diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fef6fdf..1f2e765 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -74,18 +74,20 @@ stages: GROUP: 8 - DISTRO: 'opensuse 15' GROUP: 9 - - DISTRO: 'fedora 42' + - DISTRO: 'opensuse 16' GROUP: 10 - - DISTRO: 'fedora 43' + - DISTRO: 'fedora 42' GROUP: 11 - - DISTRO: 'alpine 318' + - DISTRO: 'fedora 43' GROUP: 12 - - DISTRO: 'alpine 319' + - DISTRO: 'alpine 318' GROUP: 13 - - DISTRO: 'alpine 320' + - DISTRO: 'alpine 319' GROUP: 14 - - DISTRO: 'alpine 321' + - DISTRO: 'alpine 320' GROUP: 15 + - DISTRO: 'alpine 321' + GROUP: 16 default: retry: 2 diff --git a/builder/build-rpm-inside-docker b/builder/build-rpm-inside-docker index 69cf978..75ab7c4 100755 --- a/builder/build-rpm-inside-docker +++ b/builder/build-rpm-inside-docker @@ -5,6 +5,7 @@ set -e prepare_build_env() { rpmdev-setuptree copy_spec_and_tar_with_binaries + copy_rpmlintrc } copy_spec_and_tar_with_binaries() { @@ -13,11 +14,27 @@ copy_spec_and_tar_with_binaries() { ~/rpmbuild/SOURCES/ } +copy_rpmlintrc() { + cp /src/builder/rpmlintrc ~/.rpmlintrc +} + +is_rpmlint_toml_config() { + rpmlint --version | grep -qF 2. +} + copy_rpm_to_build_dir() { cd /src/builder && \ mkdir -p "$os_dir" && cp ~/rpmbuild/RPMS/*/*.rpm ${os_dir} } +rpmlint_with_config_loaded() { + rpmlint -c ~/.rpmlintrc "$os_dir"/*.rpm +} + +rpmlint_without_config_loaded() { + rpmlint "$os_dir"/*.rpm +} + cd "$(dirname "$0")/.." if [ -z ${KASMVNC_BUILD_OS_CODENAME+x} ]; then @@ -32,4 +49,9 @@ os_dir="build/${os}_${os_codename}" prepare_build_env rpmbuild -ba ~/rpmbuild/SPECS/*.spec copy_rpm_to_build_dir -rpmlint "$os_dir"/*.rpm || true + +if is_rpmlint_toml_config; then + rpmlint_with_config_loaded || true +else + rpmlint_without_config_loaded || true +fi diff --git a/builder/build.sh b/builder/build.sh index 24d66c0..80b40b7 100755 --- a/builder/build.sh +++ b/builder/build.sh @@ -2,10 +2,21 @@ set -e -detect_quilt() { - if which quilt 1>/dev/null; then - QUILT_PRESENT=1 - export QUILT_PATCHES=debian/patches +debian_patches_dir="debian/patches" + +is_debian_patches_present() { + [[ -d "$debian_patches_dir" ]] +} + +is_debian() { + [[ -f /usr/bin/dpkg ]] +} + +apply_debian_patches() { + if is_debian_patches_present; then + export QUILT_PATCHES="$debian_patches_dir" + quilt push -a + echo 'Patches applied!' fi } @@ -148,10 +159,8 @@ else fi cd /src -detect_quilt -if [ -n "$QUILT_PRESENT" ]; then - quilt push -a - echo 'Patches applied!' +if is_debian; then + apply_debian_patches fi make servertarball diff --git a/builder/dockerfile.opensuse_15.barebones.rpm.test b/builder/dockerfile.opensuse_15.barebones.rpm.test index fa4f435..07a9f97 100644 --- a/builder/dockerfile.opensuse_15.barebones.rpm.test +++ b/builder/dockerfile.opensuse_15.barebones.rpm.test @@ -1,4 +1,4 @@ -FROM opensuse/leap:15.5 +FROM opensuse/leap:15.6 ENV STARTUPDIR=/dockerstartup diff --git a/builder/dockerfile.opensuse_15.build b/builder/dockerfile.opensuse_15.build index 57f81e1..c7685f3 100644 --- a/builder/dockerfile.opensuse_15.build +++ b/builder/dockerfile.opensuse_15.build @@ -1,4 +1,4 @@ -FROM opensuse/leap:15.5 +FROM opensuse/leap:15.6 ENV KASMVNC_BUILD_OS opensuse ENV KASMVNC_BUILD_OS_CODENAME 15 diff --git a/builder/dockerfile.opensuse_15.rpm.build b/builder/dockerfile.opensuse_15.rpm.build index 35670c4..591c54f 100644 --- a/builder/dockerfile.opensuse_15.rpm.build +++ b/builder/dockerfile.opensuse_15.rpm.build @@ -1,4 +1,4 @@ -FROM opensuse/leap:15.5 +FROM opensuse/leap:15.6 ENV KASMVNC_BUILD_OS opensuse ENV KASMVNC_BUILD_OS_CODENAME 15 @@ -16,7 +16,7 @@ RUN zypper -n install -y \ # Cache repo updates, so that spec changes don't trigger it on every build. RUN zypper refresh -COPY opensuse/*.spec /tmp +COPY opensuse/kasmvncserver.spec /tmp RUN zypper -n install $(grep BuildRequires /tmp/*.spec | cut -d' ' -f2 | xargs) diff --git a/builder/dockerfile.opensuse_16.barebones.rpm.test b/builder/dockerfile.opensuse_16.barebones.rpm.test new file mode 100644 index 0000000..04316cd --- /dev/null +++ b/builder/dockerfile.opensuse_16.barebones.rpm.test @@ -0,0 +1,24 @@ +FROM opensuse/leap:16.0 + +ENV STARTUPDIR=/dockerstartup + +# base tools +ARG RUN_TEST +RUN [ "$RUN_TEST" = 1 ] || zypper -n install -y \ + less \ + vim \ + xterm + +# Cache repo updates, so that package changes don't trigger it on every build. +RUN zypper refresh +ARG KASMVNC_PACKAGE_DIR +COPY $KASMVNC_PACKAGE_DIR/*.rpm /tmp +RUN zypper install -y --allow-unsigned-rpm /tmp/*.rpm + +RUN mkdir -p $STARTUPDIR +COPY builder/startup/vnc_startup_barebones.sh $STARTUPDIR + +RUN useradd -m foo +USER foo:kasmvnc-cert + +ENTRYPOINT "/$STARTUPDIR/vnc_startup_barebones.sh" diff --git a/builder/dockerfile.opensuse_16.build b/builder/dockerfile.opensuse_16.build new file mode 100644 index 0000000..201d780 --- /dev/null +++ b/builder/dockerfile.opensuse_16.build @@ -0,0 +1,67 @@ +FROM opensuse/leap:16.0 + +ENV KASMVNC_BUILD_OS opensuse +ENV KASMVNC_BUILD_OS_CODENAME 16 +ENV XORG_VER 21.1.15 + +# Install depends +RUN zypper install -ny \ + bdftopcf \ + ninja \ + nasm \ + curl \ + ffmpeg-4-libavcodec-devel \ + ffmpeg-4-libswscale-devel \ + ffmpeg-4-libavformat-devel \ + fonttosfnt \ + font-util \ + gcc15 \ + gcc15-c++ \ + cmake \ + giflib-devel \ + git \ + gzip \ + libbz2-devel \ + libgbm-devel \ + libgnutls-devel \ + libopenssl-devel \ + libpng16-devel \ + libpnglite0 \ + png++-devel \ + libtiff-devel \ + libXfont2-devel \ + libxkbcommon-x11-devel \ + libxshmfence-devel \ + make \ + Mesa-dri \ + Mesa-libglapi-devel \ + Mesa-libGL-devel \ + mkfontscale \ + patch \ + tigervnc \ + wget \ + libXcursor-devel \ + libXrandr-devel \ + libXtst-devel \ + libX11-devel \ + xorgproto-devel \ + xorg-x11-util-devel \ + xorg-x11-server-sdk \ + xorg-x11-util-devel \ + zlib-devel + +RUN useradd -u 1000 docker && \ + usermod -a -G docker docker + +ENV SCRIPTS_DIR=/tmp/scripts +ENV CC=/usr/bin/gcc-15 +ENV CXX=/usr/bin/g++-15 +ENV PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:/usr/local/lib/pkgconfig + +COPY builder/scripts $SCRIPTS_DIR +RUN $SCRIPTS_DIR/build-deps.sh + +COPY --chown=docker:docker . /src/ + +USER docker +ENTRYPOINT ["bash", "-l", "-c", "/src/builder/build.sh"] diff --git a/builder/dockerfile.opensuse_16.rpm.build b/builder/dockerfile.opensuse_16.rpm.build new file mode 100644 index 0000000..578f913 --- /dev/null +++ b/builder/dockerfile.opensuse_16.rpm.build @@ -0,0 +1,26 @@ +FROM opensuse/leap:16.0 + +ENV KASMVNC_BUILD_OS opensuse +ENV KASMVNC_BUILD_OS_CODENAME 16 + +RUN zypper -n install -y \ + gpg* \ + less \ + lsb-release \ + rng-tools \ + rpm-build \ + rpmdevtools \ + rpmlint \ + tree \ + vim + +# Cache repo updates, so that spec changes don't trigger it on every build. +RUN zypper refresh +COPY opensuse/kasmvncserver16.spec /tmp + +RUN zypper -n install $(grep BuildRequires /tmp/*.spec | cut -d' ' -f2 | xargs) + +RUN useradd -u 1000 -m -d /home/docker docker && \ + usermod -a -G docker docker + +USER docker diff --git a/builder/rpmlintrc b/builder/rpmlintrc new file mode 100644 index 0000000..932bb78 --- /dev/null +++ b/builder/rpmlintrc @@ -0,0 +1,4 @@ +[Filters] +# Locale JSON files are intentionally duplicated per language/region. +files-duplicate = true +files-duplicated-waste = true diff --git a/debian/patches/fix-kasmvncserver-perl-hashbang.patch b/debian/patches/fix-kasmvncserver-perl-hashbang.patch deleted file mode 100644 index 4fa9c69..0000000 --- a/debian/patches/fix-kasmvncserver-perl-hashbang.patch +++ /dev/null @@ -1,10 +0,0 @@ -Description: Lintian complains about #!/usr/bin/env perl. -Author: Dmitry Maksyoma ---- a/unix/vncserver -+++ b/unix/vncserver -@@ -1,4 +1,4 @@ --#!/usr/bin/env perl -+#!/usr/bin/perl - # - # Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved. - # Copyright (C) 2005-2006 Sun Microsystems, Inc. All Rights Reserved. diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 7312ab9..0000000 --- a/debian/patches/series +++ /dev/null @@ -1 +0,0 @@ -fix-kasmvncserver-perl-hashbang.patch diff --git a/opensuse/kasmvncserver.spec b/opensuse/kasmvncserver.spec index b9ba2f8..4e276b5 100644 --- a/opensuse/kasmvncserver.spec +++ b/opensuse/kasmvncserver.spec @@ -3,7 +3,7 @@ Version: 1.3.4 Release: leap15 Summary: VNC server accessible from a web browser -License: GPLv2+ +License: GPL-2.0-or-later URL: https://github.com/kasmtech/KasmVNC BuildRequires: rsync diff --git a/opensuse/kasmvncserver16.spec b/opensuse/kasmvncserver16.spec new file mode 100644 index 0000000..342d148 --- /dev/null +++ b/opensuse/kasmvncserver16.spec @@ -0,0 +1,203 @@ +Name: kasmvncserver +Version: 1.3.4 +Release: leap16 +Summary: VNC server accessible from a web browser + +License: GPL-2.0-or-later +URL: https://github.com/kasmtech/KasmVNC + +BuildRequires: rsync +Requires: xauth, hostname, libxkbcommon-x11-0, xkeyboard-config, x11-tools, openssl, perl, libpixman-1-0, libjpeg8, libgomp1, libXfont2-2, libXdmcp6, libglvnd, xkbcomp, perl-Switch, perl-YAML-Tiny, perl-Hash-Merge-Simple, perl-Scalar-List-Utils, perl-List-MoreUtils, perl-Try-Tiny, perl-DateTime, perl-DateTime-TimeZone, libgbm1, libxshmfence1 +Conflicts: tigervnc, tigervnc-x11vnc + +%description +KasmVNC provides remote web-based access to a Desktop or application. +While VNC is in the name, KasmVNC differs from other VNC variants such +as TigerVNC, RealVNC, and TurboVNC. KasmVNC has broken from the RFB +specification which defines VNC, in order to support modern technologies +and increase security. KasmVNC is accessed by users from any modern +browser and does not support legacy VNC viewer applications. KasmVNC +uses a modern YAML based configuration at the server and user level, +allowing for ease of management. KasmVNC is maintained by Kasm +Technologies Corp, www.kasmweb.com. + +%prep + +%install +rm -rf $RPM_BUILD_ROOT + +TARGET_OS=$KASMVNC_BUILD_OS +TARGET_OS_CODENAME=$KASMVNC_BUILD_OS_CODENAME +TARBALL=$RPM_SOURCE_DIR/kasmvnc.${TARGET_OS}_${TARGET_OS_CODENAME}.tar.gz +TAR_DATA=$(mktemp -d) +tar -xzf "$TARBALL" -C "$TAR_DATA" + +SRC=$TAR_DATA/usr/local +SRC_BIN=$SRC/bin +DESTDIR=$RPM_BUILD_ROOT +DST_MAN=$DESTDIR/usr/share/man/man1 +SSL_CERT_DIR=/usr/share/pki/trust/anchors + +mkdir -p $DESTDIR/usr/bin $DESTDIR/usr/share/man/man1 \ + $DESTDIR/usr/share/doc/kasmvncserver $DESTDIR/usr/lib \ + $DESTDIR/%perl_vendorlib $DESTDIR/etc/kasmvnc +cp $SRC_BIN/Xvnc $DESTDIR/usr/bin; +cp $SRC_BIN/vncserver $DESTDIR/usr/bin; +cp -a $SRC_BIN/KasmVNC $DESTDIR/%perl_vendorlib +cp $SRC_BIN/vncconfig $DESTDIR/usr/bin; +cp $SRC_BIN/kasmvncpasswd $DESTDIR/usr/bin; +cp $SRC_BIN/kasmxproxy $DESTDIR/usr/bin; +cp -r $SRC/lib/kasmvnc/ $DESTDIR/usr/lib/kasmvncserver +cp -r $SRC/lib/systemd/ $DESTDIR/usr/lib/ +cd $DESTDIR/usr/bin && ln -s kasmvncpasswd vncpasswd; +cp -r $SRC/share/doc/kasmvnc*/* $DESTDIR/usr/share/doc/kasmvncserver/ +rsync -r --links --safe-links --exclude '.git*' --exclude po2js --exclude xgettext-html \ + --exclude www/utils/ --exclude .eslintrc --exclude configure \ + $SRC/share/kasmvnc $DESTDIR/usr/share + +sed -i -e 's!pem_certificate: .\+$!pem_certificate: '$SSL_CERT_DIR'/kasmvnc.pem!' \ + $DESTDIR/usr/share/kasmvnc/kasmvnc_defaults.yaml +sed -i -e 's!pem_key: .\+$!pem_key: '$SSL_CERT_DIR'/kasmvnc.pem!' \ + $DESTDIR/usr/share/kasmvnc/kasmvnc_defaults.yaml +sed -e 's/^\([^#]\)/# \1/' $DESTDIR/usr/share/kasmvnc/kasmvnc_defaults.yaml > \ + $DESTDIR/etc/kasmvnc/kasmvnc.yaml +cp $SRC/man/man1/Xvnc.1 $DESTDIR/usr/share/man/man1/; +cp $SRC/share/man/man1/vncserver.1 $DST_MAN; +cp $SRC/share/man/man1/vncconfig.1 $DST_MAN; +cp $SRC/share/man/man1/vncpasswd.1 $DST_MAN; +cp $SRC/share/man/man1/kasmxproxy.1 $DST_MAN; +cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1; + +%preun +stop_vncserver_systemd_services_for_all_logged_in_users() { + for session in $(list_user_sessions); do + stop_user_services "$session" + done +} + +list_user_sessions() { + loginctl list-sessions --no-legend | awk '{print $1}' +} + +stop_user_services() { + local session="$1" + + for service in $(list_active_services); do + systemctl --user --machine=$(systemd_user_from_session "$session") stop "$service" || true + done +} + +systemd_user_from_session() { + local session="$1" + + echo $(loginctl show-session "$session" -p Name --value)@ +} + +list_active_services() { + systemctl --user --machine=$(systemd_user_from_session "$session") \ + list-units --type=service --state=active --plain --no-legend | \ + awk '{ print $1 }' | grep kasmvncserver +} + +stop_vncserver_systemd_services_for_all_logged_in_users + +%files +%config(noreplace) /etc/kasmvnc + +/usr/bin/* +/usr/lib/kasmvncserver +/usr/lib/systemd/user/kasmvncserver@.service +/usr/share/man/man1/* +%perl_vendorlib/KasmVNC +/usr/share/kasmvnc + +%license /usr/share/doc/kasmvncserver/LICENSE.TXT +%doc /usr/share/doc/kasmvncserver/README.md + +%changelog +* Thu Mar 20 2025 KasmTech - 1.3.4-leap15 +- Add configuration key network.udp.payload_size. +- Remove support for distro versions that reached end-of-life. +- Add missing dependency on hostname. +- Remove webpack to reduce security vulnerabilities. +- Special characters in filenames are now properly escaped, preventing invalid JSON. +* Fri Oct 25 2024 KasmTech - 1.3.3-1 +- Allow disabling IP blacklist +- Downloads API for detailed file downloads information +* Tue Sep 24 2024 KasmTech - 1.3.2-1 +- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas. +- Fixed CVE-2024-38449, directory traversal bug in built-in web server. +- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit. +- Fixed memory leak in kasmproxy. +- Fixed mime types of downloads to ensure the browser interprets them as downloads. +* Tue Mar 12 2024 KasmTech - 1.3.1-1 +- Fix exception thrown on Firefox 124 and higher +- Fix artifacts on high resolution secondary screens +- Fixes for touch support on primary and secondary screens +- Fix for Oculus keyboard input +* Mon Feb 05 2024 KasmTech - 1.3.0-1 +- Multi-monitor support. +- Increased performance with watermark enabled. +- Added support for Fedora 39 and Alpine 319. +- Allow special characters in usernames. +- Better logging of client settings when client connects or changes settings. +- Add support for rotation of text-based watermark. +* Fri Aug 25 2023 KasmTech - 1.2.0-leap15 +- Add support for Unix relays for bidirectional communication between noVNC + and containerized applications. +- Text based watermark overlays with date and time support. +- New builds for Bookworm, Alpine 3.18, and Fedora 38. +- Multi-language support. +- Add support for rendering pixmaps via DRI3 GPU acceleration allowing + compositing and other 3d accelerated workloads in a KasmVNC session. +- Fix crash that can occur. +- Fixed tearing when compositing is enabled with DRI3 hardware acceleration. +- Fix stuck command key on MacOS clients. +* Wed Apr 05 2023 KasmTech - 1.1.0-leap15 +- Upstream release +* Tue Nov 29 2022 KasmTech - 1.0.0-leap15 +- WebRTC UDP transit support with support of STUN servers +- Lossless compression using multi-threaded WASM QOI decoder client side +- New yaml based configuration +- Significantly improved FPS through both client-side and server-side improvements. +- Support for the admin to define arbitrary http response headers for the built in web server +- Support for additional mouse buttons +- Refinement of vncserver checks and user prompts +- Added send_full_frame to developer API, forces full frame to be sent to all connected users that have at least read permission. +* Tue Mar 22 2022 KasmTech - 0.9.3~beta-1 +* Fri Feb 12 2021 KasmTech - 0.9.1~beta-1 +- Initial release of the rpm package. + +%post + kasmvnc_group="kasmvnc-cert" + + create_kasmvnc_group() { + if ! getent group "$kasmvnc_group" >/dev/null; then + groupadd --system "$kasmvnc_group" + fi + } + + make_self_signed_certificate() { + local cert_file="/usr/share/pki/trust/anchors/kasmvnc.pem" + [ -f "$cert_file" ] && return 0 + + openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ + -keyout "$cert_file" \ + -out "$cert_file" -subj \ + "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none" + chgrp "$kasmvnc_group" "$cert_file" + chmod 640 "$cert_file" + } + + create_kasmvnc_group + make_self_signed_certificate + +%postun + is_uninstall=0 + + if [ "$1" == 0 ]; then + is_uninstall=1 + fi + if [ "$is_uninstall" = 1 ]; then + rm -f /usr/share/pki/trust/anchors/kasmvnc.pem + fi diff --git a/unix/vncserver b/unix/vncserver index 09543e2..5a4410b 100755 --- a/unix/vncserver +++ b/unix/vncserver @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/bin/perl # # Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved. # Copyright (C) 2005-2006 Sun Microsystems, Inc. All Rights Reserved.