diff options
95 files changed, 1315 insertions, 405 deletions
diff --git a/core/bin/setup_target b/core/bin/setup_target index e521592e..30fafbf5 100755 --- a/core/bin/setup_target +++ b/core/bin/setup_target @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/includes/chroot.inc b/core/includes/chroot.inc index 3782ab05..04db53ee 100644 --- a/core/includes/chroot.inc +++ b/core/includes/chroot.inc @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # @@ -120,6 +120,10 @@ chroot_prepare_mounts() { # mount pseudo-filesystems for DIR in $CHROOT_BINDMOUNTS; do + if ! [ -d "$DIR" ]; then + pwarning "Skipping bind mount of inexistant directory: $DIR" + continue + fi mount -o bind "${DIR}" "${CHROOT_MOUNTDIR}/${DIR}" \ || perror "Could not bind mount '$DIR' into CHROOT_MOUNTDIR/DIR '$CHROOT_MOUNTDIR/$DIR'." done diff --git a/core/includes/cleanup.inc b/core/includes/cleanup.inc index 20c01ea7..982c016b 100644 --- a/core/includes/cleanup.inc +++ b/core/includes/cleanup.inc @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/includes/useradd.inc b/core/includes/useradd.inc index 2beaaeae..47e74e79 100644 --- a/core/includes/useradd.inc +++ b/core/includes/useradd.inc @@ -207,11 +207,13 @@ add_group () { init_users_and_groups() { [ -z "$TARGET_BUILD_DIR" -o "$TARGET_BUILD_DIR" == "/" ] && perror "Almost wrecked your local passwd, group and shadow file. phew." + local USER local PASSWD="$TARGET_BUILD_DIR/etc/passwd" local GROUP="$TARGET_BUILD_DIR/etc/group" local SHADOW="$TARGET_BUILD_DIR/etc/shadow" [ -s "${PASSWD}" -a -s "${GROUP}" -a -s "${SHADOW}" ] && return pinfo "Creating users and groups based on local system...." + mkdir -p "${PASSWD%/*}" || perror "Could not mkdir '${PASSWD%/*}'." cp -a "/etc/passwd" "$PASSWD" || perror "Could not copy /etc/passwd" cp -a "/etc/group" "$GROUP" || perror "Could not copy /etc/group" cp -a "/etc/shadow" "$SHADOW" || perror "Could not copy /etc/shadow" diff --git a/core/modules/alsa/data/opt/openslx/scripts/alsa-default_card b/core/modules/alsa/data/opt/openslx/scripts/alsa-default_card index b4522b7c..4e372f9c 100755 --- a/core/modules/alsa/data/opt/openslx/scripts/alsa-default_card +++ b/core/modules/alsa/data/opt/openslx/scripts/alsa-default_card @@ -3,8 +3,8 @@ PROC="/proc/asound/pcm" if [ ! -r "$PROC" ]; then - echo "'${PROC}' not found or not readable." - exit 1 + echo "'${PROC}' not found or not readable. Not setting default sound card." + exit 0 fi if [ -w "/etc" ]; then diff --git a/core/modules/apply-slx-vars/data/etc/systemd/system/apply-slx-vars.service b/core/modules/apply-slx-vars/data/etc/systemd/system/apply-slx-vars.service new file mode 100644 index 00000000..b5d3c7d8 --- /dev/null +++ b/core/modules/apply-slx-vars/data/etc/systemd/system/apply-slx-vars.service @@ -0,0 +1,10 @@ +[Unit] +Description=Apply SLX_* config var settings +DefaultDependencies=no +RefuseManualStart=true +Before=basic.target + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/opt/openslx/scripts/apply-slx-vars diff --git a/core/modules/apply-slx-vars/data/etc/systemd/system/basic.target.wants/apply-slx-vars.service b/core/modules/apply-slx-vars/data/etc/systemd/system/basic.target.wants/apply-slx-vars.service new file mode 120000 index 00000000..531a34fb --- /dev/null +++ b/core/modules/apply-slx-vars/data/etc/systemd/system/basic.target.wants/apply-slx-vars.service @@ -0,0 +1 @@ +../apply-slx-vars.service
\ No newline at end of file diff --git a/core/modules/apply-slx-vars/data/opt/openslx/scripts/apply-slx-vars b/core/modules/apply-slx-vars/data/opt/openslx/scripts/apply-slx-vars new file mode 100755 index 00000000..22996a38 --- /dev/null +++ b/core/modules/apply-slx-vars/data/opt/openslx/scripts/apply-slx-vars @@ -0,0 +1,15 @@ +#!/bin/ash + +. /opt/openslx/config + +# Disable TTY switch +if [ "$SLX_TTY_SWITCH" = "no" ]; then + mkdir -p /etc/X11/xorg.conf.d + cat > /etc/X11/xorg.conf.d/50-no-tty.conf <<EOF +Section "ServerFlags" + Option "DontVTSwitch" "true" +EndSection +EOF +fi + +exit 0 diff --git a/core/modules/apply-slx-vars/module.build b/core/modules/apply-slx-vars/module.build new file mode 100644 index 00000000..5086d1bc --- /dev/null +++ b/core/modules/apply-slx-vars/module.build @@ -0,0 +1,13 @@ +#!/bin/bash +# fake module simply copying its data/ files +fetch_source() { + : +} + +build() { + : +} + +post_copy() { + : +} diff --git a/core/modules/apply-slx-vars/module.conf b/core/modules/apply-slx-vars/module.conf new file mode 100644 index 00000000..8811668a --- /dev/null +++ b/core/modules/apply-slx-vars/module.conf @@ -0,0 +1,4 @@ +#!/bin/bash +REQUIRED_BINARIES="" +REQUIRED_LIBRARIES="" +REQUIRED_DIRECTORIES="" diff --git a/core/modules/debug-report-bwlp/data/opt/openslx/bin/debug_report b/core/modules/debug-report-bwlp/data/opt/openslx/bin/debug_report index 67f6b47a..501cdff0 100755 --- a/core/modules/debug-report-bwlp/data/opt/openslx/bin/debug_report +++ b/core/modules/debug-report-bwlp/data/opt/openslx/bin/debug_report @@ -13,16 +13,27 @@ TOOLS=" dmidecode " -URL="http://132.230.8.113/error_report.php" +URLS=" + https://bwlp-masterserver.ruf.uni-freiburg.de/error_report.php + http://132.230.8.113/error_report.php + end +" if [ "$UID" != "0" ]; then echo "Debug Reports können nur von root versendet werden" >&2 exit 1 fi -if ! curl -H "Expect:" -f -s -S --connect-timeout 5 "$URL" > /dev/null; then - echo "Kann den Debug-Report-Server in Freiburg nicht erreichen. :-(" >&2 - exit 1 +if [ "$1" = "--local" ]; then + localReport=true +else + for URL in $URLS; do + if [ "$URL" = "end" ]; then + echo "Kann den Debug-Report-Server in Freiburg nicht erreichen. :-(" >&2 + exit 1 + fi + curl -L -H "Expect:" -f -s -S --connect-timeout 5 "$URL" > /dev/null && break + done fi rm -rf /tmp/debug-report @@ -63,7 +74,17 @@ for srv in $SLX_NTP_SERVER 0.de.pool.ntp.org; do done echo -n "..." -cp /opt/openslx/config /tmp/udhcpclog /opt/openslx/config.tgz.list static/ 2> /dev/null +cp /opt/openslx/config /tmp/udhcpclog /opt/openslx/config.tgz.list \ + /tmp/xsession-log-* \ + /tmp/remote_log_check-* \ + static/ 2> /dev/null +echo -n "." + +for file in /home/*/.xsession-errors; do + [ -f "$file" ] || continue + cp "$file" "static/${file////_}" #/////////777-7-7 +done + echo -n "." FILES=$(find /tmp/vmware* /tmp/virt /tmp/vmchooser* -type f \( -name "*.log" -o -name "*.conf" -o -name "*.xml" -o -name "vmx" \) 2> /dev/null) @@ -106,6 +127,9 @@ echo -n "." fdisk -l -u > "generated/fdisk-out" 2> "generated/fdisk-err" echo -n "." +blkid > "generated/blkid-out" 2> "generated/blkid-err" +echo -n "." + ls -al /dev /dev/disk/* &> "generated/ls-dev-and-disks" echo -n "." @@ -126,6 +150,14 @@ echo "..fertig!" cd /tmp rm -f -- error-report.tar.gz + +if [ "$localReport" = "true" ]; then + dirname="debug-report-$(date +"%Y-%m-%d_%H-%M-%S")" + mv debug-report "$dirname" + echo "Fehlerbericht wird NICHT versendet und liegt unter: $(pwd)/$dirname" + exit +fi + echo -n "Packe Fehlerbericht ein..." if ! tar czf error-report.tar.gz debug-report; then echo "Fehler beim Packen des Berichts!" >&2 @@ -134,10 +166,13 @@ fi echo "....fertig!" echo -n "Lade Fehlerbericht hoch...." -if ! curl -H "Expect:" -f -s -S -F "file=@error-report.tar.gz;filename=report" "$URL" > /dev/null; then - echo "Fehler beim Hochladen des Fehlerberichts :-(" >&2 - exit 1 -fi +for URL in $URLS; do + if [ "$URL" = "end" ]; then + echo "Fehler beim Hochladen des Fehlerberichts :-(" >&2 + exit 1 + fi + curl -L -H "Expect:" -f -s -S -F "file=@error-report.tar.gz;filename=report" "$URL" > /dev/null && break +done echo "Fehlerbericht erfolgreich versendet!" diff --git a/core/modules/dhcpc-busybox/data/opt/openslx/scripts/udhcpc-openslx b/core/modules/dhcpc-busybox/data/opt/openslx/scripts/udhcpc-openslx index 960da782..c034efb5 100755 --- a/core/modules/dhcpc-busybox/data/opt/openslx/scripts/udhcpc-openslx +++ b/core/modules/dhcpc-busybox/data/opt/openslx/scripts/udhcpc-openslx @@ -8,7 +8,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/distro-logo/module.build b/core/modules/distro-logo/module.build new file mode 100644 index 00000000..4e30667f --- /dev/null +++ b/core/modules/distro-logo/module.build @@ -0,0 +1,25 @@ +#!/bin/bash +fetch_source() { + : +} + +build() { + : +} + +post_copy() { + # Try to fetch distro logo + if [ ! -s "$TARGET_BUILD_DIR/etc/distro.png" ]; then + local DIST=$(lsb_release -si) + if [ -n "$DIST" ]; then + [ -z "$CFG_DISTLOGO_URL" ] && CFG_DISTLOGO_URL='http://mltk-services.ruf.uni-freiburg.de/distro_logo.php?distro=' + wget -t 3 -T 3 -O "$TARGET_BUILD_DIR/etc/distro.png" "${CFG_DISTLOGO_URL}${DIST}" + if [ ! -s "$TARGET_BUILD_DIR/etc/distro.png" ]; then + rm -f "$TARGET_BUILD_DIR/etc/distro.png" + pwarning "Could not download distro-logo" + fi + else + pwarning "Could not determine distribution" + fi + fi +} diff --git a/core/modules/distro-logo/module.conf b/core/modules/distro-logo/module.conf new file mode 100644 index 00000000..8811668a --- /dev/null +++ b/core/modules/distro-logo/module.conf @@ -0,0 +1,4 @@ +#!/bin/bash +REQUIRED_BINARIES="" +REQUIRED_LIBRARIES="" +REQUIRED_DIRECTORIES="" diff --git a/core/modules/dnbd3-proxy-mode/data/etc/systemd/system/dnbd3-proxy.service b/core/modules/dnbd3-proxy-mode/data/etc/systemd/system/dnbd3-proxy.service index 709e0724..b5893dd0 100644 --- a/core/modules/dnbd3-proxy-mode/data/etc/systemd/system/dnbd3-proxy.service +++ b/core/modules/dnbd3-proxy-mode/data/etc/systemd/system/dnbd3-proxy.service @@ -10,3 +10,7 @@ Restart=always RestartSec=3 TimeoutStopSec=10 LimitNOFILE=65536 +LimitNICE=-2 +IOSchedulingClass=best-effort +IOSchedulingPriority=2 +OOMScoreAdjust=-100 diff --git a/core/modules/dnbd3/module.conf.ubuntu b/core/modules/dnbd3/module.conf.ubuntu index 9794054b..edd84d97 100644 --- a/core/modules/dnbd3/module.conf.ubuntu +++ b/core/modules/dnbd3/module.conf.ubuntu @@ -6,6 +6,7 @@ REQUIRED_CONTENT_PACKAGES=" REQUIRED_INSTALLED_PACKAGES=" cmake + clang-format zlib1g-dev libfuse-dev fuse diff --git a/core/modules/gdisk/data/inc/prepare_localhd.functions b/core/modules/gdisk/data/inc/prepare_localhd.functions index 50ac0a70..363c5083 100755 --- a/core/modules/gdisk/data/inc/prepare_localhd.functions +++ b/core/modules/gdisk/data/inc/prepare_localhd.functions @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/gdisk/data/inc/setup_gpt.differentapproach b/core/modules/gdisk/data/inc/setup_gpt.differentapproach index aa809529..6f3013ee 100755 --- a/core/modules/gdisk/data/inc/setup_gpt.differentapproach +++ b/core/modules/gdisk/data/inc/setup_gpt.differentapproach @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/gdisk/data/inc/setup_gpt.old b/core/modules/gdisk/data/inc/setup_gpt.old index 29eada70..96d92b1c 100755 --- a/core/modules/gdisk/data/inc/setup_gpt.old +++ b/core/modules/gdisk/data/inc/setup_gpt.old @@ -8,7 +8,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/iptables-helper/data/opt/openslx/iptables/iptables-reloader-worker b/core/modules/iptables-helper/data/opt/openslx/iptables/iptables-reloader-worker index 0c8277a2..62eada61 100755 --- a/core/modules/iptables-helper/data/opt/openslx/iptables/iptables-reloader-worker +++ b/core/modules/iptables-helper/data/opt/openslx/iptables/iptables-reloader-worker @@ -62,6 +62,11 @@ reload_rules () { iptables -w -t mangle -I "$chain" 1 -j "ipt-helper-$chain" done + # Loopback + iptables -w -A ipt-helper-INPUT -i lo -j ACCEPT + iptables -w -A ipt-helper-OUTPUT -o lo -j ACCEPT + # TODO: IPv6 (in general) + # Apply local LOGFILE=$(mktemp) local DISABLED="/opt/openslx/iptables/rules.d/disabled/" diff --git a/core/modules/kernel-vanilla/module.build b/core/modules/kernel-vanilla/module.build index f8d5f351..a6a33f48 100644 --- a/core/modules/kernel-vanilla/module.build +++ b/core/modules/kernel-vanilla/module.build @@ -157,6 +157,7 @@ patch_aufs() { git clone "git://aufs.git.sourceforge.net/gitroot/aufs/${AUFS}-standalone.git" || perror "Cloning ${AUFS} failed." else git clone "git://github.com/sfjro/${AUFS}-standalone.git" || perror "Cloning ${AUFS} failed." + #git clone "git://github.com/bnied/${AUFS}-standalone.git" || perror "Cloning ${AUFS} failed." fi # get the needed version cde "${MODULE_WORK_DIR}/${AUFS}-standalone" @@ -166,16 +167,26 @@ patch_aufs() { if [ -z "$major" ] || [ -z "$minor" ]; then perror "REQUIRED_KERNEL not in properly set, this should not happen!" fi - local NEEDED_BRANCH="aufs${major}.${minor}" - local testvar - while [ "${patch}" -gt 0 ]; do - for testvar in "${branches[@]}"; do - if [ "$testvar" = "${NEEDED_BRANCH}.${patch}" ] || [ "$testvar" = "${NEEDED_BRANCH}.${patch}+" ]; then - NEEDED_BRANCH="$testvar" - break 2 - fi + local testvar outer NEEDED_BRANCH + while (( minor >= 0 )); do + NEEDED_BRANCH="aufs${major}.${minor}" + outer=false + while (( patch > 0 )); do + for testvar in "${branches[@]}"; do + if [ "$testvar" = "${NEEDED_BRANCH}.${patch}" ] || [ "$testvar" = "${NEEDED_BRANCH}.${patch}+" ]; then + NEEDED_BRANCH="$testvar" + break 3 + elif [ "$testvar" = "${NEEDED_BRANCH}" ]; then + outer=true + fi + done + (( patch-- )) done - patch=$(( patch - 1 )) + $outer && break + if (( patch == 0 )); then + patch=500 + (( minor-- )) + fi done pinfo "Getting branch origin/$NEEDED_BRANCH" git checkout "origin/$NEEDED_BRANCH" || git checkout "origin/${AUFS}.x-rcN" || perror "Could not checkout needed branch." diff --git a/core/modules/kernel-vanilla/module.conf b/core/modules/kernel-vanilla/module.conf index 2bae7757..95a9e849 100644 --- a/core/modules/kernel-vanilla/module.conf +++ b/core/modules/kernel-vanilla/module.conf @@ -2,5 +2,5 @@ REQUIRED_BINARIES="" REQUIRED_LIBRARIES="" REQUIRED_DIRECTORIES="" -REQUIRED_KERNEL="5.4.54" +REQUIRED_KERNEL="5.10.40" REQUIRED_GIT="git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git" diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/00-chromium b/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/00-chromium index cf9246a8..bb4204e0 100644 --- a/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/00-chromium +++ b/core/modules/kiosk-chromium/data/opt/openslx/scripts/kiosk-launch.d/00-chromium @@ -9,6 +9,9 @@ if [ "$(whoami)" = "demo" ]; then mkdir -p "$HOME/.config/chromium/Default" fi +cert_to_nssdb /etc/ssl/certs/ "${HOME}/.pki/nssdb" & +nss_pid=$! + # Helper to decode URL-encoded strings # e.g. urldecode http%3A%2F%2Ffoobar.com -> http://foobar.com urldecode() { @@ -72,29 +75,6 @@ if [ -z "$SLX_BROWSER_INTERACTIVE" ]; then # Autologin active, go full fullscreen chromium_args+=("--kiosk") fi - - # swallow keyboard shortcuts of chromium - cat <<- EOF > "$HOME/.xbindkeysrc" - "true" - Control+d - "true" - Control+t - "true" - Control+s - "true" - Control+n - "true" - Control+j - "true" - Control+p - "true" - Control+h - "true" - Control+Shift+o - EOF - # xbinkeys requires a daemon, run it - xbindkeys_autostart & - fi if [ -n "$SLX_BROWSER_RELOAD_SECS" ] && [ "$SLX_BROWSER_RELOAD_SECS" -gt 0 ]; then @@ -136,5 +116,8 @@ if [ -n "$SLX_BROWSER_INSECURE" ]; then chromium_args+=("--allow-running-insecure-content" "--ignore-certificate-errors") fi +# Wait until cert store is fully populated +wait $nss_pid + # finally exec to chromium exec chromium-browser "${chromium_args[@]}" diff --git a/core/modules/kiosk-chromium/module.conf.ubuntu b/core/modules/kiosk-chromium/module.conf.ubuntu index 708eac72..f5d87627 100644 --- a/core/modules/kiosk-chromium/module.conf.ubuntu +++ b/core/modules/kiosk-chromium/module.conf.ubuntu @@ -2,6 +2,7 @@ REQUIRED_CONTENT_PACKAGES=" jq xbindkeys + libnss3-tools " REQUIRED_INSTALLED_PACKAGES="$REQUIRED_CONTENT_PACKAGES" REQUIRED_BINARIES="" diff --git a/core/modules/kiosk-common/data/opt/openslx/lightdm/xbindkeys-kiosk-interactive.rc b/core/modules/kiosk-common/data/opt/openslx/lightdm/xbindkeys-kiosk-interactive.rc new file mode 100644 index 00000000..70e197a1 --- /dev/null +++ b/core/modules/kiosk-common/data/opt/openslx/lightdm/xbindkeys-kiosk-interactive.rc @@ -0,0 +1,8 @@ + "pactl set-sink-volume @DEFAULT_SINK@ +1000" + XF86AudioRaiseVolume + "pactl set-sink-volume @DEFAULT_SINK@ -1000" + XF86AudioLowerVolume + "pactl set-sink-mute @DEFAULT_SINK@ toggle" + XF86AudioMute + "pactl set-source-mute @DEFAULT_SOURCE@ toggle" + XF86AudioMicMute diff --git a/core/modules/kiosk-common/data/opt/openslx/lightdm/xbindkeys-kiosk.rc b/core/modules/kiosk-common/data/opt/openslx/lightdm/xbindkeys-kiosk.rc new file mode 100644 index 00000000..4f9e7cf5 --- /dev/null +++ b/core/modules/kiosk-common/data/opt/openslx/lightdm/xbindkeys-kiosk.rc @@ -0,0 +1,24 @@ + "true" + Control+d + "true" + Control+t + "true" + Control+s + "true" + Control+n + "true" + Control+j + "true" + Control+p + "true" + Control+h + "true" + Control+Shift+o + "pactl set-sink-volume @DEFAULT_SINK@ +1000" + XF86AudioRaiseVolume + "pactl set-sink-volume @DEFAULT_SINK@ -1000" + XF86AudioLowerVolume + "pactl set-sink-mute @DEFAULT_SINK@ toggle" + XF86AudioMute + "pactl set-source-mute @DEFAULT_SOURCE@ toggle" + XF86AudioMicMute diff --git a/core/modules/kiosk-common/data/opt/openslx/scripts/kiosk-launch b/core/modules/kiosk-common/data/opt/openslx/scripts/kiosk-launch index 79f08e3d..263ff855 100755 --- a/core/modules/kiosk-common/data/opt/openslx/scripts/kiosk-launch +++ b/core/modules/kiosk-common/data/opt/openslx/scripts/kiosk-launch @@ -7,6 +7,8 @@ export PATH="$PATH:/opt/openslx/sbin:/opt/openslx/bin" [ -z "$SLX_BROWSER_URL" ] && exit 1 +. /opt/openslx/bin/slx-tools + # disable power management features xset s off xset -dpms @@ -17,6 +19,14 @@ openbox --config-file "/etc/xdg/openbox/rc.xml.kiosk" & # move the mouse away xdotool mousemove 20000 20000 +if [ -z "$SLX_BROWSER_INTERACTIVE" ]; then + # swallow keyboard shortcuts of chromium + xbindkeys -f /opt/openslx/lightdm/xbindkeys-kiosk.rc & +else + # volume controls only + xbindkeys -f /opt/openslx/lightdm/xbindkeys-kiosk-interactive.rc & +fi + # Remember list of jobs running the background, so we can clean up # any mess left around by failed attempts below # diff --git a/core/modules/ntfsfree/data/opt/openslx/scripts/thinpool-grow b/core/modules/ntfsfree/data/opt/openslx/scripts/thinpool-grow index e735fa45..7ed678f7 100755 --- a/core/modules/ntfsfree/data/opt/openslx/scripts/thinpool-grow +++ b/core/modules/ntfsfree/data/opt/openslx/scripts/thinpool-grow @@ -119,7 +119,7 @@ exit_hook() { [ -n "$HAVE_LOCK" ] && unlock } -trap exit_hook EXIT TERM INT +trap exit_hook EXIT # Try to grow via NTFS volume # Must honor and update $current_data_sz, and echo into $new_table @@ -335,7 +335,9 @@ elif [ "$MODE" = "wait" ]; then else (( next++ )) fi - dmsetup wait "$POOL" "$next" || break + dmsetup wait "$POOL" "$next" &>> "$DEBUG_FILE" \ + || dmsetup wait "$POOL" "$next" &>> "$DEBUG_FILE" \ + || break done debug "Error in dmsetup wait" exit 1 diff --git a/core/modules/nvidia-libs/data/addon-init b/core/modules/nvidia-libs/data/addon-init index 061bff6b..ae0734c2 100755 --- a/core/modules/nvidia-libs/data/addon-init +++ b/core/modules/nvidia-libs/data/addon-init @@ -1,6 +1,6 @@ #!/bin/ash -[ -e "/opt/openslx/etc/nvidia.whiteout" ] || exit 66 +[ -e "/opt/openslx/etc/nvidia.whiteout" ] || exit 0 while read line; do rm -f -- "$line" diff --git a/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm b/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm index a22a115f..c43ed314 100755 --- a/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm +++ b/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm @@ -95,7 +95,7 @@ if ! [ -s "${IDP_QUERY_CACHE}" ]; then echo "No IDP info cached, cache path not writable for current user." exit 7 fi - idpret="$(curl -w "%{http_code}" -o "${IDP_QUERY_CACHE}" --connect-timeout 5 --max-time 15 "$IDP_QUERY_URL")" + idpret="$(curl --retry 3 --retry-connrefused --retry-delay 1 --retry-max-time 15 -w "%{http_code}" -o "${IDP_QUERY_CACHE}" --connect-timeout 2 --max-time 6 "$IDP_QUERY_URL")" if [ "${#idpret}" != 3 ] || [ "x${idpret:0:1}" != "x2" ]; then echo "Could not download the list of identity providers from '$IDP_QUERY_URL'. Aborting." rm -f -- "$IDP_QUERY_CACHE" diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth index 9de61708..264e3c1e 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth @@ -215,7 +215,7 @@ chown "${USER_UID}" "${TEMP_HOME_DIR}/WARNING.txt" # Remember for hooks in auth-slx-source.d if [ "${NETWORK_HOME:0:2}" = '//' ]; then - PERSISTENT_NETPATH=$(echo "$NETWORK_HOME" | tr '/' '\') + PERSISTENT_NETPATH=$(echo "$NETWORK_HOME" | tr '/' '\\') else PERSISTENT_NETPATH="$NETWORK_HOME" fi diff --git a/core/modules/qemukvm/data/opt/openslx/scripts/systemd-qemukvm_env b/core/modules/qemukvm/data/opt/openslx/scripts/systemd-qemukvm_env new file mode 100755 index 00000000..7717394d --- /dev/null +++ b/core/modules/qemukvm/data/opt/openslx/scripts/systemd-qemukvm_env @@ -0,0 +1,28 @@ +#!/bin/ash +# ----------------------------------------------------------------------------- +# +# Copyright (c) 2017..2018 bwLehrpool-Projektteam +# +# This program/file is free software distributed under the GPL version 2. +# See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html +# +# If you have any feedback please consult https://bwlehrpool.de and +# send your feedback to support@bwlehrpool.de. +# +# General information about bwLehrpool can be found at https://bwlehrpool.de +# +# ----------------------------------------------------------------------------- +# systemd-qemukvm_env +# - This is the preparation script for the configuration of Linux Qemu/KVM. +################################################################################ + +# lazy load all kvm related modules +modprobe kvm +modprobe kvm_amd +modprobe kvm_intel + +if [ ! -e /dev/kvm ]; then + slxlog "qemukvm-modules" "/dev/kvm not found! Missing kvm kernel module(s)?" + exit 1 +fi + diff --git a/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/includes/finalize_start_command.inc b/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/includes/finalize_start_command.inc new file mode 100644 index 00000000..eff764fe --- /dev/null +++ b/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/includes/finalize_start_command.inc @@ -0,0 +1,49 @@ +# ----------------------------------------------------------------------------- +# +# Copyright (c) 2009..2018 bwLehrpool-Projektteam +# +# This program/file is free software distributed under the GPL version 2. +# See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html +# +# If you have any feedback please consult https://bwlehrpool.de and +# send your feedback to support@bwlehrpool.de. +# +# General information about bwLehrpool can be found at https://bwlehrpool.de +# +# ----------------------------------------------------------------------------- +# run-virt.include +# - Include script for running the QEMU/Linux KVM virtual machine on an +# OpenSLX client via the run-virt.sh or run-vmgrid.sh +################################################################################ + +# set options that depend on previous includes +# and build the final start command +finalize_start_command() { + + # set cpu type + VIRTCMDOPTS+=( "-cpu" "host" ) + # set cpu cores + VIRTCMDOPTS+=( "-smp" "${CPU_CORES}" ) + + # set RAM + VIRTCMDOPTS+=( "-m" "${VM_MEM}" ) + + # special feature for real and virtual floppy disks + isset FLOPPY_0 && VIRTCMDOPTS+=( "-fda" "${FLOPPY_0}" ) + isset SLX_FLOPPY_IMG && VIRTCMDOPTS+=( "-fdb" "${SLX_FLOPPY_IMG}" ) + + # add optical drive if available + isset CDROM_0 && VIRTCMDOPTS+=( "-cdrom" "${CDROM_0}" ) + + # audio + isset SOUND_DEV && VIRTCMDOPTS+=( "-soundhw" "${SOUND_DEV}" ) + + # serial devices TODO test + if isset SERIAL_PORTS; then + for DEV in $SERIAL_PORTS; do + : # buggeh: VIRTCMDOPTS+=( "-serial" "${DEV}" ) + done + fi +} + +call_post_source finalize_start_command diff --git a/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/includes/init_core.inc b/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/includes/init_core.inc new file mode 100644 index 00000000..53f214bd --- /dev/null +++ b/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/includes/init_core.inc @@ -0,0 +1,54 @@ +# ----------------------------------------------------------------------------- +# +# Copyright (c) 2009..2018 bwLehrpool-Projektteam +# +# This program/file is free software distributed under the GPL version 2. +# See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html +# +# If you have any feedback please consult https://bwlehrpool.de and +# send your feedback to support@bwlehrpool.de. +# +# General information about bwLehrpool can be found at https://bwlehrpool.de +# +# ----------------------------------------------------------------------------- +# run-virt.include +# - Include script for running the QEMU/Linux KVM virtual machine on an +# OpenSLX client via the run-virt.sh or run-vmgrid.sh +################################################################################ + +# check if kvm kernel module are available +if [ ! -c /dev/kvm ]; then + writelog "KVM kernel modules not loaded!" + EXIT_TYPE="internal" EXIT_REASON="QEMU/KVM Virtualisierer nicht initialisiert!" cleanexit 1 +fi + +# check if qemu binaries are available +if ! check_dep qemu-system-{i386,x86_64}; then + writelog "QEMU binaries not available!" + EXIT_TYPE="internal" EXIT_REASON="QEMU/KVM Virtualisierer nicht initialisiert!" cleanexit 1 +fi + +# set general purpose options here, mostly evaluates information +# contained in /opt/openslx/vmchooser/config/virtualization.conf + +# TODO some options should come from the server, in particular +# - disk controller type (virtio, scsi, ide...) +# - arch to emulate (x86_64, i386, ...) +# - graphics mode? +# - sound dev? +# - tbd + +# display name, remove blanks because of cmdline problems +declare -rg CMD_DISPLAYNAME=$(echo ${VM_DISPLAYNAME} | sed -e "s, ,-,g;s,(,[,g;s,),],g") +VIRTCMDOPTS+=( "-name" "${CMD_DISPLAYNAME}" ) + +# graphical start: vga, vmware, qxl, spice? +VIRTCMDOPTS+=( "-vga" "std" "-full-screen" ) + +# hot keys ALT+CTRL+SHIFT (does not work properly!?) +VIRTCMDOPTS+=( "-alt-grab" ) + +# TODO support other types of boot? any usecase for network boot? +# for now just boot from disk +VIRTCMDOPTS+=( "-boot" "c" ) + diff --git a/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/run-virt.include b/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/run-virt.include new file mode 100644 index 00000000..a1a41499 --- /dev/null +++ b/core/modules/qemukvm/data/opt/openslx/vmchooser/plugins/qemukvm/run-virt.include @@ -0,0 +1,44 @@ +# ----------------------------------------------------------------------------- +# +# Copyright (c) 2009..2018 bwLehrpool-Projektteam +# +# This program/file is free software distributed under the GPL version 2. +# See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html +# +# If you have any feedback please consult https://bwlehrpool.de and +# send your feedback to support@bwlehrpool.de. +# +# General information about bwLehrpool can be found at https://bwlehrpool.de +# +# ----------------------------------------------------------------------------- +# run-virt.include +# - qemu/kvm plugin for vmchooser run-virt +################################################################################ + +# BASH_SOURCE[0] contains the file being sourced, namely this one +declare -rg QEMUKVM_PLUGIN_DIR="$(dirname "${BASH_SOURCE[0]}")" +declare -rg QEMUKVM_INCLUDE_DIR="${QEMUKVM_PLUGIN_DIR}/includes" + +# TODO make this part of the metadata coming from the server +# TBD: "firewall printer usb slxfloppy sound netshares" +declare -rg PLUGIN_FEATURES="slxfloppy" + +run_plugin() { + # declaration of default functions and variables for vmware + $(safesource --exit "${QEMUKVM_INCLUDE_DIR}/init_core.inc") + + # determine limitations wrt RAM and CPU count of VM + $(safesource "${QEMUKVM_INCLUDE_DIR}/determine_hardware_limitations.inc") + + # setup networking + $(safesource "${QEMUKVM_INCLUDE_DIR}/setup_network.inc") + + # setup rw layer for ro image + $(safesource "${QEMUKVM_INCLUDE_DIR}/setup_rw_layer.inc") + + # build the final start command + $(safesource "${QEMUKVM_INCLUDE_DIR}/finalize_start_command.inc") + + # print summary - needs writelog() from vmchooser-run_virt + $(safesource "${QEMUKVM_INCLUDE_DIR}/log_config_summary.inc") +} diff --git a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver index 0fd80cab..e6e7f568 100755 --- a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver +++ b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver @@ -3,7 +3,9 @@ [ -z "$SLX_KCL_SERVERS" ] && . /opt/openslx/config [ "$DISPLAY" = :0 ] && [ -n "$SLX_REMOTE_VNC" ] && { - # TODO GET + # TODO If we support multiple parallel sessions in the future, we need dedicated + # ports for each session for both, the VNC and the RPC port. + vnc_port="${SLX_REMOTE_VNC_PORT:-5900}" srchost="$SLX_REMOTE_HOST_ACCESS" if [ -n "$srchost" ]; then # IPTABLES @@ -11,8 +13,10 @@ if ! [ -e "$rule" ]; then ( echo "#!/bin/sh" - echo "iptables -A INPUT \! -s "'"'"$srchost"'"'" -p tcp --dport 5900 -j DROP" - echo "iptables -A INPUT \! -s "'"'"$srchost"'"'" -p tcp --dport 5901 -j DROP" + echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport $vnc_port -j ACCEPT" + echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 7551 -j ACCEPT" + echo "iptables -A INPUT -p tcp --dport $vnc_port -j DROP" + echo "iptables -A INPUT -p tcp --dport 7551 -j DROP" ) > "$rule" chmod +x "$rule" fi @@ -24,20 +28,23 @@ printf "%s" "$passwd" > "/tmp/vnc-passwd" url="http://${SLX_PXE_SERVER_IP}/slx-admin/api.php?do=remoteaccess" curl -s -S -L --retry 4 --retry-connrefused --max-time 3 --retry-max-time 10 \ - --data-urlencode "password=$passwd" "$url" > /dev/null + --data-urlencode "password=$passwd" \ + --data-urlencode "vncport=$vnc_port" \ + "$url" > /dev/null ( # Make a copy of xauth, so if the xserver restarts, we'll use the old one and fail to connect if [ -n "$XAUTHORITY" ]; then copy="$( mktemp )" cat "$XAUTHORITY" > "$copy" export XAUTHORITY="$copy" - trap 'rm -f -- "$copy"' EXIT INT TERM + trap 'exit 1' INT TERM + trap 'rm -f -- "$copy"' EXIT fi fails=0 while true; do s="$( date +%s )" # skip keycode stuff fixes altgr for vmware - x11vnc -rfbport 5900 -shared -forever -noxrecord -xkb -capslock -skip_keycodes 92,187,188 -remap DEAD=gac,U20AC-EuroSign -passwd "$passwd" + x11vnc -rfbport "$vnc_port" -shared -forever -noxrecord -xkb -capslock -skip_keycodes 92,187,188 -remap DEAD=gac,U20AC-EuroSign -passwd "$passwd" e="$( date +%s )" d="$(( e - s ))" if [ "$d" -gt 5 ]; then @@ -54,7 +61,8 @@ vmvnc=false idle=0 # In case of stale entry - iptables -t nat -D PREROUTING -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + # TODO: This sucks anyways performance-wise for VMware, maybe remove? + iptables -t nat -D PREROUTING -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901 while [ -d "/proc/${vncpid}" ]; do sleep 5 if netstat -tn | awk 'BEGIN{ e=1 } { if ($4 ~ /:590[0123]$/) e=0 } END{ exit e }'; then @@ -78,13 +86,13 @@ if ! $vmvnc; then killall x11vnc usleep 10000 - iptables -t nat -I PREROUTING 1 -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + iptables -t nat -I PREROUTING 1 -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901 fi vmvnc=true else # disable if $vmvnc; then - iptables -t nat -D PREROUTING -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + iptables -t nat -D PREROUTING -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901 fi vmvnc=false fi diff --git a/core/modules/run-virt-docker/data/opt/openslx/pam/hooks/auth-final-exec.d/30-add-to-docker.sh b/core/modules/run-virt-docker/data/opt/openslx/pam/hooks/auth-final-exec.d/30-add-to-docker.sh new file mode 100755 index 00000000..f5db36e4 --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/pam/hooks/auth-final-exec.d/30-add-to-docker.sh @@ -0,0 +1,23 @@ +#!/bin/ash + +adduser "${PAM_USER}" "docker" + +# create a location for user bind mount +# used in /opt/openslx/vmchooser/plugins/docker/includes/init-bind-mount.inc +DOCKER_TMP="/tmp/docker" +[ -e $DOCKER_TMP ] && rm -rf -- $DOCKER_TMP +[ ! -e $DOCKER_TMP ] && mkdir -p $DOCKER_TMP && chmod 0777 $DOCKER_TMP + +# TODO Check if same user logs on to the system. +# if prev_user != curr_user then delete existing /tmp/virt/docker/prev_user_uid:prev_user_gid/ + +# This changes the subuid and subgid for the dockremap(user) to the current user and restards the docker daemon. +# Because off this change in the docker daemon, for each userns will be a directory under /tmp/virt/docker/ +# so new users cannot uses previously downloade images by other user. +# But it saves the next user from using images, created by the previous user. + +sed -i "s/dockremap:[0-9]\+.65536/dockremap:$(id -u ${PAM_USER}):65536/g" /etc/subuid +sed -i "s/dockremap:[0-9]\+.65536/dockremap:$(id -g ${PAM_USER}):65536/g" /etc/subgid +systemctl restart docker.service + +exit 0 diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/.bwlp-user-conf b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/.bwlp-user-conf new file mode 100755 index 00000000..ae6cb288 --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/.bwlp-user-conf @@ -0,0 +1,21 @@ +#!/bin/bash +# this configfile holds env vars for user context + +# Functions (writelog(), cleanexit(), safesource()) +source /opt/openslx/vmchooser/run-virt-includes/vmchooser_runvirt_functions.inc + +# do not use writelog in this context +function writelog () { + echo $1 +} + +export DOCKER_PLUGIN_DIR="" +export DOCKER_INCLUDE_DIR="" +export TMPDIR="" +export RUNSCRIPT="" + +export VM_DISKFILE_RO="" + +export CONTAINER_BUILD_CONTEXT="" +export CONTAINER_IMAGE_NAME="" +export CONTAINER_RUN_OPTIONS="" diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/docker-init b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/docker-init new file mode 100755 index 00000000..5f52a16d --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/docker-init @@ -0,0 +1,74 @@ +#!/bin/bash + +USER_CONTAINER_CONFIG="" + +echo "+ source user_config $USER_CONTAINER_CONFIG" +source $USER_CONTAINER_CONFIG + +load_image () { + + IMAGE_SIZE=$(stat --printf="%s" $VM_DISKFILE_RO) + # check file size of VM_DISKFILE_RO is equals to 4096 = 4kB (because of padding) + if [[ $IMAGE_SIZE -eq 4096 ]]; then + echo "+ build container image with build_context" + echo "+ docker build --tag $CONTAINER_IMAGE_NAME $CONTAINER_BUILD_CONTEXT" + docker build --tag $CONTAINER_IMAGE_NAME $CONTAINER_BUILD_CONTEXT + else + # In this case a pre build container image (tar archive from "docker save ...") + # will be loaded into the local docker daemon. + echo "+ load container image" + # create TMP_FILE for image + local TMP_FILE=$(mktemp) + # write currently existing image ids into TMP_FILE + cp $VM_DISKFILE_RO $TMP_FILE + # recieve the RepoTag form the manifest.json inside the tar + local REPO_TAG=$(tar -axf $TMP_FILE manifest.json -O | jq -r '.[].RepoTags[0]') + # load image from tar file + docker load --input $TMP_FILE + # rename image + docker tag "$REPO_TAG" "$CONTAINER_IMAGE_NAME" + rm -f -- "$TMP_FILE" + fi + retval=$? + return $retval +} + +main () +{ + # TODO only check by image name could be bad, images whith a same name could exist + + # check if the container_image_name already loaded in docker daemon + if [[ -z $(docker images $CONTAINER_IMAGE_NAME -q) ]]; then + echo "+ Image unknown by docker daemon ..." + load_image + + if [[ "$retval" != "0" ]]; then + echo "...could not build/load container image!...giving up..." + return -1 + fi + fi + + if [[ -n "$(docker ps -aq)" ]]; then + echo "+ cleanup running container" + docker rm --force $(docker ps -aq) > /dev/null + fi + + echo "+ start container..." + echo "+ docker run $CONTAINER_RUN_OPTIONS $CONTAINER_BIND_MOUNT_STRING $CONTAINER_IMAGE_NAME" + docker run $CONTAINER_RUN_OPTIONS $CONTAINER_BIND_MOUNT_STRING $CONTAINER_IMAGE_NAME + + if [[ "$?" != "0" ]]; then + echo "...container start failed!...giving up..." + return -1 + fi + + if [[ -n $RUNSCRIPT ]]; then + echo "+ execute user runscript" + /bin/bash $RUNSCRIPT + fi +} + +main + +# keeping terminal open +bash diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/docker-init.desktop b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/docker-init.desktop new file mode 100755 index 00000000..87d418ea --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/docker-init.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Encoding=UTF-8 +Name=docker-init +Type=Application +Exec= +Icon= +Terminal=true +StartupNotify=true +Hidden=false +GenericName= +GenericName[en_US]=
\ No newline at end of file diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/gio_allow_root_fix.inc b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/gio_allow_root_fix.inc new file mode 100755 index 00000000..9ef14d81 --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/gio_allow_root_fix.inc @@ -0,0 +1,12 @@ +#!/bin/bash +writelog "+ apply 'allow_root' Option for gvfsd-fuse" + +# exec dummy call to start gvfsd and gvfsd-fuse +gio mount + +# create gvfs user dir mybe it does not exist at this point +mkdir -p "/run/user/$(id -u)/gvfs" + +fusermount -zu "/run/user/$(id -u)/gvfs" +killall gvfsd-fuse +/usr/lib/gvfs/gvfsd-fuse -o allow_root "/run/user/$(id -u)/gvfs" diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/gio_mount_netshare.inc b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/gio_mount_netshare.inc new file mode 100755 index 00000000..50e28fc0 --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/gio_mount_netshare.inc @@ -0,0 +1,173 @@ +#!/bin/bash + +# This script will be exectutet in docker lectures +# and provide the functonallity to mount netshares in the bwlp maxilinux system for the logged in user. +# + +# VARS +# +NETSHAREFILE="$CONFDIR/netshares" +CONFIGFILE="$TMPDIR/configfile" + +MOUNTS=() +DIRECTORY_LINKS=() + +GVFS_MOUNTDIR="/run/user/$( id -u "$USER" )/gvfs" + +declare -a ROHSHARES + +function cleanup_gio_mount() +{ + for i in "${MOUNTS[@]}"; do + gio mount -u "$i" + done + + for i in "${DIRECTORY_LINKS[@]}"; do + unlink "$i" + done +} + +function do_mount() +{ +gio mount "$MOUNT_PREFIX$SHAREPATH" <<HEREDOC +$MOUNT_USER + +$MOUNT_PASS +HEREDOC + DO_MOUNT_RETVAL=$? +} + + +function provide_directory_links() +{ + # split sharepath into server address and share + # expected: //server.name.de/share + IFS='/' read -ra SHAREINFO <<< "$SHAREPATH" # str is read into an array as tokens separated by IFS + + # index 0 and 1 are zero 2 is SHARESERVER 3 is SHARENAME + if [[ -z "${SHAREINFO[2]}" && -z "${SHAREINFO[3]}" ]]; then + writelog "+ shareinfo not as expected, can not create dir links" + return 1 + fi + + local SHARESERVER="${SHAREINFO[2]}" + local SHARE="${SHAREINFO[3]}" + + local SHARE_MOUNT_POINT="$GVFS_MOUNTDIR/smb-share:server=${SHARESERVER},share=${SHARE}" + + if [[ ! -e "$SHARE_MOUNT_POINT" ]]; then + writelog "+ mount directory for $SHAREPATH not found, can not create links!" + return 1 + fi + + NETSHARE_DIR["$SHARELETTER"]="$SHARE_MOUNT_POINT" + + # create link do desktop and user home + ln -sf "${SHARE_MOUNT_POINT}" "${HOME}/${SHARENAME}" + mkdir -p "${HOME}/Desktop" + ln -sf "${SHARE_MOUNT_POINT}" "${HOME}/Desktop/${SHARENAME}" + + # register cleanup function + DIRECTORY_LINKS+=("${HOME}/${SHARENAME}") + DIRECTORY_LINKS+=("${HOME}/Desktop/${SHARENAME}") +} + + +function mount_shares() +{ + for (( CONFIGROW = 1; CONFIGROW < ${#ROHSHARES[@]}; CONFIGROW++ )); do + SHAREPATH=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 1 -d$'\t' | \ + sed 's:\\:/:g') + SHARELETTER=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 2 -d$'\t' | \ + sed 's/://g') # Laufwerksbuchstabe ohne : + SHARENAME=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 3 -d$'\t' | sed 's/ /_/g') # Leerzeichen raus. + SHAREUSER=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 4 -d$'\t') # Username, bei Userhome nicht vorhanden + SHAREPASS=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 5 -d$'\t') # User-PW, bei Userhome nicht vorhanden + + + MOUNT_PREFIX="smb:" + + if [[ -z "$SHAREUSER" || -z "$SHAREPASS" ]]; then + MOUNT_USER="$USER" + MOUNT_PASS="$PW" + else + MOUNT_USER="$SHAREUSER" + MOUNT_PASS="$SHAREPASS" + fi + + writelog "+ mount netshare $MOUNT_PREFIX$SHAREPATH" + do_mount > /dev/null + + if [[ "$DO_MOUNT_RETVAL" -eq 0 ]]; then + writelog "+ ... mount was successfull" + sleep 1 + provide_directory_links + MOUNTS+=("$MOUNT_PREFIX$SHAREPATH") + else + writelog "+ ... mount faild" + fi + done + + unset MOUNT_USER MOUNT_PASS +} + + +function gio_mount() +{ + # CLEANUP + rm -f -- "$CONFIGFILE" + touch "$CONFIGFILE" + # TODO existing gio mounts shouldn´t exist at this points + # remove them anyway + for location in "$GVFS_MOUNTDIR"/*; do + [ -d "$location" ] && gio mount -u "$location" + done + sleep 1 + + # Fill CONFIGFILE with pwdaemon info, how it is done in /opt/openslx/vmchooser/run-virt.d/setup_virtual_floppy.inc + # TODO some checks if everthing run fine. + pwdaemon --query "$HOME/.pwsocket" > "$CONFIGFILE" + sed -i 's/^/192.168.101.1\t/' "$CONFIGFILE" + + # Attach netshares to CONFIGFILE + cat "$NETSHAREFILE" >> "$CONFIGFILE" + + # With this preparetion of CONFIGFILE functions from /opt/openslx/vmchooser/data/linux/includes/ + # can be uesed. NATADDR, PORT, KEYTEMP, RAWKEYTEMP and BYTES required in get_creds + NATADDR=$( head -n 1 "$CONFIGFILE" | cut -f 1 -d$'\t' ) + PORT=$( head -n 1 "$CONFIGFILE" | cut -f 2 -d$'\t' ) + KEYTEMP="$( mktemp -t XXXXXXXXXX.dat )" + RAWKEYTEMP="$( mktemp -t XXXXXXXXXX.dat )" + BYTES=256 + + source /opt/openslx/vmchooser/data/linux/includes/10_functions.inc + source /opt/openslx/vmchooser/data/linux/includes/20_get_creds.inc + source /opt/openslx/vmchooser/data/linux/includes/30_get_shares.inc + + # getting user credentials + get_creds + + # load shares from CONFIGFILE (../metadata/netshares) into ROHSHARES variable + get_shares + + # check if required VARS for mounting are non zero + if [[ -n "$ROHSHARES" && -n "$PW" && -n "$USER" ]]; then + # mount each mountpoint + writelog "+ initialize complete ... mount shares" + mount_shares + else + writelog "+ initialize failed" + fi +} + +# check if size of NETSHAREFILE > 0 +if [[ -s "$NETSHAREFILE" ]]; then + writelog "+ NETSHAREFILE: ${NETSHAREFILE} contains informations for network drives... initialize gio mount" + gio_mount + add_cleanup cleanup_gio_mount +else + writelog "+ NETSHAREFILE: ${NETSHAREFILE} empty ... nothing to mount" +fi + +unset PW +rm -f -- "$KEYTEMP" "$RAWKEYTEMP" "$CONFIGFILE" diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/init_bind_mount.inc b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/init_bind_mount.inc new file mode 100755 index 00000000..ad82ef51 --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/init_bind_mount.inc @@ -0,0 +1,57 @@ +#!/bin/bash + +## required vars +# TMPDIR=/tmp/virt/<CURRENT_USER>/<PID>/ +# USER_CONTAINER_CONFIG +# NETSHARE_DIR + +# vars +BIND_MOUNT_FILE="$CONFDIR/container_meta.json" +# TODO: Maybe make this an array to support spaces +BIND_MOUNT_STRING="" + + +BIND_MOUNT_COUNT="$( cat "$BIND_MOUNT_FILE" | jq '.bind_mount_config | length' )" + +for (( index=0; index < "$BIND_MOUNT_COUNT"; index++ )); do + + BIND_MOUNT_INFO="$( jq .bind_mount_config["$index"] "$BIND_MOUNT_FILE" )" + + # expecting source to be a MOUNT_LETTER, wich must replaced with the directory + BIND_MOUNT_SOURCE="$( jq -r .source <<< "$BIND_MOUNT_INFO" )" + BIND_MOUNT_TARGET="$( jq -r .target <<< "$BIND_MOUNT_INFO" )" + BIND_MOUNT_OPTION="$( jq -r .option <<< "$BIND_MOUNT_INFO" )" + + if [[ -z "$BIND_MOUNT_SOURCE" || -z "$BIND_MOUNT_TARGET" ]]; then + writelog "+ no proper bind mount option provided!" + continue + fi + + # USER_HOME is selected + if [[ "$BIND_MOUNT_SOURCE" == "USER_HOME" ]]; then + if [[ -d "$HOME/PERSISTENT" ]]; then + BIND_MOUNT_STRING+=" --mount type=bind,source=$HOME/PERSISTENT,target=$BIND_MOUNT_TARGET" + else + # user has no PERSISTENT, maybe this is a demo user just mount $HOME + BIND_MOUNT_STRING+=" --mount type=bind,source=$HOME,target=$BIND_MOUNT_TARGET" + fi + + # If USER_TMP is used, create a locaten for client user and bind mount into container + elif [[ "$BIND_MOUNT_SOURCE" == "USER_TMP" ]]; then + # DOCKER_TMP created and cleand in opt/openslx/pam/hooks/auth-final-exec.d/30-add-to-docker.sh + DOCKER_TMP="/tmp/docker" + DOCKER_USER_TMP="$DOCKER_TMP/$(id -u)" + [ ! -e $DOCKER_USER_TMP ] && mkdir -p $DOCKER_USER_TMP && chmod 0700 $DOCKER_USER_TMP + BIND_MOUNT_STRING+=" --mount type=bind,source=$DOCKER_USER_TMP,target=$BIND_MOUNT_TARGET" + + elif [[ -z "${NETSHARE_DIR[$BIND_MOUNT_SOURCE]}" ]]; then + writelog "+ no bind mount mapping for letter $BIND_MOUNT_SOURCE found!" + continue + else + BIND_MOUNT_STRING+=" --mount type=bind,\\\"source=${NETSHARE_DIR[$BIND_MOUNT_SOURCE]}\\\",target=$BIND_MOUNT_TARGET" + fi + +done + +writelog "+ write final CONTAINER_BIND_MOUNT_STRING $BIND_MOUNT_STRING in config $USER_CONTAINER_CONFIG" +echo "CONTAINER_BIND_MOUNT_STRING=\"${BIND_MOUNT_STRING}\"" >> ${USER_CONTAINER_CONFIG} diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/init_user_context.inc b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/init_user_context.inc new file mode 100644 index 00000000..99ba4580 --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/includes/init_user_context.inc @@ -0,0 +1,92 @@ +#!/bin/bash + + +function process_container_meta() +{ + writelog "+ process container_meta.json" + # Try to make a valid CONTAINER_IMAGE_NAME + export CONTAINER_IMAGE_NAME=$( jq -r '.image_name' "$CONFDIR/container_meta.json" | \ + tr '[:upper:]' '[:lower:]' | sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' | sed -e 's/[[:space:]]/_/g') + export CONTAINER_RUN_OPTIONS=$( jq -r '.run_options' "$CONFDIR/container_meta.json" ) + + + # set build context + build_context_method=$( jq -r '.build_context_method' "$CONFDIR/container_meta.json" ) + if [[ "$build_context_method" == "0" ]]; then + writelog "+ container_build_context: dockerfile" + export CONTAINER_BUILD_CONTEXT="$CONFDIR/" + elif [[ "$build_context_method" == "1" ]]; then + writelog "+ container_build_context: git url" + export CONTAINER_BUILD_CONTEXT=$( jq -r '.build_context_url' "$CONFDIR/container_meta.json" ) + else + writelog "+ no proper build_context_method!" + cleanexit 1 + fi +} + + +function setup_user_container_context() +{ + mkdir -p "$USER_CONTAINER_CONTEXT" + # init user directory with scripts + cp "$DOCKER_PLUGIN_DIR/docker-init" "$USER_CONTAINER_CONTEXT/" + cp "$DOCKER_PLUGIN_DIR/remount" "$USER_CONTAINER_CONTEXT/" + cp "$DOCKER_PLUGIN_DIR/.bwlp-user-conf" "$USER_CONTAINER_CONFIG" + chmod u+x "$USER_CONTAINER_CONTEXT/docker-init" + chmod u+x "$USER_CONTAINER_CONTEXT/remount" +} + + +function setup_user_container_autostart() +{ + # TODO: maybe there is a better way to load and start the container which is used in the current lecture + mkdir -p "$HOME/.config/autostart/" + cp -f "$DOCKER_PLUGIN_DIR/docker-init.desktop" "$HOME/.config/autostart/" + sed -i "s:Exec=:Exec=$USER_CONTAINER_CONTEXT/docker-init:" "$HOME/.config/autostart/docker-init.desktop" +} + + +function init_user_container_config() +{ + if [[ ! -f "$USER_CONTAINER_CONFIG" ]]; then + writelog "+ USER_CONTAINER_CONFIG: $USER_CONTAINER_CONFIG does not exist!" + cleanexit 1 + fi + + process_container_meta + + writelog "+ init USER_CONTAINER_CONFIG: $USER_CONTAINER_CONFIG" + sed -i "s#export DOCKER_PLUGIN_DIR=".*"#export DOCKER_PLUGIN_DIR=\"$DOCKER_PLUGIN_DIR\"#" "$USER_CONTAINER_CONFIG" + sed -i "s#export DOCKER_INCLUDE_DIR=".*"#export DOCKER_INCLUDE_DIR=\"$DOCKER_INCLUDE_DIR\"#" "$USER_CONTAINER_CONFIG" + sed -i "s#export TMPDIR=".*"#export TMPDIR=\"$TMPDIR\"#" "$USER_CONTAINER_CONFIG" + + sed -i "s#export VM_DISKFILE_RO=".*"#export VM_DISKFILE_RO=\"$VM_DISKFILE_RO\"#" "$USER_CONTAINER_CONFIG" + + sed -i "s#export CONTAINER_BUILD_CONTEXT=".*"#export CONTAINER_BUILD_CONTEXT=\"$CONTAINER_BUILD_CONTEXT\"#" "$USER_CONTAINER_CONFIG" + sed -i "s#export CONTAINER_IMAGE_NAME=".*"#export CONTAINER_IMAGE_NAME=\"$CONTAINER_IMAGE_NAME\"#" "$USER_CONTAINER_CONFIG" + sed -i "s#export CONTAINER_RUN_OPTIONS=".*"#export CONTAINER_RUN_OPTIONS=\"$CONTAINER_RUN_OPTIONS\"#" "$USER_CONTAINER_CONFIG" + + local RUNSCRIPT="$CONFDIR/runscript" + # check if runscript file contains more than default line "ext=;visibility=1;soundMuted=-1" + if [[ "$( < "$RUNSCRIPT" wc -l )" -gt "1" ]]; then + sed -i "s#export RUNSCRIPT=".*"#export RUNSCRIPT=\"$RUNSCRIPT\"#" "$USER_CONTAINER_CONFIG" + fi + + sed -i "s#USER_CONTAINER_CONFIG=".*"#USER_CONTAINER_CONFIG=\"$USER_CONTAINER_CONFIG\"#" "$USER_CONTAINER_CONTEXT/docker-init" +} + + +function cleanup_user_container_context() +{ + [ -d "$USER_CONTAINER_CONTEXT" ] && rm -rf -- "$USER_CONTAINER_CONTEXT" + [ -f "$HOME/.config/autostart/docker-init.desktop" ] && rm "$HOME/.config/autostart/docker-init.desktop" + + # force remove all containers + [ -n "$(docker ps -aq)" ] && docker rm -f $(docker ps -aq) > /dev/null +} + + +setup_user_container_context +setup_user_container_autostart +init_user_container_config +add_cleanup cleanup_user_container_context diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/remount b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/remount new file mode 100755 index 00000000..d4a4f5de --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/remount @@ -0,0 +1,10 @@ +#!/bin/bash +# + +source "$HOME/.bwlp-user-conf" + +writelog "+ start mounting" +$(safesource "${DOCKER_INCLUDE_DIR}/gio_mount_netshare.inc") + +writelog "+ create bind mount string" +$(safesource "${DOCKER_INCLUDE_DIR}/init_bind_mount.inc") diff --git a/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/run-virt.include b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/run-virt.include new file mode 100755 index 00000000..610c7814 --- /dev/null +++ b/core/modules/run-virt-docker/data/opt/openslx/vmchooser/plugins/docker/run-virt.include @@ -0,0 +1,59 @@ +#!/bin/bash +############################################################################### +# ----------------------------------------------------------------------------- +# +# Copyright (c) 2009..2018 bwLehrpool-Projektteam +# +# This program/file is free software distributed under the GPL version 2. +# See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html +# +# If you have any feedback please consult https://bwlehrpool.de and +# send your feedback to support@bwlehrpool.de. +# +# General information about bwLehrpool can be found at https://bwlehrpool.de +# +# ----------------------------------------------------------------------------- +# run-virt.include +# - qemu/kvm plugin for vmchooser run-virt +################################################################################ + +# BASH_SOURCE[0] contains the file being sourced, namely this one +declare -rg DOCKER_PLUGIN_DIR="$(dirname "${BASH_SOURCE[0]}")" +declare -rg DOCKER_INCLUDE_DIR="${DOCKER_PLUGIN_DIR}/includes" + +# TODO make this part of the metadata coming from the server +# TBD: "firewall printer usb slxfloppy sound netshares" +declare -rg PLUGIN_FEATURES="" + +run_plugin() { + + # VMX == bwlp-container-info.tar.gz + writelog "+ unpacking container ressources" + tar -xzvf "$TMPCONFIG" --directory "$CONFDIR" + + # VARS + # location of scripts and config files which will be used in desktop + export USER_CONTAINER_CONTEXT="$HOME/.local/docker" + # config file which will be filed with vars in the follwing process + export USER_CONTAINER_CONFIG="$USER_CONTAINER_CONTEXT/.bwlp-user-conf" + # dictonary which maps a drive letter to a directory + declare -Ag NETSHARE_DIR + + # apply "allow_root" option to gvfsd-fuse, so docker can bind mount gvfs network shares + writelog "+ gio_allow_root_fix.inc" + $( safesource "${DOCKER_INCLUDE_DIR}/gio_allow_root_fix.inc" ) + + # mount netshares from CONFDIR/netshares + writelog "+ gio_mount_netshare.inc" + $( safesource "${DOCKER_INCLUDE_DIR}/gio_mount_netshare.inc" ) + + writelog "+ init user container context" + $( safesource "${DOCKER_INCLUDE_DIR}/init_user_context.inc" ) + + # init bind mount option for container + writelog "+ init_bind_mount.inc" + $( safesource "${DOCKER_INCLUDE_DIR}/init_bind_mount.inc" ) + + # HACK: using the modified version of the wrapper script + declare -rg VIRTCMD="startxfce4" +} diff --git a/core/modules/run-virt-docker/module.build b/core/modules/run-virt-docker/module.build new file mode 100644 index 00000000..5086d1bc --- /dev/null +++ b/core/modules/run-virt-docker/module.build @@ -0,0 +1,13 @@ +#!/bin/bash +# fake module simply copying its data/ files +fetch_source() { + : +} + +build() { + : +} + +post_copy() { + : +} diff --git a/core/modules/run-virt-docker/module.conf b/core/modules/run-virt-docker/module.conf new file mode 100644 index 00000000..8811668a --- /dev/null +++ b/core/modules/run-virt-docker/module.conf @@ -0,0 +1,4 @@ +#!/bin/bash +REQUIRED_BINARIES="" +REQUIRED_LIBRARIES="" +REQUIRED_DIRECTORIES="" diff --git a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh index e1347e41..6f86e0f8 100755 --- a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh +++ b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-final-exec.d/99-pwdaemon-fallback.sh @@ -1,5 +1,12 @@ #!/bin/ash -USERNAME="${PAM_USER}" PASSWORD="${USER_PASSWORD}" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" pwdaemon --daemon "${USER_UID}" +[ -z "${SLX_PXE_CLIENT_IP}${SLX_KCL_SERVERS}" ] && . /opt/openslx/config + +# Allow querying PW via UNIX Socket? +pw=0 +[ "$SLX_PRINT_REUSE_PASSWORD" = "yes" ] && pw=1 + +USERNAME="${PAM_USER}" PASSWORD="${USER_PASSWORD}" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" \ + LOCAL_PW="$pw" pwdaemon --daemon "${USER_UID}" exit 0 diff --git a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials index 613c66ca..4611c461 100644 --- a/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials +++ b/core/modules/run-virt/data/opt/openslx/pam/hooks/auth-slx-source.d/99-run_virt_credentials @@ -64,8 +64,15 @@ if [ -n "$TEMP_HOME_DIR" ]; then fi fi fi - [ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr '[a-z]' '[A-Z]')\\" - USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" pwdaemon --daemon "${USER_UID}" + [ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr 'a-z' 'A-Z')\\" + + [ -z "${SLX_PXE_CLIENT_IP}${SLX_KCL_SERVERS}" ] && . /opt/openslx/config + # Allow querying password via UNIX Socket? + pw=0 + [ "$SLX_PRINT_REUSE_PASSWORD" = "yes" ] && pw=1 + + USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" \ + LOCAL_PW="$pw" pwdaemon --daemon "${USER_UID}" unset XUSER XDOMAIN fi fi diff --git a/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env b/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env index ddcb81c5..6b79d0ec 100755 --- a/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env +++ b/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/run-virt/data/opt/openslx/scripts/vmchooser-xml_filter b/core/modules/run-virt/data/opt/openslx/scripts/vmchooser-xml_filter index 4914c6c0..2d2df304 100755 --- a/core/modules/run-virt/data/opt/openslx/scripts/vmchooser-xml_filter +++ b/core/modules/run-virt/data/opt/openslx/scripts/vmchooser-xml_filter @@ -8,7 +8,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf b/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf index 016ca2f3..95137377 100644 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf @@ -6,7 +6,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template b/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template index 19731d80..201804c3 100644 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template @@ -6,7 +6,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH index cf5dbc5d..54a30955 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH @@ -8,15 +8,15 @@ Binaries in der genutzen virtuellen Maschine enthalten sind. Folgende Programme werden benötigt: -awk, cat, chmod, chown, cut, cvt, find, grep, head, hexdump, ln, logger, -mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, sleep, su, -systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm. +awk, cat, chmod, chown, cut, cvt, find, fusermount, grep, head, hexdump, +ln, logger, mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, +sleep, su, systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm. -Als mitunter fehlend haben sich insbesondere mount.cifs (wenn SMB-Laufwerke -nicht eingebunden werden und xdg-user-dir (wenn keine Icons auf dem Desktop -erscheinen) erwiesen. Zur Ermittlung eventuell fehlender binaries ist -hilfreich, das Skript openslx mit root-Rechten von Hand zu starten und auf -"…not found" u.ä. zu achten. +Als mitunter fehlend haben sich insbesondere mount.cifs, mount.davfs (wenn +SMB- bzw. Webdav-Laufwerke nicht eingebunden werden) und xdg-user-dir +(wenn keine Icons auf dem Desktop erscheinen) erwiesen. Zur Ermittlung +eventuell fehlender binaries ist hilfreich, das Skript openslx mit root- +Rechten von Hand zu starten und auf "…not found" u.ä. zu achten. Logeinträge: @@ -28,14 +28,20 @@ die Einträge sind zudem wie folgt aufgeschlüsselt: 'openslx utility script': openslx-Hauptskript 'openslx sharemapper': Dienstskript zum Einhängen der Netzlaufwerke, 'openslx resolution utility': Dienstskript zur Bildschirmauflösung. +'openslx umounter': Dienstskript zum Unmounten eingehängter Netzlauf- + werke bei Shutdown. (Anmerkung: besonders bei per + Userspace über fusermount eingehängten Webdav- + laufwerken wichtig, da es sonst zu Wartezeiten + beim Shutdown der VM kommen kann.) Enthaltene Skripte: vm_installer: Dieses Skript einmalig in einer lokalen, permanenten (also nicht innerhalb des Poolsystems) Virtuellen Maschine ausführen. - Es schreibt zwei systemd-Servicedateien und verlinkt diese, - um beim Systemstart folgende Skripte zu starten: + Eine vorherige Installation sollte erkannt und korrigiert + werden. Es schreibt zwei systemd-Servicedateien und verlinkt + diese, um beim Systemstart folgende Skripte zu starten: openslx: Das Skript openslx wird von einem durch vm_installer erzeugten systemd-Dienst gestartet. Es ruft die Funktionen @@ -51,8 +57,8 @@ resolution_standalone: Einzelstehende Version des resolution-Skriptes, die Einbindung innerhalb der VM (Xsetup/Xreset) muss daher selbst gesorgt werden. - Anmerkung: Dieses Skript wird nur unstetig gewartet, die - Nutzung von openslx wird daher empfohlen. + Anmerkung: Dieses Skript wird nicht mehr bzw. nur unstetig + gewartet, die Nutzung von openslx wird daher sehr mpfohlen. Veraltet als Einzelskripte: diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README index 6a58e448..885fba7e 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README @@ -8,13 +8,14 @@ check the usual log files, of course). These programs are needed: -awk, cat, chmod, chown, cut, cvt, find, grep, head, hexdump, ln, logger, -mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, sleep, su, -systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm. +awk, cat, chmod, chown, cut, cvt, find, fusermount, grep, head, hexdump, +ln, logger, mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, +sleep, su, systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm. -Two likely candidates are in particular mount.cifs and xdg-user-dir. Do -detect missing binaries it is helpful to start the script openslx with root -permissions by hand and check for "…not found" messages. +Some likely candidates are in particular mount.cifs, mount.davfs and +xdg-user-dir. To detect missing binaries it is helpful to start the script +openslx in the virtual machine with root permissions by hand and check for +"... not found" messages. Log file entries: @@ -25,12 +26,14 @@ distinguished by a preceding 'openslx'; the entries are further itemised by: 'openslx utility script': openslx main script, 'openslx sharemapper': utility to mount network shares, 'openslx resolution utility': utility to set monitor resolution. +'openslx umounter': utility for unmounting previously script-mounted network + drives at shutdown. (Ann.: This is important at userspace + mounted (fusermount) webdav shares, as it else may lead + to waiting time at shutdown of the virtual machine.) Included scripts: -This package consists of following scripts: - vm_installer: This script is to be started once in a local, permanent (so not within the pool system environment) virtual machine. It writes two systemd service files and links them, so following @@ -44,6 +47,7 @@ openslx: The script openslx will be started via systemd service written umnt_shares: (before shutdown.target): Unmounts given network shares at virtual machine shutdown. + resolution_standalone: Standalone version of resolution sctipt. Needs no preliminary work done by systemd or vm_runtime. It has to be embedded/startedt via adequate means by hand (eg. diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc index 3cee7944..cf6592f1 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc @@ -6,7 +6,7 @@ SLXCONFIGFILE="$DISKMOUNTDIR"/openslx.ini CONFIGFILE="$DISKMOUNTDIR"/shares.dat LOGINUSER=$(grep '^username=' "$SLXCONFIGFILE" | cut -d '=' -f 2) -##### User related################# +##### User related ################# LOCALUSER=student USERHOME=/home/"$LOCALUSER" USERHOMEDIR=/home/"$LOCALUSER"/PERSISTENT @@ -34,11 +34,14 @@ MOUNTCIFSPRAE="-v -t cifs -o " MOUNTCIFSOPTS="uid=$(id --user "$LOCALUSER"),gid=$(id --group "$LOCALUSER"),forceuid,forcegid,file_mode=0700,dir_mode=0700,nobrl,noacl" MOUNTNFSPRAE="-v -t nfs4 -o " MOUNTNFSOPTS="rw,nosuid,nodev,nolock,intr,hard,sloppy" +MOUNTDAVPRAE="-t davfs -o " +MOUNTDAVOPTS="uid=$(id --user "$LOCALUSER"),gid=$(id --group "$LOCALUSER")" NATADDR=$(head -n 1 "$CONFIGFILE" | cut -f 1 -d$'\t') PORT=$(head -n 1 "$CONFIGFILE" | cut -f 2 -d$'\t') SCHLUESSEL=$(head -n 1 "$CONFIGFILE" | cut -f 4 -d$'\t') GLOBALDOMAINUSER=$(head -n 1 "$CONFIGFILE" | cut -f 5 -d$'\t') +GLOBALDOMAIN=$(echo "$GLOBALDOMAINUSER" | cut -d '\' -f 1) GLOBALUSER=$(echo "$GLOBALDOMAINUSER" | cut -d '\' -f 2) ##### Remap ####################### @@ -54,5 +57,7 @@ SCRIPTEXT=$(grep scriptExt "$DISKMOUNTDIR/openslx.ini" | cut -f 2 -d "=") MUTESOUND=$(grep muteSound "$DISKMOUNTDIR/openslx.ini" | cut -f 2 -d "=") SOUNDVOL="100%" +##### Programs interfering with resolution setting ##### +KILLRESPROGS="kscreen_backend_launcher" ### Variablen Ende ################################ diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc index 33ccf686..c7db1971 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc @@ -23,45 +23,64 @@ function already_mounted() function mounter() { + MOUNTPARAM="$1" + MOUNTOPTS="$2" + SHAREPATH="$3" + MOUNTDIR="$4" + # Ausgabe: konnte mounten: 0, konnte nicht mounten: 1, schon gemountet 2 - already_mounted "$4" + already_mounted "$MOUNTDIR" ERR=$? if [ "$ERR" -eq 0 ]; then - logger "openslx sharemapper: $3 already mounted." + logger "openslx sharemapper: $SHAREPATH already mounted." AUSGANG=2 else case "$MOUNTER" in nfs) AUSGANG=0 x=2 - while ! mount $1 $2 $3 $4 2>/dev/null 1>&2; do - logger "openslx sharemapper: could not mount ${3} to ${4}, waited another $x seconds, retrying." + while ! mount $MOUNTPARAM "${MOUNTOPTS}" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do + logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying." sleep $x if [ "$x" -gt 6 ]; then AUSGANG=1 - logger "openslx sharemapper: timeout, could not mount ${3} to ${4}. mount.nfs installed?" + logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR}. mount.nfs installed?" break fi let x=x+2 done - [ "$AUSGANG" -eq 0 ] && logger "openslx sharemapper: ${3} mounted to ${4} (nfs)." # Todo: Schöner schreiben:) + [ "$AUSGANG" -eq 0 ] && logger "openslx sharemapper: ${SHAREPATH} mounted to ${MOUNTDIR} (nfs)." # Todo: Schöner schreiben:) ;; cifs) AUSGANG=0 x=2 + [ -n "$GLOBALDOMAIN" ] && MOUNTOPTS="${MOUNTOPTS},domain=$GLOBALDOMAIN" for VERSION in $CIFSVERSIONS; do AUSGANG=0 - while ! mount $1 "$VERSION",${2} $3 $4 2>/dev/null 1>&2; do - logger "openslx sharemapper: could not mount ${3} to ${4}, waited another $x seconds, retrying." + while ! mount $MOUNTPARAM "${VERSION}","${MOUNTOPTS}" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do + logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying." sleep $x if [ "$x" -gt 4 ]; then AUSGANG=1 - logger "openslx sharemapper: timeout, could not mount ${3} to ${4} cifs v${VERSION}." + logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR} cifs v${VERSION}." break fi let x=x+2 done [ "$AUSGANG" -eq 0 ] && break done - [ "$AUSGANG" -eq 0 ] && logger "openslx sharemapper: ${3} mounted to ${4} (cifs $VERSION)." + [ "$AUSGANG" -eq 0 ] && logger "openslx sharemapper: ${SHAREPATH} mounted to ${MOUNTDIR} (cifs $VERSION)." + ;; + dav) AUSGANG=0 + x=2 + while ! echo -e "${USER}\n${PASSWD}" | mount $MOUNTPARAM "$MOUNTOPTS" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do + logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying." + sleep x + if [ "$x" -gt 4 ]; then + AUSGANG=1 + logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR}. mount.davfs installed?" + break + fi + let x=x+2 + done ;; *) logger "openslx sharemapper: unknown mounter ${MOUNTER}!" ;; @@ -97,7 +116,7 @@ function mount_share() ERR=$? # ERR merken wg. Links aus USERSHAREDIR if [ "$ERR" -eq 1 ]; then logger "openslx sharemapper: Could not mount ${USERSHAREDIR} even using user credentials; giving up." - echo "Konnte Laufwerk ${SHAREPATH} nicht einhängen." >> "$USERLOGFILE" + echo "Konnte Laufwerk ${SHAREPATH} nicht einhängen. mount.cifs / mount.davfs installiert?" >> "$USERLOGFILE" fi unset USER unset PASSWD diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc index c5d37105..c6bdc8c9 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc @@ -9,7 +9,12 @@ function mount_shares() SHAREPASS=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 5 -d$'\t') # User-PW, bei Userhome nicht vorhanden # Sharetyp bestimmen: - if [ "${SHAREPATH:0:2}" == '\\' ] || [ "${SHAREPATH:0:2}" == '//' ]; then + if [ "${SHAREPATH:0:4}" == 'http' ]; then + SHAREPATH="${SHAREPATH//\\//}" # shouldn't be needed, but who knows what windows users do... + MOUNTER=dav + MOUNTPARAM="$MOUNTDAVPRAE" + MOUNTOPTS="$MOUNTDAVOPTS" + elif [ "${SHAREPATH:0:2}" == '\\' ] || [ "${SHAREPATH:0:2}" == '//' ]; then USER=$(echo "$SHAREUSER"|cut -d '\' -f 2) SHAREPATH="${SHAREPATH//\\//}" # '\' --> `/` :-) MOUNTER=cifs diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc index e161b961..dc92061a 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc @@ -1,12 +1,29 @@ -umount_home() { - umount /home/"${LOCALUSER}"/PERSISTENT && logger "openslx unmounter: umounted home (PERSISTENT)." \ - || logger "openslx unmounter: could not home (PERSISTENT)!" -} +umount_all() { + local HOME + local WEBDAV="(webdav) " + local UMOUNT + get_shares # fills array ROHSHARES; row 1+ share infos from (shares-)CONFIGFILE + + for (( CONFIGROW = 1; CONFIGROW < ${#ROHSHARES[@]}; CONFIGROW++ )); do # row 1 is homedir, 2+ shares + SHAREPATH=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 1 -d$'\t') # Could be a webdav share... + SHARENAME=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 3 -d$'\t' | sed 's/ /_/g') + if [ "${SHARENAME:0:5}" == "Home-" ]; then + HOME="home " + UMOUNT="${USERHOMEDIR}" + else + HOME="" + # if there's no sharename let's at least try with SHARELETTER: + [ -z "${SHARENAME}" ] && SHARENAME=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 2 -d$'\t' | sed 's/://g') + UMOUNT="${USERHOME}/${SHARENAME}" + fi -umount_shares() { - index=0 - for SHARE in $( mount | grep SHARE | tr -s ' ' | cut -f 3 -d " " ); do - umount "${SHARE}" && logger "openslx unmounter: umounted ${SHARE}." \ - || logger "openslx unmounter: could not umount ${SHARE}!" + if [ "${SHAREPATH:0:4}" == 'http' ]; then + fusermount -u "$UMOUNT" && logger "openslx umounter: umounted ${HOME}${WEBDAV} ${UMOUNT}." \ + || logger "openslx umounter: could not umount ${HOME}${WEBDAV} ${UMOUNT}!" + else + umount "${UMOUNT}" && logger "openslx umounter: umounted $HOME ${UMOUNT}." \ + || logger "openslx umounter: could not umount ${HOME}${UMOUNT}!" + fi done } + diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc index a3e6c746..62c2f313 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc @@ -11,11 +11,24 @@ get_xauthfile() logger "openslx resolution utility: XAUTHFILE found." } +kill_resprogs() { + for i in $KILLRESPROGS; do + if [ -n "$(ps aux|grep $i|grep -v grep)" ]; then + logger "openslx resolution utility: Interfering program $i detecting, trying to kill." + killall $i + ERR=$? + if [ $ERR -ne 0 ]; then + logger "openslx resolution utility: couldn't kill interfering program $i." + fi + fi + done +} check_resolution() { ACTRES=$(DISPLAY="${DISPLAY}" XAUTHORITY="${XAUTHORITY}" xrandr|grep '*'|tr -s " "|cut -f 2 -d " ") if [ "$ACTRES" != "$RESOLUTION" ]; then logger "openslx resolution utility: resolution changed; re-changing." + kill_resprogs DISPLAY="${DISPLAY}" XAUTHORITY="${XAUTHORITY}" xrandr --output ${AUSGABE} --mode ${RESOLUTION} else logger "openslx resolution utility: resolution unchanged." diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares index b028cf76..1da5c460 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares @@ -17,13 +17,11 @@ case "$REMAPMODE" in exit 0 ;; 1) logger "openslx sharemapper: umounter: remapMode 1 (native mode) detected." - umount_shares - umount_home + umount_all postliminaries_native ;; 2) logger "openslx sharemapper: umounter: remapMode 2 (fallback mode) detected." - umount_shares - umount_home + umount_all postliminaries_native exit 0 ;; diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer index 91f5b6d2..bf995a66 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer @@ -75,7 +75,6 @@ case $(${PS} --pid 1 -o comm h) in [Unit] Description=openSLX umount utility Before=shutdown.target - Requires=${SERVICEDISKMOUNT} DefaultDependencies=no [Service] @@ -88,9 +87,14 @@ case $(${PS} --pid 1 -o comm h) in [ ! -d "$SERVICEDIR"/"${TARGET}".wants ] && mkdir "$SERVICEDIR"/"${TARGET}".wants 2>/dev/null [ ! -d "$SERVICEDIR"/shutdown.target.wants ] && mkdir "$SERVICEDIR"/shutdown.target.wants 2>/dev/null - + # some distr. eg. Suse seem to want these: + # [ ! -d "$SERVICEDIR"/reboot.target.wants ] && mkdir "$SERVICEDIR"/reboot.target.wants 2>/dev/null + # [ ! -d "$SERVICEDIR"/halt.target.wants ] && mkdir "$SERVICEDIR"/halt.target.wants 2>/dev/null + ln -s "${SERVICEDIR}"/"${SERVICEUTIL}" "$SERVICEDIR"/"${TARGET}".wants/"${SERVICEUTIL}" ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/shutdown.target.wants/"${SERVICEUMOUNT}" + # ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/reboot.target.wants/"${SERVICEUMOUNT}" + # ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/halt.target.wants/"${SERVICEUMOUNT}" echo "openslx praeinstaller: doing systemd reload." systemctl daemon-reload diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall index 01c7472c..51047a99 100644 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall @@ -4,10 +4,15 @@ [ "$UID" = "0" ] || exit 1 -declare -rg RULES=$(mktemp) +declare -rg RULES="$( mktemp )" +declare -rg AUTORULES="$( mktemp )" +declare -rg REMOTERULES="$( mktemp )" +declare -rg LOGFILE="$( mktemp )" [ -n "$RULES" ] || exit 2 +trap 'rm -f -- "$RULES" "$AUTORULES" "$REMOTERULES" "$LOGFILE"' EXIT + [ -n "$1" ] || exit 3 [ "${#1}" -ge 10 ] || exit 4 @@ -31,18 +36,40 @@ for TOOL in iptables ip6tables; do if ! $TOOL -w -C FORWARD -o br0 -j runvirt-OUTPUT; then $TOOL -w -A FORWARD -o br0 -j runvirt-OUTPUT fi - $TOOL -A runvirt-INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT - $TOOL -A runvirt-OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT + $TOOL -A runvirt-INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + $TOOL -A runvirt-OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT done -declare -rg AUTORULES=$(mktemp) + +parse_uri () { + local scheme + ip="${1,,}" + scheme="${ip%%://*}" + ip="${ip#*://}" + port="${ip##*:}" + if [[ "$port" =~ ^[0-9]+$ ]]; then + ip="${ip%:*}" + elif [ "$scheme" = "ldaps" ]; then + port=636 + else + port=389 + fi + (( port >= 0 && port <= 65535 )) || port=0 +} add_ips () { # add_ips "IN/OUT" "IP1 IP2 IPn" "PORT" "ACCEPT/REJECT" - local IP - [ -z "$1" -o -z "$2" -o -z "$3" -o -z "$4" ] && return 1 - for IP in $2; do - echo "$1 $IP $3 $4" >> "${AUTORULES}" + local ip port port_def + port_def="$3" + [ -z "$1" -o -z "$2" -o -z "$port_def" -o -z "$4" ] && return 1 + for ip in $2; do + port="${ip#*:}" + if (( port > 0 && port < 65536 )); then + ip="${ip%:*}" + else + port="$port_def" + fi + echo "$1 ${ip} ${port} $4" >> "${AUTORULES}" done } @@ -52,6 +79,24 @@ add_ips "OUT" "$SLX_DNS" 53 "ACCEPT" add_ips "OUT" "$SLX_DNBD3_SERVERS" 5003 "ACCEPT" add_ips "OUT" "$SLX_KCL_SERVERS $SLX_SERVER_IP" 0 "ACCEPT" +# sssd +sssd="$( < /etc/sssd/sssd.conf grep -P '^\s*ldap_(backup_)?uri\s*=' | sed -r 's/^[^=]*=//' )" +sssd="${sssd//,/ }" +for uri in $sssd; do + parse_uri "$uri" + add_ips "OUT" "$ip" "$port" "ACCEPT" +done + +# pam-slx-plug +for file in /opt/openslx/pam/slx-ldap.d/*; do + [ -f "$file" ] || continue + uris="$( grep -Po "(?<=LDAP_URI=')[^']*" "$file" )" + for uri in $uris; do + parse_uri "$uri" + add_ips "OUT" "$ip" "$port" "ACCEPT" + done +done + if [ -n "$SLX_VM_NFS" ]; then IP= if [ "${SLX_VM_NFS:0:2}" = '//' ]; then @@ -66,19 +111,28 @@ fi sort -u "${AUTORULES}" > "${RULES}" # determine the URL to download the netrules from -. /opt/openslx/vmchooser/config/resource_urls.conf +if [ -s /opt/openslx/vmchooser/config/resource_urls.conf ]; then + . /opt/openslx/vmchooser/config/resource_urls.conf +fi NETRULES_URL= [ -n "$url_lecture_netrules" ] && NETRULES_URL="${url_lecture_netrules//%UUID%/${1}}" [ -z "$NETRULES_URL" ] && NETRULES_URL="${SLX_VMCHOOSER_BASE_URL}/lecture/$1/netrules" -wget -T 6 -O - "${NETRULES_URL}" >> "${RULES}" 2> "${AUTORULES}" +wget -T 8 -O - "${NETRULES_URL}" > "${REMOTERULES}" 2> "${LOGFILE}" RET=$? if [ "$RET" != "0" ]; then echo "wget exit code: $RET :-(" - grep -q "ERROR 404" "${AUTORULES}" && exit 0 + grep -q "ERROR 404" "${LOGFILE}" && exit 0 # Old sat, doesn't support firewall rules + echo "WGET error output:" + cat "${LOGFILE}" + echo "------------ Downloaded content follows" + cat "${REMOTERULES}" exit 6 fi +# Download OK, append to rules +cat "${REMOTERULES}" >> "${RULES}" + declare -rg V4='^[0-9]+(\.[0-9]+)*(/[0-9]+)?$' declare -rg V6='^([0-9a-fA-F]+|:)(:+[0-9a-fA-F]*)*(/[0-9]+)?$' diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt b/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt index 8dac549d..2ba8424c 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt @@ -8,7 +8,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/run-virt/module.build b/core/modules/run-virt/module.build index f529489b..4de16fb7 100644 --- a/core/modules/run-virt/module.build +++ b/core/modules/run-virt/module.build @@ -11,7 +11,7 @@ build () { tarcopy "$(cat "$COPYLIST" | sort -u)" "${MODULE_BUILD_DIR}" # Compile pwdaemon mkdir -p "${MODULE_BUILD_DIR}/opt/openslx/bin" - gcc -std=gnu99 -o "${MODULE_BUILD_DIR}/opt/openslx/bin/pwdaemon" -Os "${MODULE_DIR}/pw_daemon.c" || perror "Could not compile the pwdaemon" + gcc -D_GNU_SOURCE -std=gnu99 -o "${MODULE_BUILD_DIR}/opt/openslx/bin/pwdaemon" -Os "${MODULE_DIR}/pw_daemon.c" || perror "Could not compile the pwdaemon" gcc -std=gnu99 -o "${MODULE_BUILD_DIR}/opt/openslx/bin/slxfwtool" -Os "${MODULE_DIR}/fwtool/main.c" || perror "Could not compile slxfwtool" } diff --git a/core/modules/run-virt/pw_daemon.c b/core/modules/run-virt/pw_daemon.c index 59e2f48b..f25ffffc 100644 --- a/core/modules/run-virt/pw_daemon.c +++ b/core/modules/run-virt/pw_daemon.c @@ -28,6 +28,7 @@ static char *key1s = NULL, *key2s = NULL; static int mode_daemon(const uid_t uidNumber); static int mode_query(const char *socketPath); +static int mode_pw(const char *socketPath); static void sig_handler(int sig); static int setup_vars(const char *envuser, const char *envpass); static uint8_t* keygen(); @@ -47,6 +48,10 @@ int main(int argc, char **argv) return mode_daemon(uid); } else if (argc > 2 && strcmp(argv[1], "--query") == 0) { return mode_query(argv[2]); + /* + } else if (argc > 2 && strcmp(argv[1], "--pw") == 0) { + return mode_pw(argv[2]); + */ } fprintf(stderr, "Invalid call. Use --daemon [uidNumber] or --query [unixSocket]\n"); return 1; @@ -110,15 +115,44 @@ static int mode_query(const char *socketPath) return 0; } +static int mode_pw(const char *socketPath) +{ + int fd; + char buffer[200]; + ssize_t ret; + fd = connect_local(socketPath, 0); + if (fd == -1) + return 1; + if (write(fd, "PW", 3) == -1) { + perror("Writing to pw daemon failed"); + return 1; + } + ret = read(fd, buffer, sizeof(buffer)-1); + if (ret == -1) { + perror("Reading from pw daemon failed"); + return 1; + } + if (ret < 1 || (size_t)ret > sizeof(buffer)-1) { + fprintf(stderr, "Reply from pw daemon has invalid length\n"); + return 1; + } + buffer[ret] = '\0'; + printf("%s", buffer); + return 0; +} + static int mode_daemon(const uid_t uidNumber) { int listenFd, udpPort = -1, testFd; struct sockaddr_un addr; struct sigaction sig; const char *envuser = getenv("USERNAME"); - const char *envpass = getenv("PASSWORD"); + volatile char *envpass = getenv("PASSWORD"); const char *pwsocket = getenv("PWSOCKET"); + const char *localstr = getenv("LOCAL_PW"); + int allowLocal = localstr != NULL && atoi(localstr); gid_t gidNumber = 65534; + memset(&addr, 0, sizeof(addr)); memset(&sig, 0, sizeof(sig)); if (envuser == NULL) { @@ -145,6 +179,9 @@ static int mode_daemon(const uid_t uidNumber) fprintf(stderr, "Error setting up variables\n"); return 1; } + while (*envpass) { + *envpass++ = ' '; + } // Drop privs setgroups(1, &gidNumber); if (setregid(gidNumber, gidNumber) == -1) { @@ -204,12 +241,31 @@ static int mode_daemon(const uid_t uidNumber) pid_t child = fork(); if (child == 0) { // This is the child + struct ucred ucred; ssize_t ret; char buffer[200]; - ret = read(fd, buffer, sizeof(buffer)); - if (ret >= 3 && strncmp(buffer, "GET", 3) == 0) { - snprintf(buffer, sizeof(buffer), "%d\t%s\t%s\t%s\n", udpPort, key1s, key2s, username); - ret = write(fd, buffer, strlen(buffer)); + len = sizeof(ucred); + if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1) { + const char *msg = "Could not get credentials of connection\n"; + write(fd, msg, strlen(msg)); + } else if (ucred.uid != geteuid()) { + const char *msg = "uid mismatch\n"; + write(fd, msg, strlen(msg)); + } else { + ret = read(fd, buffer, sizeof(buffer)); + if (ret >= 3 && strncmp(buffer, "GET", 3) == 0) { + snprintf(buffer, sizeof(buffer), "%d\t%s\t%s\t%s\n", udpPort, key1s, key2s, username); + ret = write(fd, buffer, strlen(buffer)); + } else if (ret >= 2 && strncmp(buffer, "PW", 2) == 0) { + int len = passwordLen - 2; + if (len > sizeof(buffer)) { + len = sizeof(buffer); + } + for (int i = 0; i < len; ++i) { + buffer[i] = passwordEnc[i+2] ^ key2[i % KEYLEN]; + } + ret = write(fd, buffer, len); + } } close(fd); return 0; diff --git a/core/modules/safe-mode/data/opt/openslx/scripts/systemd-safe_mode b/core/modules/safe-mode/data/opt/openslx/scripts/systemd-safe_mode index f06823f3..b2c9248a 100755 --- a/core/modules/safe-mode/data/opt/openslx/scripts/systemd-safe_mode +++ b/core/modules/safe-mode/data/opt/openslx/scripts/systemd-safe_mode @@ -1,7 +1,7 @@ #!/bin/ash disable_tty_switch() { - cat <<EOF > /etc/X11/xorg.conf.d/50-no-tty.conf + cat > /etc/X11/xorg.conf.d/50-no-tty.conf <<EOF Section "ServerFlags" Option "DontVTSwitch" "true" EndSection diff --git a/core/modules/slx-issue/data/opt/openslx/scripts/openslx-create_issue b/core/modules/slx-issue/data/opt/openslx/scripts/openslx-create_issue index 922830d2..416972ee 100755 --- a/core/modules/slx-issue/data/opt/openslx/scripts/openslx-create_issue +++ b/core/modules/slx-issue/data/opt/openslx/scripts/openslx-create_issue @@ -8,7 +8,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/splashtool/data/: b/core/modules/splashtool/data/: deleted file mode 100644 index 71d7b9a3..00000000 --- a/core/modules/splashtool/data/: +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/ash - - screen_size="$(fbset | awk '$1 ~ /geometry/ {print $2" "$3}')" - screen_width="${screen_size%% *}" - screen_height="${screen_size#* }" - fbsplash_cfg="/etc/fbsplash.cfg" - fbsplash_ppm="/etc/splash.ppm.gz" - if [ -s "$fbsplash_ppm" ]; then - ppm_size="$(zcat "$fbsplash_ppm" | sed -n 2p)" - else - fbsplash_ppm="/etc/splash.ppm" - if [ -s "$fbsplash_ppm" ]; then - ppm_size="$(sed -n 2p "$fbsplash_ppm")" - else - echo "Splash screen requested, but not found in initramfs..." >&4 - MUTED_OUTPUT= - fi - fi - ppm_width="${ppm_size%% *}" - ppm_height="${ppm_size#* }" - ppm_height="${ppm_height%% *}" # make sure nothing weird is trailing - img_left="$(( ( screen_width - ppm_width ) / 2 ))" - img_top="$(( ( screen_height - ppm_height ) / 2 ))" - # just checking if nothing too weird is set - if [ -n "$img_left" ] && [ -n "$img_top" ] \ - && [ "$img_left" -ge 0 ] && [ "$img_left" -lt 8096 ] \ - && [ "$img_top" -ge 0 ] && [ "$img_top" -lt 8096 ]; then - printf "IMG_TOP=%d\nIMG_LEFT=%d\n" \ - "$img_top" "$img_left" \ - > "$fbsplash_cfg" - fbsplash -b -i "$fbsplash_cfg" -s "$fbsplash_ppm" || MUTED_OUTPUT= - else - # otherwise just use top left and be done with it - fbsplash -b -s "$fbsplash_ppm" || MUTED_OUTPUT= - fi diff --git a/core/modules/vbox-src/data/opt/openslx/scripts/systemd-vbox_env b/core/modules/vbox-src/data/opt/openslx/scripts/systemd-vbox_env index 8f99ceb6..14cd3135 100755 --- a/core/modules/vbox-src/data/opt/openslx/scripts/systemd-vbox_env +++ b/core/modules/vbox-src/data/opt/openslx/scripts/systemd-vbox_env @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/vbox-src/data/opt/openslx/vmchooser/plugins/virtualbox/run-virt.include b/core/modules/vbox-src/data/opt/openslx/vmchooser/plugins/virtualbox/run-virt.include index 3ad81df5..adda65e3 100755 --- a/core/modules/vbox-src/data/opt/openslx/vmchooser/plugins/virtualbox/run-virt.include +++ b/core/modules/vbox-src/data/opt/openslx/vmchooser/plugins/virtualbox/run-virt.include @@ -6,7 +6,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/vbox-src/module.conf b/core/modules/vbox-src/module.conf index 989b16cd..40e29297 100644 --- a/core/modules/vbox-src/module.conf +++ b/core/modules/vbox-src/module.conf @@ -1,5 +1,5 @@ REQUIRED_MODULES="kernel" -REQUIRED_VBOX_VERSION="6.1.16" +REQUIRED_VBOX_VERSION="6.1.22" REQUIRED_DIRECTORIES=" /lib/modules /usr/lib/virtualbox diff --git a/core/modules/vmware-common/data/opt/openslx/scripts/systemd-vmware_env b/core/modules/vmware-common/data/opt/openslx/scripts/systemd-vmware_env index f5ca0b99..b016a10e 100755 --- a/core/modules/vmware-common/data/opt/openslx/scripts/systemd-vmware_env +++ b/core/modules/vmware-common/data/opt/openslx/scripts/systemd-vmware_env @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/includes/determine_hardware_limitations.inc b/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/includes/determine_hardware_limitations.inc index b7c59819..f63a9ba1 100644 --- a/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/includes/determine_hardware_limitations.inc +++ b/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/includes/determine_hardware_limitations.inc @@ -67,7 +67,7 @@ set_vm_hardware_limits() { ;; winnet*64|win*2003*64|windowsnet*64) VM_OS_TYPE="winnetstandard-64" - MAXMEM="8000" + MAXMEM="16000" MAXCORES="8" ;; winnet*|win*2003*|windowsnet*) @@ -97,18 +97,18 @@ set_vm_hardware_limits() { ;; windows7-64) VM_OS_TYPE="windows7-64" - MAXMEM="32000" + MAXMEM="64000" MAXCORES="8" ;; windows8-64) VM_OS_TYPE="windows8-64" - MAXMEM="32000" - MAXCORES="8" + MAXMEM="128000" + MAXCORES="256" ;; windows9-64) VM_OS_TYPE="windows9-64" - MAXMEM="64000" - MAXCORES="8" + MAXMEM="512000" + MAXCORES="256" ;; winvista) VM_OS_TYPE="winvista" @@ -121,22 +121,20 @@ set_vm_hardware_limits() { MAXCORES="4" ;; windows8) - VM_OS_TYPE="windows8" MAXMEM="8000" - MAXCORES="4" + MAXCORES="32" ;; windows9) - VM_OS_TYPE="windows9" MAXMEM="8000" - MAXCORES="4" + MAXCORES="32" ;; win*64) - MAXMEM="16000" - MAXCORES="4" + MAXMEM="32000" + MAXCORES="32" ;; win*) MAXMEM="8000" - MAXCORES="1" + MAXCORES="32" ;; dos|msdos*|ms-dos*) VM_OS_TYPE="dos" @@ -147,25 +145,24 @@ set_vm_hardware_limits() { macos*64) VM_OS_TYPE="freebsd-64" MAXMEM="4000" - MAXCORES="2" + MAXCORES="8" ;; macos*) VM_OS_TYPE="freebsd" MAXMEM="4000" - MAXCORES="1" + MAXCORES="4" ;; beos*) VM_OS_TYPE="other" SHARED_FOLDERS="FALSE" + MAXCORES="16" ;; # Unknown guestOS setting in .xml - this encompasses linux too, # as there is a multitude of different distributions. Perhaps further # action will be needed if this leads to problems with exotic OSs. *64) - VM_OS_TYPE="other-64" - # SHARED_FOLDERS="FALSE" MAXMEM="123456" - MAXCORES="4" + MAXCORES="64" ;; *) VM_OS_TYPE="other" @@ -177,7 +174,10 @@ set_vm_hardware_limits() { declare -g CPU_CORES="${HW_THREADS:-1}" declare -rg HOST_CORE_COUNT="$CPU_CORES" - [ "$CPU_CORES" -gt "$MAXCORES" ] && CPU_CORES="$MAXCORES" + if (( CPU_CORES > MAXCORES )); then + writelog "Limiting vCPU count from $CPU_CORES to $MAXCORES because of guest OS" + CPU_CORES="$MAXCORES" + fi # It currently makes no sense to set the virtual number of cores # to a different value than the virtual number of cores per virtual CPU. diff --git a/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/includes/write_final_vmx.inc b/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/includes/write_final_vmx.inc index 43738718..41f5840e 100644 --- a/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/includes/write_final_vmx.inc +++ b/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/includes/write_final_vmx.inc @@ -136,6 +136,20 @@ setup_serial() { # CPU and RAM setup_vcpu_ram() { #writelog "numvcpus = ${CPU_CORES} - maxvcpus=${HOST_CORE_COUNT}" + if (( VM_HW_VERSION < 18 && CPU_CORES > 16 )); then + writelog "Limiting VM to 16 cores since hwVersion < 18" + CPU_CORES=16 + elif (( CPU_CORES > 32 )); then + writelog "Limiting VM to 32 cores since it's the current maximum VMware supports" + CPU_CORES=32 + fi + if (( VM_HW_VERSION < 18 && VM_MEM > 65536 )); then + writelog "Limiting VM to 64GB since hwVersion < 18" + VM_MEM=65536 + elif (( VM_MEM > 131072 )); then + writelog "Limiting VM to 128GB since it's the current maximum VMware supports" + VM_MEM=131072 + fi cat >> "${TMPCONFIG}" <<-HEREEND numvcpus = "$CPU_CORES" cpuid.coresPerSocket = "$VM_CORES_PER_SOCKET" @@ -264,13 +278,6 @@ setup_graphics() { } finalize_hardware() { - # Apply $maxhardwareversion to final VMX - if notempty VM_HW_VERSION && [ "$VM_HW_VERSION" -gt "$maxhardwareversion" ]; then - writelog "Hardware version capped to $maxhardwareversion (was $VM_HW_VERSION)" - sed -i 's/^virtualHW\.version.*$/virtualHW.version = "'$maxhardwareversion'"/I' "${TMPCONFIG}" - VM_HW_VERSION="$maxhardwareversion" - fi - # Enable nested virtualization if not specified in remote vmx if [ -e "/run/hwinfo" ] && ! grep -qi '^vhv\.enable' "${TMPCONFIG}" \ && detect_cpu_flag "ept" "npt" \ @@ -294,6 +301,13 @@ finalize_hardware() { ## MAIN ## write_final_vmx() { + # Apply $maxhardwareversion to final VMX + if notempty VM_HW_VERSION && [ "$VM_HW_VERSION" -gt "$maxhardwareversion" ]; then + writelog "Hardware version capped to $maxhardwareversion (was $VM_HW_VERSION)" + sed -i 's/^virtualHW\.version.*$/virtualHW.version = "'$maxhardwareversion'"/I' "${TMPCONFIG}" + VM_HW_VERSION="$maxhardwareversion" + fi + replace_placeholders setup_ethernet setup_optical_drives diff --git a/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/run-virt.include b/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/run-virt.include index a59ea434..24debedd 100644 --- a/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/run-virt.include +++ b/core/modules/vmware-common/data/opt/openslx/vmchooser/plugins/vmware/run-virt.include @@ -6,7 +6,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/vmware16/module.conf b/core/modules/vmware16/module.conf index d9db93f1..43d40a36 100644 --- a/core/modules/vmware16/module.conf +++ b/core/modules/vmware16/module.conf @@ -1,5 +1,5 @@ #!/bin/bash -REQUIRED_VERSION="16.1.0" +REQUIRED_VERSION="16.1.1" REQUIRED_TYPE="workstation" REQUIRED_MODULES="kernel vmware-common" REQUIRED_DIRECTORIES=" diff --git a/core/modules/xorg/data/etc/X11/Xsession b/core/modules/xorg/data/etc/X11/Xsession index fadc69ba..33a003ac 100755 --- a/core/modules/xorg/data/etc/X11/Xsession +++ b/core/modules/xorg/data/etc/X11/Xsession @@ -1,4 +1,4 @@ -#!/bin/ash +#!/bin/bash # # /etc/X11/Xsession # @@ -19,46 +19,32 @@ message () { fi } -message_nonl () { - # pretty-print messages of arbitrary length (no trailing newline); use - # xmessage if it is available and $DISPLAY is set - MESSAGE="$PROGNAME: $*" - echo -n "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2; - if [ -n "$DISPLAY" ] && which xmessage > /dev/null 2>&1; then - echo -n "$MESSAGE" | fold -s -w ${COLUMNS:-80} | xmessage -center -file - - fi -} - errormsg () { # exit script with error message "$*" exit 1 } -internal_errormsg () { - # exit script with error; essentially a "THIS SHOULD NEVER HAPPEN" message - # One big call to message() for the sake of xmessage; if we had two then - # the user would have dismissed the error we want reported before seeing the - # request to report it. - errormsg "$*" \ - "Please report the installed version of the \"x11-common\"" \ - "package and the complete text of this error message to" \ - "<debian-x@lists.debian.org>." -} +# Make sure we source the global profile - needed for ssh-agent, etc. +[ -e "/etc/profile" ] && . "/etc/profile" # Workaround to start Xsession. The original Xsession script includes error handling functionality and sources other scrips from the Xsession.d/ directory. SESSIONDIR="/etc/X11/Xsession.d" +tmpfile="$( mktemp "/tmp/xsession-log-$( date +%s )-XXXXXX" )" +if [ -n "$tmpfile" ]; then + exec &> "$tmpfile" + set -x +fi + if [ -d "$SESSIONDIR" ]; then - for file in $SESSIONDIR/*; do - . $file || slxlog "xsession" "Xsession: Could not source $file" "$file" + for file in "$SESSIONDIR"/*; do + [ -f "$file" ] || continue + . "$file" done fi -# Make sure we source the global profile - needed for ssh-agent, etc. -[ -e "/etc/profile" ] && source "/etc/profile" - # start selected session case "$1" in failsafe) @@ -80,21 +66,21 @@ case "$1" in default) # Specific program was requested. SESSION="default" - if [ -e $HOME/.dmrc ]; then - SESSION=$(cat $HOME/.dmrc|grep "Session"| cut -d "=" -f2) + if [ -s "$HOME/.dmrc" ]; then + SESSION=$( < "$HOME/.dmrc" grep -m1 "Session" | cut -d "=" -f2 ) fi # somehow .dmrc is cleared when logging in the first time after boot - if [ -e $HOME/.dmrc.real ]; then - SESSION=$(cat $HOME/.dmrc.real|grep "Session"| cut -d "=" -f2) + if [ -s "$HOME/.dmrc.real" ]; then + SESSION=$( < "$HOME/.dmrc.real" grep -m1 "Session" | cut -d "=" -f2 ) fi [ "x$SESSION" == "xdefault" ] && SESSION="gnome" - CMD=$(cat /opt/openslx/xsessions/$SESSION.desktop|grep "Exec"| cut -d "=" -f2-99|head -n1) + CMD=$( < "/opt/openslx/xsessions/$SESSION.desktop" grep -m1 "Exec" | cut -d "=" -f2-99 | head -n1 ) exec $CMD ;; *) # Specific program was requested. - STARTUP_FULL_PATH=$(/opt/openslx/bin/which "${1%% *}" || true) + STARTUP_FULL_PATH=$( which "${1%% *}" || true ) if [ -n "$STARTUP_FULL_PATH" ] && [ -e "$STARTUP_FULL_PATH" ]; then if [ -x "$STARTUP_FULL_PATH" ]; then exec $1 diff --git a/core/modules/xorg/data/etc/X11/xorg.conf.d/10-intel.conf b/core/modules/xorg/data/etc/X11/xorg.conf.d/10-intel.conf deleted file mode 100644 index 711fd644..00000000 --- a/core/modules/xorg/data/etc/X11/xorg.conf.d/10-intel.conf +++ /dev/null @@ -1,5 +0,0 @@ -Section "OutputClass" - Identifier "Intel iGPU" - MatchDriver "i915" - Driver "intel" -EndSection diff --git a/core/modules/xorg/module.conf.ubuntu b/core/modules/xorg/module.conf.ubuntu index 4fbb0307..79316abe 100644 --- a/core/modules/xorg/module.conf.ubuntu +++ b/core/modules/xorg/module.conf.ubuntu @@ -26,10 +26,10 @@ REQUIRED_INSTALLED_PACKAGES=" xserver-xorg-video-fbdev$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-amdgpu$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-radeon$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-intel$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-nouveau$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-vesa$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-vmware$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-qxl$UBUNTU_XORG_PKG_SUFFIX " REQUIRED_CONTENT_PACKAGES=" xterm @@ -62,10 +62,10 @@ REQUIRED_CONTENT_PACKAGES=" xserver-xorg-video-fbdev$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-amdgpu$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-radeon$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-intel$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-nouveau$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-vesa$UBUNTU_XORG_PKG_SUFFIX xserver-xorg-video-vmware$UBUNTU_XORG_PKG_SUFFIX + xserver-xorg-video-qxl$UBUNTU_XORG_PKG_SUFFIX @xserver-xorg-input-mouse$UBUNTU_XORG_PKG_SUFFIX @xserver-xorg-video-ati$UBUNTU_XORG_PKG_SUFFIX @xserver-xorg-video-openchrome$UBUNTU_XORG_PKG_SUFFIX diff --git a/core/modules/xorg/module.conf.ubuntu.16 b/core/modules/xorg/module.conf.ubuntu.16 deleted file mode 100644 index 6cdcb051..00000000 --- a/core/modules/xorg/module.conf.ubuntu.16 +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -REQUIRED_INSTALLED_PACKAGES=" -" -REQUIRED_CONTENT_PACKAGES=" - xserver-xorg$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-core$UBUNTU_XORG_PKG_SUFFIX - libgl1-mesa-dri$UBUNTU_XORG_PKG_SUFFIX - libgl1-mesa-glx$UBUNTU_XORG_PKG_SUFFIX - xkb-data - x11-xkb-utils - x11-xserver-utils - x11-utils - xserver-xorg-input-evdev$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-input-vmmouse$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-intel$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-ati$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-vesa$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-vmware$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-fbdev$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-radeon$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-nouveau$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-openchrome$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-savage$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-trident$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-mach64$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-qxl$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-siliconmotion$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-cirrus$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-r128$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-neomagic$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-geode$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-s3$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-tdfx$UBUNTU_XORG_PKG_SUFFIX -" - -REQUIRED_DIRECTORIES+=" - /usr/lib -" -REQUIRED_FILES="" diff --git a/core/modules/xorg/module.conf.ubuntu.17 b/core/modules/xorg/module.conf.ubuntu.17 deleted file mode 100644 index e5b76dad..00000000 --- a/core/modules/xorg/module.conf.ubuntu.17 +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash -REQUIRED_INSTALLED_PACKAGES=" - fonts-dejavu-core - fonts-dejavu-extra - ttf-dejavu-core - xserver-xorg$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-core$UBUNTU_XORG_PKG_SUFFIX - libgl1-mesa-dri$UBUNTU_XORG_PKG_SUFFIX - libgl1-mesa-glx$UBUNTU_XORG_PKG_SUFFIX - xkb-data - x11-xkb-utils - x11-xserver-utils - x11-utils - xdotool - libtxc-dxtn-s2tc - libinput10 - libwacom2 - xserver-xorg-input-evdev$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-input-synaptics$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-input-wacom$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-input-libinput$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-fbdev$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-intel$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-nouveau$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-sisusb$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-vesa$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-vmware$UBUNTU_XORG_PKG_SUFFIX - libdrm-dev - libgbm-dev - libgl-dev - libgl1-mesa-dev - libudev-dev - pkg-config - x11proto-core-dev - x11proto-dri2-dev - x11proto-fonts-dev - x11proto-randr-dev - x11proto-render-dev - x11proto-video-dev - x11proto-xext-dev - x11proto-xf86dri-dev - xserver-xorg-dev - xutils-dev -" -REQUIRED_CONTENT_PACKAGES=" - fonts-dejavu-core - fonts-dejavu-extra - ttf-dejavu-core - xserver-xorg$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-core$UBUNTU_XORG_PKG_SUFFIX - libgl1-mesa-dri$UBUNTU_XORG_PKG_SUFFIX - libgl1-mesa-glx$UBUNTU_XORG_PKG_SUFFIX - libegl1-mesa - libgbm1 - libcapnp-0.5.3 - libmirclient9 - libwayland-client0 - libwayland-server0 - xkb-data - x11-xkb-utils - x11-xserver-utils - x11-utils - xdotool - libtxc-dxtn-s2tc - xserver-xorg-input-evdev$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-input-libinput$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-input-synaptics$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-input-wacom$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-fbdev$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-intel$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-nouveau$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-sisusb$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-vesa$UBUNTU_XORG_PKG_SUFFIX - xserver-xorg-video-vmware$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-input-mouse$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-openchrome$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-savage$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-trident$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-mach64$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-qxl$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-siliconmotion$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-cirrus$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-r128$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-neomagic$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-geode$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-s3$UBUNTU_XORG_PKG_SUFFIX - @xserver-xorg-video-tdfx$UBUNTU_XORG_PKG_SUFFIX -" -# TODO: Required because the shipped ones crash on VT switch as of 2017-11-24 -# Remove when fixed in ubuntu repos -REQUIRED_XORG_DRIVERS=" - xf86-video-ati//xf86-video-ati-18.0.1 - xf86-video-amdgpu//xf86-video-amdgpu-18.0.1 -" -REQUIRED_LIBRARIES+=" - amdgpu_drv - radeon_drv - ati_drv -" diff --git a/core/modules/xscreensaver/module.build b/core/modules/xscreensaver/module.build index 676def43..9faba11a 100644 --- a/core/modules/xscreensaver/module.build +++ b/core/modules/xscreensaver/module.build @@ -5,6 +5,7 @@ fetch_source() { build() { local SRCDIR="${MODULE_WORK_DIR}/src/" + local bin # xscreensaver mkdir -p "${MODULE_BUILD_DIR}/usr/bin" @@ -16,8 +17,11 @@ build() { --prefix=/usr --without-proc-interrupts $REQUIRED_CONFIGURE_OPTIONS \ || perror "'./configure' failed" cde driver - make xscreensaver xscreensaver-command || perror "'make' failed" - cp xscreensaver xscreensaver-command "${MODULE_BUILD_DIR}/usr/bin/" || perror "cp fail" + for bin in $REQUIRED_BINARIES; do + [[ "$bin" == xscreensaver* ]] || continue + make "$bin" || perror "'make $bin' failed" + cp "$bin" "${MODULE_BUILD_DIR}/usr/bin/" || perror "cp $bin fail" + done mkdir -p "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" cde "${MODULE_BUILD_DIR}/${REQUIRED_PREFIX}" diff --git a/core/modules/xscreensaver/module.conf b/core/modules/xscreensaver/module.conf index 7e1ec8b7..cc67a903 100644 --- a/core/modules/xscreensaver/module.conf +++ b/core/modules/xscreensaver/module.conf @@ -2,8 +2,9 @@ REQUIRED_MODULES=" qt5core " +# Switch back to branch "openslx" once 6.x is fixed REQUIRED_GIT=" - git://git.openslx.org/openslx-ng/xscreensaver.git|openslx + git://git.openslx.org/openslx-ng/xscreensaver.git||bfe7aeb88fac24b git://git.openslx.org/openslx-ng/bwlp-screensaver.git " REQUIRED_PREFIX="/opt/openslx/bin" diff --git a/core/rootfs/rootfs-stage31/data/init b/core/rootfs/rootfs-stage31/data/init index 92790534..4615a4fb 100755 --- a/core/rootfs/rootfs-stage31/data/init +++ b/core/rootfs/rootfs-stage31/data/init @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions b/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions index 5c579f05..e309ef84 100755 --- a/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions +++ b/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_partitions @@ -8,7 +8,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons b/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons index 228474f2..91ec0d0b 100755 --- a/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons +++ b/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-setup_slx_addons @@ -98,12 +98,15 @@ fi # Run post-hook if available if [ -x "$ADDON_MOUNT_POINT/addon-init" ]; then + echo "Running post-append hook" "$ADDON_MOUNT_POINT/addon-init" || \ slxlog --echo "addon-setup-init" "Warning: Could not execute addon-init of $ADDON" fi if ! grep -q -F '/opt/openslx/mnt/stage4' '/proc/mounts'; then + echo "Running ldconfig" ldconfig 2> /dev/null || ldconfig.real 2> /dev/null fi +echo "Addon initialized." exit 0 diff --git a/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-zram_swap b/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-zram_swap index 8c011d63..413ce215 100755 --- a/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-zram_swap +++ b/core/rootfs/rootfs-stage32/data/opt/openslx/scripts/systemd-zram_swap @@ -7,7 +7,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/rootfs/rootfs-stage32/module.build b/core/rootfs/rootfs-stage32/module.build index 73ce651b..f20c5196 100644 --- a/core/rootfs/rootfs-stage32/module.build +++ b/core/rootfs/rootfs-stage32/module.build @@ -121,19 +121,5 @@ post_copy() { copy_kernel_modules copy_kernel - # Try to fetch distro logo - if [ ! -s "$TARGET_BUILD_DIR/etc/distro.png" ]; then - local DIST=$(lsb_release -si) - if [ -n "$DIST" ]; then - [ -z "$CFG_DISTLOGO_URL" ] && CFG_DISTLOGO_URL='http://mltk-services.ruf.uni-freiburg.de/distro_logo.php?distro=' - wget -t 3 -T 3 -O "$TARGET_BUILD_DIR/etc/distro.png" "${CFG_DISTLOGO_URL}${DIST}" - if [ ! -s "$TARGET_BUILD_DIR/etc/distro.png" ]; then - rm -f "$TARGET_BUILD_DIR/etc/distro.png" - pwarning "Could not download distro-logo" - fi - else - pwarning "Could not determine distribution" - fi - fi } diff --git a/core/targets/bwlp/apply-slx-vars b/core/targets/bwlp/apply-slx-vars new file mode 120000 index 00000000..5406eb3d --- /dev/null +++ b/core/targets/bwlp/apply-slx-vars @@ -0,0 +1 @@ +../../modules/apply-slx-vars
\ No newline at end of file diff --git a/core/targets/bwlp/distro-logo b/core/targets/bwlp/distro-logo new file mode 120000 index 00000000..ab15c1bf --- /dev/null +++ b/core/targets/bwlp/distro-logo @@ -0,0 +1 @@ +../../modules/distro-logo
\ No newline at end of file diff --git a/core/targets/stage32-bwlp/apply-slx-vars b/core/targets/stage32-bwlp/apply-slx-vars new file mode 120000 index 00000000..5406eb3d --- /dev/null +++ b/core/targets/stage32-bwlp/apply-slx-vars @@ -0,0 +1 @@ +../../modules/apply-slx-vars
\ No newline at end of file diff --git a/core/targets/stage32-bwlp/distro-logo b/core/targets/stage32-bwlp/distro-logo new file mode 120000 index 00000000..ab15c1bf --- /dev/null +++ b/core/targets/stage32-bwlp/distro-logo @@ -0,0 +1 @@ +../../modules/distro-logo
\ No newline at end of file @@ -9,7 +9,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # |