diff --git a/SOURCES/tigervnc-vncserver-do-not-return-returncode-indicating-error.patch b/SOURCES/tigervnc-vncserver-do-not-return-returncode-indicating-error.patch new file mode 100644 index 0000000..1361d8b --- /dev/null +++ b/SOURCES/tigervnc-vncserver-do-not-return-returncode-indicating-error.patch @@ -0,0 +1,13 @@ +diff --git a/unix/vncserver b/unix/vncserver +index bb4f2feb..68be032d 100755 +--- a/unix/vncserver ++++ b/unix/vncserver +@@ -709,7 +709,7 @@ sub List + } + } + } +- exit 1; ++ exit; + } + + diff --git a/SOURCES/vncserver-system.service b/SOURCES/vncserver-system.service new file mode 100644 index 0000000..7b9cb2f --- /dev/null +++ b/SOURCES/vncserver-system.service @@ -0,0 +1,45 @@ +# The vncserver service unit file +# +# Quick HowTo: +# 1. Copy this file to /etc/systemd/system/vncserver@.service +# 2. Replace with the actual user name and edit vncserver +# parameters in the wrapper script located in /usr/bin/vncserver_wrapper +# 3. Run `systemctl daemon-reload` +# 4. Run `systemctl enable vncserver@:.service` +# +# DO NOT RUN THIS SERVICE if your local area network is +# untrusted! For a secure way of using VNC, you should +# limit connections to the local host and then tunnel from +# the machine you want to view VNC on (host A) to the machine +# whose VNC output you want to view (host B) +# +# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB +# +# this will open a connection on port 590N of your hostA to hostB's port 590M +# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB). +# See the ssh man page for details on port forwarding) +# +# You can then point a VNC client on hostA at vncdisplay N of localhost and with +# the help of ssh, you end up seeing what hostB makes available on port 590M +# +# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. +# +# Use "-localhost" to prevent remote VNC clients connecting except when +# doing so through a secure tunnel. See the "-via" option in the +# `man vncviewer' manual page. + + +[Unit] +Description=Remote desktop service (VNC) +After=syslog.target network.target + +[Service] +Type=simple + +# Clean any existing files in /tmp/.X11-unix environment +ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' +ExecStart=/usr/bin/vncserver_wrapper %i +ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/vncserver-user.service b/SOURCES/vncserver-user.service new file mode 100644 index 0000000..aed01e0 --- /dev/null +++ b/SOURCES/vncserver-user.service @@ -0,0 +1,59 @@ +# The vncserver service unit file +# +# Quick HowTo: As the User wanting to have this functionality +# +# 1. Copy this file to ~/.config/systemd/user/ (Optional, in case default settings are not suitable) +# +# $ mkdir -p ~/.config/systemd/user +# $ cp /usr/lib/systemd/user/vncserver@.service ~/.config/systemd/user/ +# +# 2. Reload user's systemd +# +# $ systemctl --user daemon-reload +# +# 3. Start the service immediately and enable it at boot +# +# $ systemctl --user enable vncserver@:.service --now +# +# 4. Enable lingering +# +# $ loginctl enable-linger +# +# DO NOT RUN THIS SERVICE if your local area network is +# untrusted! For a secure way of using VNC, you should +# limit connections to the local host and then tunnel from +# the machine you want to view VNC on (host A) to the machine +# whose VNC output you want to view (host B) +# +# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB +# +# this will open a connection on port 590N of your hostA to hostB's port 590M +# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB). +# See the ssh man page for details on port forwarding) +# +# You can then point a VNC client on hostA at vncdisplay N of localhost and with +# the help of ssh, you end up seeing what hostB makes available on port 590M +# +# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. +# +# Use "-localhost" to prevent remote VNC clients connecting except when +# doing so through a secure tunnel. See the "-via" option in the +# `man vncviewer' manual page. + + +[Unit] +Description=Remote desktop service (VNC) +After=syslog.target network.target + +[Service] +Type=forking + +ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' +ExecStart=/usr/bin/vncserver %i +ExecStop=/usr/bin/vncserver -kill %i + +Restart=on-success +RestartSec=15 + +[Install] +WantedBy=default.target diff --git a/SOURCES/vncserver.service b/SOURCES/vncserver.service deleted file mode 100644 index aed01e0..0000000 --- a/SOURCES/vncserver.service +++ /dev/null @@ -1,59 +0,0 @@ -# The vncserver service unit file -# -# Quick HowTo: As the User wanting to have this functionality -# -# 1. Copy this file to ~/.config/systemd/user/ (Optional, in case default settings are not suitable) -# -# $ mkdir -p ~/.config/systemd/user -# $ cp /usr/lib/systemd/user/vncserver@.service ~/.config/systemd/user/ -# -# 2. Reload user's systemd -# -# $ systemctl --user daemon-reload -# -# 3. Start the service immediately and enable it at boot -# -# $ systemctl --user enable vncserver@:.service --now -# -# 4. Enable lingering -# -# $ loginctl enable-linger -# -# DO NOT RUN THIS SERVICE if your local area network is -# untrusted! For a secure way of using VNC, you should -# limit connections to the local host and then tunnel from -# the machine you want to view VNC on (host A) to the machine -# whose VNC output you want to view (host B) -# -# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB -# -# this will open a connection on port 590N of your hostA to hostB's port 590M -# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB). -# See the ssh man page for details on port forwarding) -# -# You can then point a VNC client on hostA at vncdisplay N of localhost and with -# the help of ssh, you end up seeing what hostB makes available on port 590M -# -# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. -# -# Use "-localhost" to prevent remote VNC clients connecting except when -# doing so through a secure tunnel. See the "-via" option in the -# `man vncviewer' manual page. - - -[Unit] -Description=Remote desktop service (VNC) -After=syslog.target network.target - -[Service] -Type=forking - -ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' -ExecStart=/usr/bin/vncserver %i -ExecStop=/usr/bin/vncserver -kill %i - -Restart=on-success -RestartSec=15 - -[Install] -WantedBy=default.target diff --git a/SOURCES/vncserver_wrapper b/SOURCES/vncserver_wrapper new file mode 100755 index 0000000..0c8f994 --- /dev/null +++ b/SOURCES/vncserver_wrapper @@ -0,0 +1,42 @@ +#!/bin/sh + +USER="$1" +INSTANCE="$2" + +die() { + echo "FATAL: ${@:-}" >&2 + exit 2 +} + +cleanup() { + [ -n "$VNCPID" ] || return + if kill -0 $VNCPID 2>/dev/null; then + kill $VNCPID + fi +} + +trap cleanup TERM INT HUP + +[ -n "$USER" -a -n "$INSTANCE" ] || die "Invalid usage!" + +/usr/sbin/runuser -l "$USER" -c "/usr/bin/vncserver ${INSTANCE}" +[ $? -eq 0 ] || die "'runuser -l $USER' failed!" + +# Wait up to 5 seconds for vncserver to be up +for tries in $(seq 1 50); do + [ -e "~$USER/.vnc/$(hostname)${INSTANCE}.pid" ] && break + sleep 0.1 +done + +eval HOME=~$USER + +VNCPID=$(cat "$HOME/.vnc/$(hostname)${INSTANCE}.pid" 2>/dev/null || true) +[ -n "$VNCPID" ] || die "'vncserver ${INSTANCE}' failed to start after 5 seconds!" + +echo "'vncserver ${INSTANCE}' has PID $VNCPID, waiting until it exits ..." + +while kill -0 $VNCPID 2>/dev/null; do + sleep 5 +done + +echo "PID $VNCPID exited, exiting ..." diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec index 1abd3ce..a6dad83 100644 --- a/SPECS/tigervnc.spec +++ b/SPECS/tigervnc.spec @@ -1,6 +1,6 @@ Name: tigervnc Version: 1.9.0 -Release: 9%{?dist} +Release: 12%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -9,11 +9,13 @@ License: GPLv2+ URL: http://www.tigervnc.com Source0: %{name}-%{version}.tar.gz -Source1: vncserver.service -Source2: vncserver.sysconfig -Source3: 10-libvnc.conf -Source4: xvnc.service -Source5: xvnc.socket +Source1: vncserver-system.service +Source2: vncserver-user.service +Source3: vncserver.sysconfig +Source4: 10-libvnc.conf +Source5: xvnc.service +Source6: xvnc.socket +Source7: vncserver_wrapper Patch1: tigervnc-manpages.patch Patch2: tigervnc-getmaster.patch @@ -26,6 +28,7 @@ Patch8: tigervnc-let-user-know-about-not-using-view-only-password.patch Patch9: tigervnc-working-tls-on-fips-systems.patch Patch11: tigervnc-utilize-system-crypto-policies.patch Patch12: tigervnc-passwd-crash-with-malloc-checks.patch +Patch13: tigervnc-vncserver-do-not-return-returncode-indicating-error.patch Patch50: tigervnc-covscan.patch @@ -185,6 +188,8 @@ popd %patch12 -p1 -b .passwd-crash-with-malloc-checks +%patch13 -p1 -b .vncserver-do-not-return-returncode-indicating-error + %patch50 -p1 -b .tigervnc-covscan %build @@ -240,15 +245,19 @@ make install DESTDIR=%{buildroot} popd # Install systemd unit file -mkdir -p %{buildroot}%{_userunitdir} -install -m644 %{SOURCE1} %{buildroot}%{_userunitdir}/vncserver@.service mkdir -p %{buildroot}%{_unitdir} -install -m644 %{SOURCE4} %{buildroot}%{_unitdir}/xvnc@.service -install -m644 %{SOURCE5} %{buildroot}%{_unitdir}/xvnc.socket +mkdir -p %{buildroot}%{_userunitdir} +install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/vncserver@.service +install -m644 %{SOURCE2} %{buildroot}%{_userunitdir}/vncserver@.service +install -m644 %{SOURCE5} %{buildroot}%{_unitdir}/xvnc@.service +install -m644 %{SOURCE6} %{buildroot}%{_unitdir}/xvnc.socket rm -rf %{buildroot}%{_initrddir} +# Install vncserver wrapper script +install -m744 %{SOURCE7} %{buildroot}%{_bindir}/vncserver_wrapper + mkdir -p %{buildroot}%{_sysconfdir}/sysconfig -install -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/vncservers +install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/vncservers # Install desktop stuff mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,24x24,48x48}/apps @@ -276,7 +285,7 @@ rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.so %else mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/ -install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf +install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf %endif %post server @@ -290,7 +299,9 @@ install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.c %systemd_preun xvnc.socket %postun server -%systemd_postun +%systemd_postun vncserver.service +%systemd_postun xvnc.service +%systemd_postun xvnc.socket %files -f %{name}.lang %doc README.rst @@ -301,10 +312,12 @@ install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.c %files server %config(noreplace) %{_sysconfdir}/sysconfig/vncservers %{_userunitdir}/vncserver@.service +%{_unitdir}/vncserver@.service %{_unitdir}/xvnc@.service %{_unitdir}/xvnc.socket %{_bindir}/x0vncserver %{_bindir}/vncserver +%{_bindir}/vncserver_wrapper %{_mandir}/man1/vncserver.1* %{_mandir}/man1/x0vncserver.1* @@ -333,6 +346,18 @@ install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.c %{_datadir}/icons/hicolor/*/apps/* %changelog +* Wed Dec 11 2019 Jan Grulich - 1.9.0-12 +- Fix installation of systemd files + Resolves: bz#1671714 + +* Wed Nov 20 2019 Jan Grulich - 1.9.0-11 +- Use wrapper script to workaround systemd issues + Resolves: bz#1671714 + +* Fri Jul 12 2019 Jan Grulich - 1.9.0-10 +- Do not return returncode indicating error when running "vncserver -list" + Resolves: bz#1727860 + * Fri Feb 08 2019 Jan Grulich - 1.9.0-9 - Make tigervnc systemd service a user service Resolves: bz#1639846