From a47a051e3d8669c51071f224661e0f7a9c5a9aaa Mon Sep 17 00:00:00 2001 From: kiasoc5 Date: Sat, 24 Sep 2022 01:39:00 -0400 Subject: gnu: picard: Update to 2.8.3, modernize package. * gnu/packages/music.scm (picard): Update to 2.8.3. [source]: Remove patch. [arguments]: Use G-expressions. Remove trailing #t. [native-inputs]: Remove input labels. [inputs]: Add python-fasteners, python-pyyaml, python-markdown, python-pyjwt. Remove a transitive dependency on QtWebKit. See for more information about this change. * gnu/packages/patches/picard-fix-id3-rename-test.patch: Remove it. * gnu/local.mk (dist_path_DATA): Update accordingly. Signed-off-by: Mathieu Othacehe --- gnu/local.mk | 1 - 1 file changed, 1 deletion(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0134fb53d8..26fdfe7ca9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1653,7 +1653,6 @@ dist_patch_DATA = \ %D%/packages/patches/phoronix-test-suite-fsdg.patch \ %D%/packages/patches/php-bug-74093-test.patch \ %D%/packages/patches/php-curl-compat.patch \ - %D%/packages/patches/picard-fix-id3-rename-test.patch \ %D%/packages/patches/picprog-non-intel-support.patch \ %D%/packages/patches/pidgin-add-search-path.patch \ %D%/packages/patches/pinball-system-ltdl.patch \ -- cgit v1.2.3 From 582b1f626f351d0c519c973ba3c49d1c270200bf Mon Sep 17 00:00:00 2001 From: Greg Hogan Date: Thu, 22 Sep 2022 19:44:10 +0000 Subject: gnu: python-louvain: Fix test. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/graph.scm (python-louvain)[source]: Add patch. * gnu/packages/patches/python-louvain-fix-test.patch: New file. * gnu/local.mk (dist_patch_DATA): Register patch. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/graph.scm | 1 + gnu/packages/patches/python-louvain-fix-test.patch | 15 +++++++++++++++ 3 files changed, 17 insertions(+) create mode 100644 gnu/packages/patches/python-louvain-fix-test.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 26fdfe7ca9..789aacb77b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1619,6 +1619,7 @@ dist_patch_DATA = \ %D%/packages/patches/ppsspp-disable-upgrade-and-gold.patch \ %D%/packages/patches/pthreadpool-system-libraries.patch \ %D%/packages/patches/python-chai-drop-python2.patch \ + %D%/packages/patches/python-louvain-fix-test.patch \ %D%/packages/patches/python-random2-getrandbits-test.patch \ %D%/packages/patches/python-poppler-qt5-fix-build.patch \ %D%/packages/patches/python-w3lib-fix-test-failure.patch \ diff --git a/gnu/packages/graph.scm b/gnu/packages/graph.scm index 109ba68675..02c80f0682 100644 --- a/gnu/packages/graph.scm +++ b/gnu/packages/graph.scm @@ -290,6 +290,7 @@ (define-public python-louvain (origin (method url-fetch) (uri (pypi-uri "python-louvain" version)) + (patches (search-patches "python-louvain-fix-test.patch")) (sha256 (base32 "0sx53l555rwq0z7if8agirjgw4ddp8r9b949wwz8vlig03sjvfmp")))) (build-system python-build-system) diff --git a/gnu/packages/patches/python-louvain-fix-test.patch b/gnu/packages/patches/python-louvain-fix-test.patch new file mode 100644 index 0000000000..2127df681c --- /dev/null +++ b/gnu/packages/patches/python-louvain-fix-test.patch @@ -0,0 +1,15 @@ +https://github.com/taynaud/python-louvain/commit/638804ae636dc65306900ef6518ca0a1c9202566.diff + +diff --git a/test_community.py b/test_community.py +index 1ee1976..566a4b1 100644 +--- a/test_community.py ++++ b/test_community.py +@@ -203,7 +203,7 @@ def test_karate(self): + self.assertAlmostEqual(co.modularity(part, graph), + co.modularity(part_weight, + graph, +- "test_weight"), places=2) ++ "test_weight"), places=1) + + part_res_low = co.best_partition(graph, resolution=0.1) + self.assertTrue( -- cgit v1.2.3 From a93781b83cfc83cdd74c11bf4931cca4002c2048 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sun, 2 Oct 2022 22:23:09 -0400 Subject: gnu: Remove unused scotch patches. * gnu/packages/patches/scotch-build-parallelism.patch: Delete file. * gnu/packages/patches/scotch-integer-declarations.patch: Likewise. * gnu/local.mk (dist_patch_DATA): De-register them. --- gnu/local.mk | 2 -- .../patches/scotch-build-parallelism.patch | 39 ---------------------- .../patches/scotch-integer-declarations.patch | 37 -------------------- 3 files changed, 78 deletions(-) delete mode 100644 gnu/packages/patches/scotch-build-parallelism.patch delete mode 100644 gnu/packages/patches/scotch-integer-declarations.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 789aacb77b..e9178923af 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1823,8 +1823,6 @@ dist_patch_DATA = \ %D%/packages/patches/scalapack-gcc-10-compilation.patch \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scons-test-environment.patch \ - %D%/packages/patches/scotch-build-parallelism.patch \ - %D%/packages/patches/scotch-integer-declarations.patch \ %D%/packages/patches/screen-hurd-path-max.patch \ %D%/packages/patches/sdl-libx11-1.6.patch \ %D%/packages/patches/seed-webkit.patch \ diff --git a/gnu/packages/patches/scotch-build-parallelism.patch b/gnu/packages/patches/scotch-build-parallelism.patch deleted file mode 100644 index a669f1dbeb..0000000000 --- a/gnu/packages/patches/scotch-build-parallelism.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fixes make with -j, otherwise scotch.h may not be generated by the time make -tries to compile library_graph_diam.o et al. - -Reported upstream at -https://gforge.inria.fr/tracker/index.php?func=detail&aid=21651&group_id=248&atid=1081 - -diff --git a/src/libscotch/Makefile b/src/libscotch/Makefile -index 9898894..b0ee14c 100644 ---- a/src/libscotch/Makefile -+++ b/src/libscotch/Makefile -@@ -2229,6 +2229,28 @@ library_graph_color_f$(OBJ) : library_graph_color_f.c \ - common.h \ - scotch.h - -+library_graph_diam$(OBJ) : library_graph_diam.c \ -+ module.h \ -+ common.h \ -+ graph.h \ -+ scotch.h -+ -+library_graph_diam_f$(OBJ) : library_graph_diam.c \ -+ module.h \ -+ common.h \ -+ scotch.h -+ -+library_graph_induce$(OBJ) : library_graph_diam.c \ -+ module.h \ -+ common.h \ -+ graph.h \ -+ scotch.h -+ -+library_graph_induce_f$(OBJ) : library_graph_diam.c \ -+ module.h \ -+ common.h \ -+ scotch.h -+ - library_graph_io_chac$(OBJ) : library_graph_io_chac.c \ - module.h \ - common.h \ diff --git a/gnu/packages/patches/scotch-integer-declarations.patch b/gnu/packages/patches/scotch-integer-declarations.patch deleted file mode 100644 index 978625c1c0..0000000000 --- a/gnu/packages/patches/scotch-integer-declarations.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff --git a/src/libscotch/library.h b/src/libscotch/library.h -index 1891c19..ecc0533 100644 ---- a/src/libscotch/library.h -+++ b/src/libscotch/library.h -@@ -67,6 +67,8 @@ - - /*+ Integer type. +*/ - -+#include -+ - typedef DUMMYIDX SCOTCH_Idx; - - typedef DUMMYINT SCOTCH_Num; -diff --git a/src/libscotchmetis/library_metis.h b/src/libscotchmetis/library_metis.h -index e6767e1..04e71c3 100644 ---- a/src/libscotchmetis/library_metis.h -+++ b/src/libscotchmetis/library_metis.h -@@ -99,6 +99,7 @@ typedef enum { - */ - - #ifndef SCOTCH_H /* In case "scotch.h" not included before */ -+#include - typedef DUMMYINT SCOTCH_Num; - #endif /* SCOTCH_H */ - -diff --git a/src/libscotchmetis/library_parmetis.h b/src/libscotchmetis/library_parmetis.h -index 6d2f0b0..3c803fc 100644 ---- a/src/libscotchmetis/library_parmetis.h -+++ b/src/libscotchmetis/library_parmetis.h -@@ -106,6 +106,7 @@ typedef enum { - */ - - #ifndef SCOTCH_H /* In case "scotch.h" not included before */ -+#include - typedef DUMMYINT SCOTCH_Num; - #endif /* SCOTCH_H */ - -- cgit v1.2.3 From 7030f592c643360105514f9f1f923b0b6342d5e3 Mon Sep 17 00:00:00 2001 From: "( via Guix-patches via" Date: Thu, 29 Sep 2022 17:40:20 +0100 Subject: home: Add home-batsignal-service-type. * gnu/home/services/pm.scm (home-batsignal-service-type): New variable. (home-batsignal-configuration): New record type. * doc/guix.texi: Document them. * gnu/local.mk: Add gnu/home/services/pm.scm. --- doc/guix.texi | 90 +++++++++++++++++++++++++++-- gnu/home/services/pm.scm | 145 +++++++++++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 2 + 3 files changed, 231 insertions(+), 6 deletions(-) create mode 100644 gnu/home/services/pm.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index fb9efe6b4f..eeec4dec2c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -107,6 +107,7 @@ Copyright @copyright{} 2022 Karl Hallsby@* Copyright @copyright{} 2022 Justin Veilleux@* Copyright @copyright{} 2022 Reily Siegel@* Copyright @copyright{} 2022 Simon Streit@* +Copyright @copyright{} 2022 (@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -40154,12 +40155,13 @@ services)}. @menu * Essential Home Services:: Environment variables, packages, on-* scripts. -* Shells: Shells Home Services. POSIX shells, Bash, Zsh. -* Mcron: Mcron Home Service. Scheduled User's Job Execution. -* Shepherd: Shepherd Home Service. Managing User's Daemons. -* SSH: Secure Shell. Setting up the secure shell client. -* Desktop: Desktop Home Services. Services for graphical environments. -* Guix: Guix Home Services. Services for Guix. +* Shells: Shells Home Services. POSIX shells, Bash, Zsh. +* Mcron: Mcron Home Service. Scheduled User's Job Execution. +* Power Management: Power Management Home Services. Services for battery power. +* Shepherd: Shepherd Home Service. Managing User's Daemons. +* SSH: Secure Shell. Setting up the secure shell client. +* Desktop: Desktop Home Services. Services for graphical environments. +* Guix: Guix Home Services. Services for Guix. @end menu @c In addition to that Home Services can provide @@ -40607,6 +40609,82 @@ specifications,, mcron, GNU@tie{}mcron}). @end table @end deftp +@node Power Management Home Services +@subsection Power Management Home Services + +@cindex power management +The @code{(gnu home services pm)} module provides home services +pertaining to battery power. + +@defvr {Scheme Variable} home-batsignal-service-type +Service for @code{batsignal}, a program that monitors battery levels +and warns the user through desktop notifications when their battery +is getting low. You can also configure a command to be run when the +battery level passes a point deemed ``dangerous''. This service is +configured with the @code{home-batsignal-configuration} record. +@end defvr + +@deftp {Data Type} home-batsignal-configuration +Data type representing the configuration for batsignal. + +@table @asis +@item @code{warning-level} (default: @code{15}) +The battery level to send a warning message at. + +@item @code{warning-message} (default: @code{#f}) +The message to send as a notification when the battery level reaches +the @code{warning-level}. Setting to @code{#f} uses the default +message. + +@item @code{critical-level} (default: @code{5}) +The battery level to send a critical message at. + +@item @code{critical-message} (default: @code{#f}) +The message to send as a notification when the battery level reaches +the @code{critical-level}. Setting to @code{#f} uses the default +message. + +@item @code{danger-level} (default: @code{2}) +The battery level to run the @code{danger-command} at. + +@item @code{danger-command} (default: @code{#f}) +The command to run when the battery level reaches the @code{danger-level}. +Setting to @code{#f} disables running the command entirely. + +@item @code{full-level} (default: @code{#f}) +The battery level to send a full message at. Setting to @code{#f} +disables sending the full message entirely. + +@item @code{full-message} (default: @code{#f}) +The message to send as a notification when the battery level reaches +the @code{full-level}. Setting to @code{#f} uses the default message. + +@item @code{batteries} (default: @code{'()}) +The batteries to monitor. Setting to @code{'()} tries to find batteries +automatically. + +@item @code{poll-delay} (default: @code{60}) +The time in seconds to wait before checking the batteries again. + +@item @code{icon} (default: @code{#f}) +A file-like object to use as the icon for battery notifications. Setting +to @code{#f} disables notification icons entirely. + +@item @code{notifications?} (default: @code{#t}) +Whether to send any notifications. + +@item @code{notifications-expire?} (default: @code{#f}) +Whether notifications sent expire after a time. + +@item @code{notification-command} (default: @code{#f}) +Command to use to send messages. Setting to @code{#f} sends a notification +through @code{libnotify}. + +@item @code{ignore-missing?} (default: @code{#f}) +Whether to ignore missing battery errors. +@end table +@end deftp + @node Shepherd Home Service @subsection Managing User Daemons diff --git a/gnu/home/services/pm.scm b/gnu/home/services/pm.scm new file mode 100644 index 0000000000..5f09941827 --- /dev/null +++ b/gnu/home/services/pm.scm @@ -0,0 +1,145 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 ( +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation, either version 3 of the License, or +;;; (at your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu home services pm) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module (guix records) + #:use-module (gnu home services) + #:use-module (gnu home services shepherd) + #:use-module (gnu packages monitoring) + #:use-module (gnu services shepherd) + + #:export (home-batsignal-configuration + home-batsignal-service-type)) + +;;; +;;; batsignal +;;; +;;; Daemon for running commands and displaying notifications on +;;; battery events. +;;; + +(define-record-type* + home-batsignal-configuration make-home-batsignal-configuration + home-batsignal-configuration? + (warning-level batsignal-warning-level ;integer + (default 15)) + (warning-message batsignal-warning-message ;string | #f + (default #f)) + (critical-level batsignal-critical-level ;integer + (default 5)) + (critical-message batsignal-critical-message ;string | #f + (default #f)) + (danger-level batsignal-danger-level ;integer + (default 2)) + (danger-command batsignal-danger-command ;file-like | string | #f + (default #f)) + (full-level batsignal-full-level ;integer | #f + (default #f)) + (full-message batsignal-full-message ;string | #f + (default #f)) + (batteries batsignal-batteries ;list of string + (default '())) + (poll-delay batsignal-poll-delay ;integer + (default 60)) + (icon batsignal-icon ;file-like | #f + (default #f)) + (notifications? batsignal-notifications? ;boolean + (default #t)) + (notifications-expire? batsignal-notifications-expire? ;boolean + (default #f)) + (notification-command batsignal-notification-command ;string | #f + (default #f)) + (ignore-missing? batsignal-ignore-missing? ;boolean + (default #f))) + +(define (home-batsignal-shepherd-services config) + (let ((warning-level (batsignal-warning-level config)) + (warning-message (batsignal-warning-message config)) + (critical-level (batsignal-critical-level config)) + (critical-message (batsignal-critical-message config)) + (danger-level (batsignal-danger-level config)) + (danger-command (batsignal-danger-command config)) + (full-level (batsignal-full-level config)) + (full-message (batsignal-full-message config)) + (batteries (batsignal-batteries config)) + (poll-delay (batsignal-poll-delay config)) + (icon (batsignal-icon config)) + (notifications? (batsignal-notifications? config)) + (notifications-expire? (batsignal-notifications-expire? config)) + (notification-command (batsignal-notification-command config)) + (ignore-missing? (batsignal-ignore-missing? config))) + (list (shepherd-service + (provision '(batsignal)) + (documentation "Run the batsignal battery-watching daemon.") + (start #~(make-forkexec-constructor + (append (list #$(file-append batsignal "/bin/batsignal") + "-w" (number->string #$warning-level) + "-c" (number->string #$critical-level) + "-d" (number->string #$danger-level) + "-m" (number->string #$poll-delay)) + (if #$warning-message + (list "-W" #$warning-message) + (list)) + (if #$critical-message + (list "-C" #$critical-message) + (list)) + (if #$danger-command + (list "-D" #$danger-command) + (list)) + (if #$full-level + (list "-f" (number->string #$full-level)) + (list)) + (if #$full-message + (list "-F" #$full-message) + (list)) + (if (null? (list #$@batteries)) + (list) + (list "-n" (string-join (list #$@batteries) ","))) + (if #$icon + (list "-I" #$icon) + (list)) + (if #$notifications? + (list) + (list "-N")) + (if #$notifications-expire? + (list "-e") + (list)) + (if #$notification-command + (list "-M" #$notification-command) + (list)) + (if #$ignore-missing? + (list "-i") + (list))) + #:log-file (string-append + (or (getenv "XDG_LOG_HOME") + (format #f "~a/.local/var/log" + (getenv "HOME"))) + "/batsignal.log"))) + (stop #~(make-kill-destructor)))))) + +(define home-batsignal-service-type + (service-type + (name 'home-batsignal) + (extensions + (list (service-extension home-shepherd-service-type + home-batsignal-shepherd-services))) + (default-value (home-batsignal-configuration)) + (description + "Run batsignal, a battery watching and notification daemon."))) diff --git a/gnu/local.mk b/gnu/local.mk index e9178923af..5976cbe90c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -54,6 +54,7 @@ # Copyright © 2022 muradm # Copyright © 2022 Hilton Chain # Copyright © 2022 Alex Griffin +# Copyright © 2022 ( # # This file is part of GNU Guix. # @@ -89,6 +90,7 @@ GNU_SYSTEM_MODULES = \ %D%/home/services/symlink-manager.scm \ %D%/home/services/fontutils.scm \ %D%/home/services/guix.scm \ + %D%/home/services/pm.scm \ %D%/home/services/shells.scm \ %D%/home/services/shepherd.scm \ %D%/home/services/ssh.scm \ -- cgit v1.2.3 From 1c528a95cb92b7808e6603d7956185005583629f Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 26 Jul 2022 15:02:53 -0400 Subject: services: Add xvnc-service-type. * gnu/services/vnc.scm: New file. * gnu/tests/vnc.scm: Likewise. * gnu/local.mk: Register them. --- doc/guix.texi | 163 ++++++++++++++++++++++++++++++++- gnu/local.mk | 2 + gnu/services/vnc.scm | 247 +++++++++++++++++++++++++++++++++++++++++++++++++++ gnu/tests/vnc.scm | 200 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 608 insertions(+), 4 deletions(-) create mode 100644 gnu/services/vnc.scm create mode 100644 gnu/tests/vnc.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index 27f63904cd..14592142dd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17554,6 +17554,7 @@ declaration. * Web Services:: Web servers. * Certificate Services:: TLS certificates via Let's Encrypt. * DNS Services:: DNS daemons. +* VNC Services:: VNC daemons. * VPN Services:: VPN daemons. * Network File System:: NFS related services. * Samba Services:: Samba services. @@ -21062,6 +21063,7 @@ started by the @dfn{login manager}, by default the GNOME Display Manager (GDM). @cindex GDM @cindex GNOME, login manager +@anchor{gdm} GDM of course allows users to log in into window managers and desktop environments other than GNOME; for those using GNOME, GDM is required for features such as automatic screen locking. @@ -21363,6 +21365,7 @@ Relogin after logout. @cindex lightdm, graphical login manager @cindex display manager, lightdm +@anchor{lightdm} @defvr {Scheme Variable} lightdm-service-type This is the type of the service to run the @url{https://github.com/canonical/lightdm,LightDM display manager}. Its @@ -21566,10 +21569,11 @@ Extra configuration values to append to the seat configuration section. @cindex Xorg, configuration @deftp {Data Type} xorg-configuration -This data type represents the configuration of the Xorg graphical display -server. Note that there is no Xorg service; instead, the X server is started -by a ``display manager'' such as GDM, SDDM, and SLiM@. Thus, the configuration -of these display managers aggregates an @code{xorg-configuration} record. +This data type represents the configuration of the Xorg graphical +display server. Note that there is no Xorg service; instead, the X +server is started by a ``display manager'' such as GDM, SDDM, LightDM or +SLiM@. Thus, the configuration of these display managers aggregates an +@code{xorg-configuration} record. @table @asis @item @code{modules} (default: @code{%default-xorg-modules}) @@ -30836,6 +30840,157 @@ Defaults to @samp{()}. @c %end of fragment +@node VNC Services +@subsection VNC Services +@cindex VNC (virtual network computing) +@cindex XDMCP (x display manager control protocol) + +The @code{(gnu services vnc)} module provides services related to +@dfn{Virtual Network Computing} (VNC), which makes it possible to +locally use graphical Xorg applications running on a remote machine. +Combined with a graphical manager that supports the @dfn{X Display +Manager Control Protocol}, such as GDM (@pxref{gdm}) or LightDM +(@pxref{lightdm}), it is possible to remote an entire desktop for a +multi-user environment. + +@subsubheading Xvnc + +Xvnc is a VNC server that spawns its own X window server; which means it +can run on headless servers. The Xvnc implementations provided by the +@code{tigervnc-server} and @code{turbovnc} aim to be fast and efficient. + +@defvar {Scheme Variable} xvnc-service-type + +The @code{xvnc-server-type} service can be configured via the +@code{xvnc-configuration} record, documented below. A second virtual +display could be made available on a remote machine for via the +following configuration: +@end defvar + +@lisp +(service xvnc-service-type (xvnc-configuration (display-number 10) +@end lisp + +As a demonstration, the @command{xclock} command could then be started +on the remote machine on display number 10, and it could be display +locally via the @command{vncviewer} command: +@example +# Start xclock on the remote machine. +ssh -L5910:localhost:5910 -- guix shell xclock -- env DISPLAY=:10 xclock +# Access it via VNC. +guix shell tigervnc-client -- vncviewer localhost:5910 +@end example + +The following configuration combines XDMCP and Inetd to allow multiple +users to concurrently use the remote system, login in graphically via +the GDM display manager: + +@lisp +(operating-system + [...] + (services (cons* + [...] + (service xvnc-service-type (xvnc-configuration + (display-number 5) + (localhost? #f) + (xdmcp? #t) + (inetd? #t))) + (modify-services %desktop-services + (gdm-service-type config => (gdm-configuration + (inherit config) + (auto-suspend? #f) + (xdmcp? #t))))))) +@end lisp + +A remote user could then connect to it by using the @command{vncviewer} +command or a compatible VNC client and start a desktop session of their +choosing: +@example +vncviewer remote-host:5905 +@end example + +@quotation Warning +Unless your machine is in a controlled environment, for security +reasons, the @code{localhost?} configuration of the +@code{xvnc-configuration} record should be left to its default @code{#t} +value and exposed via a secure means such as an SSH port forward. The +XDMCP port, UDP 177 should also be blocked from the outside by a +firewall, as it is not a secure protocol and can expose login +credentials in clear. +@end quotation + +@c Use (configuration->documentation 'xvnc-configuration) to regenerate +@c the documentation. +@c %start of fragment +@deftp {Data Type} xvnc-configuration +Available @code{xvnc-configuration} fields are: + +@table @asis +@item @code{xvnc} (default: @code{tigervnc-server}) (type: file-like) +The package that provides the Xvnc binary. + +@item @code{display-number} (default: @code{0}) (type: number) +The display number used by Xvnc. You should set this to a number not +already used a Xorg server. + +@item @code{geometry} (default: @code{"1024x768"}) (type: string) +The size of the desktop to be created. + +@item @code{depth} (default: @code{24}) (type: color-depth) +The pixel depth in bits of the desktop to be created. Accepted values +are 16, 24 or 32. + +@item @code{port} (type: maybe-port) +The port on which to listen for connections from viewers. When left +unspecified, it defaults to 5900 plus the display number. + +@item @code{ipv4?} (default: @code{#t}) (type: boolean) +Use IPv4 for incoming and outgoing connections. + +@item @code{ipv6?} (default: @code{#t}) (type: boolean) +Use IPv6 for incoming and outgoing connections. + +@item @code{password-file} (type: maybe-string) +The password file to use, if any. Refer to vncpasswd(1) to learn how to +generate such a file. + +@item @code{xdmcp?} (default: @code{#f}) (type: boolean) +Query the XDMCP server for a session. This enables users to log in a +desktop session from the login manager screen. For a multiple users +scenario, you'll want to enable the @code{inetd?} option as well, so +that each connection to the VNC server is handled separately rather than +shared. + +@item @code{inetd?} (default: @code{#f}) (type: boolean) +Use an Inetd-style service, which runs the Xvnc server on demand. + +@item @code{frame-rate} (default: @code{60}) (type: number) +The maximum number of updates per second sent to each client. + +@item @code{security-types} (default: @code{("None")}) (type: security-types) +The allowed security schemes to use for incoming connections. The +default is "None", which is safe given that Xvnc is configured to +authenticate the user via the display manager, and only for local +connections. Accepted values are any of the following: ("None" +"VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" "X509None" "X509Vnc") + +@item @code{localhost?} (default: @code{#t}) (type: boolean) +Only allow connections from the same machine. It is set to #true by +default for security, which means SSH or another secure means should be +used to expose the remote port. + +@item @code{log-level} (default: @code{30}) (type: log-level) +The log level, a number between 0 and 100, 100 meaning most verbose +output. The log messages are output to syslog. + +@item @code{extra-options} (default: @code{()}) (type: strings) +This can be used to provide extra Xvnc options not exposed via this + record. + +@end table + +@end deftp +@c %end of fragment @node VPN Services @subsection VPN Services diff --git a/gnu/local.mk b/gnu/local.mk index 5976cbe90c..698070c639 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -694,6 +694,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/sysctl.scm \ %D%/services/telephony.scm \ %D%/services/version-control.scm \ + %D%/services/vnc.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ %D%/services/xorg.scm \ @@ -775,6 +776,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/telephony.scm \ %D%/tests/version-control.scm \ %D%/tests/virtualization.scm \ + %D%/tests/vnc.scm \ %D%/tests/web.scm INSTALLER_MODULES = \ diff --git a/gnu/services/vnc.scm b/gnu/services/vnc.scm new file mode 100644 index 0000000000..15c3c14fee --- /dev/null +++ b/gnu/services/vnc.scm @@ -0,0 +1,247 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services vnc) + #:use-module (gnu packages vnc) + #:use-module ((gnu services) #:hide (delete)) + #:use-module (gnu system shadow) + #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) + #:use-module (guix gexp) + #:use-module (guix records) + + #:export (xvnc-configuration + xvnc-configuration-xvnc + xvnc-configuration-display-number + xvnc-configuration-geometry + xvnc-configuration-depth + xvnc-configuration-port + xvnc-configuration-ipv4? + xvnc-configuration-ipv6? + xvnc-configuration-password-file + xvnc-configuration-xdmcp? + xvnc-configuration-inetd? + xvnc-configuration-frame-rate + xvnc-configuration-security-types + xvnc-configuration-localhost? + xvnc-configuration-log-level + xvnc-configuration-extra-options + + xvnc-service-type)) + +;;; +;;; Xvnc. +;;; + +(define (color-depth? x) + (member x '(16 24 32))) + +(define (port? x) + (and (number? x) + (and (>= x 0) (<= x 65535)))) + +(define-maybe/no-serialization port) + +(define-maybe/no-serialization string) + +(define %security-types '("None" "VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" + "X509None" "X509Vnc")) + +(define (security-type? x) + (member x %security-types)) + +(define (security-types? x) + (and (list? x) + (and-map security-type? x))) + +(define (log-level? x) + (and (number? x) + (and (>= x 0) (<= x 100)))) + +(define (strings? x) + (and (list? x) + (and-map string? x))) + +(define-configuration/no-serialization xvnc-configuration + (xvnc + (file-like tigervnc-server) + "The package that provides the Xvnc binary.") + (display-number + (number 0) + "The display number used by Xvnc. You should set this to a number not +already used by a Xorg server. When remoting a complete desktop session via +XDMCP and using a compatible VNC viewer as provided by the +@code{tigervnc-client} or @code{turbovnc} packages, the geometry is +automatically adjusted.") + (geometry + (string "1024x768") + "The size of the desktop to be created.") + (depth + (color-depth 24) + "The pixel depth in bits of the desktop to be created. Accepted values are +16, 24 or 32.") + (port + maybe-port + "The port on which to listen for connections from viewers. When left +unspecified, it defaults to 5900 plus the display number.") + (ipv4? + (boolean #t) + "Use IPv4 for incoming and outgoing connections.") + (ipv6? + (boolean #t) + "Use IPv6 for incoming and outgoing connections.") + (password-file + maybe-string + "The password file to use, if any. Refer to vncpasswd(1) to learn how to +generate such a file.") + (xdmcp? + (boolean #f) + "Query the XDMCP server for a session. This enables users to log in a +desktop session from the login manager screen. For a multiple users scenario, +you'll want to enable the @code{inetd?} option as well, so that each +connection to the VNC server is handled separately rather than shared.") + (inetd? + (boolean #f) + "Use an Inetd-style service, which runs the Xvnc server on demand.") + (frame-rate + (number 60) + "The maximum number of updates per second sent to each client.") + (security-types + (security-types (list "None")) + (format #f "The allowed security schemes to use for incoming connections. +The default is \"None\", which is safe given that Xvnc is configured to +authenticate the user via the display manager, and only for local connections. +Accepted values are any of the following: ~s" %security-types)) + (localhost? + (boolean #t) + "Only allow connections from the same machine. It is set to @code{#true} +by default for security, which means SSH or another secure means should be +used to expose the remote port.") + (log-level + (log-level 30) + "The log level, a number between 0 and 100, 100 meaning most verbose +output. The log messages are output to syslog.") + (extra-options + (strings '()) + "This can be used to provide extra Xvnc options not exposed via this + record.")) + +(define (xvnc-configuration->command-line-arguments config) + "Derive the command line arguments to used to launch the Xvnc daemon from +CONFIG, a object." + (match-record config + (xvnc display-number geometry depth port ipv4? ipv6? password-file xdmcp? + inetd? frame-rate security-types localhost? log-level extra-options) + #~(list #$(file-append xvnc "/bin/Xvnc") + #$(format #f ":~a" display-number) + "-geometry" #$geometry + "-depth" #$(number->string depth) + #$@(if inetd? + (list "-inetd") + '()) + #$@(if (not inetd?) + (if (maybe-value-set? port) + (list "-rfbport" (number->string port)) + '()) + '()) + #$@(if (not inetd?) + (if ipv4? + (list "-UseIPv4") + '()) + '()) + #$@(if (not inetd?) + (if ipv6? + (list "-UseIPv6") + '()) + '()) + #$@(if (maybe-value-set? password-file) + (list "-PasswordFile" password-file) + '()) + "-FrameRate" #$(number->string frame-rate) + "-SecurityTypes" #$(string-join security-types ",") + #$@(if localhost? + (list "-localhost") + '()) + "-Log" #$(format #f "*:syslog:~a" log-level) + #$@(if xdmcp? + (list "-query" "localhost" "-once") + '()) + #$@extra-options))) + +(define %xvnc-accounts + (list (user-group + (name "xvnc") + (system? #t)) + (user-account + (name "xvnc") + (group "xvnc") + (system? #t) + (comment "User for Xvnc server")))) + +(define (xvnc-shepherd-service config) + "Return a for Xvnc with CONFIG." + (let* ((display-number (xvnc-configuration-display-number config)) + (port (if (maybe-value-set? (xvnc-configuration-port config)) + (xvnc-configuration-port config) + #f)) + (port* (or port (+ 5900 display-number)))) + (shepherd-service + (provision '(xvnc vncserver)) + (documentation "Run the Xvnc server.") + (requirement '(networking syslogd)) + (start (if (xvnc-configuration-inetd? config) + #~(let* ((inaddr (if #$(xvnc-configuration-localhost? config) + INADDR_LOOPBACK + INADDR_ANY)) + (in6addr (if #$(xvnc-configuration-localhost? config) + IN6ADDR_LOOPBACK + IN6ADDR_ANY)) + (ipv4-socket (and #$(xvnc-configuration-ipv4? config) + (make-socket-address AF_INET inaddr + #$port*))) + (ipv6-socket (and #$(xvnc-configuration-ipv6? config) + (make-socket-address AF_INET6 in6addr + #$port*)))) + (make-inetd-constructor + #$(xvnc-configuration->command-line-arguments config) + `(,@(if ipv4-socket + (list (endpoint ipv4-socket)) + '()) + ,@(if ipv6-socket + (list (endpoint ipv6-socket)) + '())) + #:user "xvnc" + #:group "xvnc")) + #~(make-forkexec-constructor + #$(xvnc-configuration->command-line-arguments config) + #:user "xvnc" + #:group "xvnc"))) + (stop #~(make-inetd-destructor))))) + +(define xvnc-service-type + (service-type + (name 'xvnc) + (default-value (xvnc-configuration)) + (description "Run the Xvnc server, which creates a virtual X11 session and +allow remote clients connecting to it via the remote framebuffer (RFB) +protocol.") + (extensions (list (service-extension + shepherd-root-service-type + (compose list xvnc-shepherd-service)) + (service-extension account-service-type + (const %xvnc-accounts)))))) diff --git a/gnu/tests/vnc.scm b/gnu/tests/vnc.scm new file mode 100644 index 0000000000..34c2db1203 --- /dev/null +++ b/gnu/tests/vnc.scm @@ -0,0 +1,200 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Maxim Cournoyer . +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests vnc) + #:use-module (gnu bootloader) + #:use-module (gnu bootloader grub) + #:use-module (gnu packages) + #:use-module (gnu packages ocr) + #:use-module (gnu packages glib) + #:use-module (gnu services) + #:use-module (gnu services dbus) + #:use-module (gnu services desktop) + #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (gnu services vnc) + #:use-module (gnu services xorg) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system shadow) + #:use-module (gnu system vm) + #:use-module (gnu tests) + #:use-module (guix gexp) + #:use-module (guix modules) + #:export (%test-xvnc)) + +(define %xvnc-os + (operating-system + ;; Usual boilerplate. + (host-name "komputilo") + (timezone "Europe/Berlin") + (locale "en_US.UTF-8") + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/sdX")))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + (users (cons (user-account + (name "dummy") + (group "users") + (supplementary-groups '("wheel" "netdev" + "audio" "video"))) + %base-user-accounts)) + (packages (append (map specification->package + '("dbus" ;for dbus-run-session + "dconf" + "gnome-settings-daemon" ;for schemas + "ratpoison" + "tigervnc-client" + "xterm")) + %base-packages + (list `(,glib "bin") + glib))) + (services (cons* + (service openssh-service-type (openssh-configuration + (permit-root-login #t) + (allow-empty-passwords? #t))) + (service xvnc-service-type (xvnc-configuration + (display-number 5) + (security-types (list "None")) + (log-level 100) + (localhost? #f) + (xdmcp? #t) + (inetd? #t))) + (modify-services %desktop-services + (gdm-service-type config => (gdm-configuration + (inherit config) + (auto-login? #t) + (auto-suspend? #f) + (default-user "root") + (debug? #t) + (xdmcp? #t)))))))) + +(define (run-xvnc-test) + "Run tests in %XVNC-OS." + + (define os (marionette-operating-system + %xvnc-os + #:imported-modules (source-module-closure + '((gnu services herd))))) + + (define vm (virtual-machine + (operating-system os) + (memory-size 1024))) + + (define test + (with-imported-modules (source-module-closure + '((gnu build marionette) + (guix build utils))) + #~(begin + (use-modules (gnu build marionette) + (guix build utils) + (srfi srfi-26) + (srfi srfi-64)) + + (let ((marionette (make-marionette (list #$vm)))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "xvnc") + + (test-assert "service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'xvnc)) + marionette)) + + (test-assert "wait for port 5905, IPv4" + (wait-for-tcp-port 5905 marionette)) + + (test-assert "wait for port 5905, IPv6" + (wait-for-tcp-port 5905 marionette + #:address + '(make-socket-address + AF_INET6 (inet-pton AF_INET6 "::1") 5905))) + + (test-assert "gdm auto-suspend is disabled" + ;; More a GDM than a Xvnc test, but since it's a cross-cutting + ;; concern and we have everything set up here, we might as well + ;; check it here. + (marionette-eval + '(begin + ;; Check that DCONF_PROFILE is set... + (invoke "/bin/sh" "-lc" "\ +pgrep gdm | head -n1 | xargs -I{} grep -Fq DCONF_PROFILE /proc/{}/environ") + + ;; ... and that + (invoke "/bin/sh" "-lc" "\ +sudo -E -u gdm env DCONF_PROFILE=/etc/dconf/profile/gdm dbus-run-session \ +gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type \ +| grep -Fq nothing")) + marionette)) + + (test-assert "vnc lands on the gdm login screen" + ;; This test runs vncviewer on the local VM and verifies that it + ;; manages to access the GDM login screen (via XDMCP). + (begin + (define (ratpoison-abort) + (marionette-control "sendkey ctrl-g" marionette)) + + (define (ratpoison-help) + (marionette-control "sendkey ctrl-t" marionette) + (marionette-type "?" marionette) + (sleep 1)) ;wait for help screen to appear + + (define (ratpoison-exec command) + (marionette-control "sendkey ctrl-t" marionette) + (marionette-type "!" marionette) + (marionette-type (string-append command "\n") marionette)) + + ;; Wait until the ratpoison help screen can be displayed; this + ;; means the window manager is ready. + (wait-for-screen-text marionette + (cut string-contains <> "key bindings") + #:ocr #$(file-append tesseract-ocr + "/bin/tesseract") + #:pre-action ratpoison-help + #:post-action ratpoison-abort) + + ;; Run vncviewer and expect the GDM login screen (accessed via + ;; XDMCP). This can take a while to appear on slower machines. + (ratpoison-exec "vncviewer localhost:5905") + ;; XXX: tesseract narrowly recognizes "Guix" as "uix" from the + ;; background image; ocrad fares worst. Sadly, 'Username' is + ;; not recognized at all. + (wait-for-screen-text marionette + (cut string-contains <> "uix") + #:ocr #$(file-append tesseract-ocr + "/bin/tesseract") + #:timeout 120))) + + (test-end))))) + + (gexp->derivation "xvnc-test" test)) + +(define %test-xvnc + (system-test + (name "xvnc") + (description "Basic tests for the Xvnc service. One of the tests validate +that XDMCP works with GDM, and is therefore heavy in terms of disk and memory +requirements.") + (value (run-xvnc-test)))) -- cgit v1.2.3 From 0c4966160054bc50e6ab3a4ac9c9a6a1826ab5a0 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Fri, 7 Oct 2022 12:53:22 -0400 Subject: Revert "services: Add xvnc-service-type." This reverts commit 1c528a95cb92b7808e6603d7956185005583629f. This broke 'guix pull', for (yet) unknown reasons. --- doc/guix.texi | 163 +-------------------------------- gnu/local.mk | 2 - gnu/services/vnc.scm | 247 --------------------------------------------------- gnu/tests/vnc.scm | 200 ----------------------------------------- 4 files changed, 4 insertions(+), 608 deletions(-) delete mode 100644 gnu/services/vnc.scm delete mode 100644 gnu/tests/vnc.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index 14592142dd..27f63904cd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17554,7 +17554,6 @@ declaration. * Web Services:: Web servers. * Certificate Services:: TLS certificates via Let's Encrypt. * DNS Services:: DNS daemons. -* VNC Services:: VNC daemons. * VPN Services:: VPN daemons. * Network File System:: NFS related services. * Samba Services:: Samba services. @@ -21063,7 +21062,6 @@ started by the @dfn{login manager}, by default the GNOME Display Manager (GDM). @cindex GDM @cindex GNOME, login manager -@anchor{gdm} GDM of course allows users to log in into window managers and desktop environments other than GNOME; for those using GNOME, GDM is required for features such as automatic screen locking. @@ -21365,7 +21363,6 @@ Relogin after logout. @cindex lightdm, graphical login manager @cindex display manager, lightdm -@anchor{lightdm} @defvr {Scheme Variable} lightdm-service-type This is the type of the service to run the @url{https://github.com/canonical/lightdm,LightDM display manager}. Its @@ -21569,11 +21566,10 @@ Extra configuration values to append to the seat configuration section. @cindex Xorg, configuration @deftp {Data Type} xorg-configuration -This data type represents the configuration of the Xorg graphical -display server. Note that there is no Xorg service; instead, the X -server is started by a ``display manager'' such as GDM, SDDM, LightDM or -SLiM@. Thus, the configuration of these display managers aggregates an -@code{xorg-configuration} record. +This data type represents the configuration of the Xorg graphical display +server. Note that there is no Xorg service; instead, the X server is started +by a ``display manager'' such as GDM, SDDM, and SLiM@. Thus, the configuration +of these display managers aggregates an @code{xorg-configuration} record. @table @asis @item @code{modules} (default: @code{%default-xorg-modules}) @@ -30840,157 +30836,6 @@ Defaults to @samp{()}. @c %end of fragment -@node VNC Services -@subsection VNC Services -@cindex VNC (virtual network computing) -@cindex XDMCP (x display manager control protocol) - -The @code{(gnu services vnc)} module provides services related to -@dfn{Virtual Network Computing} (VNC), which makes it possible to -locally use graphical Xorg applications running on a remote machine. -Combined with a graphical manager that supports the @dfn{X Display -Manager Control Protocol}, such as GDM (@pxref{gdm}) or LightDM -(@pxref{lightdm}), it is possible to remote an entire desktop for a -multi-user environment. - -@subsubheading Xvnc - -Xvnc is a VNC server that spawns its own X window server; which means it -can run on headless servers. The Xvnc implementations provided by the -@code{tigervnc-server} and @code{turbovnc} aim to be fast and efficient. - -@defvar {Scheme Variable} xvnc-service-type - -The @code{xvnc-server-type} service can be configured via the -@code{xvnc-configuration} record, documented below. A second virtual -display could be made available on a remote machine for via the -following configuration: -@end defvar - -@lisp -(service xvnc-service-type (xvnc-configuration (display-number 10) -@end lisp - -As a demonstration, the @command{xclock} command could then be started -on the remote machine on display number 10, and it could be display -locally via the @command{vncviewer} command: -@example -# Start xclock on the remote machine. -ssh -L5910:localhost:5910 -- guix shell xclock -- env DISPLAY=:10 xclock -# Access it via VNC. -guix shell tigervnc-client -- vncviewer localhost:5910 -@end example - -The following configuration combines XDMCP and Inetd to allow multiple -users to concurrently use the remote system, login in graphically via -the GDM display manager: - -@lisp -(operating-system - [...] - (services (cons* - [...] - (service xvnc-service-type (xvnc-configuration - (display-number 5) - (localhost? #f) - (xdmcp? #t) - (inetd? #t))) - (modify-services %desktop-services - (gdm-service-type config => (gdm-configuration - (inherit config) - (auto-suspend? #f) - (xdmcp? #t))))))) -@end lisp - -A remote user could then connect to it by using the @command{vncviewer} -command or a compatible VNC client and start a desktop session of their -choosing: -@example -vncviewer remote-host:5905 -@end example - -@quotation Warning -Unless your machine is in a controlled environment, for security -reasons, the @code{localhost?} configuration of the -@code{xvnc-configuration} record should be left to its default @code{#t} -value and exposed via a secure means such as an SSH port forward. The -XDMCP port, UDP 177 should also be blocked from the outside by a -firewall, as it is not a secure protocol and can expose login -credentials in clear. -@end quotation - -@c Use (configuration->documentation 'xvnc-configuration) to regenerate -@c the documentation. -@c %start of fragment -@deftp {Data Type} xvnc-configuration -Available @code{xvnc-configuration} fields are: - -@table @asis -@item @code{xvnc} (default: @code{tigervnc-server}) (type: file-like) -The package that provides the Xvnc binary. - -@item @code{display-number} (default: @code{0}) (type: number) -The display number used by Xvnc. You should set this to a number not -already used a Xorg server. - -@item @code{geometry} (default: @code{"1024x768"}) (type: string) -The size of the desktop to be created. - -@item @code{depth} (default: @code{24}) (type: color-depth) -The pixel depth in bits of the desktop to be created. Accepted values -are 16, 24 or 32. - -@item @code{port} (type: maybe-port) -The port on which to listen for connections from viewers. When left -unspecified, it defaults to 5900 plus the display number. - -@item @code{ipv4?} (default: @code{#t}) (type: boolean) -Use IPv4 for incoming and outgoing connections. - -@item @code{ipv6?} (default: @code{#t}) (type: boolean) -Use IPv6 for incoming and outgoing connections. - -@item @code{password-file} (type: maybe-string) -The password file to use, if any. Refer to vncpasswd(1) to learn how to -generate such a file. - -@item @code{xdmcp?} (default: @code{#f}) (type: boolean) -Query the XDMCP server for a session. This enables users to log in a -desktop session from the login manager screen. For a multiple users -scenario, you'll want to enable the @code{inetd?} option as well, so -that each connection to the VNC server is handled separately rather than -shared. - -@item @code{inetd?} (default: @code{#f}) (type: boolean) -Use an Inetd-style service, which runs the Xvnc server on demand. - -@item @code{frame-rate} (default: @code{60}) (type: number) -The maximum number of updates per second sent to each client. - -@item @code{security-types} (default: @code{("None")}) (type: security-types) -The allowed security schemes to use for incoming connections. The -default is "None", which is safe given that Xvnc is configured to -authenticate the user via the display manager, and only for local -connections. Accepted values are any of the following: ("None" -"VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" "X509None" "X509Vnc") - -@item @code{localhost?} (default: @code{#t}) (type: boolean) -Only allow connections from the same machine. It is set to #true by -default for security, which means SSH or another secure means should be -used to expose the remote port. - -@item @code{log-level} (default: @code{30}) (type: log-level) -The log level, a number between 0 and 100, 100 meaning most verbose -output. The log messages are output to syslog. - -@item @code{extra-options} (default: @code{()}) (type: strings) -This can be used to provide extra Xvnc options not exposed via this - record. - -@end table - -@end deftp -@c %end of fragment @node VPN Services @subsection VPN Services diff --git a/gnu/local.mk b/gnu/local.mk index 698070c639..5976cbe90c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -694,7 +694,6 @@ GNU_SYSTEM_MODULES = \ %D%/services/sysctl.scm \ %D%/services/telephony.scm \ %D%/services/version-control.scm \ - %D%/services/vnc.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ %D%/services/xorg.scm \ @@ -776,7 +775,6 @@ GNU_SYSTEM_MODULES = \ %D%/tests/telephony.scm \ %D%/tests/version-control.scm \ %D%/tests/virtualization.scm \ - %D%/tests/vnc.scm \ %D%/tests/web.scm INSTALLER_MODULES = \ diff --git a/gnu/services/vnc.scm b/gnu/services/vnc.scm deleted file mode 100644 index 15c3c14fee..0000000000 --- a/gnu/services/vnc.scm +++ /dev/null @@ -1,247 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2022 Maxim Cournoyer -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (gnu services vnc) - #:use-module (gnu packages vnc) - #:use-module ((gnu services) #:hide (delete)) - #:use-module (gnu system shadow) - #:use-module (gnu services configuration) - #:use-module (gnu services shepherd) - #:use-module (guix gexp) - #:use-module (guix records) - - #:export (xvnc-configuration - xvnc-configuration-xvnc - xvnc-configuration-display-number - xvnc-configuration-geometry - xvnc-configuration-depth - xvnc-configuration-port - xvnc-configuration-ipv4? - xvnc-configuration-ipv6? - xvnc-configuration-password-file - xvnc-configuration-xdmcp? - xvnc-configuration-inetd? - xvnc-configuration-frame-rate - xvnc-configuration-security-types - xvnc-configuration-localhost? - xvnc-configuration-log-level - xvnc-configuration-extra-options - - xvnc-service-type)) - -;;; -;;; Xvnc. -;;; - -(define (color-depth? x) - (member x '(16 24 32))) - -(define (port? x) - (and (number? x) - (and (>= x 0) (<= x 65535)))) - -(define-maybe/no-serialization port) - -(define-maybe/no-serialization string) - -(define %security-types '("None" "VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" - "X509None" "X509Vnc")) - -(define (security-type? x) - (member x %security-types)) - -(define (security-types? x) - (and (list? x) - (and-map security-type? x))) - -(define (log-level? x) - (and (number? x) - (and (>= x 0) (<= x 100)))) - -(define (strings? x) - (and (list? x) - (and-map string? x))) - -(define-configuration/no-serialization xvnc-configuration - (xvnc - (file-like tigervnc-server) - "The package that provides the Xvnc binary.") - (display-number - (number 0) - "The display number used by Xvnc. You should set this to a number not -already used by a Xorg server. When remoting a complete desktop session via -XDMCP and using a compatible VNC viewer as provided by the -@code{tigervnc-client} or @code{turbovnc} packages, the geometry is -automatically adjusted.") - (geometry - (string "1024x768") - "The size of the desktop to be created.") - (depth - (color-depth 24) - "The pixel depth in bits of the desktop to be created. Accepted values are -16, 24 or 32.") - (port - maybe-port - "The port on which to listen for connections from viewers. When left -unspecified, it defaults to 5900 plus the display number.") - (ipv4? - (boolean #t) - "Use IPv4 for incoming and outgoing connections.") - (ipv6? - (boolean #t) - "Use IPv6 for incoming and outgoing connections.") - (password-file - maybe-string - "The password file to use, if any. Refer to vncpasswd(1) to learn how to -generate such a file.") - (xdmcp? - (boolean #f) - "Query the XDMCP server for a session. This enables users to log in a -desktop session from the login manager screen. For a multiple users scenario, -you'll want to enable the @code{inetd?} option as well, so that each -connection to the VNC server is handled separately rather than shared.") - (inetd? - (boolean #f) - "Use an Inetd-style service, which runs the Xvnc server on demand.") - (frame-rate - (number 60) - "The maximum number of updates per second sent to each client.") - (security-types - (security-types (list "None")) - (format #f "The allowed security schemes to use for incoming connections. -The default is \"None\", which is safe given that Xvnc is configured to -authenticate the user via the display manager, and only for local connections. -Accepted values are any of the following: ~s" %security-types)) - (localhost? - (boolean #t) - "Only allow connections from the same machine. It is set to @code{#true} -by default for security, which means SSH or another secure means should be -used to expose the remote port.") - (log-level - (log-level 30) - "The log level, a number between 0 and 100, 100 meaning most verbose -output. The log messages are output to syslog.") - (extra-options - (strings '()) - "This can be used to provide extra Xvnc options not exposed via this - record.")) - -(define (xvnc-configuration->command-line-arguments config) - "Derive the command line arguments to used to launch the Xvnc daemon from -CONFIG, a object." - (match-record config - (xvnc display-number geometry depth port ipv4? ipv6? password-file xdmcp? - inetd? frame-rate security-types localhost? log-level extra-options) - #~(list #$(file-append xvnc "/bin/Xvnc") - #$(format #f ":~a" display-number) - "-geometry" #$geometry - "-depth" #$(number->string depth) - #$@(if inetd? - (list "-inetd") - '()) - #$@(if (not inetd?) - (if (maybe-value-set? port) - (list "-rfbport" (number->string port)) - '()) - '()) - #$@(if (not inetd?) - (if ipv4? - (list "-UseIPv4") - '()) - '()) - #$@(if (not inetd?) - (if ipv6? - (list "-UseIPv6") - '()) - '()) - #$@(if (maybe-value-set? password-file) - (list "-PasswordFile" password-file) - '()) - "-FrameRate" #$(number->string frame-rate) - "-SecurityTypes" #$(string-join security-types ",") - #$@(if localhost? - (list "-localhost") - '()) - "-Log" #$(format #f "*:syslog:~a" log-level) - #$@(if xdmcp? - (list "-query" "localhost" "-once") - '()) - #$@extra-options))) - -(define %xvnc-accounts - (list (user-group - (name "xvnc") - (system? #t)) - (user-account - (name "xvnc") - (group "xvnc") - (system? #t) - (comment "User for Xvnc server")))) - -(define (xvnc-shepherd-service config) - "Return a for Xvnc with CONFIG." - (let* ((display-number (xvnc-configuration-display-number config)) - (port (if (maybe-value-set? (xvnc-configuration-port config)) - (xvnc-configuration-port config) - #f)) - (port* (or port (+ 5900 display-number)))) - (shepherd-service - (provision '(xvnc vncserver)) - (documentation "Run the Xvnc server.") - (requirement '(networking syslogd)) - (start (if (xvnc-configuration-inetd? config) - #~(let* ((inaddr (if #$(xvnc-configuration-localhost? config) - INADDR_LOOPBACK - INADDR_ANY)) - (in6addr (if #$(xvnc-configuration-localhost? config) - IN6ADDR_LOOPBACK - IN6ADDR_ANY)) - (ipv4-socket (and #$(xvnc-configuration-ipv4? config) - (make-socket-address AF_INET inaddr - #$port*))) - (ipv6-socket (and #$(xvnc-configuration-ipv6? config) - (make-socket-address AF_INET6 in6addr - #$port*)))) - (make-inetd-constructor - #$(xvnc-configuration->command-line-arguments config) - `(,@(if ipv4-socket - (list (endpoint ipv4-socket)) - '()) - ,@(if ipv6-socket - (list (endpoint ipv6-socket)) - '())) - #:user "xvnc" - #:group "xvnc")) - #~(make-forkexec-constructor - #$(xvnc-configuration->command-line-arguments config) - #:user "xvnc" - #:group "xvnc"))) - (stop #~(make-inetd-destructor))))) - -(define xvnc-service-type - (service-type - (name 'xvnc) - (default-value (xvnc-configuration)) - (description "Run the Xvnc server, which creates a virtual X11 session and -allow remote clients connecting to it via the remote framebuffer (RFB) -protocol.") - (extensions (list (service-extension - shepherd-root-service-type - (compose list xvnc-shepherd-service)) - (service-extension account-service-type - (const %xvnc-accounts)))))) diff --git a/gnu/tests/vnc.scm b/gnu/tests/vnc.scm deleted file mode 100644 index 34c2db1203..0000000000 --- a/gnu/tests/vnc.scm +++ /dev/null @@ -1,200 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2022 Maxim Cournoyer . -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (gnu tests vnc) - #:use-module (gnu bootloader) - #:use-module (gnu bootloader grub) - #:use-module (gnu packages) - #:use-module (gnu packages ocr) - #:use-module (gnu packages glib) - #:use-module (gnu services) - #:use-module (gnu services dbus) - #:use-module (gnu services desktop) - #:use-module (gnu services networking) - #:use-module (gnu services ssh) - #:use-module (gnu services vnc) - #:use-module (gnu services xorg) - #:use-module (gnu system) - #:use-module (gnu system file-systems) - #:use-module (gnu system shadow) - #:use-module (gnu system vm) - #:use-module (gnu tests) - #:use-module (guix gexp) - #:use-module (guix modules) - #:export (%test-xvnc)) - -(define %xvnc-os - (operating-system - ;; Usual boilerplate. - (host-name "komputilo") - (timezone "Europe/Berlin") - (locale "en_US.UTF-8") - (bootloader (bootloader-configuration - (bootloader grub-bootloader) - (targets '("/dev/sdX")))) - (file-systems (cons (file-system - (device (file-system-label "my-root")) - (mount-point "/") - (type "ext4")) - %base-file-systems)) - - (users (cons (user-account - (name "dummy") - (group "users") - (supplementary-groups '("wheel" "netdev" - "audio" "video"))) - %base-user-accounts)) - (packages (append (map specification->package - '("dbus" ;for dbus-run-session - "dconf" - "gnome-settings-daemon" ;for schemas - "ratpoison" - "tigervnc-client" - "xterm")) - %base-packages - (list `(,glib "bin") - glib))) - (services (cons* - (service openssh-service-type (openssh-configuration - (permit-root-login #t) - (allow-empty-passwords? #t))) - (service xvnc-service-type (xvnc-configuration - (display-number 5) - (security-types (list "None")) - (log-level 100) - (localhost? #f) - (xdmcp? #t) - (inetd? #t))) - (modify-services %desktop-services - (gdm-service-type config => (gdm-configuration - (inherit config) - (auto-login? #t) - (auto-suspend? #f) - (default-user "root") - (debug? #t) - (xdmcp? #t)))))))) - -(define (run-xvnc-test) - "Run tests in %XVNC-OS." - - (define os (marionette-operating-system - %xvnc-os - #:imported-modules (source-module-closure - '((gnu services herd))))) - - (define vm (virtual-machine - (operating-system os) - (memory-size 1024))) - - (define test - (with-imported-modules (source-module-closure - '((gnu build marionette) - (guix build utils))) - #~(begin - (use-modules (gnu build marionette) - (guix build utils) - (srfi srfi-26) - (srfi srfi-64)) - - (let ((marionette (make-marionette (list #$vm)))) - - (test-runner-current (system-test-runner #$output)) - (test-begin "xvnc") - - (test-assert "service running" - (marionette-eval - '(begin - (use-modules (gnu services herd)) - (start-service 'xvnc)) - marionette)) - - (test-assert "wait for port 5905, IPv4" - (wait-for-tcp-port 5905 marionette)) - - (test-assert "wait for port 5905, IPv6" - (wait-for-tcp-port 5905 marionette - #:address - '(make-socket-address - AF_INET6 (inet-pton AF_INET6 "::1") 5905))) - - (test-assert "gdm auto-suspend is disabled" - ;; More a GDM than a Xvnc test, but since it's a cross-cutting - ;; concern and we have everything set up here, we might as well - ;; check it here. - (marionette-eval - '(begin - ;; Check that DCONF_PROFILE is set... - (invoke "/bin/sh" "-lc" "\ -pgrep gdm | head -n1 | xargs -I{} grep -Fq DCONF_PROFILE /proc/{}/environ") - - ;; ... and that - (invoke "/bin/sh" "-lc" "\ -sudo -E -u gdm env DCONF_PROFILE=/etc/dconf/profile/gdm dbus-run-session \ -gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type \ -| grep -Fq nothing")) - marionette)) - - (test-assert "vnc lands on the gdm login screen" - ;; This test runs vncviewer on the local VM and verifies that it - ;; manages to access the GDM login screen (via XDMCP). - (begin - (define (ratpoison-abort) - (marionette-control "sendkey ctrl-g" marionette)) - - (define (ratpoison-help) - (marionette-control "sendkey ctrl-t" marionette) - (marionette-type "?" marionette) - (sleep 1)) ;wait for help screen to appear - - (define (ratpoison-exec command) - (marionette-control "sendkey ctrl-t" marionette) - (marionette-type "!" marionette) - (marionette-type (string-append command "\n") marionette)) - - ;; Wait until the ratpoison help screen can be displayed; this - ;; means the window manager is ready. - (wait-for-screen-text marionette - (cut string-contains <> "key bindings") - #:ocr #$(file-append tesseract-ocr - "/bin/tesseract") - #:pre-action ratpoison-help - #:post-action ratpoison-abort) - - ;; Run vncviewer and expect the GDM login screen (accessed via - ;; XDMCP). This can take a while to appear on slower machines. - (ratpoison-exec "vncviewer localhost:5905") - ;; XXX: tesseract narrowly recognizes "Guix" as "uix" from the - ;; background image; ocrad fares worst. Sadly, 'Username' is - ;; not recognized at all. - (wait-for-screen-text marionette - (cut string-contains <> "uix") - #:ocr #$(file-append tesseract-ocr - "/bin/tesseract") - #:timeout 120))) - - (test-end))))) - - (gexp->derivation "xvnc-test" test)) - -(define %test-xvnc - (system-test - (name "xvnc") - (description "Basic tests for the Xvnc service. One of the tests validate -that XDMCP works with GDM, and is therefore heavy in terms of disk and memory -requirements.") - (value (run-xvnc-test)))) -- cgit v1.2.3 From 00e843050012961e9cc41b003ea9271eab718541 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Fri, 7 Oct 2022 13:25:37 -0400 Subject: Revert "Revert "services: Add xvnc-service-type."" This reverts commit 0c4966160054bc50e6ab3a4ac9c9a6a1826ab5a0. The fix appears in the subsequent commit, for clarity. --- doc/guix.texi | 163 ++++++++++++++++++++++++++++++++- gnu/local.mk | 2 + gnu/services/vnc.scm | 247 +++++++++++++++++++++++++++++++++++++++++++++++++++ gnu/tests/vnc.scm | 200 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 608 insertions(+), 4 deletions(-) create mode 100644 gnu/services/vnc.scm create mode 100644 gnu/tests/vnc.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index 27f63904cd..14592142dd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17554,6 +17554,7 @@ declaration. * Web Services:: Web servers. * Certificate Services:: TLS certificates via Let's Encrypt. * DNS Services:: DNS daemons. +* VNC Services:: VNC daemons. * VPN Services:: VPN daemons. * Network File System:: NFS related services. * Samba Services:: Samba services. @@ -21062,6 +21063,7 @@ started by the @dfn{login manager}, by default the GNOME Display Manager (GDM). @cindex GDM @cindex GNOME, login manager +@anchor{gdm} GDM of course allows users to log in into window managers and desktop environments other than GNOME; for those using GNOME, GDM is required for features such as automatic screen locking. @@ -21363,6 +21365,7 @@ Relogin after logout. @cindex lightdm, graphical login manager @cindex display manager, lightdm +@anchor{lightdm} @defvr {Scheme Variable} lightdm-service-type This is the type of the service to run the @url{https://github.com/canonical/lightdm,LightDM display manager}. Its @@ -21566,10 +21569,11 @@ Extra configuration values to append to the seat configuration section. @cindex Xorg, configuration @deftp {Data Type} xorg-configuration -This data type represents the configuration of the Xorg graphical display -server. Note that there is no Xorg service; instead, the X server is started -by a ``display manager'' such as GDM, SDDM, and SLiM@. Thus, the configuration -of these display managers aggregates an @code{xorg-configuration} record. +This data type represents the configuration of the Xorg graphical +display server. Note that there is no Xorg service; instead, the X +server is started by a ``display manager'' such as GDM, SDDM, LightDM or +SLiM@. Thus, the configuration of these display managers aggregates an +@code{xorg-configuration} record. @table @asis @item @code{modules} (default: @code{%default-xorg-modules}) @@ -30836,6 +30840,157 @@ Defaults to @samp{()}. @c %end of fragment +@node VNC Services +@subsection VNC Services +@cindex VNC (virtual network computing) +@cindex XDMCP (x display manager control protocol) + +The @code{(gnu services vnc)} module provides services related to +@dfn{Virtual Network Computing} (VNC), which makes it possible to +locally use graphical Xorg applications running on a remote machine. +Combined with a graphical manager that supports the @dfn{X Display +Manager Control Protocol}, such as GDM (@pxref{gdm}) or LightDM +(@pxref{lightdm}), it is possible to remote an entire desktop for a +multi-user environment. + +@subsubheading Xvnc + +Xvnc is a VNC server that spawns its own X window server; which means it +can run on headless servers. The Xvnc implementations provided by the +@code{tigervnc-server} and @code{turbovnc} aim to be fast and efficient. + +@defvar {Scheme Variable} xvnc-service-type + +The @code{xvnc-server-type} service can be configured via the +@code{xvnc-configuration} record, documented below. A second virtual +display could be made available on a remote machine for via the +following configuration: +@end defvar + +@lisp +(service xvnc-service-type (xvnc-configuration (display-number 10) +@end lisp + +As a demonstration, the @command{xclock} command could then be started +on the remote machine on display number 10, and it could be display +locally via the @command{vncviewer} command: +@example +# Start xclock on the remote machine. +ssh -L5910:localhost:5910 -- guix shell xclock -- env DISPLAY=:10 xclock +# Access it via VNC. +guix shell tigervnc-client -- vncviewer localhost:5910 +@end example + +The following configuration combines XDMCP and Inetd to allow multiple +users to concurrently use the remote system, login in graphically via +the GDM display manager: + +@lisp +(operating-system + [...] + (services (cons* + [...] + (service xvnc-service-type (xvnc-configuration + (display-number 5) + (localhost? #f) + (xdmcp? #t) + (inetd? #t))) + (modify-services %desktop-services + (gdm-service-type config => (gdm-configuration + (inherit config) + (auto-suspend? #f) + (xdmcp? #t))))))) +@end lisp + +A remote user could then connect to it by using the @command{vncviewer} +command or a compatible VNC client and start a desktop session of their +choosing: +@example +vncviewer remote-host:5905 +@end example + +@quotation Warning +Unless your machine is in a controlled environment, for security +reasons, the @code{localhost?} configuration of the +@code{xvnc-configuration} record should be left to its default @code{#t} +value and exposed via a secure means such as an SSH port forward. The +XDMCP port, UDP 177 should also be blocked from the outside by a +firewall, as it is not a secure protocol and can expose login +credentials in clear. +@end quotation + +@c Use (configuration->documentation 'xvnc-configuration) to regenerate +@c the documentation. +@c %start of fragment +@deftp {Data Type} xvnc-configuration +Available @code{xvnc-configuration} fields are: + +@table @asis +@item @code{xvnc} (default: @code{tigervnc-server}) (type: file-like) +The package that provides the Xvnc binary. + +@item @code{display-number} (default: @code{0}) (type: number) +The display number used by Xvnc. You should set this to a number not +already used a Xorg server. + +@item @code{geometry} (default: @code{"1024x768"}) (type: string) +The size of the desktop to be created. + +@item @code{depth} (default: @code{24}) (type: color-depth) +The pixel depth in bits of the desktop to be created. Accepted values +are 16, 24 or 32. + +@item @code{port} (type: maybe-port) +The port on which to listen for connections from viewers. When left +unspecified, it defaults to 5900 plus the display number. + +@item @code{ipv4?} (default: @code{#t}) (type: boolean) +Use IPv4 for incoming and outgoing connections. + +@item @code{ipv6?} (default: @code{#t}) (type: boolean) +Use IPv6 for incoming and outgoing connections. + +@item @code{password-file} (type: maybe-string) +The password file to use, if any. Refer to vncpasswd(1) to learn how to +generate such a file. + +@item @code{xdmcp?} (default: @code{#f}) (type: boolean) +Query the XDMCP server for a session. This enables users to log in a +desktop session from the login manager screen. For a multiple users +scenario, you'll want to enable the @code{inetd?} option as well, so +that each connection to the VNC server is handled separately rather than +shared. + +@item @code{inetd?} (default: @code{#f}) (type: boolean) +Use an Inetd-style service, which runs the Xvnc server on demand. + +@item @code{frame-rate} (default: @code{60}) (type: number) +The maximum number of updates per second sent to each client. + +@item @code{security-types} (default: @code{("None")}) (type: security-types) +The allowed security schemes to use for incoming connections. The +default is "None", which is safe given that Xvnc is configured to +authenticate the user via the display manager, and only for local +connections. Accepted values are any of the following: ("None" +"VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" "X509None" "X509Vnc") + +@item @code{localhost?} (default: @code{#t}) (type: boolean) +Only allow connections from the same machine. It is set to #true by +default for security, which means SSH or another secure means should be +used to expose the remote port. + +@item @code{log-level} (default: @code{30}) (type: log-level) +The log level, a number between 0 and 100, 100 meaning most verbose +output. The log messages are output to syslog. + +@item @code{extra-options} (default: @code{()}) (type: strings) +This can be used to provide extra Xvnc options not exposed via this + record. + +@end table + +@end deftp +@c %end of fragment @node VPN Services @subsection VPN Services diff --git a/gnu/local.mk b/gnu/local.mk index 5976cbe90c..698070c639 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -694,6 +694,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/sysctl.scm \ %D%/services/telephony.scm \ %D%/services/version-control.scm \ + %D%/services/vnc.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ %D%/services/xorg.scm \ @@ -775,6 +776,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/telephony.scm \ %D%/tests/version-control.scm \ %D%/tests/virtualization.scm \ + %D%/tests/vnc.scm \ %D%/tests/web.scm INSTALLER_MODULES = \ diff --git a/gnu/services/vnc.scm b/gnu/services/vnc.scm new file mode 100644 index 0000000000..15c3c14fee --- /dev/null +++ b/gnu/services/vnc.scm @@ -0,0 +1,247 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services vnc) + #:use-module (gnu packages vnc) + #:use-module ((gnu services) #:hide (delete)) + #:use-module (gnu system shadow) + #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) + #:use-module (guix gexp) + #:use-module (guix records) + + #:export (xvnc-configuration + xvnc-configuration-xvnc + xvnc-configuration-display-number + xvnc-configuration-geometry + xvnc-configuration-depth + xvnc-configuration-port + xvnc-configuration-ipv4? + xvnc-configuration-ipv6? + xvnc-configuration-password-file + xvnc-configuration-xdmcp? + xvnc-configuration-inetd? + xvnc-configuration-frame-rate + xvnc-configuration-security-types + xvnc-configuration-localhost? + xvnc-configuration-log-level + xvnc-configuration-extra-options + + xvnc-service-type)) + +;;; +;;; Xvnc. +;;; + +(define (color-depth? x) + (member x '(16 24 32))) + +(define (port? x) + (and (number? x) + (and (>= x 0) (<= x 65535)))) + +(define-maybe/no-serialization port) + +(define-maybe/no-serialization string) + +(define %security-types '("None" "VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" + "X509None" "X509Vnc")) + +(define (security-type? x) + (member x %security-types)) + +(define (security-types? x) + (and (list? x) + (and-map security-type? x))) + +(define (log-level? x) + (and (number? x) + (and (>= x 0) (<= x 100)))) + +(define (strings? x) + (and (list? x) + (and-map string? x))) + +(define-configuration/no-serialization xvnc-configuration + (xvnc + (file-like tigervnc-server) + "The package that provides the Xvnc binary.") + (display-number + (number 0) + "The display number used by Xvnc. You should set this to a number not +already used by a Xorg server. When remoting a complete desktop session via +XDMCP and using a compatible VNC viewer as provided by the +@code{tigervnc-client} or @code{turbovnc} packages, the geometry is +automatically adjusted.") + (geometry + (string "1024x768") + "The size of the desktop to be created.") + (depth + (color-depth 24) + "The pixel depth in bits of the desktop to be created. Accepted values are +16, 24 or 32.") + (port + maybe-port + "The port on which to listen for connections from viewers. When left +unspecified, it defaults to 5900 plus the display number.") + (ipv4? + (boolean #t) + "Use IPv4 for incoming and outgoing connections.") + (ipv6? + (boolean #t) + "Use IPv6 for incoming and outgoing connections.") + (password-file + maybe-string + "The password file to use, if any. Refer to vncpasswd(1) to learn how to +generate such a file.") + (xdmcp? + (boolean #f) + "Query the XDMCP server for a session. This enables users to log in a +desktop session from the login manager screen. For a multiple users scenario, +you'll want to enable the @code{inetd?} option as well, so that each +connection to the VNC server is handled separately rather than shared.") + (inetd? + (boolean #f) + "Use an Inetd-style service, which runs the Xvnc server on demand.") + (frame-rate + (number 60) + "The maximum number of updates per second sent to each client.") + (security-types + (security-types (list "None")) + (format #f "The allowed security schemes to use for incoming connections. +The default is \"None\", which is safe given that Xvnc is configured to +authenticate the user via the display manager, and only for local connections. +Accepted values are any of the following: ~s" %security-types)) + (localhost? + (boolean #t) + "Only allow connections from the same machine. It is set to @code{#true} +by default for security, which means SSH or another secure means should be +used to expose the remote port.") + (log-level + (log-level 30) + "The log level, a number between 0 and 100, 100 meaning most verbose +output. The log messages are output to syslog.") + (extra-options + (strings '()) + "This can be used to provide extra Xvnc options not exposed via this + record.")) + +(define (xvnc-configuration->command-line-arguments config) + "Derive the command line arguments to used to launch the Xvnc daemon from +CONFIG, a object." + (match-record config + (xvnc display-number geometry depth port ipv4? ipv6? password-file xdmcp? + inetd? frame-rate security-types localhost? log-level extra-options) + #~(list #$(file-append xvnc "/bin/Xvnc") + #$(format #f ":~a" display-number) + "-geometry" #$geometry + "-depth" #$(number->string depth) + #$@(if inetd? + (list "-inetd") + '()) + #$@(if (not inetd?) + (if (maybe-value-set? port) + (list "-rfbport" (number->string port)) + '()) + '()) + #$@(if (not inetd?) + (if ipv4? + (list "-UseIPv4") + '()) + '()) + #$@(if (not inetd?) + (if ipv6? + (list "-UseIPv6") + '()) + '()) + #$@(if (maybe-value-set? password-file) + (list "-PasswordFile" password-file) + '()) + "-FrameRate" #$(number->string frame-rate) + "-SecurityTypes" #$(string-join security-types ",") + #$@(if localhost? + (list "-localhost") + '()) + "-Log" #$(format #f "*:syslog:~a" log-level) + #$@(if xdmcp? + (list "-query" "localhost" "-once") + '()) + #$@extra-options))) + +(define %xvnc-accounts + (list (user-group + (name "xvnc") + (system? #t)) + (user-account + (name "xvnc") + (group "xvnc") + (system? #t) + (comment "User for Xvnc server")))) + +(define (xvnc-shepherd-service config) + "Return a for Xvnc with CONFIG." + (let* ((display-number (xvnc-configuration-display-number config)) + (port (if (maybe-value-set? (xvnc-configuration-port config)) + (xvnc-configuration-port config) + #f)) + (port* (or port (+ 5900 display-number)))) + (shepherd-service + (provision '(xvnc vncserver)) + (documentation "Run the Xvnc server.") + (requirement '(networking syslogd)) + (start (if (xvnc-configuration-inetd? config) + #~(let* ((inaddr (if #$(xvnc-configuration-localhost? config) + INADDR_LOOPBACK + INADDR_ANY)) + (in6addr (if #$(xvnc-configuration-localhost? config) + IN6ADDR_LOOPBACK + IN6ADDR_ANY)) + (ipv4-socket (and #$(xvnc-configuration-ipv4? config) + (make-socket-address AF_INET inaddr + #$port*))) + (ipv6-socket (and #$(xvnc-configuration-ipv6? config) + (make-socket-address AF_INET6 in6addr + #$port*)))) + (make-inetd-constructor + #$(xvnc-configuration->command-line-arguments config) + `(,@(if ipv4-socket + (list (endpoint ipv4-socket)) + '()) + ,@(if ipv6-socket + (list (endpoint ipv6-socket)) + '())) + #:user "xvnc" + #:group "xvnc")) + #~(make-forkexec-constructor + #$(xvnc-configuration->command-line-arguments config) + #:user "xvnc" + #:group "xvnc"))) + (stop #~(make-inetd-destructor))))) + +(define xvnc-service-type + (service-type + (name 'xvnc) + (default-value (xvnc-configuration)) + (description "Run the Xvnc server, which creates a virtual X11 session and +allow remote clients connecting to it via the remote framebuffer (RFB) +protocol.") + (extensions (list (service-extension + shepherd-root-service-type + (compose list xvnc-shepherd-service)) + (service-extension account-service-type + (const %xvnc-accounts)))))) diff --git a/gnu/tests/vnc.scm b/gnu/tests/vnc.scm new file mode 100644 index 0000000000..34c2db1203 --- /dev/null +++ b/gnu/tests/vnc.scm @@ -0,0 +1,200 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Maxim Cournoyer . +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests vnc) + #:use-module (gnu bootloader) + #:use-module (gnu bootloader grub) + #:use-module (gnu packages) + #:use-module (gnu packages ocr) + #:use-module (gnu packages glib) + #:use-module (gnu services) + #:use-module (gnu services dbus) + #:use-module (gnu services desktop) + #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (gnu services vnc) + #:use-module (gnu services xorg) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system shadow) + #:use-module (gnu system vm) + #:use-module (gnu tests) + #:use-module (guix gexp) + #:use-module (guix modules) + #:export (%test-xvnc)) + +(define %xvnc-os + (operating-system + ;; Usual boilerplate. + (host-name "komputilo") + (timezone "Europe/Berlin") + (locale "en_US.UTF-8") + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/sdX")))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + (users (cons (user-account + (name "dummy") + (group "users") + (supplementary-groups '("wheel" "netdev" + "audio" "video"))) + %base-user-accounts)) + (packages (append (map specification->package + '("dbus" ;for dbus-run-session + "dconf" + "gnome-settings-daemon" ;for schemas + "ratpoison" + "tigervnc-client" + "xterm")) + %base-packages + (list `(,glib "bin") + glib))) + (services (cons* + (service openssh-service-type (openssh-configuration + (permit-root-login #t) + (allow-empty-passwords? #t))) + (service xvnc-service-type (xvnc-configuration + (display-number 5) + (security-types (list "None")) + (log-level 100) + (localhost? #f) + (xdmcp? #t) + (inetd? #t))) + (modify-services %desktop-services + (gdm-service-type config => (gdm-configuration + (inherit config) + (auto-login? #t) + (auto-suspend? #f) + (default-user "root") + (debug? #t) + (xdmcp? #t)))))))) + +(define (run-xvnc-test) + "Run tests in %XVNC-OS." + + (define os (marionette-operating-system + %xvnc-os + #:imported-modules (source-module-closure + '((gnu services herd))))) + + (define vm (virtual-machine + (operating-system os) + (memory-size 1024))) + + (define test + (with-imported-modules (source-module-closure + '((gnu build marionette) + (guix build utils))) + #~(begin + (use-modules (gnu build marionette) + (guix build utils) + (srfi srfi-26) + (srfi srfi-64)) + + (let ((marionette (make-marionette (list #$vm)))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "xvnc") + + (test-assert "service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'xvnc)) + marionette)) + + (test-assert "wait for port 5905, IPv4" + (wait-for-tcp-port 5905 marionette)) + + (test-assert "wait for port 5905, IPv6" + (wait-for-tcp-port 5905 marionette + #:address + '(make-socket-address + AF_INET6 (inet-pton AF_INET6 "::1") 5905))) + + (test-assert "gdm auto-suspend is disabled" + ;; More a GDM than a Xvnc test, but since it's a cross-cutting + ;; concern and we have everything set up here, we might as well + ;; check it here. + (marionette-eval + '(begin + ;; Check that DCONF_PROFILE is set... + (invoke "/bin/sh" "-lc" "\ +pgrep gdm | head -n1 | xargs -I{} grep -Fq DCONF_PROFILE /proc/{}/environ") + + ;; ... and that + (invoke "/bin/sh" "-lc" "\ +sudo -E -u gdm env DCONF_PROFILE=/etc/dconf/profile/gdm dbus-run-session \ +gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type \ +| grep -Fq nothing")) + marionette)) + + (test-assert "vnc lands on the gdm login screen" + ;; This test runs vncviewer on the local VM and verifies that it + ;; manages to access the GDM login screen (via XDMCP). + (begin + (define (ratpoison-abort) + (marionette-control "sendkey ctrl-g" marionette)) + + (define (ratpoison-help) + (marionette-control "sendkey ctrl-t" marionette) + (marionette-type "?" marionette) + (sleep 1)) ;wait for help screen to appear + + (define (ratpoison-exec command) + (marionette-control "sendkey ctrl-t" marionette) + (marionette-type "!" marionette) + (marionette-type (string-append command "\n") marionette)) + + ;; Wait until the ratpoison help screen can be displayed; this + ;; means the window manager is ready. + (wait-for-screen-text marionette + (cut string-contains <> "key bindings") + #:ocr #$(file-append tesseract-ocr + "/bin/tesseract") + #:pre-action ratpoison-help + #:post-action ratpoison-abort) + + ;; Run vncviewer and expect the GDM login screen (accessed via + ;; XDMCP). This can take a while to appear on slower machines. + (ratpoison-exec "vncviewer localhost:5905") + ;; XXX: tesseract narrowly recognizes "Guix" as "uix" from the + ;; background image; ocrad fares worst. Sadly, 'Username' is + ;; not recognized at all. + (wait-for-screen-text marionette + (cut string-contains <> "uix") + #:ocr #$(file-append tesseract-ocr + "/bin/tesseract") + #:timeout 120))) + + (test-end))))) + + (gexp->derivation "xvnc-test" test)) + +(define %test-xvnc + (system-test + (name "xvnc") + (description "Basic tests for the Xvnc service. One of the tests validate +that XDMCP works with GDM, and is therefore heavy in terms of disk and memory +requirements.") + (value (run-xvnc-test)))) -- cgit v1.2.3 From 00ef6c18d5c6b22874221e9be74f3ba0641c0034 Mon Sep 17 00:00:00 2001 From: Nicolas Goaziou Date: Fri, 7 Oct 2022 21:42:17 +0200 Subject: gnu: giac: Fix build. * gnu/packages/algebra.scm (giac)[source]: Add a patch to fix build issue with Pari-GP 2.15. [arguments]<#:phase>: Skip another test. * gnu/packages/patches/giac-pari-gp-anyarg.patch: New file. * gnu/local.mk: Register it. This fixes . --- gnu/local.mk | 1 + gnu/packages/algebra.scm | 10 +++++++-- gnu/packages/patches/giac-pari-gp-anyarg.patch | 28 ++++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/giac-pari-gp-anyarg.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 698070c639..a013647d7e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1187,6 +1187,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \ + %D%/packages/patches/giac-pari-gp-anyarg.patch \ %D%/packages/patches/giara-fix-login.patch \ %D%/packages/patches/glib-appinfo-watch.patch \ %D%/packages/patches/glib-networking-gnutls-binding.patch \ diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index f94aba1ebf..d4b7810308 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -339,7 +339,12 @@ (define-public giac "~parisse/debian/dists/stable/main/source/" "giac_" version ".tar.gz")) (sha256 - (base32 "1zh7bf0ag4vbyyj5n8lbvy2ivp0kshms40ra5lq1ff035rpx230j")))) + (base32 "1zh7bf0ag4vbyyj5n8lbvy2ivp0kshms40ra5lq1ff035rpx230j")) + (patches + ;; Patch borrowed from Sage math team. Giac 1.9.0-21 does not build + ;; since Pari-GP 2.15 upgrade. Reported upstream here: + ;; . + (search-patches "giac-pari-gp-anyarg.patch")))) (build-system gnu-build-system) (arguments (list @@ -355,9 +360,10 @@ (define-public giac (find-files "doc" "^Makefile")) (("/bin/cp") (which "cp"))))) (add-after 'unpack 'disable-failing-test - ;; FIXME: Test failing. Not sure why. + ;; FIXME: Tests failing. Not sure why. (lambda _ (substitute* "check/Makefile.in" + (("chk_fhan4") "") (("chk_fhan11") "")))) (add-after 'install 'fix-doc (lambda _ diff --git a/gnu/packages/patches/giac-pari-gp-anyarg.patch b/gnu/packages/patches/giac-pari-gp-anyarg.patch new file mode 100644 index 0000000000..0441f6bcf9 --- /dev/null +++ b/gnu/packages/patches/giac-pari-gp-anyarg.patch @@ -0,0 +1,28 @@ +From 041d16b521d8231e5b441015f08bb386f9d2a51c Mon Sep 17 00:00:00 2001 +From: Vincent Delecroix <20100.delecroix@gmail.com*> +Date: Thu, 15 Sep 2022 12:11:01 +0200 +Subject: ANYARG giac patch + +--- +diff --git a/src/pari.cc b/src/pari.cc +index 76ce8e1..50d08ab 100644 +--- a/src/pari.cc ++++ b/src/pari.cc +@@ -40,6 +40,13 @@ using namespace std; + + #ifdef HAVE_LIBPARI + ++// Anyarg disappeared from PARI 2.15.0 ++#ifdef __cplusplus ++# define ANYARG ... ++#else ++# define ANYARG ++#endif ++ + #ifdef HAVE_PTHREAD_H + #include + #endif + +-- +cgit v1.0-1-gd88e + -- cgit v1.2.3 From d3d3caeeeb194c694e260970b23b29326781ce42 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 9 Oct 2022 02:17:55 -0400 Subject: gnu: icecat: Remove vestigial patch. This is a followup to commit bb762ac517ff5ab4e55a0efb7e1b534c36c2b7c3. * gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../icecat-use-older-reveal-hidden-html.patch | 70 ---------------------- 2 files changed, 71 deletions(-) delete mode 100644 gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index a013647d7e..9a1aad300e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1315,7 +1315,6 @@ dist_patch_DATA = \ %D%/packages/patches/i7z-gcc-10.patch \ %D%/packages/patches/icecat-makeicecat.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ - %D%/packages/patches/icecat-use-older-reveal-hidden-html.patch \ %D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch \ %D%/packages/patches/icecat-use-system-media-libs.patch \ %D%/packages/patches/icedtea-7-hotspot-aarch64-use-c++98.patch\ diff --git a/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch b/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch deleted file mode 100644 index 228adc23f1..0000000000 --- a/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 2e8618d22568b6e00892a17303d437dd700eca98 Mon Sep 17 00:00:00 2001 -From: Mark H Weaver -Date: Tue, 5 May 2020 21:27:41 -0400 -Subject: [PATCH] Revert "Update Reveal hidden HTML." - -I prefer the user interface of the old version. - -This reverts commit f6e3adb6b2344ee2c7bb453a305fd2d6fb4c194c. ---- - .../passive_improve_css.js | 23 ++++++++++++++----- - 1 file changed, 17 insertions(+), 6 deletions(-) - -diff --git a/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js b/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js -index 7692990..ca57982 100644 ---- a/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js -+++ b/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js -@@ -10,6 +10,8 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI - */ - - -+var bad = []; -+ - function escapeHTML (unsafe_str) { - return unsafe_str - .replace(/&/g, '&') -@@ -20,9 +22,14 @@ function escapeHTML (unsafe_str) { - .replace(/\//g, '/') - } - -+function dounhide(){ -+ for(var i = 0; i < bad.length; i++){ -+ bad[i].remove(); -+ } -+} -+ - console.log("passive_improve_css.js"); - function reveal_css(){ -- var bad = []; - - var elements = document.getElementsByTagName("style"); - for(var i = 0; i < elements.length; i++){ -@@ -41,16 +48,20 @@ function reveal_css(){ - - } - } -- if(bad.length > 0 && window.confirm("Hidden HTML detected, would you like to reveal it?")){ -- for(var i = 0; i < bad.length; i++){ -- bad[i].remove(); -- } -+ if(bad.length > 0){ -+ const insertedDiv = document.createElement('div'); -+ insertedDiv.innerHTML= '

' + -+ 'Reveal hidden elements' + -+ ''; -+ insertedDiv.style="position:fixed; bottom:1em; right:1em; opacity:0.8; z-index: 2147483647 !important; border-radius: 3px !important; background-color: #fff !important; padding: 0.5em !important; box-shadow: 0 0 3px grey !important; font-color:#bbb!important; cursor: pointer!important;"; -+ insertedDiv.addEventListener("click", dounhide, false); -+ document.body.insertBefore(insertedDiv, document.body.firstChild); - } - } - - reveal_css(); - -- - /* - var a = document.getElementsByTagName("style")[2]; - var btn = document.createElement("style"); // Create a