserver/conf
new file mode 100644
index 000000000000..42a4e437a46e
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/conf
@@ -0,0 +1,4 @@
+# Set alternate display
+# If not set, vncserver will use DISPLAY=":1"
+# E.g.:
+# DISPLAY=":2"
diff --git a/srcpkgs/tigervnc/files/vncserver/run b/srcpkgs/tigervnc/files/vncserver/run
new file mode 100644
index 000000000000..401d31d41af2
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+sv check dbus >/dev/null || exit 1
+exec 2>&1
+[ -r ./conf ] && . ./conf
+exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
diff --git a/srcpkgs/tigervnc/files/xsession b/srcpkgs/tigervnc/files/xsession
new file mode 100644
index 000000000000..f61a76b146b0
--- /dev/null
+++ b/srcpkgs/tigervnc/files/xsession
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Fallback TigerVNC wrapper to run around X sessions.
+# Used on systems that do not have /etc/X11/xinit/Xsession or /etc/X11/Xsession
+
+echo "Running X session wrapper"
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ . "$file"
+ fi
+done
+
+# Load resources
+for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
+ if [ -f "$file" ]; then
+ echo "Loading resource: $file"
+ xrdb -nocpp -merge "$file"
+ fi
+done
+
+# Load keymaps
+for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading keymap: $file"
+ setxkbmap `cat "$file"`
+ XKB_IN_USE=yes
+ fi
+done
+
+# Load xmodmap if not using XKB
+if [ -z "$XKB_IN_USE" ]; then
+ for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading modmap: $file"
+ xmodmap "$file"
+ fi
+ done
+fi
+
+unset XKB_IN_USE
+
+# Run all system xinitrc shell scripts.
+xinitdir="/etc/X11/xinit/xinitrc.d"
+if [ -d "$xinitdir" ]; then
+ for script in $xinitdir/*; do
+ echo "Loading xinit script $script"
+ if [ -x "$script" -a ! -d "$script" ]; then
+ . "$script"
+ fi
+ done
+fi
+
+echo "X session wrapper complete, running session $@"
+
+exec $@
diff --git a/srcpkgs/tigervnc/patches/Xsession-fallback.patch b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
new file mode 100644
index 000000000000..0dc837548fe0
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
@@ -0,0 +1,15 @@
+Some Void systems, inluding an installation from the live image, do not have an
+Xsession script where upstream expects it to be, so use the fallback Xsession
+script provided by the Void tigervnc package.
+
+--- a/unix/vncserver/vncserver.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncserver.in 2023-07-30 17:55:47.604000000 -0400
+@@ -439,7 +439,7 @@
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
++ foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession", "/etc/tigervnc/Xsession-fallback") {
+ if (-x "$cmd") {
+ $Xsession = $cmd;
+ last;
diff --git a/srcpkgs/tigervnc/patches/pam-configuration.patch b/srcpkgs/tigervnc/patches/pam-configuration.patch
new file mode 100644
index 000000000000..42046c49860f
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/pam-configuration.patch
@@ -0,0 +1,19 @@
+Void requires some tweaks to the default upstream PAM configuration.
+
+--- a/unix/vncserver/tigervnc.pam 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/tigervnc.pam 2023-07-30 17:54:21.281000000 -0400
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ # pam_selinux.so close should be the first session rule
+--session required pam_selinux.so close
++-session optional pam_selinux.so close
+ session required pam_loginuid.so
+--session required pam_selinux.so open
++-session optional pam_selinux.so open
+ session required pam_namespace.so
+ session optional pam_keyinit.so force revoke
+ session required pam_limits.so
+--session optional pam_systemd.so
++-session optional pam_elogind.so
+ session required pam_unix.so
+ -session optional pam_reauthorize.so prepare
diff --git a/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
new file mode 100644
index 000000000000..fcdd5cf59cfb
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
@@ -0,0 +1,10 @@
+On Void, use the non-forking option -D when starting vncsession
+
+--- a/unix/vncserver/vncsession-start.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncsession-start.in 2023-07-30 17:53:09.330000000 -0400
+@@ -40,4 +40,4 @@
+ exit 1
+ fi
+
+-exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" "${USER}" "${DISPLAY}"
++exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" -D "${USER}" "${DISPLAY}"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 000000000000..d54c4b24ed70
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f..1258cc44c8b3 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -58,6 +62,10 @@ post_build() {
}
post_install() {
+ vinstall ${FILESDIR}/xsession 755 etc/tigervnc Xsession-fallback
+ # runit unit for display 1
+ vsv vncserver
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (20 preceding siblings ...)
2023-07-30 22:48 ` zmudc
@ 2023-07-30 23:31 ` zmudc
2023-07-30 23:32 ` zmudc
` (19 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 23:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 265 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278637254
Comment:
I resolved this by not using symbolic links and considering it OK to tag all vncserver services with the vncserver tag.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (21 preceding siblings ...)
2023-07-30 23:31 ` [PR REVIEW] " zmudc
@ 2023-07-30 23:32 ` zmudc
2023-07-30 23:33 ` zmudc
` (18 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 23:32 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 182 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278637328
Comment:
This works and is in the updated PR.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (22 preceding siblings ...)
2023-07-30 23:32 ` zmudc
@ 2023-07-30 23:33 ` zmudc
2023-07-30 23:34 ` zmudc
` (17 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 23:33 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 192 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278637415
Comment:
Moved this from template to three new patches.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (23 preceding siblings ...)
2023-07-30 23:33 ` zmudc
@ 2023-07-30 23:34 ` zmudc
2023-07-30 23:39 ` zmudc
` (16 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 23:34 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 327 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278637605
Comment:
This is working now with a vncserver service instead of a vncserver-1 service. I also updated README.voidlinux to explain how to add additional servers without using symbolic links.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR REVIEW] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (24 preceding siblings ...)
2023-07-30 23:34 ` zmudc
@ 2023-07-30 23:39 ` zmudc
2023-07-30 23:46 ` zmudc
` (15 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 23:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 313 bytes --]
New review comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#discussion_r1278638256
Comment:
The updated PR is working now without any reference to the display number in the service name. README.voidlinux now explains how to add services on different displays.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (25 preceding siblings ...)
2023-07-30 23:39 ` zmudc
@ 2023-07-30 23:46 ` zmudc
2023-07-31 2:05 ` zmudc
` (14 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-30 23:46 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 763 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1657297383
Comment:
The updated PR has been tested and is ready to be reviewed for the second round. I think it addresses all of the concerns of @classabbyamp.
Thanks.
Also, note that the e-mail address to which github sent messages for this PR does not match the e-mail address I put in the commit message. I haven't firgured out how to fix that yet. I wanted github to use the brchuckz@aol.com address, and I set my public address to that address and used that address in the commit message, but github for some reason sent the comments to my other email address associated with my github account: frchuckz@gmail.com. Sorry about that.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (26 preceding siblings ...)
2023-07-30 23:46 ` zmudc
@ 2023-07-31 2:05 ` zmudc
2023-07-31 2:38 ` [PR PATCH] [Updated] " zmudc
` (13 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-31 2:05 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 860 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1657297383
Comment:
The updated PR has been tested and is ready to be reviewed for the second round. I think it addresses all of the concerns of @classabbyamp.
Thanks.
Also, note that the e-mail address to which github sent messages for this PR does not match the e-mail address I put in the commit message. I haven't firgured out how to fix that yet. I wanted github to use the brchuckz@aol.com address, and I set my public address to that address and used that address in the commit message, but github for some reason sent the comments to my other email address associated with my github account: frchuckz@gmail.com. I think it is because there were more email settings I had to update. Hopefully it is fixed now. Sorry about that.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (27 preceding siblings ...)
2023-07-31 2:05 ` zmudc
@ 2023-07-31 2:38 ` zmudc
2023-07-31 2:49 ` zmudc
` (12 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-31 2:38 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1565 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 13713 bytes --]
From a51702deac8c89308bc5969bed04ccbc4b253202 Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 65 +++++++++++++++
srcpkgs/tigervnc/files/vncserver/conf | 4 +
srcpkgs/tigervnc/files/vncserver/run | 5 ++
srcpkgs/tigervnc/files/xsession | 58 +++++++++++++
.../tigervnc/patches/Xsession-fallback.patch | 15 ++++
.../tigervnc/patches/pam-configuration.patch | 19 +++++
.../patches/use-no-fork-vncsession.patch | 10 +++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 11 ++-
9 files changed, 267 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100644 srcpkgs/tigervnc/files/vncserver/conf
create mode 100644 srcpkgs/tigervnc/files/vncserver/run
create mode 100644 srcpkgs/tigervnc/files/xsession
create mode 100644 srcpkgs/tigervnc/patches/Xsession-fallback.patch
create mode 100644 srcpkgs/tigervnc/patches/pam-configuration.patch
create mode 100644 srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 0000000000000..9eb0947ea87e7
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,65 @@
+The system service /etc/sv/vncserver runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver /var/service
+4. To use another display instead of :1, map the user to the alternate display
+ in /etc/tigervnc/vncserver.users and set DISPLAY to the alternate display
+ in /etc/sv/vncserver/conf
+
+B: Running multiple vncserver services
+
+The administrator can create multiple vncserver services. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo cp /etc/sv/vncserver/run /etc/sv/vncserver-2/run
+$ sudo cp /etc/sv/vncserver/log/run /etc/sv/vncserver-2/log/run
+$ echo DISPLAY=\":2\" > conf.tmp && sudo mv conf.tmp /etc/sv/vncserver-2/conf
+
+creates a system service named vncserver-2 that runs on display :2.
+
+C: Enabling services
+
+For example, to enable two two vncserver services, vncserver and vncserver-2:
+
+$ sudo ln -s /etc/sv/vncserver /var/service
+$ sudo ln -s /etc/sv/vncserver-2 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Upstream warns that vncserver should not be run on an untrusted LAN. Upstream
+has some suggestions for securing vncserver on an untrusted network at these links:
+
+https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/vncserver%40.service.in
+
+https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver/conf b/srcpkgs/tigervnc/files/vncserver/conf
new file mode 100644
index 0000000000000..42a4e437a46ec
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/conf
@@ -0,0 +1,4 @@
+# Set alternate display
+# If not set, vncserver will use DISPLAY=":1"
+# E.g.:
+# DISPLAY=":2"
diff --git a/srcpkgs/tigervnc/files/vncserver/run b/srcpkgs/tigervnc/files/vncserver/run
new file mode 100644
index 0000000000000..401d31d41af24
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+sv check dbus >/dev/null || exit 1
+exec 2>&1
+[ -r ./conf ] && . ./conf
+exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
diff --git a/srcpkgs/tigervnc/files/xsession b/srcpkgs/tigervnc/files/xsession
new file mode 100644
index 0000000000000..f61a76b146b06
--- /dev/null
+++ b/srcpkgs/tigervnc/files/xsession
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Fallback TigerVNC wrapper to run around X sessions.
+# Used on systems that do not have /etc/X11/xinit/Xsession or /etc/X11/Xsession
+
+echo "Running X session wrapper"
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ . "$file"
+ fi
+done
+
+# Load resources
+for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
+ if [ -f "$file" ]; then
+ echo "Loading resource: $file"
+ xrdb -nocpp -merge "$file"
+ fi
+done
+
+# Load keymaps
+for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading keymap: $file"
+ setxkbmap `cat "$file"`
+ XKB_IN_USE=yes
+ fi
+done
+
+# Load xmodmap if not using XKB
+if [ -z "$XKB_IN_USE" ]; then
+ for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading modmap: $file"
+ xmodmap "$file"
+ fi
+ done
+fi
+
+unset XKB_IN_USE
+
+# Run all system xinitrc shell scripts.
+xinitdir="/etc/X11/xinit/xinitrc.d"
+if [ -d "$xinitdir" ]; then
+ for script in $xinitdir/*; do
+ echo "Loading xinit script $script"
+ if [ -x "$script" -a ! -d "$script" ]; then
+ . "$script"
+ fi
+ done
+fi
+
+echo "X session wrapper complete, running session $@"
+
+exec $@
diff --git a/srcpkgs/tigervnc/patches/Xsession-fallback.patch b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
new file mode 100644
index 0000000000000..0dc837548fe02
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
@@ -0,0 +1,15 @@
+Some Void systems, inluding an installation from the live image, do not have an
+Xsession script where upstream expects it to be, so use the fallback Xsession
+script provided by the Void tigervnc package.
+
+--- a/unix/vncserver/vncserver.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncserver.in 2023-07-30 17:55:47.604000000 -0400
+@@ -439,7 +439,7 @@
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
++ foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession", "/etc/tigervnc/Xsession-fallback") {
+ if (-x "$cmd") {
+ $Xsession = $cmd;
+ last;
diff --git a/srcpkgs/tigervnc/patches/pam-configuration.patch b/srcpkgs/tigervnc/patches/pam-configuration.patch
new file mode 100644
index 0000000000000..42046c49860fc
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/pam-configuration.patch
@@ -0,0 +1,19 @@
+Void requires some tweaks to the default upstream PAM configuration.
+
+--- a/unix/vncserver/tigervnc.pam 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/tigervnc.pam 2023-07-30 17:54:21.281000000 -0400
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ # pam_selinux.so close should be the first session rule
+--session required pam_selinux.so close
++-session optional pam_selinux.so close
+ session required pam_loginuid.so
+--session required pam_selinux.so open
++-session optional pam_selinux.so open
+ session required pam_namespace.so
+ session optional pam_keyinit.so force revoke
+ session required pam_limits.so
+--session optional pam_systemd.so
++-session optional pam_elogind.so
+ session required pam_unix.so
+ -session optional pam_reauthorize.so prepare
diff --git a/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
new file mode 100644
index 0000000000000..fcdd5cf59cfb5
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
@@ -0,0 +1,10 @@
+On Void, use the non-forking option -D when starting vncsession
+
+--- a/unix/vncserver/vncsession-start.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncsession-start.in 2023-07-30 17:53:09.330000000 -0400
+@@ -40,4 +40,4 @@
+ exit 1
+ fi
+
+-exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" "${USER}" "${DISPLAY}"
++exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" -D "${USER}" "${DISPLAY}"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 0000000000000..d54c4b24ed70e
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f1..3f873b5a8f277 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -58,6 +62,9 @@ post_build() {
}
post_install() {
+ vinstall ${FILESDIR}/xsession 755 etc/tigervnc Xsession-fallback
+ vsv vncserver
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (28 preceding siblings ...)
2023-07-31 2:38 ` [PR PATCH] [Updated] " zmudc
@ 2023-07-31 2:49 ` zmudc
2023-07-31 3:43 ` [PR PATCH] [Updated] " zmudc
` (11 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-31 2:49 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 975 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1657297383
Comment:
The updated PR has been tested and is ready to be reviewed for the second round. I think it addresses all of the concerns of @classabbyamp. Sorry about the noise but I think the PR is OK now - it has one commit and it has fixed a typo in README.voidlinux
Thanks.
Also, note that the e-mail address to which github sent messages for this PR does not match the e-mail address I put in the commit message. I haven't firgured out how to fix that yet. I wanted github to use the brchuckz@aol.com address, and I set my public address to that address and used that address in the commit message, but github for some reason sent the comments to my other email address associated with my github account: frchuckz@gmail.com. I think it is because there were more email settings I had to update. Hopefully it is fixed now. Sorry about that.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (29 preceding siblings ...)
2023-07-31 2:49 ` zmudc
@ 2023-07-31 3:43 ` zmudc
2023-08-01 0:07 ` zmudc
` (10 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-07-31 3:43 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1668 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to provide an option to prevent it from forking
- patch vncsession-start.in to use the option to prevent vncsession from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 13283 bytes --]
From fa62fe4a8b86f8ccd7347a6362e28ee88cd4f08b Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 65 +++++++++++++++
srcpkgs/tigervnc/files/vncserver/run | 5 ++
srcpkgs/tigervnc/files/xsession | 58 +++++++++++++
.../tigervnc/patches/Xsession-fallback.patch | 15 ++++
.../tigervnc/patches/pam-configuration.patch | 19 +++++
.../patches/use-no-fork-vncsession.patch | 10 +++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 11 ++-
8 files changed, 263 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100644 srcpkgs/tigervnc/files/vncserver/run
create mode 100644 srcpkgs/tigervnc/files/xsession
create mode 100644 srcpkgs/tigervnc/patches/Xsession-fallback.patch
create mode 100644 srcpkgs/tigervnc/patches/pam-configuration.patch
create mode 100644 srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 0000000000000..9eb0947ea87e7
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,65 @@
+The system service /etc/sv/vncserver runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver /var/service
+4. To use another display instead of :1, map the user to the alternate display
+ in /etc/tigervnc/vncserver.users and set DISPLAY to the alternate display
+ in /etc/sv/vncserver/conf
+
+B: Running multiple vncserver services
+
+The administrator can create multiple vncserver services. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo cp /etc/sv/vncserver/run /etc/sv/vncserver-2/run
+$ sudo cp /etc/sv/vncserver/log/run /etc/sv/vncserver-2/log/run
+$ echo DISPLAY=\":2\" > conf.tmp && sudo mv conf.tmp /etc/sv/vncserver-2/conf
+
+creates a system service named vncserver-2 that runs on display :2.
+
+C: Enabling services
+
+For example, to enable two two vncserver services, vncserver and vncserver-2:
+
+$ sudo ln -s /etc/sv/vncserver /var/service
+$ sudo ln -s /etc/sv/vncserver-2 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Upstream warns that vncserver should not be run on an untrusted LAN. Upstream
+has some suggestions for securing vncserver on an untrusted network at these links:
+
+https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/vncserver%40.service.in
+
+https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver/run b/srcpkgs/tigervnc/files/vncserver/run
new file mode 100644
index 0000000000000..401d31d41af24
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+sv check dbus >/dev/null || exit 1
+exec 2>&1
+[ -r ./conf ] && . ./conf
+exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
diff --git a/srcpkgs/tigervnc/files/xsession b/srcpkgs/tigervnc/files/xsession
new file mode 100644
index 0000000000000..f61a76b146b06
--- /dev/null
+++ b/srcpkgs/tigervnc/files/xsession
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Fallback TigerVNC wrapper to run around X sessions.
+# Used on systems that do not have /etc/X11/xinit/Xsession or /etc/X11/Xsession
+
+echo "Running X session wrapper"
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ . "$file"
+ fi
+done
+
+# Load resources
+for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
+ if [ -f "$file" ]; then
+ echo "Loading resource: $file"
+ xrdb -nocpp -merge "$file"
+ fi
+done
+
+# Load keymaps
+for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading keymap: $file"
+ setxkbmap `cat "$file"`
+ XKB_IN_USE=yes
+ fi
+done
+
+# Load xmodmap if not using XKB
+if [ -z "$XKB_IN_USE" ]; then
+ for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading modmap: $file"
+ xmodmap "$file"
+ fi
+ done
+fi
+
+unset XKB_IN_USE
+
+# Run all system xinitrc shell scripts.
+xinitdir="/etc/X11/xinit/xinitrc.d"
+if [ -d "$xinitdir" ]; then
+ for script in $xinitdir/*; do
+ echo "Loading xinit script $script"
+ if [ -x "$script" -a ! -d "$script" ]; then
+ . "$script"
+ fi
+ done
+fi
+
+echo "X session wrapper complete, running session $@"
+
+exec $@
diff --git a/srcpkgs/tigervnc/patches/Xsession-fallback.patch b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
new file mode 100644
index 0000000000000..0dc837548fe02
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
@@ -0,0 +1,15 @@
+Some Void systems, inluding an installation from the live image, do not have an
+Xsession script where upstream expects it to be, so use the fallback Xsession
+script provided by the Void tigervnc package.
+
+--- a/unix/vncserver/vncserver.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncserver.in 2023-07-30 17:55:47.604000000 -0400
+@@ -439,7 +439,7 @@
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
++ foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession", "/etc/tigervnc/Xsession-fallback") {
+ if (-x "$cmd") {
+ $Xsession = $cmd;
+ last;
diff --git a/srcpkgs/tigervnc/patches/pam-configuration.patch b/srcpkgs/tigervnc/patches/pam-configuration.patch
new file mode 100644
index 0000000000000..42046c49860fc
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/pam-configuration.patch
@@ -0,0 +1,19 @@
+Void requires some tweaks to the default upstream PAM configuration.
+
+--- a/unix/vncserver/tigervnc.pam 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/tigervnc.pam 2023-07-30 17:54:21.281000000 -0400
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ # pam_selinux.so close should be the first session rule
+--session required pam_selinux.so close
++-session optional pam_selinux.so close
+ session required pam_loginuid.so
+--session required pam_selinux.so open
++-session optional pam_selinux.so open
+ session required pam_namespace.so
+ session optional pam_keyinit.so force revoke
+ session required pam_limits.so
+--session optional pam_systemd.so
++-session optional pam_elogind.so
+ session required pam_unix.so
+ -session optional pam_reauthorize.so prepare
diff --git a/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
new file mode 100644
index 0000000000000..fcdd5cf59cfb5
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
@@ -0,0 +1,10 @@
+On Void, use the non-forking option -D when starting vncsession
+
+--- a/unix/vncserver/vncsession-start.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncsession-start.in 2023-07-30 17:53:09.330000000 -0400
+@@ -40,4 +40,4 @@
+ exit 1
+ fi
+
+-exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" "${USER}" "${DISPLAY}"
++exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" -D "${USER}" "${DISPLAY}"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 0000000000000..d54c4b24ed70e
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f1..3f873b5a8f277 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -58,6 +62,9 @@ post_build() {
}
post_install() {
+ vinstall ${FILESDIR}/xsession 755 etc/tigervnc Xsession-fallback
+ vsv vncserver
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (30 preceding siblings ...)
2023-07-31 3:43 ` [PR PATCH] [Updated] " zmudc
@ 2023-08-01 0:07 ` zmudc
2023-08-01 0:10 ` zmudc
` (9 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-01 0:07 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1668 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to provide an option to prevent it from forking
- patch vncsession-start.in to use the option to prevent vncsession from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 13279 bytes --]
From c2ea9a18867be9a23f9ef55646a51bc5e5e634f7 Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 65 +++++++++++++++
srcpkgs/tigervnc/files/vncserver/run | 5 ++
srcpkgs/tigervnc/files/xsession | 58 +++++++++++++
.../tigervnc/patches/Xsession-fallback.patch | 15 ++++
.../tigervnc/patches/pam-configuration.patch | 19 +++++
.../patches/use-no-fork-vncsession.patch | 10 +++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 11 ++-
8 files changed, 263 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100644 srcpkgs/tigervnc/files/vncserver/run
create mode 100644 srcpkgs/tigervnc/files/xsession
create mode 100644 srcpkgs/tigervnc/patches/Xsession-fallback.patch
create mode 100644 srcpkgs/tigervnc/patches/pam-configuration.patch
create mode 100644 srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 0000000000000..ff457adae5833
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,65 @@
+The system service /etc/sv/vncserver runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver /var/service
+4. To use another display instead of :1, map the user to the alternate display
+ in /etc/tigervnc/vncserver.users and set DISPLAY to the alternate display
+ in /etc/sv/vncserver/conf
+
+B: Running multiple vncserver services
+
+The administrator can create multiple vncserver services. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo cp /etc/sv/vncserver/run /etc/sv/vncserver-2/run
+$ sudo cp /etc/sv/vncserver/log/run /etc/sv/vncserver-2/log/run
+$ echo DISPLAY=\":2\" > conf.tmp && sudo mv conf.tmp /etc/sv/vncserver-2/conf
+
+creates a system service named vncserver-2 that runs on display :2.
+
+C: Enabling services
+
+For example, to enable two vncserver services, vncserver and vncserver-2:
+
+$ sudo ln -s /etc/sv/vncserver /var/service
+$ sudo ln -s /etc/sv/vncserver-2 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Upstream warns that vncserver should not be run on an untrusted LAN. Upstream
+has some suggestions for securing vncserver on an untrusted network at these links:
+
+https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/vncserver%40.service.in
+
+https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver/run b/srcpkgs/tigervnc/files/vncserver/run
new file mode 100644
index 0000000000000..401d31d41af24
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+sv check dbus >/dev/null || exit 1
+exec 2>&1
+[ -r ./conf ] && . ./conf
+exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
diff --git a/srcpkgs/tigervnc/files/xsession b/srcpkgs/tigervnc/files/xsession
new file mode 100644
index 0000000000000..f61a76b146b06
--- /dev/null
+++ b/srcpkgs/tigervnc/files/xsession
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Fallback TigerVNC wrapper to run around X sessions.
+# Used on systems that do not have /etc/X11/xinit/Xsession or /etc/X11/Xsession
+
+echo "Running X session wrapper"
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ . "$file"
+ fi
+done
+
+# Load resources
+for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
+ if [ -f "$file" ]; then
+ echo "Loading resource: $file"
+ xrdb -nocpp -merge "$file"
+ fi
+done
+
+# Load keymaps
+for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading keymap: $file"
+ setxkbmap `cat "$file"`
+ XKB_IN_USE=yes
+ fi
+done
+
+# Load xmodmap if not using XKB
+if [ -z "$XKB_IN_USE" ]; then
+ for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading modmap: $file"
+ xmodmap "$file"
+ fi
+ done
+fi
+
+unset XKB_IN_USE
+
+# Run all system xinitrc shell scripts.
+xinitdir="/etc/X11/xinit/xinitrc.d"
+if [ -d "$xinitdir" ]; then
+ for script in $xinitdir/*; do
+ echo "Loading xinit script $script"
+ if [ -x "$script" -a ! -d "$script" ]; then
+ . "$script"
+ fi
+ done
+fi
+
+echo "X session wrapper complete, running session $@"
+
+exec $@
diff --git a/srcpkgs/tigervnc/patches/Xsession-fallback.patch b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
new file mode 100644
index 0000000000000..0dc837548fe02
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
@@ -0,0 +1,15 @@
+Some Void systems, inluding an installation from the live image, do not have an
+Xsession script where upstream expects it to be, so use the fallback Xsession
+script provided by the Void tigervnc package.
+
+--- a/unix/vncserver/vncserver.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncserver.in 2023-07-30 17:55:47.604000000 -0400
+@@ -439,7 +439,7 @@
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
++ foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession", "/etc/tigervnc/Xsession-fallback") {
+ if (-x "$cmd") {
+ $Xsession = $cmd;
+ last;
diff --git a/srcpkgs/tigervnc/patches/pam-configuration.patch b/srcpkgs/tigervnc/patches/pam-configuration.patch
new file mode 100644
index 0000000000000..42046c49860fc
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/pam-configuration.patch
@@ -0,0 +1,19 @@
+Void requires some tweaks to the default upstream PAM configuration.
+
+--- a/unix/vncserver/tigervnc.pam 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/tigervnc.pam 2023-07-30 17:54:21.281000000 -0400
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ # pam_selinux.so close should be the first session rule
+--session required pam_selinux.so close
++-session optional pam_selinux.so close
+ session required pam_loginuid.so
+--session required pam_selinux.so open
++-session optional pam_selinux.so open
+ session required pam_namespace.so
+ session optional pam_keyinit.so force revoke
+ session required pam_limits.so
+--session optional pam_systemd.so
++-session optional pam_elogind.so
+ session required pam_unix.so
+ -session optional pam_reauthorize.so prepare
diff --git a/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
new file mode 100644
index 0000000000000..fcdd5cf59cfb5
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
@@ -0,0 +1,10 @@
+On Void, use the non-forking option -D when starting vncsession
+
+--- a/unix/vncserver/vncsession-start.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncsession-start.in 2023-07-30 17:53:09.330000000 -0400
+@@ -40,4 +40,4 @@
+ exit 1
+ fi
+
+-exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" "${USER}" "${DISPLAY}"
++exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" -D "${USER}" "${DISPLAY}"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 0000000000000..d54c4b24ed70e
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f1..3f873b5a8f277 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -58,6 +62,9 @@ post_build() {
}
post_install() {
+ vinstall ${FILESDIR}/xsession 755 etc/tigervnc Xsession-fallback
+ vsv vncserver
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (31 preceding siblings ...)
2023-08-01 0:07 ` zmudc
@ 2023-08-01 0:10 ` zmudc
2023-08-07 15:16 ` zmudc
` (8 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-01 0:10 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 264 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1659373693
Comment:
This last push just corrected a typo in README.voidlinux - there was a repeated word. Prior to this, all eight tests passed.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (32 preceding siblings ...)
2023-08-01 0:10 ` zmudc
@ 2023-08-07 15:16 ` zmudc
2023-08-11 2:48 ` zmudc
` (7 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-07 15:16 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 974 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1657297383
Comment:
The updated PR has been tested and is ready to be reviewed for the second round. I think it addresses all of the concerns of @classabbyamp. Sorry about the noise but I think the PR is OK now - it has one commit and it has fixed a typo in README.voidlinux
Thanks.
Also, note that the e-mail address to which github sent messages for this PR does not match the e-mail address I put in the commit message. I haven't figured out how to fix that yet. I wanted github to use the brchuckz@aol.com address, and I set my public address to that address and used that address in the commit message, but github for some reason sent the comments to my other email address associated with my github account: frchuckz@gmail.com. I think it is because there were more email settings I had to update. Hopefully it is fixed now. Sorry about that.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (33 preceding siblings ...)
2023-08-07 15:16 ` zmudc
@ 2023-08-11 2:48 ` zmudc
2023-08-11 2:56 ` zmudc
` (6 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-11 2:48 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 213 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1674152879
Comment:
This PR resolves https://github.com/void-linux/void-packages/issues/45522
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (34 preceding siblings ...)
2023-08-11 2:48 ` zmudc
@ 2023-08-11 2:56 ` zmudc
2023-08-17 19:33 ` [PR PATCH] [Updated] " zmudc
` (5 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-11 2:56 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 213 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1674152879
Comment:
This PR resolves https://github.com/void-linux/void-packages/issues/45522
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (35 preceding siblings ...)
2023-08-11 2:56 ` zmudc
@ 2023-08-17 19:33 ` zmudc
2023-08-17 19:46 ` ahesford
` (4 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-17 19:33 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1827 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to provide an option to prevent it from forking
- patch vncsession-start.in to use the option to prevent vncsession from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649. The patch has been submitted to upstream as https://github.com/TigerVNC/tigervnc/pull/1651
Closes https://github.com/void-linux/void-packages/issues/45522
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 13279 bytes --]
From c2ea9a18867be9a23f9ef55646a51bc5e5e634f7 Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 65 +++++++++++++++
srcpkgs/tigervnc/files/vncserver/run | 5 ++
srcpkgs/tigervnc/files/xsession | 58 +++++++++++++
.../tigervnc/patches/Xsession-fallback.patch | 15 ++++
.../tigervnc/patches/pam-configuration.patch | 19 +++++
.../patches/use-no-fork-vncsession.patch | 10 +++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 11 ++-
8 files changed, 263 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100644 srcpkgs/tigervnc/files/vncserver/run
create mode 100644 srcpkgs/tigervnc/files/xsession
create mode 100644 srcpkgs/tigervnc/patches/Xsession-fallback.patch
create mode 100644 srcpkgs/tigervnc/patches/pam-configuration.patch
create mode 100644 srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 0000000000000..ff457adae5833
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,65 @@
+The system service /etc/sv/vncserver runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver /var/service
+4. To use another display instead of :1, map the user to the alternate display
+ in /etc/tigervnc/vncserver.users and set DISPLAY to the alternate display
+ in /etc/sv/vncserver/conf
+
+B: Running multiple vncserver services
+
+The administrator can create multiple vncserver services. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo cp /etc/sv/vncserver/run /etc/sv/vncserver-2/run
+$ sudo cp /etc/sv/vncserver/log/run /etc/sv/vncserver-2/log/run
+$ echo DISPLAY=\":2\" > conf.tmp && sudo mv conf.tmp /etc/sv/vncserver-2/conf
+
+creates a system service named vncserver-2 that runs on display :2.
+
+C: Enabling services
+
+For example, to enable two vncserver services, vncserver and vncserver-2:
+
+$ sudo ln -s /etc/sv/vncserver /var/service
+$ sudo ln -s /etc/sv/vncserver-2 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Upstream warns that vncserver should not be run on an untrusted LAN. Upstream
+has some suggestions for securing vncserver on an untrusted network at these links:
+
+https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/vncserver%40.service.in
+
+https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver/run b/srcpkgs/tigervnc/files/vncserver/run
new file mode 100644
index 0000000000000..401d31d41af24
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+sv check dbus >/dev/null || exit 1
+exec 2>&1
+[ -r ./conf ] && . ./conf
+exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
diff --git a/srcpkgs/tigervnc/files/xsession b/srcpkgs/tigervnc/files/xsession
new file mode 100644
index 0000000000000..f61a76b146b06
--- /dev/null
+++ b/srcpkgs/tigervnc/files/xsession
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Fallback TigerVNC wrapper to run around X sessions.
+# Used on systems that do not have /etc/X11/xinit/Xsession or /etc/X11/Xsession
+
+echo "Running X session wrapper"
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ . "$file"
+ fi
+done
+
+# Load resources
+for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
+ if [ -f "$file" ]; then
+ echo "Loading resource: $file"
+ xrdb -nocpp -merge "$file"
+ fi
+done
+
+# Load keymaps
+for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading keymap: $file"
+ setxkbmap `cat "$file"`
+ XKB_IN_USE=yes
+ fi
+done
+
+# Load xmodmap if not using XKB
+if [ -z "$XKB_IN_USE" ]; then
+ for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading modmap: $file"
+ xmodmap "$file"
+ fi
+ done
+fi
+
+unset XKB_IN_USE
+
+# Run all system xinitrc shell scripts.
+xinitdir="/etc/X11/xinit/xinitrc.d"
+if [ -d "$xinitdir" ]; then
+ for script in $xinitdir/*; do
+ echo "Loading xinit script $script"
+ if [ -x "$script" -a ! -d "$script" ]; then
+ . "$script"
+ fi
+ done
+fi
+
+echo "X session wrapper complete, running session $@"
+
+exec $@
diff --git a/srcpkgs/tigervnc/patches/Xsession-fallback.patch b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
new file mode 100644
index 0000000000000..0dc837548fe02
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
@@ -0,0 +1,15 @@
+Some Void systems, inluding an installation from the live image, do not have an
+Xsession script where upstream expects it to be, so use the fallback Xsession
+script provided by the Void tigervnc package.
+
+--- a/unix/vncserver/vncserver.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncserver.in 2023-07-30 17:55:47.604000000 -0400
+@@ -439,7 +439,7 @@
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
++ foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession", "/etc/tigervnc/Xsession-fallback") {
+ if (-x "$cmd") {
+ $Xsession = $cmd;
+ last;
diff --git a/srcpkgs/tigervnc/patches/pam-configuration.patch b/srcpkgs/tigervnc/patches/pam-configuration.patch
new file mode 100644
index 0000000000000..42046c49860fc
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/pam-configuration.patch
@@ -0,0 +1,19 @@
+Void requires some tweaks to the default upstream PAM configuration.
+
+--- a/unix/vncserver/tigervnc.pam 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/tigervnc.pam 2023-07-30 17:54:21.281000000 -0400
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ # pam_selinux.so close should be the first session rule
+--session required pam_selinux.so close
++-session optional pam_selinux.so close
+ session required pam_loginuid.so
+--session required pam_selinux.so open
++-session optional pam_selinux.so open
+ session required pam_namespace.so
+ session optional pam_keyinit.so force revoke
+ session required pam_limits.so
+--session optional pam_systemd.so
++-session optional pam_elogind.so
+ session required pam_unix.so
+ -session optional pam_reauthorize.so prepare
diff --git a/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
new file mode 100644
index 0000000000000..fcdd5cf59cfb5
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
@@ -0,0 +1,10 @@
+On Void, use the non-forking option -D when starting vncsession
+
+--- a/unix/vncserver/vncsession-start.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncsession-start.in 2023-07-30 17:53:09.330000000 -0400
+@@ -40,4 +40,4 @@
+ exit 1
+ fi
+
+-exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" "${USER}" "${DISPLAY}"
++exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" -D "${USER}" "${DISPLAY}"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 0000000000000..d54c4b24ed70e
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f1..3f873b5a8f277 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -58,6 +62,9 @@ post_build() {
}
post_install() {
+ vinstall ${FILESDIR}/xsession 755 etc/tigervnc Xsession-fallback
+ vsv vncserver
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (36 preceding siblings ...)
2023-08-17 19:33 ` [PR PATCH] [Updated] " zmudc
@ 2023-08-17 19:46 ` ahesford
2023-08-17 19:56 ` [PR PATCH] [Updated] " zmudc
` (3 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: ahesford @ 2023-08-17 19:46 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 212 bytes --]
New comment by ahesford on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1682870675
Comment:
We won't accept the non-daemonize patch until it's accepted upstream.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Updated] tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (37 preceding siblings ...)
2023-08-17 19:46 ` ahesford
@ 2023-08-17 19:56 ` zmudc
2023-08-17 20:00 ` zmudc
` (2 subsequent siblings)
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-17 19:56 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1827 bytes --]
There is an updated pull request by zmudc against master on the void-packages repository
https://github.com/zmudc/void-packages tigervnc-update
https://github.com/void-linux/void-packages/pull/45307
tigervnc: update to 1.13.1, add service directory
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to provide an option to prevent it from forking
- patch vncsession-start.in to use the option to prevent vncsession from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649. The patch has been submitted to upstream as https://github.com/TigerVNC/tigervnc/pull/1651
Closes https://github.com/void-linux/void-packages/issues/45522
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
A patch file from https://github.com/void-linux/void-packages/pull/45307.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tigervnc-update-45307.patch --]
[-- Type: text/x-diff, Size: 13279 bytes --]
From c2ea9a18867be9a23f9ef55646a51bc5e5e634f7 Mon Sep 17 00:00:00 2001
From: Chuck Zmudzinski <brchuckz@aol.com>
Date: Sat, 29 Jul 2023 01:39:01 -0400
Subject: [PATCH] tigervnc: update to 1.13.1, add service directory
Also add necessary customizations:
- Void-compatible PAM configuration
- fallback Xsession wrapper script
- define conf_files
- README.voidlinux file
- patch vncsession.c to prevent it from forking
The patch to vncsession.c hopefully will be accepted upstream to fix
upstream issue https://github.com/TigerVNC/tigervnc/issues/1649
Signed-off-by: Chuck Zmudzinski <brchuckz@aol.com>
---
srcpkgs/tigervnc/files/README.voidlinux | 65 +++++++++++++++
srcpkgs/tigervnc/files/vncserver/run | 5 ++
srcpkgs/tigervnc/files/xsession | 58 +++++++++++++
.../tigervnc/patches/Xsession-fallback.patch | 15 ++++
.../tigervnc/patches/pam-configuration.patch | 19 +++++
.../patches/use-no-fork-vncsession.patch | 10 +++
.../tigervnc/patches/vncsession-no-fork.patch | 82 +++++++++++++++++++
srcpkgs/tigervnc/template | 11 ++-
8 files changed, 263 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/tigervnc/files/README.voidlinux
create mode 100644 srcpkgs/tigervnc/files/vncserver/run
create mode 100644 srcpkgs/tigervnc/files/xsession
create mode 100644 srcpkgs/tigervnc/patches/Xsession-fallback.patch
create mode 100644 srcpkgs/tigervnc/patches/pam-configuration.patch
create mode 100644 srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
create mode 100644 srcpkgs/tigervnc/patches/vncsession-no-fork.patch
diff --git a/srcpkgs/tigervnc/files/README.voidlinux b/srcpkgs/tigervnc/files/README.voidlinux
new file mode 100644
index 0000000000000..ff457adae5833
--- /dev/null
+++ b/srcpkgs/tigervnc/files/README.voidlinux
@@ -0,0 +1,65 @@
+The system service /etc/sv/vncserver runs a TigerVNC server on DISPLAY :1
+
+A. Quick start
+
+1. Map a user to display :1 in /etc/tigervnc/vncserver.users
+2. Configure session, geometry, security, etc. - see man pages for details
+3. Enable the service: $ sudo ln -s /etc/sv/vncserver /var/service
+4. To use another display instead of :1, map the user to the alternate display
+ in /etc/tigervnc/vncserver.users and set DISPLAY to the alternate display
+ in /etc/sv/vncserver/conf
+
+B: Running multiple vncserver services
+
+The administrator can create multiple vncserver services. For example:
+
+$ sudo mkdir -p /etc/sv/vncserver-2/log
+$ sudo cp /etc/sv/vncserver/run /etc/sv/vncserver-2/run
+$ sudo cp /etc/sv/vncserver/log/run /etc/sv/vncserver-2/log/run
+$ echo DISPLAY=\":2\" > conf.tmp && sudo mv conf.tmp /etc/sv/vncserver-2/conf
+
+creates a system service named vncserver-2 that runs on display :2.
+
+C: Enabling services
+
+For example, to enable two vncserver services, vncserver and vncserver-2:
+
+$ sudo ln -s /etc/sv/vncserver /var/service
+$ sudo ln -s /etc/sv/vncserver-2 /var/service
+
+Do not enable a service for a display before that display is mapped
+to a user in /etc/tigervnc/vncserver.users.
+
+D. Security warning
+
+Upstream warns that vncserver should not be run on an untrusted LAN. Upstream
+has some suggestions for securing vncserver on an untrusted network at these links:
+
+https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/vncserver%40.service.in
+
+https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
+
+E: The Xsession wrapper script
+
+The upstream TigerVNC server requires a system-wide Xsession wrapper script at
+/etc/X11/xinit/Xsession or /etc/X11/Xsession, but not all Void systems have
+such a file.
+
+So the tigervnc package provides a minimal Xsession wrapper script
+in /etc/tigervnc/Xsession-fallback. It is only used if neither
+/etc/X11/xinit/Xsession nor /etc/X11/Xsession exists. Currently, this
+is the Xsession script provided by the lightdm display manager package.
+
+This way, if there is an Xsession wrapper script where upstream
+TigerVNC expects it to be, that script will be used instead of
+the minimal wrapper provided by the Void tigervnc package.
+
+As an alternative to the minimal Xsession wrapper script, one
+can use any other suitable Xsession script. For example, do:
+
+$ sudo ln -s /etc/lxdm/Xsession /etc/X11/xinit/Xsession
+
+and the TigerVNC server will use the lxdm Xsession script instead.
+
+The administrator can also write any suitable Xsession script for
+custom needs and install it under /etc/X11/xinit or /etc/X11.
diff --git a/srcpkgs/tigervnc/files/vncserver/run b/srcpkgs/tigervnc/files/vncserver/run
new file mode 100644
index 0000000000000..401d31d41af24
--- /dev/null
+++ b/srcpkgs/tigervnc/files/vncserver/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+sv check dbus >/dev/null || exit 1
+exec 2>&1
+[ -r ./conf ] && . ./conf
+exec /usr/libexec/vncsession-start "${DISPLAY:-:1}"
diff --git a/srcpkgs/tigervnc/files/xsession b/srcpkgs/tigervnc/files/xsession
new file mode 100644
index 0000000000000..f61a76b146b06
--- /dev/null
+++ b/srcpkgs/tigervnc/files/xsession
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Fallback TigerVNC wrapper to run around X sessions.
+# Used on systems that do not have /etc/X11/xinit/Xsession or /etc/X11/Xsession
+
+echo "Running X session wrapper"
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ . "$file"
+ fi
+done
+
+# Load resources
+for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
+ if [ -f "$file" ]; then
+ echo "Loading resource: $file"
+ xrdb -nocpp -merge "$file"
+ fi
+done
+
+# Load keymaps
+for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading keymap: $file"
+ setxkbmap `cat "$file"`
+ XKB_IN_USE=yes
+ fi
+done
+
+# Load xmodmap if not using XKB
+if [ -z "$XKB_IN_USE" ]; then
+ for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
+ if [ -f "$file" ]; then
+ echo "Loading modmap: $file"
+ xmodmap "$file"
+ fi
+ done
+fi
+
+unset XKB_IN_USE
+
+# Run all system xinitrc shell scripts.
+xinitdir="/etc/X11/xinit/xinitrc.d"
+if [ -d "$xinitdir" ]; then
+ for script in $xinitdir/*; do
+ echo "Loading xinit script $script"
+ if [ -x "$script" -a ! -d "$script" ]; then
+ . "$script"
+ fi
+ done
+fi
+
+echo "X session wrapper complete, running session $@"
+
+exec $@
diff --git a/srcpkgs/tigervnc/patches/Xsession-fallback.patch b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
new file mode 100644
index 0000000000000..0dc837548fe02
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/Xsession-fallback.patch
@@ -0,0 +1,15 @@
+Some Void systems, inluding an installation from the live image, do not have an
+Xsession script where upstream expects it to be, so use the fallback Xsession
+script provided by the Void tigervnc package.
+
+--- a/unix/vncserver/vncserver.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncserver.in 2023-07-30 17:55:47.604000000 -0400
+@@ -439,7 +439,7 @@
+ die "$prog: couldn't find \"$cmd\" on your PATH.\n";
+ }
+
+- foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession") {
++ foreach $cmd ("/etc/X11/xinit/Xsession", "/etc/X11/Xsession", "/etc/tigervnc/Xsession-fallback") {
+ if (-x "$cmd") {
+ $Xsession = $cmd;
+ last;
diff --git a/srcpkgs/tigervnc/patches/pam-configuration.patch b/srcpkgs/tigervnc/patches/pam-configuration.patch
new file mode 100644
index 0000000000000..42046c49860fc
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/pam-configuration.patch
@@ -0,0 +1,19 @@
+Void requires some tweaks to the default upstream PAM configuration.
+
+--- a/unix/vncserver/tigervnc.pam 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/tigervnc.pam 2023-07-30 17:54:21.281000000 -0400
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ # pam_selinux.so close should be the first session rule
+--session required pam_selinux.so close
++-session optional pam_selinux.so close
+ session required pam_loginuid.so
+--session required pam_selinux.so open
++-session optional pam_selinux.so open
+ session required pam_namespace.so
+ session optional pam_keyinit.so force revoke
+ session required pam_limits.so
+--session optional pam_systemd.so
++-session optional pam_elogind.so
+ session required pam_unix.so
+ -session optional pam_reauthorize.so prepare
diff --git a/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
new file mode 100644
index 0000000000000..fcdd5cf59cfb5
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/use-no-fork-vncsession.patch
@@ -0,0 +1,10 @@
+On Void, use the non-forking option -D when starting vncsession
+
+--- a/unix/vncserver/vncsession-start.in 2023-02-28 10:11:20.000000000 -0500
++++ b/unix/vncserver/vncsession-start.in 2023-07-30 17:53:09.330000000 -0400
+@@ -40,4 +40,4 @@
+ exit 1
+ fi
+
+-exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" "${USER}" "${DISPLAY}"
++exec "@CMAKE_INSTALL_FULL_SBINDIR@/vncsession" -D "${USER}" "${DISPLAY}"
diff --git a/srcpkgs/tigervnc/patches/vncsession-no-fork.patch b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
new file mode 100644
index 0000000000000..d54c4b24ed70e
--- /dev/null
+++ b/srcpkgs/tigervnc/patches/vncsession-no-fork.patch
@@ -0,0 +1,82 @@
+Add option to run as a non-forking daemon
+
+See upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649
+
+--- a/unix/vncserver/vncsession.c 2021-11-09 02:51:28.000000000 -0500
++++ b/unix/vncserver/vncsession.c 2023-07-27 17:43:26.711000000 -0400
+@@ -506,14 +506,23 @@
+
+ const char *username, *display;
+
+- if ((argc != 3) || (argv[2][0] != ':')) {
++ int forking = 1;
++ if (argc == 4) {
++ if ((getopt(argc, argv, "D") == 'D') && (argv[3][0] == ':'))
++ forking = 0;
++ else {
++ fprintf(stderr, "Syntax:\n");
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
++ return EX_USAGE;
++ }
++ } else if ((argc != 3) || (argv[2][0] != ':')) {
+ fprintf(stderr, "Syntax:\n");
+- fprintf(stderr, " %s <username> <display>\n", argv[0]);
++ fprintf(stderr, " %s [-D] <username> <display>\n", argv[0]);
+ return EX_USAGE;
+ }
+
+- username = argv[1];
+- display = argv[2];
++ username = argv[argc - 2];
++ display = argv[argc - 1];
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "This program needs to be run as root!\n");
+@@ -529,8 +538,10 @@
+ return EX_OSERR;
+ }
+
+- if (begin_daemon() == -1)
+- return EX_OSERR;
++ if (forking) {
++ if (begin_daemon() == -1)
++ return EX_OSERR;
++ }
+
+ openlog("vncsession", LOG_PID, LOG_AUTH);
+
+@@ -581,7 +592,8 @@
+ fclose(f);
+ }
+
+- finish_daemon();
++ if (forking)
++ finish_daemon();
+
+ while (1) {
+ int status;
+--- a/unix/vncserver/vncsession.man.in 2023-07-27 22:03:56.095000000 -0400
++++ b/unix/vncserver/vncsession.man.in 2023-07-27 22:11:53.605000000 -0400
+@@ -3,6 +3,7 @@
+ vncsession \- start a VNC server
+ .SH SYNOPSIS
+ .B vncsession
++.RI [-D]
+ .RI < username >
+ .RI <: display# >
+ .SH DESCRIPTION
+@@ -16,6 +17,14 @@
+ is rarely called directly and is normally started by the system service
+ manager.
+
++.SH -D OPTION
++.B vncsession
++by default forks and detaches so it normally is a systemd Type=forking service.
++If the -D option is used, it does not fork and detach. This option is provided
++for use with other types of systemd services such as Type=simple and Type=exec
++and for use with non-systemd system service managers that are not compatible
++with Type=forking services.
++
+ .SH FILES
+ Several VNC-related files are found in the directory $HOME/.vnc:
+ .TP
diff --git a/srcpkgs/tigervnc/template b/srcpkgs/tigervnc/template
index a4eb2bab648f1..3f873b5a8f277 100644
--- a/srcpkgs/tigervnc/template
+++ b/srcpkgs/tigervnc/template
@@ -1,6 +1,6 @@
# Template file for 'tigervnc'
pkgname=tigervnc
-version=1.12.0
+version=1.13.1
revision=1
_xorg_version=1.20.0
create_wrksrc=yes
@@ -16,10 +16,14 @@ license="GPL-2.0-or-later"
homepage="https://www.tigervnc.org"
distfiles="https://github.com/TigerVNC/tigervnc/archive/v${version}.tar.gz
${XORG_SITE}/xserver/xorg-server-${_xorg_version}.tar.bz2"
-checksum="9ff3f3948f2a4e8cc06ee598ee4b1096beb62094c13e0b1462bff78587bed789
+checksum="b7c5b8ed9e4e2c2f48c7b2c9f21927db345e542243b4be88e066b2daa3d1ae25
9d967d185f05709274ee0c4f861a4672463986e550ca05725ce27974f550d3e6"
conflicts="turbovnc>=0"
skip_extraction="xorg-server-${_xorg_version}.tar.gz"
+conf_files="
+ /etc/tigervnc/vncserver-config-defaults
+ /etc/tigervnc/vncserver-config-mandatory
+ /etc/tigervnc/vncserver.users"
post_extract() {
mv tigervnc-${version}/* .
@@ -58,6 +62,9 @@ post_build() {
}
post_install() {
+ vinstall ${FILESDIR}/xsession 755 etc/tigervnc Xsession-fallback
+ vsv vncserver
+ vdoc "${FILESDIR}/README.voidlinux"
cd ${wrksrc}/unix/xserver/hw/vnc
make TIGERVNC_BUILDDIR=${wrksrc}/build DESTDIR=${DESTDIR} install
}
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (38 preceding siblings ...)
2023-08-17 19:56 ` [PR PATCH] [Updated] " zmudc
@ 2023-08-17 20:00 ` zmudc
2023-08-17 20:00 ` [PR PATCH] [Closed]: " zmudc
2023-08-17 20:02 ` zmudc
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-17 20:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 337 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1682896495
Comment:
> We won't accept the non-daemonize patch until it's accepted upstream.
OK. I doubt upstream will take it. So I will close this now and re-open if upstream takes the non-daemonize patch. Thanks.
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: [PR PATCH] [Closed]: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (39 preceding siblings ...)
2023-08-17 20:00 ` zmudc
@ 2023-08-17 20:00 ` zmudc
2023-08-17 20:02 ` zmudc
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-17 20:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1667 bytes --]
There's a closed pull request on the void-packages repository
tigervnc: update to 1.13.1, add service directory
https://github.com/void-linux/void-packages/pull/45307
Description:
In addition to updating to the latest version, this commit also fixes multiple issues with this package:
- Upstream only provides a systemd service, but Void needs a runit service
- Upstream presumes a system with SELinux and systemd, but Void does not have SELinux and uses elogind, not systemd
- Upstream requires an Xsession script that is not always present on Void systems
- Upstream only provides a forking and detaching vncsession daemon which is not very compatible with runit
This PR addresses all of the above issues by adding the necessary tweaks for Void:
- Void-compatible PAM configuration for systems without SELinux and elogind instead of systemd
- a fallback Xsession wrapper script
- define conf_files that should not be overwritten on upgrades
- add a README.voidlinux file
- patch vncsession.c to provide an option to prevent it from forking
- patch vncsession-start.in to use the option to prevent vncsession from forking
The patch to vncsession.c hopefully will be accepted upstream to fix upstream issue: https://github.com/TigerVNC/tigervnc/issues/1649. The patch has been submitted to upstream as https://github.com/TigerVNC/tigervnc/pull/1651
Closes https://github.com/void-linux/void-packages/issues/45522
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES** Tested on x86_64-musl, also built for x86_64, checked xlint which passed
^ permalink raw reply [flat|nested] 43+ messages in thread
* Re: tigervnc: update to 1.13.1, add service directory
2023-07-29 6:11 [PR PATCH] tigervnc: update to 1.13.1, add service directory zmudc
` (40 preceding siblings ...)
2023-08-17 20:00 ` [PR PATCH] [Closed]: " zmudc
@ 2023-08-17 20:02 ` zmudc
41 siblings, 0 replies; 43+ messages in thread
From: zmudc @ 2023-08-17 20:02 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 344 bytes --]
New comment by zmudc on void-packages repository
https://github.com/void-linux/void-packages/pull/45307#issuecomment-1682896495
Comment:
> We won't accept the non-daemonize patch until it's accepted upstream.
OK. I doubt upstream will take it. So I will close this now and re-submit a PR if upstream takes the non-daemonize patch. Thanks.
^ permalink raw reply [flat|nested] 43+ messages in thread