aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorMaxim Cournoyer <maxim.cournoyer@gmail.com>2022-10-07 13:25:37 -0400
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2022-10-07 15:07:48 -0400
commit00e843050012961e9cc41b003ea9271eab718541 (patch)
treeb9d16bb2fc38b0d37c507bad9e5d1697b5aff1fd /gnu
parent0c4966160054bc50e6ab3a4ac9c9a6a1826ab5a0 (diff)
downloadguix-00e843050012961e9cc41b003ea9271eab718541.tar
guix-00e843050012961e9cc41b003ea9271eab718541.tar.gz
Revert "Revert "services: Add xvnc-service-type.""
This reverts commit 0c4966160054bc50e6ab3a4ac9c9a6a1826ab5a0. The fix appears in the subsequent commit, for clarity.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/services/vnc.scm247
-rw-r--r--gnu/tests/vnc.scm200
3 files changed, 449 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 5976cbe90c..698070c639 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -694,6 +694,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/sysctl.scm \
%D%/services/telephony.scm \
%D%/services/version-control.scm \
+ %D%/services/vnc.scm \
%D%/services/vpn.scm \
%D%/services/web.scm \
%D%/services/xorg.scm \
@@ -775,6 +776,7 @@ GNU_SYSTEM_MODULES = \
%D%/tests/telephony.scm \
%D%/tests/version-control.scm \
%D%/tests/virtualization.scm \
+ %D%/tests/vnc.scm \
%D%/tests/web.scm
INSTALLER_MODULES = \
diff --git a/gnu/services/vnc.scm b/gnu/services/vnc.scm
new file mode 100644
index 0000000000..15c3c14fee
--- /dev/null
+++ b/gnu/services/vnc.scm
@@ -0,0 +1,247 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services vnc)
+ #:use-module (gnu packages vnc)
+ #:use-module ((gnu services) #:hide (delete))
+ #:use-module (gnu system shadow)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services shepherd)
+ #:use-module (guix gexp)
+ #:use-module (guix records)
+
+ #:export (xvnc-configuration
+ xvnc-configuration-xvnc
+ xvnc-configuration-display-number
+ xvnc-configuration-geometry
+ xvnc-configuration-depth
+ xvnc-configuration-port
+ xvnc-configuration-ipv4?
+ xvnc-configuration-ipv6?
+ xvnc-configuration-password-file
+ xvnc-configuration-xdmcp?
+ xvnc-configuration-inetd?
+ xvnc-configuration-frame-rate
+ xvnc-configuration-security-types
+ xvnc-configuration-localhost?
+ xvnc-configuration-log-level
+ xvnc-configuration-extra-options
+
+ xvnc-service-type))
+
+;;;
+;;; Xvnc.
+;;;
+
+(define (color-depth? x)
+ (member x '(16 24 32)))
+
+(define (port? x)
+ (and (number? x)
+ (and (>= x 0) (<= x 65535))))
+
+(define-maybe/no-serialization port)
+
+(define-maybe/no-serialization string)
+
+(define %security-types '("None" "VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain"
+ "X509None" "X509Vnc"))
+
+(define (security-type? x)
+ (member x %security-types))
+
+(define (security-types? x)
+ (and (list? x)
+ (and-map security-type? x)))
+
+(define (log-level? x)
+ (and (number? x)
+ (and (>= x 0) (<= x 100))))
+
+(define (strings? x)
+ (and (list? x)
+ (and-map string? x)))
+
+(define-configuration/no-serialization xvnc-configuration
+ (xvnc
+ (file-like tigervnc-server)
+ "The package that provides the Xvnc binary.")
+ (display-number
+ (number 0)
+ "The display number used by Xvnc. You should set this to a number not
+already used by a Xorg server. When remoting a complete desktop session via
+XDMCP and using a compatible VNC viewer as provided by the
+@code{tigervnc-client} or @code{turbovnc} packages, the geometry is
+automatically adjusted.")
+ (geometry
+ (string "1024x768")
+ "The size of the desktop to be created.")
+ (depth
+ (color-depth 24)
+ "The pixel depth in bits of the desktop to be created. Accepted values are
+16, 24 or 32.")
+ (port
+ maybe-port
+ "The port on which to listen for connections from viewers. When left
+unspecified, it defaults to 5900 plus the display number.")
+ (ipv4?
+ (boolean #t)
+ "Use IPv4 for incoming and outgoing connections.")
+ (ipv6?
+ (boolean #t)
+ "Use IPv6 for incoming and outgoing connections.")
+ (password-file
+ maybe-string
+ "The password file to use, if any. Refer to vncpasswd(1) to learn how to
+generate such a file.")
+ (xdmcp?
+ (boolean #f)
+ "Query the XDMCP server for a session. This enables users to log in a
+desktop session from the login manager screen. For a multiple users scenario,
+you'll want to enable the @code{inetd?} option as well, so that each
+connection to the VNC server is handled separately rather than shared.")
+ (inetd?
+ (boolean #f)
+ "Use an Inetd-style service, which runs the Xvnc server on demand.")
+ (frame-rate
+ (number 60)
+ "The maximum number of updates per second sent to each client.")
+ (security-types
+ (security-types (list "None"))
+ (format #f "The allowed security schemes to use for incoming connections.
+The default is \"None\", which is safe given that Xvnc is configured to
+authenticate the user via the display manager, and only for local connections.
+Accepted values are any of the following: ~s" %security-types))
+ (localhost?
+ (boolean #t)
+ "Only allow connections from the same machine. It is set to @code{#true}
+by default for security, which means SSH or another secure means should be
+used to expose the remote port.")
+ (log-level
+ (log-level 30)
+ "The log level, a number between 0 and 100, 100 meaning most verbose
+output. The log messages are output to syslog.")
+ (extra-options
+ (strings '())
+ "This can be used to provide extra Xvnc options not exposed via this
+<xvnc-configuration> record."))
+
+(define (xvnc-configuration->command-line-arguments config)
+ "Derive the command line arguments to used to launch the Xvnc daemon from
+CONFIG, a <xvnc-configuration> object."
+ (match-record config <xvnc-configuration>
+ (xvnc display-number geometry depth port ipv4? ipv6? password-file xdmcp?
+ inetd? frame-rate security-types localhost? log-level extra-options)
+ #~(list #$(file-append xvnc "/bin/Xvnc")
+ #$(format #f ":~a" display-number)
+ "-geometry" #$geometry
+ "-depth" #$(number->string depth)
+ #$@(if inetd?
+ (list "-inetd")
+ '())
+ #$@(if (not inetd?)
+ (if (maybe-value-set? port)
+ (list "-rfbport" (number->string port))
+ '())
+ '())
+ #$@(if (not inetd?)
+ (if ipv4?
+ (list "-UseIPv4")
+ '())
+ '())
+ #$@(if (not inetd?)
+ (if ipv6?
+ (list "-UseIPv6")
+ '())
+ '())
+ #$@(if (maybe-value-set? password-file)
+ (list "-PasswordFile" password-file)
+ '())
+ "-FrameRate" #$(number->string frame-rate)
+ "-SecurityTypes" #$(string-join security-types ",")
+ #$@(if localhost?
+ (list "-localhost")
+ '())
+ "-Log" #$(format #f "*:syslog:~a" log-level)
+ #$@(if xdmcp?
+ (list "-query" "localhost" "-once")
+ '())
+ #$@extra-options)))
+
+(define %xvnc-accounts
+ (list (user-group
+ (name "xvnc")
+ (system? #t))
+ (user-account
+ (name "xvnc")
+ (group "xvnc")
+ (system? #t)
+ (comment "User for Xvnc server"))))
+
+(define (xvnc-shepherd-service config)
+ "Return a <shepherd-service> for Xvnc with CONFIG."
+ (let* ((display-number (xvnc-configuration-display-number config))
+ (port (if (maybe-value-set? (xvnc-configuration-port config))
+ (xvnc-configuration-port config)
+ #f))
+ (port* (or port (+ 5900 display-number))))
+ (shepherd-service
+ (provision '(xvnc vncserver))
+ (documentation "Run the Xvnc server.")
+ (requirement '(networking syslogd))
+ (start (if (xvnc-configuration-inetd? config)
+ #~(let* ((inaddr (if #$(xvnc-configuration-localhost? config)
+ INADDR_LOOPBACK
+ INADDR_ANY))
+ (in6addr (if #$(xvnc-configuration-localhost? config)
+ IN6ADDR_LOOPBACK
+ IN6ADDR_ANY))
+ (ipv4-socket (and #$(xvnc-configuration-ipv4? config)
+ (make-socket-address AF_INET inaddr
+ #$port*)))
+ (ipv6-socket (and #$(xvnc-configuration-ipv6? config)
+ (make-socket-address AF_INET6 in6addr
+ #$port*))))
+ (make-inetd-constructor
+ #$(xvnc-configuration->command-line-arguments config)
+ `(,@(if ipv4-socket
+ (list (endpoint ipv4-socket))
+ '())
+ ,@(if ipv6-socket
+ (list (endpoint ipv6-socket))
+ '()))
+ #:user "xvnc"
+ #:group "xvnc"))
+ #~(make-forkexec-constructor
+ #$(xvnc-configuration->command-line-arguments config)
+ #:user "xvnc"
+ #:group "xvnc")))
+ (stop #~(make-inetd-destructor)))))
+
+(define xvnc-service-type
+ (service-type
+ (name 'xvnc)
+ (default-value (xvnc-configuration))
+ (description "Run the Xvnc server, which creates a virtual X11 session and
+allow remote clients connecting to it via the remote framebuffer (RFB)
+protocol.")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ (compose list xvnc-shepherd-service))
+ (service-extension account-service-type
+ (const %xvnc-accounts))))))
diff --git a/gnu/tests/vnc.scm b/gnu/tests/vnc.scm
new file mode 100644
index 0000000000..34c2db1203
--- /dev/null
+++ b/gnu/tests/vnc.scm
@@ -0,0 +1,200 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>.
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests vnc)
+ #:use-module (gnu bootloader)
+ #:use-module (gnu bootloader grub)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages ocr)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu services)
+ #:use-module (gnu services dbus)
+ #:use-module (gnu services desktop)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services ssh)
+ #:use-module (gnu services vnc)
+ #:use-module (gnu services xorg)
+ #:use-module (gnu system)
+ #:use-module (gnu system file-systems)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu system vm)
+ #:use-module (gnu tests)
+ #:use-module (guix gexp)
+ #:use-module (guix modules)
+ #:export (%test-xvnc))
+
+(define %xvnc-os
+ (operating-system
+ ;; Usual boilerplate.
+ (host-name "komputilo")
+ (timezone "Europe/Berlin")
+ (locale "en_US.UTF-8")
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (targets '("/dev/sdX"))))
+ (file-systems (cons (file-system
+ (device (file-system-label "my-root"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+ (users (cons (user-account
+ (name "dummy")
+ (group "users")
+ (supplementary-groups '("wheel" "netdev"
+ "audio" "video")))
+ %base-user-accounts))
+ (packages (append (map specification->package
+ '("dbus" ;for dbus-run-session
+ "dconf"
+ "gnome-settings-daemon" ;for schemas
+ "ratpoison"
+ "tigervnc-client"
+ "xterm"))
+ %base-packages
+ (list `(,glib "bin")
+ glib)))
+ (services (cons*
+ (service openssh-service-type (openssh-configuration
+ (permit-root-login #t)
+ (allow-empty-passwords? #t)))
+ (service xvnc-service-type (xvnc-configuration
+ (display-number 5)
+ (security-types (list "None"))
+ (log-level 100)
+ (localhost? #f)
+ (xdmcp? #t)
+ (inetd? #t)))
+ (modify-services %desktop-services
+ (gdm-service-type config => (gdm-configuration
+ (inherit config)
+ (auto-login? #t)
+ (auto-suspend? #f)
+ (default-user "root")
+ (debug? #t)
+ (xdmcp? #t))))))))
+
+(define (run-xvnc-test)
+ "Run tests in %XVNC-OS."
+
+ (define os (marionette-operating-system
+ %xvnc-os
+ #:imported-modules (source-module-closure
+ '((gnu services herd)))))
+
+ (define vm (virtual-machine
+ (operating-system os)
+ (memory-size 1024)))
+
+ (define test
+ (with-imported-modules (source-module-closure
+ '((gnu build marionette)
+ (guix build utils)))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (guix build utils)
+ (srfi srfi-26)
+ (srfi srfi-64))
+
+ (let ((marionette (make-marionette (list #$vm))))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "xvnc")
+
+ (test-assert "service running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'xvnc))
+ marionette))
+
+ (test-assert "wait for port 5905, IPv4"
+ (wait-for-tcp-port 5905 marionette))
+
+ (test-assert "wait for port 5905, IPv6"
+ (wait-for-tcp-port 5905 marionette
+ #:address
+ '(make-socket-address
+ AF_INET6 (inet-pton AF_INET6 "::1") 5905)))
+
+ (test-assert "gdm auto-suspend is disabled"
+ ;; More a GDM than a Xvnc test, but since it's a cross-cutting
+ ;; concern and we have everything set up here, we might as well
+ ;; check it here.
+ (marionette-eval
+ '(begin
+ ;; Check that DCONF_PROFILE is set...
+ (invoke "/bin/sh" "-lc" "\
+pgrep gdm | head -n1 | xargs -I{} grep -Fq DCONF_PROFILE /proc/{}/environ")
+
+ ;; ... and that
+ (invoke "/bin/sh" "-lc" "\
+sudo -E -u gdm env DCONF_PROFILE=/etc/dconf/profile/gdm dbus-run-session \
+gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type \
+| grep -Fq nothing"))
+ marionette))
+
+ (test-assert "vnc lands on the gdm login screen"
+ ;; This test runs vncviewer on the local VM and verifies that it
+ ;; manages to access the GDM login screen (via XDMCP).
+ (begin
+ (define (ratpoison-abort)
+ (marionette-control "sendkey ctrl-g" marionette))
+
+ (define (ratpoison-help)
+ (marionette-control "sendkey ctrl-t" marionette)
+ (marionette-type "?" marionette)
+ (sleep 1)) ;wait for help screen to appear
+
+ (define (ratpoison-exec command)
+ (marionette-control "sendkey ctrl-t" marionette)
+ (marionette-type "!" marionette)
+ (marionette-type (string-append command "\n") marionette))
+
+ ;; Wait until the ratpoison help screen can be displayed; this
+ ;; means the window manager is ready.
+ (wait-for-screen-text marionette
+ (cut string-contains <> "key bindings")
+ #:ocr #$(file-append tesseract-ocr
+ "/bin/tesseract")
+ #:pre-action ratpoison-help
+ #:post-action ratpoison-abort)
+
+ ;; Run vncviewer and expect the GDM login screen (accessed via
+ ;; XDMCP). This can take a while to appear on slower machines.
+ (ratpoison-exec "vncviewer localhost:5905")
+ ;; XXX: tesseract narrowly recognizes "Guix" as "uix" from the
+ ;; background image; ocrad fares worst. Sadly, 'Username' is
+ ;; not recognized at all.
+ (wait-for-screen-text marionette
+ (cut string-contains <> "uix")
+ #:ocr #$(file-append tesseract-ocr
+ "/bin/tesseract")
+ #:timeout 120)))
+
+ (test-end)))))
+
+ (gexp->derivation "xvnc-test" test))
+
+(define %test-xvnc
+ (system-test
+ (name "xvnc")
+ (description "Basic tests for the Xvnc service. One of the tests validate
+that XDMCP works with GDM, and is therefore heavy in terms of disk and memory
+requirements.")
+ (value (run-xvnc-test))))