Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=145418738f1dc7be2975483f2f37877166edaadc
commit 145418738f1dc7be2975483f2f37877166edaadc Author: Miklos Vajna <vmik...@frugalware.org> Date: Sun May 31 03:32:03 2009 +0200 freenx-server-0.7.3-1-i686 - new package - this is the server part of the old freenx package - also update to 0.7.3 fro 0.5 - tested only with the binary nxclient so far - closes #927 diff --git a/source/xapps-extra/freenx-server/FrugalBuild b/source/xapps-extra/freenx-server/FrugalBuild new file mode 100644 index 0000000..93f1f6c --- /dev/null +++ b/source/xapps-extra/freenx-server/FrugalBuild @@ -0,0 +1,37 @@ +# Compiling Time: 0 SBU +# Maintainer: Miklos Vajna <vmik...@frugalware.org> + +pkgname=freenx-server +pkgver=0.7.3 +pkgrel=1 +pkgdesc="Free Software (GPL) Implementation of the NX Server" +_F_berlios_dirname="freenx" +Finclude berlios +depends=('nx' 'openssh' 'netcat' 'expect' 'which' 'perl' 'cups') +makedepends=('imake' 'gccmakedep') +# can be removed after Frugalware-1.1 +replaces=('freenx') +groups=('xapps-extra') +archs=('i686') +source=($source freenx-server-0.7.2-sharing_and_multimedia_fixes.patch) +sha1sums=('888344f946cfb0802e2532e6b93601248c909eb8' \ + '13ced57d9db7bda2430d20ba61b5db5944f6a4f4') + +build() +{ + Fpatchall + Fsed '$NX_DIR/bin' '/usr/libexec/nx' nxloadconfig nxserver + Fsed '$NX_DIR/lib' '/usr/lib/nx' nxloadconfig nxserver + Fsed '^NX_LOGFILE=.*' 'NX_LOGFILE=/var/log/nx/nxserver.log' nxloadconfig + Fmake + Fmakeinstall NX_ETC_DIR=/etc/nxserver + + Fmkdir /var/lib/nxserver/home/.ssh + Fln /etc/nxserver/server.id_dsa.pub.key \ + /var/lib/nxserver/home/.ssh/authorized_keys + chmod 0700 $Fdestdir/var/lib/nxserver/home{,/.ssh} || return 1 + Fmkdir /var/lib/nxserver/db/{closed,running,failed} + chmod -R 0700 $Fdestdir/var/lib/nxserver + Fmkdir /var/log/nx + chmod 0700 $Fdestdir/var/log/nx +} diff --git a/source/xapps-extra/freenx-server/freenx-server-0.7.2-sharing_and_multimedia_fixes.patch b/source/xapps-extra/freenx-server/freenx-server-0.7.2-sharing_and_multimedia_fixes.patch new file mode 100644 index 0000000..cb620db --- /dev/null +++ b/source/xapps-extra/freenx-server/freenx-server-0.7.2-sharing_and_multimedia_fixes.patch @@ -0,0 +1,272 @@ +--- freenx-server-0.7.2/nxprint.sharing_and_multimedia 2008-03-14 22:47:47.000000000 +0100 ++++ freenx-server-0.7.2/nxprint 2008-08-24 14:18:27.000000000 +0200 +@@ -51,7 +51,8 @@ + if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ] + then + { +- cd /usr/share/ppd/ ++#JJK: cd /usr/share/ppd/ ++ cd $PPD_DIR + awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 } + /\*NickName:/ { b[FILENAME]=$2 } + END { +--- freenx-server-0.7.2/nxloadconfig.sharing_and_multimedia 2008-03-14 22:47:47.000000000 +0100 ++++ freenx-server-0.7.2/nxloadconfig 2008-08-24 14:18:27.000000000 +0200 +@@ -102,11 +102,28 @@ + + # Restriction directives + +-DISPLAY_BASE=1000 ++#JJK: DISPLAY_BASE=1000 ++#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd ++DISPLAY_BASE=2000 + SESSION_LIMIT=200 + SESSION_USER_LIMIT="" #Calculated + DISPLAY_LIMIT=200 + ++#JJK: Added the following to allow printing when using cifs mount ++#JJK: Note the smb print port (#139) must then be tunnelled manually ++#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host ++#JJK: by running on the client: ++#JJK: ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139 ++#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal ++#JJK 'cifs' or in most cases 'both') then the ssh tunnel is automatically ++#JJK: set up from port <DISPLAY+3000> on the server to port 139 ++#JJK: on the remote client. ++#JJK: Note in *all* cases, the cups printer on the client is accessed from ++#JJK: the server via the command line, using the following -h flag: ++#JJK: -h localhost:<DISPLAY+9000> [-P <printer name>] ++#JJK: or via the CUPS web browser using: ++#JJK: http://localhost:<DISPLAY+9000> ++SMBPORT_OFFSET=8000 + ENABLE_PERSISTENT_SESSION="all" + DISABLE_PERSISTENT_SESSION="" + +@@ -161,7 +178,11 @@ + ENABLE_CUPS_SEAMLESS="0" + CUPS_SEAMLESS_DELAY="10" + ENABLE_FOOMATIC="1" +-COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile" ++#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile" ++COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile" ++ ++#JJK: added the following path referenced in nxprint ++PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems + + CUPS_BACKEND="/usr/lib/cups/backend" + CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp" +@@ -179,7 +200,8 @@ + DEFAULT_X_WM="" + KILL_DEFAULT_X_WM="1" + USER_X_STARTUP_SCRIPT=.Xclients +-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession ++#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession ++DEFAULT_X_SESSION=/etc/X11/xinit/Xsession + COMMAND_START_KDE=startkde + COMMAND_START_GNOME=gnome-session + COMMAND_START_CDE=cdwm +--- freenx-server-0.7.2/nxnode.sharing_and_multimedia 2008-03-14 22:47:47.000000000 +0100 ++++ freenx-server-0.7.2/nxnode 2008-08-24 14:20:44.000000000 +0200 +@@ -20,6 +20,20 @@ + # Read the config file + . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf + ++#JJK: Added following 'if' stanza as a kluge since the following variables ++#JJK: need to be set in cmd_node_smbmount node_umount_smb ++#JJK: but they are currently set only in startsession which is called ++#JJK: separately from nxserver via ssh so environment variables ++#JJK: aren't preserved. ++if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \ ++ ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \ ++ `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \ ++ ]] > /dev/null 2>&1; then ++ COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS ++ COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS ++ SAMBA_MOUNT_SHARE_PROTOCOL="cifs" ++fi ++ + # + # ----------------------------------------------------------------------------- + # Startup of nxnode +@@ -605,11 +619,27 @@ + touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd" + + mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache" ++ mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home ++ ++#JJK: Modifications to cupsd.conf ++#JJK: - Added SystemGroup line in order to add $USER to SystemGroup ++#JJK: - Moved all the log files to log/<log> ++#JJK: - Set AccessLog to: log/access_log (was /dev/null) ++#JJK: - Added listening on $NODE_CUPSD_PORT ++#JJK: Listen localhost: $NODE_CUPSD_PORT ++#JJK: - Removed following line because directive is specific to Debian ++#JJK: PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd ++#JJK: - Access restrictions borrowed from /etc/cups/cupsd.conf ++#JJK: - Default policy borrowed from /etc/cups/cupsd.conf but modified ++#JJK: to allow Add, Delete, and Default printer without (password) ++#JJK: authentication ++#JJK: - Note for more detailed logging set: LogLevel debug + + cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf +-AccessLog /dev/null +-ErrorLog error_log +-PageLog page_log ++SystemGroup sys root $USER ++AccessLog log/access_log ++ErrorLog log/error_log ++PageLog log/page_log + LogLevel info + TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp + RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool +@@ -617,19 +647,60 @@ + StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/ + CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache + ++Listen localhost:$NODE_CUPSD_PORT + Listen $NODE_CUPSD_SOCKET + Browsing Off + ServerName localhost +-PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd + ++#JJK: Restrict access to the server... + <Location /> + Order Deny,Allow + Deny From All + Allow from 127.0.0.1 + </Location> + ++#JJK: Restrict access to the admin pages... ++<Location /admin> ++ Encryption Required ++ Order allow,deny ++ Allow localhost ++</Location> ++ ++#JJK: Restrict access to configuration files... ++<Location /admin/conf> ++ AuthType Basic ++ Require user @SYSTEM ++ Order allow,deny ++ Allow localhost ++</Location> ++ + # Allow everything for anonymous, because we are protected through UNIX socket ++#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection + <Policy default> ++ #JJK: Job-related operations must be done by the owner or an adminstrator... ++ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> ++ Require user @OWNER @SYSTEM ++ Order deny,allow ++ </Limit> ++ ++ #JJK:All administration operations require an adminstrator to authenticate... ++ <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs> ++ AuthType Basic ++ Require user @SYSTEM ++ Order deny,allow ++ </Limit> ++ ++ #JJK: Except need to allow these for nxnode to work ++ <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default> ++ Order deny,allow ++ </Limit> ++ ++ # Only the owner or an administrator can cancel or authenticate a job... ++ <Limit Cancel-Job CUPS-Authenticate-Job> ++ Require user @OWNER @SYSTEM ++ Order deny,allow ++ </Limit> ++ + <Limit All> + AuthType None + Order deny,allow +@@ -641,9 +712,17 @@ + + # copy mime.* files + cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/" ++ #JJK: Also copy over pstoraster.convs ++ cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/" + + # start cupsd +- $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null ++#JJK: Note the directive PidFile in the original cupsd.conf intended for ++#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon ++#JJK: form of cupsd and capture the pid directly ++#JJK: $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null ++ $COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null & ++ NODE_CUPSD_PID=$! ++ echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd" + + # setup KDE + if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ] +@@ -685,6 +764,7 @@ + cat "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" | while read mpoint + do + $COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null ++ rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty + done + } + +@@ -1101,6 +1181,7 @@ + + COMMAND_SMBMOUNT=/bin/true + COMMAND_SMBUMOUNT=/bin/true ++ smbport=139 #JJK: still may want to do printer sharing... + else # smbfs + smbport=139 + fi +@@ -1335,7 +1416,8 @@ + password=$(getparam password) + share=$(getparam share) + computername=$(getparam computername) +- dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g') ++#JJK: dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g') ++ dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g') + # rdir=$(getparam dir | sed 's|$(SHARES)/||g') + display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}') + mkdir -p "$HOME/$dir" +@@ -1355,6 +1437,7 @@ + echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint" + else + $PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display & ++ rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty + fi + } + +@@ -1377,6 +1460,12 @@ + # this will also setup the userspace cupsd + export CUPS_SERVER=$(node_cupsd_get_socket) + ++#JJK: The following if-stanza kludge added to enable printing when smbport=cifs ++#JJK: since smb printing won't work when forwarded over port 445 ++ if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then ++ let port=$port+$SMBPORT_OFFSET ++ fi ++ + if [ "$type" = "smb" ] + then + if [ -x "$CUPS_BACKEND/nxsmb" ] +@@ -1405,6 +1494,9 @@ + + if [ "$ENABLE_CUPS_SEAMLESS" != "1" ] + then ++ #JJK: Export the following variables for use by nxdialog/nxprint ++ #JJK: Note they are also exported in nxdialog but doesn't help there ++ export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR + MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display) + [ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return + else +@@ -1412,7 +1504,11 @@ + MODEL="download_cached" + fi + +- PUBLIC="-u allow:$USER" ++#JJK: I like to also allow 'guest' so you can do things like print ++#JJK: testpages from the CUPS web interface. Note this is required ++#JJK: even for the original user to print test pages ++#JJK: PUBLIC="-u allow:$USER" ++ PUBLIC="-u allow:$USER,guest" + [ "$public" == "1" ] && PUBLIC="" + + if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ] diff --git a/source/xapps-extra/freenx-server/freenx-server.install b/source/xapps-extra/freenx-server/freenx-server.install new file mode 100644 index 0000000..8c7229b --- /dev/null +++ b/source/xapps-extra/freenx-server/freenx-server.install @@ -0,0 +1,16 @@ +post_install() +{ + /usr/sbin/useradd -r -d /var/lib/nxserver/home -s /usr/libexec/nx/nxserver nx + ssh-keygen -q -t dsa -N "" -f /etc/nxserver/users.id_dsa + ssh-keygen -q -t dsa -N "" -f /etc/nxserver/local.id_dsa + mv -f /etc/nxserver/local.id_dsa /etc/nxserver/client.id_dsa.key + mv -f /etc/nxserver/local.id_dsa.pub /etc/nxserver/server.id_dsa.pub.key + + echo -n "127.0.0.1 " > /var/lib/nxserver/home/.ssh/known_hosts + cat /etc/ssh/ssh_host_rsa_key.pub >> /var/lib/nxserver/home/.ssh/known_hosts + chown nx:root /var/lib/nxserver/home/.ssh/known_hosts +} + +op=$1 +shift +$op $* _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git