From 62eae815b6a04652095e17959aa17a35744311b7 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Wed, 3 Mar 2021 22:04:09 +1300
Subject: [PATCH 01/30] Remove obsolete comment

---
 builder/startup/vnc_startup.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/builder/startup/vnc_startup.sh b/builder/startup/vnc_startup.sh
index 93c6079..84b5b04 100755
--- a/builder/startup/vnc_startup.sh
+++ b/builder/startup/vnc_startup.sh
@@ -50,7 +50,6 @@ VNC_IP=$(hostname -i)
 # first entry is control, second is view (if only one is valid for both)
 mkdir -p "$HOME/.vnc"
 PASSWD_PATH="$HOME/.vnc/passwd"
-# echo -e "$VNC_PW\n$VNC_PW" | kasmvncpasswd -w -u $VNC_USER $HOME/.kasmpasswd
 add_vnc_user "$VNC_USER" "$VNC_PW" "-w"
 add_vnc_user "$VNC_USER-ro" "$VNC_PW"
 add_vnc_user "$VNC_USER-owner" "$VNC_PW" "-o"

From 8eb7e06d6cbba8b62dae8f485f6fe7b37ef62884 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Wed, 3 Mar 2021 22:47:48 +1300
Subject: [PATCH 02/30] Deb: update Debian Buster barebones test to work

---
 builder/dockerfile.debian_buster.barebones.deb.test | 8 +++-----
 builder/test-deb-barebones                          | 1 -
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/builder/dockerfile.debian_buster.barebones.deb.test b/builder/dockerfile.debian_buster.barebones.deb.test
index a7d7218..74e65bf 100644
--- a/builder/dockerfile.debian_buster.barebones.deb.test
+++ b/builder/dockerfile.debian_buster.barebones.deb.test
@@ -4,14 +4,12 @@ ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp
 RUN apt-get update && dpkg -i /tmp/*.deb; apt-get -yf install
 RUN apt-get update && apt-get -y install xterm
-# RUN apt-get update && apt-get -y install x11-xserver-utils xterm twm
 
-RUN useradd -m foo && addgroup foo ssl-cert
+RUN useradd -m foo
 
-USER foo
+USER foo:ssl-cert
 
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
   chmod +x ~/.vnc/xstartup
-RUN echo bar | kasmvncpasswd -f > $HOME/.kasmpasswd && chmod 0600 $HOME/.kasmpasswd
 
-ENTRYPOINT bash -c "vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
+ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u $VNC_USER $HOME/.kasmpasswd && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
diff --git a/builder/test-deb-barebones b/builder/test-deb-barebones
index cb94966..4fe878c 100755
--- a/builder/test-deb-barebones
+++ b/builder/test-deb-barebones
@@ -10,6 +10,5 @@ docker build --build-arg KASMVNC_PACKAGE_DIR="build/${os_codename}" \
   -t kasmvnctester_barebones_${os}:$os_codename \
   -f dockerfile.${os}_${os_codename}.barebones.deb.test .
 echo
-echo "You will be asked to set password. User name is docker."
 docker run -it -p 443:8443 --rm -e "VNC_USER=foo" -e "VNC_PW=foobar" \
   kasmvnctester_barebones_${os}:$os_codename

From e61885a448fea57f859636848db4f5e0c2f74a3a Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Wed, 3 Mar 2021 23:09:52 +1300
Subject: [PATCH 03/30] Deb: remove obsolete code

---
 debian/Makefile.to_fakebuild_tar_package | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/debian/Makefile.to_fakebuild_tar_package b/debian/Makefile.to_fakebuild_tar_package
index d1861a9..dd097af 100644
--- a/debian/Makefile.to_fakebuild_tar_package
+++ b/debian/Makefile.to_fakebuild_tar_package
@@ -1,12 +1,6 @@
 TARGET_OS := $(shell lsb_release -is | tr '[:upper:]' '[:lower:]')
 TARGET_OS_CODENAME := $(shell lsb_release -cs | tr '[:upper:]' '[:lower:]')
-ifeq ($(TARGET_OS), $(filter $(TARGET_OS), centos fedora))
-	PACKAGE_TYPE := rpm
-	TARBALL_DIR := $$RPM_SOURCE_DIR
-else
-	PACKAGE_TYPE := deb
-	TARBALL_DIR := builder/build
-endif
+TARBALL_DIR := builder/build
 TARBALL := $(TARBALL_DIR)/kasmvnc.$(TARGET_OS)_$(TARGET_OS_CODENAME).tar.gz
 TAR_DATA := $(shell mktemp -d)
 SRC := $(TAR_DATA)/usr/local

From 43658a27f738d48d5cca943ef0deb16a9c3bfad9 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Wed, 3 Mar 2021 23:27:02 +1300
Subject: [PATCH 04/30] Deb: provide an easy way to start KasmVNC with default
 options

...via kasmvncserver-start.
---
 ...ockerfile.debian_buster.barebones.deb.test |  4 +++-
 builder/startup/deb/kasmvncserver-start       | 22 +++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100755 builder/startup/deb/kasmvncserver-start

diff --git a/builder/dockerfile.debian_buster.barebones.deb.test b/builder/dockerfile.debian_buster.barebones.deb.test
index 74e65bf..428328f 100644
--- a/builder/dockerfile.debian_buster.barebones.deb.test
+++ b/builder/dockerfile.debian_buster.barebones.deb.test
@@ -5,6 +5,8 @@ COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp
 RUN apt-get update && dpkg -i /tmp/*.deb; apt-get -yf install
 RUN apt-get update && apt-get -y install xterm
 
+COPY startup/deb/kasmvncserver-start /usr/local/bin
+
 RUN useradd -m foo
 
 USER foo:ssl-cert
@@ -12,4 +14,4 @@ USER foo:ssl-cert
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
   chmod +x ~/.vnc/xstartup
 
-ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u $VNC_USER $HOME/.kasmpasswd && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
+ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u $VNC_USER $HOME/.kasmpasswd && kasmvncserver-start && tail -f $HOME/.vnc/*.log "
diff --git a/builder/startup/deb/kasmvncserver-start b/builder/startup/deb/kasmvncserver-start
new file mode 100755
index 0000000..64dab08
--- /dev/null
+++ b/builder/startup/deb/kasmvncserver-start
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+display=:1
+interface=0.0.0.0
+cert_group=ssl-cert
+
+if groups | grep -qvw ssl-cert; then
+  cat <<-EOF
+    Can't access TLS certificate.
+    Please add your user to $cert_group via 'addgroup <user> ssl-cert'
+EOF
+  exit 1
+fi
+
+vncserver $display -interface $interface
+vncserver -kill $display
+vncserver $display -depth 24 -geometry 1280x1050 -websocketPort 8443 \
+  -cert /etc/ssl/certs/ssl-cert-snakeoil.pem \
+  -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 \
+  -interface $interface -httpd /usr/share/kasmvnc/www

From 56ed2855bda5315ce0a8a15c58795cd6027de2b2 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 4 Mar 2021 23:22:28 +1300
Subject: [PATCH 05/30] Testing: keep foo-owner as -o and -w

Changing permissions to just -w removed -o.
---
 builder/startup/vnc_startup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builder/startup/vnc_startup.sh b/builder/startup/vnc_startup.sh
index 84b5b04..c0c3b3c 100755
--- a/builder/startup/vnc_startup.sh
+++ b/builder/startup/vnc_startup.sh
@@ -55,7 +55,7 @@ add_vnc_user "$VNC_USER-ro" "$VNC_PW"
 add_vnc_user "$VNC_USER-owner" "$VNC_PW" "-o"
 add_vnc_user "$VNC_USER-to-delete" "$VNC_PW"
 
-kasmvncpasswd -n -u "$VNC_USER-owner" -w $HOME/.kasmpasswd
+kasmvncpasswd -n -u "$VNC_USER-owner" -w -o $HOME/.kasmpasswd
 kasmvncpasswd -d -u "$VNC_USER-to-delete" $HOME/.kasmpasswd
 
 chmod 0600 $HOME/.kasmpasswd

From 2b8374f5446466a291118c18d6a0355e55d01645 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sat, 13 Mar 2021 20:07:06 +1300
Subject: [PATCH 06/30] Update vncpasswd manual page

---
 unix/vncpasswd/vncpasswd.man | 74 ++++++++++++++++++++++++++++--------
 1 file changed, 58 insertions(+), 16 deletions(-)

diff --git a/unix/vncpasswd/vncpasswd.man b/unix/vncpasswd/vncpasswd.man
index ecf2bc9..9894c78 100644
--- a/unix/vncpasswd/vncpasswd.man
+++ b/unix/vncpasswd/vncpasswd.man
@@ -2,18 +2,15 @@
 .SH NAME
 vncpasswd \- change the VNC password
 .SH SYNOPSIS
-\fBvncpasswd\fR [\fIpasswd-file\fR]
-.br
-\fBvncpasswd\fR \-f
+\fBvncpasswd\fR -u [\fIusername\fR] [\fI-wnod\fR] [\fIpasswd-file\fR]
 .SH DESCRIPTION
 .B vncpasswd
 allows you to set the password used to access VNC desktops.  Its default
 behavior is to prompt for a VNC password and then store an obfuscated version
-of this password to \fIpasswd-file\fR (or to $HOME/.vnc/passwd if no password
-file is specified.)  The \fBvncserver\fP script runs \fBvncpasswd\fP the first
-time you start a VNC desktop, and it invokes \fBXvnc\fP with the appropriate
-\fB\-rfbauth\fP option.  \fBvncviewer\fP can also be given a password file to
-use via the \fB\-passwd\fP option.
+of this password to \fIpasswd-file\fR (or to $HOME/.kasmpasswd if no password
+file is specified.)  The \fBvncserver\fP script will ask you to add a user
+the first time you start a VNC desktop. HTTP Basic Authentication will be used
+to ask for username and password, when you connect.
 
 The password must be at least six characters long (unless the \fB\-f\fR
 command-line option is used-- see below), and only the first eight
@@ -27,22 +24,67 @@ crack the password simply by snooping on the network.
 .SH OPTIONS
 
 .TP
-.B \-f
-Filter mode.  Read a plain-text password from stdin and write an encrypted
-version to stdout.  Note that in filter mode, short or even empty passwords
-will be silently accepted.
+.B \-u \fIname\fR
 
-A view-only password must be separated from the normal password by a newline
-character.
+Specify user name. There can be multiple users.
 
+.TP
+.B \-w
+
+Write permission. Enable user to use mouse and keyboard. The default mode is to
+view only.
+
+.TP
+.B \-o
+
+Owner permission. Allow the user to add/delete users and change their
+permissions.
+
+.TP
+.B \-d
+
+Delete user specified with \fI-u\fR. You need the owner permission for that.
+
+.TP
+.B \-n
+
+Don't update their password, while updating permissions.
 
 .SH FILES
 .TP
-$HOME/.vnc/passwd
+$HOME/.kasmpasswd
 Default location of the VNC password file.
 
+.SH EXAMPLES
+.TP
+Create a new user foo that can to use mouse and keyboard:
+$ vncpasswd -u foo -w
+
+.TP
+Create a new user foo that can view, but can't use mouse and keyboard:
+$ vncpasswd -u foo
+
+.TP
+Create a new user foo that can add new users AND use mouse and keyboard:
+$ vncpasswd -u foo -ow
+
+.TP
+Delete user foo
+$ vncpasswd -u foo -d
+
+.TP
+Strip all permissions from user foo, making it view only. Don't touch password.
+$ vncpasswd -u foo -n
+
+.TP
+Strip all permissions from user foo, making it view only. Change password.
+$ vncpasswd -u foo
+
+.TP
+Add write permission for user foo. Don't touch password.
+$ vncpasswd -u foo -w -n
+
 .SH SEE ALSO
-.BR vncviewer (1),
 .BR vncserver (1),
 .BR Xvnc (1)
 .BR vncconfig (1),

From 79682d3dee9a672e69f2b34c35832d7eb0c2be4f Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sat, 13 Mar 2021 20:17:23 +1300
Subject: [PATCH 07/30] vncpasswd man: add overview

---
 unix/vncpasswd/vncpasswd.man | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/unix/vncpasswd/vncpasswd.man b/unix/vncpasswd/vncpasswd.man
index 9894c78..dcc6d91 100644
--- a/unix/vncpasswd/vncpasswd.man
+++ b/unix/vncpasswd/vncpasswd.man
@@ -5,12 +5,16 @@ vncpasswd \- change the VNC password
 \fBvncpasswd\fR -u [\fIusername\fR] [\fI-wnod\fR] [\fIpasswd-file\fR]
 .SH DESCRIPTION
 .B vncpasswd
-allows you to set the password used to access VNC desktops.  Its default
-behavior is to prompt for a VNC password and then store an obfuscated version
-of this password to \fIpasswd-file\fR (or to $HOME/.kasmpasswd if no password
-file is specified.)  The \fBvncserver\fP script will ask you to add a user
-the first time you start a VNC desktop. HTTP Basic Authentication will be used
-to ask for username and password, when you connect.
+allows you to add users and passwords used to access VNC desktops. Multiple
+users can be added, each with its own permissions. You can set view-only, use of
+mouse and keyboard allowed (-w), user managment permissions (-o). See OPTIONS
+below for details.
+
+Its default behavior is to prompt for a VNC password and then store an
+obfuscated version of this password to \fIpasswd-file\fR (or to
+$HOME/.kasmpasswd if no password file is specified.)  The \fBvncserver\fP script
+will ask you to add a user the first time you start a VNC desktop. HTTP Basic
+Authentication will be used to ask for username and password, when you connect.
 
 The password must be at least six characters long (unless the \fB\-f\fR
 command-line option is used-- see below), and only the first eight

From 6f803f744d614ce76662e7ae8038a04063abe12c Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sat, 13 Mar 2021 21:48:59 +1300
Subject: [PATCH 08/30] vncpasswd man: update to be current regarding password
 length

---
 ...smvncserver-start => kasmvncserver-easy-start} |  0
 unix/vncpasswd/vncpasswd.man                      | 15 +++++++--------
 2 files changed, 7 insertions(+), 8 deletions(-)
 rename builder/startup/deb/{kasmvncserver-start => kasmvncserver-easy-start} (100%)

diff --git a/builder/startup/deb/kasmvncserver-start b/builder/startup/deb/kasmvncserver-easy-start
similarity index 100%
rename from builder/startup/deb/kasmvncserver-start
rename to builder/startup/deb/kasmvncserver-easy-start
diff --git a/unix/vncpasswd/vncpasswd.man b/unix/vncpasswd/vncpasswd.man
index dcc6d91..a3d16b7 100644
--- a/unix/vncpasswd/vncpasswd.man
+++ b/unix/vncpasswd/vncpasswd.man
@@ -16,14 +16,13 @@ $HOME/.kasmpasswd if no password file is specified.)  The \fBvncserver\fP script
 will ask you to add a user the first time you start a VNC desktop. HTTP Basic
 Authentication will be used to ask for username and password, when you connect.
 
-The password must be at least six characters long (unless the \fB\-f\fR
-command-line option is used-- see below), and only the first eight
-characters are significant.  Note that the stored password is \fBnot\fP
-encrypted securely - anyone who has access to this file can trivially find out
-the plain-text password, so \fBvncpasswd\fP always sets appropriate permissions
-(read and write only by the owner.)  However, when accessing a VNC desktop, a
-challenge-response mechanism is used over the wire making it hard for anyone to
-crack the password simply by snooping on the network.
+The password must be at least six characters long (maximum of 128 characters).
+Note that the stored password is \fBnot\fP encrypted securely - anyone who has
+access to this file can trivially find out the plain-text password, so
+\fBvncpasswd\fP always sets appropriate permissions (read and write only by the
+owner.)  However, when accessing a VNC desktop, a challenge-response mechanism
+is used over the wire making it hard for anyone to crack the password simply by
+snooping on the network.
 
 .SH OPTIONS
 

From b48fa8a2620b78dea6179c5f4677bedf5b5d08fd Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sat, 13 Mar 2021 21:51:54 +1300
Subject: [PATCH 09/30] vncpasswd man: update the top level description

---
 unix/vncpasswd/vncpasswd.man | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unix/vncpasswd/vncpasswd.man b/unix/vncpasswd/vncpasswd.man
index a3d16b7..fa15833 100644
--- a/unix/vncpasswd/vncpasswd.man
+++ b/unix/vncpasswd/vncpasswd.man
@@ -1,6 +1,6 @@
 .TH vncpasswd 1 "" "KasmVNC" "Virtual Network Computing"
 .SH NAME
-vncpasswd \- change the VNC password
+vncpasswd \- setup VNC users and passwords
 .SH SYNOPSIS
 \fBvncpasswd\fR -u [\fIusername\fR] [\fI-wnod\fR] [\fIpasswd-file\fR]
 .SH DESCRIPTION

From 8c2e8c9acb6221f0919f219cb81b60ae9d83694b Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sat, 13 Mar 2021 21:54:06 +1300
Subject: [PATCH 10/30] Deb: add example script to easily run kasmvncserver

---
 builder/dockerfile.debian_buster.barebones.deb.test | 4 ++--
 debian/examples                                     | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 debian/examples

diff --git a/builder/dockerfile.debian_buster.barebones.deb.test b/builder/dockerfile.debian_buster.barebones.deb.test
index 428328f..f6d42d0 100644
--- a/builder/dockerfile.debian_buster.barebones.deb.test
+++ b/builder/dockerfile.debian_buster.barebones.deb.test
@@ -5,7 +5,7 @@ COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp
 RUN apt-get update && dpkg -i /tmp/*.deb; apt-get -yf install
 RUN apt-get update && apt-get -y install xterm
 
-COPY startup/deb/kasmvncserver-start /usr/local/bin
+COPY startup/deb/kasmvncserver-easy-start /usr/local/bin
 
 RUN useradd -m foo
 
@@ -14,4 +14,4 @@ USER foo:ssl-cert
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
   chmod +x ~/.vnc/xstartup
 
-ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u $VNC_USER $HOME/.kasmpasswd && kasmvncserver-start && tail -f $HOME/.vnc/*.log "
+ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u $VNC_USER $HOME/.kasmpasswd && kasmvncserver-easy-start && tail -f $HOME/.vnc/*.log "
diff --git a/debian/examples b/debian/examples
new file mode 100644
index 0000000..ff8543d
--- /dev/null
+++ b/debian/examples
@@ -0,0 +1 @@
+builder/startup/deb/kasmvncserver-easy-start

From a73b890c9286342d69628e7368b6dc60d8ff6a8f Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sat, 13 Mar 2021 23:51:33 +1300
Subject: [PATCH 11/30] Code formatting

---
 builder/dockerfile.debian_buster.barebones.deb.test | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/builder/dockerfile.debian_buster.barebones.deb.test b/builder/dockerfile.debian_buster.barebones.deb.test
index f6d42d0..12049c6 100644
--- a/builder/dockerfile.debian_buster.barebones.deb.test
+++ b/builder/dockerfile.debian_buster.barebones.deb.test
@@ -14,4 +14,6 @@ USER foo:ssl-cert
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
   chmod +x ~/.vnc/xstartup
 
-ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u $VNC_USER $HOME/.kasmpasswd && kasmvncserver-easy-start && tail -f $HOME/.vnc/*.log "
+ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | \
+  kasmvncpasswd -w -u $VNC_USER $HOME/.kasmpasswd && \
+  kasmvncserver-easy-start && tail -f $HOME/.vnc/*.log"

From d73ffc8a3828f4f3a1ad5b6643703b8833072b5f Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 14 Mar 2021 21:01:04 +1300
Subject: [PATCH 12/30] Deb: example script can now -kill, -d (debug), --help

---
 builder/startup/deb/kasmvncserver-easy-start | 28 ++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/builder/startup/deb/kasmvncserver-easy-start b/builder/startup/deb/kasmvncserver-easy-start
index 64dab08..6a626ff 100755
--- a/builder/startup/deb/kasmvncserver-easy-start
+++ b/builder/startup/deb/kasmvncserver-easy-start
@@ -2,7 +2,26 @@
 
 set -e
 
-display=:1
+if [[ "$1" = "--help" ]]; then
+  cat >&2 <<-USAGE
+Usage: `basename $0` [options]
+  -d     Debug output
+  -kill  Kill vncserver
+  --help show this help
+USAGE
+  exit
+fi
+
+if [[ "$1" = "-d" ]]; then
+  log_option="-log *:stderr:100"
+fi
+
+action=start
+if [[ "$1" = "-kill" ]]; then
+  action=kill
+fi
+
+display=:10
 interface=0.0.0.0
 cert_group=ssl-cert
 
@@ -14,9 +33,14 @@ EOF
   exit 1
 fi
 
+if [[ "$action" = "kill" ]]; then
+  vncserver -kill $display
+  exit
+fi
+
 vncserver $display -interface $interface
 vncserver -kill $display
 vncserver $display -depth 24 -geometry 1280x1050 -websocketPort 8443 \
   -cert /etc/ssl/certs/ssl-cert-snakeoil.pem \
   -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 \
-  -interface $interface -httpd /usr/share/kasmvnc/www
+  -interface $interface -httpd /usr/share/kasmvnc/www $log_option

From 2005b86a921020a5b55a1895482d4168cfe39b7c Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 14 Mar 2021 21:19:08 +1300
Subject: [PATCH 13/30] Deb: make easy-start script easier to modify

---
 builder/startup/deb/kasmvncserver-easy-start | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/builder/startup/deb/kasmvncserver-easy-start b/builder/startup/deb/kasmvncserver-easy-start
index 6a626ff..0d0bc88 100755
--- a/builder/startup/deb/kasmvncserver-easy-start
+++ b/builder/startup/deb/kasmvncserver-easy-start
@@ -2,6 +2,10 @@
 
 set -e
 
+display=:10
+interface=0.0.0.0
+cert_group=ssl-cert
+
 if [[ "$1" = "--help" ]]; then
   cat >&2 <<-USAGE
 Usage: `basename $0` [options]
@@ -21,10 +25,6 @@ if [[ "$1" = "-kill" ]]; then
   action=kill
 fi
 
-display=:10
-interface=0.0.0.0
-cert_group=ssl-cert
-
 if groups | grep -qvw ssl-cert; then
   cat <<-EOF
     Can't access TLS certificate.

From ed4c514bcb800271ef9689ba1ea00f91fae2f07d Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 14 Mar 2021 23:24:14 +1300
Subject: [PATCH 14/30] Deb: test images have lsb-release now

To ensure it's the right image, I double-check with lsb_release.
---
 builder/dockerfile.debian_bullseye.deb.test   | 1 +
 builder/dockerfile.debian_buster.deb.test     | 1 +
 builder/dockerfile.kali_kali-rolling.deb.test | 1 +
 builder/dockerfile.ubuntu_bionic.deb.test     | 1 +
 builder/dockerfile.ubuntu_focal.deb.test      | 1 +
 5 files changed, 5 insertions(+)

diff --git a/builder/dockerfile.debian_bullseye.deb.test b/builder/dockerfile.debian_bullseye.deb.test
index 8340a9a..3ad2600 100644
--- a/builder/dockerfile.debian_bullseye.deb.test
+++ b/builder/dockerfile.debian_bullseye.deb.test
@@ -32,6 +32,7 @@ WORKDIR $HOME
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal dbus-x11 xterm libnss-wrapper gettext wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
+RUN apt-get update && apt-get -y install lsb-release
 
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 
diff --git a/builder/dockerfile.debian_buster.deb.test b/builder/dockerfile.debian_buster.deb.test
index 53d6b5d..ef536ea 100644
--- a/builder/dockerfile.debian_buster.deb.test
+++ b/builder/dockerfile.debian_buster.deb.test
@@ -32,6 +32,7 @@ WORKDIR $HOME
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
+RUN apt-get update && apt-get -y install lsb-release
 
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 
diff --git a/builder/dockerfile.kali_kali-rolling.deb.test b/builder/dockerfile.kali_kali-rolling.deb.test
index 7fa1ae0..a189b9b 100644
--- a/builder/dockerfile.kali_kali-rolling.deb.test
+++ b/builder/dockerfile.kali_kali-rolling.deb.test
@@ -32,6 +32,7 @@ WORKDIR $HOME
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal dbus-x11 xterm libnss-wrapper gettext wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
+RUN apt-get update && apt-get -y install lsb-release
 
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 
diff --git a/builder/dockerfile.ubuntu_bionic.deb.test b/builder/dockerfile.ubuntu_bionic.deb.test
index 9a0db27..793c2ca 100644
--- a/builder/dockerfile.ubuntu_bionic.deb.test
+++ b/builder/dockerfile.ubuntu_bionic.deb.test
@@ -32,6 +32,7 @@ WORKDIR $HOME
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
+RUN apt-get update && apt-get -y install lsb-release
 
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 
diff --git a/builder/dockerfile.ubuntu_focal.deb.test b/builder/dockerfile.ubuntu_focal.deb.test
index 4d1c50b..4d8222d 100644
--- a/builder/dockerfile.ubuntu_focal.deb.test
+++ b/builder/dockerfile.ubuntu_focal.deb.test
@@ -32,6 +32,7 @@ WORKDIR $HOME
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
+RUN apt-get update && apt-get -y install lsb-release
 
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 

From 213f91c1a70992f90d8288bddcb03a41b8fa5f4c Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 14 Mar 2021 23:25:53 +1300
Subject: [PATCH 15/30] Update README: deb installation only

---
 README.md | 42 +++++++++++++++++++++++-------------------
 1 file changed, 23 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index c929286..2c5cc1e 100644
--- a/README.md
+++ b/README.md
@@ -33,40 +33,44 @@ Future Goals:
   - CI pipelines to create releases
 
 ### Installation
-We are currently developing releasable packages for major operating sytems. The install script available with releases will install dependencies, compile webp, and pull down and install the pre-compiled KasmVNC tarball. Currently, only Ubuntu 18.04 LTS is pre-compiled.
 
-This installer assumes you already have a desktop environment installed, but have never configured a VNC server. Use the install script found in this project under builder/install/install.sh, currently Ubuntu 18.04LTS is the only operating system with pre-compiled binaries.
+#### Debian-based
 
 ```sh
-# install dependencies
-sudo apt-get -y install libjpeg-dev
+wget -qO- https://github.com/kasmtech/KasmVNC/releases/download/v0.9.1-beta/kasmvncserver_0.9.1~beta-1_amd64.deb
 
-# install KasmVNC
-wget -qO- https://github.com/kasmtech/KasmVNC/releases/download/v0.9.1-beta/KasmVNC_0.9.1-beta_Ubuntu_18.04.tar.gz | sudo tar xz --strip 1 -C /
+sudo dpkg -i kasmvncserver_0.9.1~beta-1_amd64.deb
+sudo apt-get -f install
 
-# Generate an SSL Cert and change owner
-sudo mkdir /usr/local/share/kasmvnc/certs
-sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/share/kasmvnc/certs/self.pem -out /usr/local/share/kasmvnc/certs/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
-sudo chown $USER /usr/local/share/kasmvnc/certs/self.pem
+# We provide an example script to run KasmVNC at #
+`/usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start`. It runs a VNC
+# server on display `:10` and on interface `0.0.0.0`. If you're happy with those
+# defaults you can just use it as is:
+ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start /usr/local/bin/
 
-# start kasmvnc and set password for remote access
-vncserver :1 -interface 0.0.0.0
-# stop kasmvnc to make config changes
-vncserver -kill :1
+# Create ~/.vnc directory and corresponding files.
+kasmvncserver-easy-start -d && kasmvncserver-easy-start -kill
 
-# modify vncstartup to launch your environment of choice, in this example LXDE
+# Modify vncstartup to launch your environment of choice, in this example LXDE
 echo '/usr/bin/lxsession -s LXDE &' >> ~/.vnc/xstartup
 
 # The KasmVNC username is automatically set to your system username, you can mofify it if you wish
 vi ~/.vnc/config
 
-# launch KasmVNC
-vncserver $DISPLAY -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /usr/local/share/kasmvnc/certs/self.pem -sslOnly -FrameRate=24 -interface 0.0.0.0
+# Start KasmVNC with debug logging:
+kasmvncserver-easy-start -d
+tail -f ~/.vnc/`hostname`:10.log
 ```
 
-Now navigate to your system at https://[ip-address]:8443/vnc.html
+Now navigate to your system at https://[ip-address]:8443/
 
-The options for vncserver in the example above:
+To stop a running KasmVNC:
+
+```sh
+kasmvncserver-easy-start -kill
+```
+
+The options for vncserver:
 
 | Argument | Description |
 | -------- | ----------- |

From 25c32c96e53c548fa81059e86b903e854864620a Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 14 Mar 2021 23:38:48 +1300
Subject: [PATCH 16/30] Deb: fix Ubuntu Focal (vnc_startup.sh XFCE start issue)

---
 builder/dockerfile.ubuntu_focal.deb.test | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/builder/dockerfile.ubuntu_focal.deb.test b/builder/dockerfile.ubuntu_focal.deb.test
index 4d8222d..3397848 100644
--- a/builder/dockerfile.ubuntu_focal.deb.test
+++ b/builder/dockerfile.ubuntu_focal.deb.test
@@ -45,6 +45,9 @@ ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp
 RUN dpkg -i /tmp/*.deb; apt-get -yf install
 
+RUN mkdir ~/.vnc && echo '/usr/bin/xfce4-session &' >> ~/.vnc/xstartup && \
+  chmod +x ~/.vnc/xstartup
+
 ### END CUSTOM STUFF ###
 
 RUN chown -R 1000:0 $HOME

From df927915508f5f0d2df8f8cf71fe588a8ee44c72 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Mon, 15 Mar 2021 21:33:57 +1300
Subject: [PATCH 17/30] Gitlab CI: build all distros if branch has "release" or
 "testing" in it

---
 .gitlab-ci.yml       | 11 +++++++++--
 builder/build-distro | 19 +++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100755 builder/build-distro

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c72a155..f2d05a3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,8 +15,15 @@ build:
     - pwd
     - apk add bash
     - mkdir -p "$GITLAB_SHARED_DIND_DIR" && chmod 777 "$GITLAB_SHARED_DIND_DIR"
-    - bash builder/build-tarball
-    - bash builder/build-deb
+    - echo "Build Ubuntu 18 on all branches"
+    - bash builder/build-distro ubuntu bionic
+    - if echo "$CI_COMMIT_BRANCH" | grep -Eq '(release|testing)'; then
+        echo "Build all distros";
+        bash builder/build-distro ubuntu focal;
+        bash builder/build-distro debian buster;
+        bash builder/build-distro debian bullseye;
+        bash builder/build-distro kali kali-rolling;
+      fi
     - mkdir output
     - cp -r builder/build/* output/
   artifacts:
diff --git a/builder/build-distro b/builder/build-distro
new file mode 100755
index 0000000..a21bf01
--- /dev/null
+++ b/builder/build-distro
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+os="$1"
+codename="$2"
+
+detect_package_format() {
+  package_format=rpm
+  if ls builder/dockerfile*"$os"* | grep -q .deb.build; then
+    package_format=deb
+  fi
+}
+
+cd "$(dirname "$0")/.."
+
+detect_package_format
+builder/build-tarball "$os" "$codename"
+builder/build-${package_format} "$os" "$codename"

From 7bffbb53da76fec3bc3c8712b0a411a4ee08eb0f Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Mon, 15 Mar 2021 22:27:19 +1300
Subject: [PATCH 18/30] vncserver: remove securitytypes mention from man page

securitytypes is no longer used.
---
 unix/vncserver.man | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/unix/vncserver.man b/unix/vncserver.man
index d6240df..aae748d 100644
--- a/unix/vncserver.man
+++ b/unix/vncserver.man
@@ -171,9 +171,9 @@ $HOME/.vnc/config
 An optional server config file wherein options to be passed to Xvnc are listed
 to avoid hard-coding them to the physical invocation. List options in this file
 one per line. For those requiring an argument, simply separate the option from
-the argument with an equal sign, for example: "geometry=2000x1200" or
-"securitytypes=vncauth,tlsvnc". Options without an argument are simply listed
-as a single word, for example: "localhost" or "alwaysshared".
+the argument with an equal sign, for example: "geometry=2000x1200". Options
+without an argument are simply listed as a single word, for example: "localhost"
+or "alwaysshared".
 .TP
 $HOME/.vnc/passwd
 The VNC password file.

From e5cd3d67532e4c00a698c6612704f15bafdd36ac Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Mon, 15 Mar 2021 22:37:48 +1300
Subject: [PATCH 19/30] Improve README.md

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 2c5cc1e..4ba504f 100644
--- a/README.md
+++ b/README.md
@@ -43,10 +43,10 @@ sudo dpkg -i kasmvncserver_0.9.1~beta-1_amd64.deb
 sudo apt-get -f install
 
 # We provide an example script to run KasmVNC at #
-`/usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start`. It runs a VNC
-# server on display `:10` and on interface `0.0.0.0`. If you're happy with those
+# /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start. It runs a VNC
+# server on display :10 and on interface 0.0.0.0. If you're happy with those
 # defaults you can just use it as is:
-ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start /usr/local/bin/
+ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start ~/bin/
 
 # Create ~/.vnc directory and corresponding files.
 kasmvncserver-easy-start -d && kasmvncserver-easy-start -kill

From fc12e385716e62aedf6c8960cc1a60be6d45db15 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Mon, 15 Mar 2021 22:38:08 +1300
Subject: [PATCH 20/30] README.md formatting

---
 README.md | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 4ba504f..5010459 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,7 @@ We need help, especially in packaging KasmVNC for various operating systems. We
 We also need help with Windows, which is not currently supported. While KasmVNC can technically be built for Windows 10, it is unusably slow, due to all the changes that occured in Windows since the original Windows support was added in the chain of VNC forked projects.
 
 ### Compiling From Source
-See the builder/README.md. We containerize our build systems to ensure highly repeatable builds. 
+See the builder/README.md. We containerize our build systems to ensure highly repeatable builds.
 
 License & Legal
 ----
@@ -158,39 +158,39 @@ Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
 This distribution contains software from the X Window System.  This is:
 
  Copyright 1987, 1988, 1998  The Open Group
- 
+
  Permission to use, copy, modify, distribute, and sell this software and its
  documentation for any purpose is hereby granted without fee, provided that
  the above copyright notice appear in all copies and that both that
  copyright notice and this permission notice appear in supporting
  documentation.
- 
+
  The above copyright notice and this permission notice shall be included in
  all copies or substantial portions of the Software.
- 
+
  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
  OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
  AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- 
+
  Except as contained in this notice, the name of The Open Group shall not be
  used in advertising or otherwise to promote the sale, use or other dealings
  in this Software without prior written authorization from The Open Group.
- 
- 
+
+
  Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, Massachusetts.
  All Rights Reserved
- 
- Permission to use, copy, modify, and distribute this software and its 
- documentation for any purpose and without fee is hereby granted, 
+
+ Permission to use, copy, modify, and distribute this software and its
+ documentation for any purpose and without fee is hereby granted,
  provided that the above copyright notice appear in all copies and that
- both that copyright notice and this permission notice appear in 
+ both that copyright notice and this permission notice appear in
  supporting documentation, and that the name of Digital not be
  used in advertising or publicity pertaining to distribution of the
- software without specific, written prior permission.  
- 
+ software without specific, written prior permission.
+
  DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
  ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
  DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR

From 349ed4cb412a885ff67ad0cf7f7175eddc07b83b Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 18 Mar 2021 22:42:40 +1300
Subject: [PATCH 21/30] CI: remove tarballs from artifacts

---
 .gitlab-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f2d05a3..b4b8489 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -26,6 +26,7 @@ build:
       fi
     - mkdir output
     - cp -r builder/build/* output/
+    - rm output/*.tar.gz
   artifacts:
     paths:
       - output/

From 9a9b14daf1646d1be3c6f0c7d3df2a4bf6a4a8b5 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 18 Mar 2021 22:56:03 +1300
Subject: [PATCH 22/30] CI: extract before_script

---
 .gitlab-ci.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b4b8489..2954a74 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -8,14 +8,18 @@ variables:
 stages:
   - build
 
+.prepare_build: &prepare_build
+  - ls -l
+  - pwd
+  - apk add bash
+  - mkdir -p "$GITLAB_SHARED_DIND_DIR" && chmod 777 "$GITLAB_SHARED_DIND_DIR"
+
 build:
   stage: build
+  before_script:
+    - *prepare_build
   script:
-    - ls -l
-    - pwd
-    - apk add bash
-    - mkdir -p "$GITLAB_SHARED_DIND_DIR" && chmod 777 "$GITLAB_SHARED_DIND_DIR"
-    - echo "Build Ubuntu 18 on all branches"
+    - echo "Always build Ubuntu 18"
     - bash builder/build-distro ubuntu bionic
     - if echo "$CI_COMMIT_BRANCH" | grep -Eq '(release|testing)'; then
         echo "Build all distros";

From 56fd118c439e6cac831b42b15c85a70255587bbd Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 18 Mar 2021 23:17:52 +1300
Subject: [PATCH 23/30] CI: extract after_script

---
 .gitlab-ci.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2954a74..cc33bbc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,10 +14,17 @@ stages:
   - apk add bash
   - mkdir -p "$GITLAB_SHARED_DIND_DIR" && chmod 777 "$GITLAB_SHARED_DIND_DIR"
 
-build:
+.prepare_artfacts: &prepare_artfacts
+  - mkdir output
+  - cp -r builder/build/* output/
+  - rm output/*.tar.gz
+
+build_deb:
   stage: build
   before_script:
     - *prepare_build
+  after_script:
+    - *prepare_artfacts
   script:
     - echo "Always build Ubuntu 18"
     - bash builder/build-distro ubuntu bionic
@@ -28,9 +35,6 @@ build:
         bash builder/build-distro debian bullseye;
         bash builder/build-distro kali kali-rolling;
       fi
-    - mkdir output
-    - cp -r builder/build/* output/
-    - rm output/*.tar.gz
   artifacts:
     paths:
       - output/

From f758fc50218e3b907c2e2905db95a19eaefa77e7 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 18 Mar 2021 23:19:28 +1300
Subject: [PATCH 24/30] CI: build all distros and upload to S3

---
 .ci/detect_os_arch_package_format       | 20 ++++++
 .ci/next_release_version                | 25 +++++++
 .ci/upload.sh                           | 40 +++++++++++
 .gitlab-ci.yml                          | 90 ++++++++++++++++++++++---
 builder/{build-distro => build-package} |  0
 5 files changed, 165 insertions(+), 10 deletions(-)
 create mode 100755 .ci/detect_os_arch_package_format
 create mode 100755 .ci/next_release_version
 create mode 100644 .ci/upload.sh
 rename builder/{build-distro => build-package} (100%)

diff --git a/.ci/detect_os_arch_package_format b/.ci/detect_os_arch_package_format
new file mode 100755
index 0000000..dc76376
--- /dev/null
+++ b/.ci/detect_os_arch_package_format
@@ -0,0 +1,20 @@
+#!/usr/bin/ruby
+
+package_name = ARGV.first
+
+DEB_PACKAGE_REGEX = %r!(?<os>[^/]+)/kasmvncserver_.+?_(?<arch>.+?).(?<format>deb)!
+RPM_PACKAGE_REGEX = %r!(?<os>[^/]+)/kasmvncserver-.+?\.(?<arch>[^.]+).(?<format>rpm)!
+
+if matches = package_name.match(DEB_PACKAGE_REGEX)
+else matches = package_name.match(RPM_PACKAGE_REGEX)
+end
+
+os = matches["os"]
+arch = matches["arch"]
+package_format = matches["format"]
+
+puts <<-EXPORT
+  export PACKAGE_OS=#{os}
+  export OS_ARCH=#{arch}
+  export PACKAGE_FORMAT=#{package_format}
+EXPORT
diff --git a/.ci/next_release_version b/.ci/next_release_version
new file mode 100755
index 0000000..28ff069
--- /dev/null
+++ b/.ci/next_release_version
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+version_from_tags() {
+  git tag | sort -r | head -1 | sed -e 's/^v//' -e 's/\-.\+//' | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{if(length($NF+1)>length($NF))$(NF-1)++; $NF=sprintf("%0*d", length($NF), ($NF+1)%(10^length($NF))); print}'
+}
+
+branch_name="$1"
+if [ -z "$branch_name" ]; then
+  echo >&2 "Usage: `basename $0` <branch_name>"
+  exit 1
+fi
+
+if echo "$branch_name" | grep -Pq '^release/([\d.]+)$'; then
+  RELEASE_BRANCH=1
+fi
+
+if [ -n "$RELEASE_BRANCH" ]; then
+  RELEASE_VERSION=$(echo "$branch_name" | sed 's!release/!!');
+else
+  RELEASE_VERSION="$(version_from_tags)"
+fi
+
+echo "$RELEASE_VERSION"
diff --git a/.ci/upload.sh b/.ci/upload.sh
new file mode 100644
index 0000000..f2fa0e5
--- /dev/null
+++ b/.ci/upload.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+function prepare_upload_filename() {
+  local package="$1";
+
+  .ci/detect_os_arch_package_format "$package" > /tmp/os_arch_package_format;
+  source /tmp/os_arch_package_format;
+  detect_release_branch
+  if [ -n "$RELEASE_BRANCH" ]; then
+    export upload_filename="kasmvncserver_${PACKAGE_OS}_${RELEASE_VERSION}_${OS_ARCH}.${PACKAGE_FORMAT}";
+  else
+    export SANITIZED_BRANCH="$(echo $CI_COMMIT_REF_NAME | sed 's/\//_/g')";
+    export upload_filename="kasmvncserver_${PACKAGE_OS}_${RELEASE_VERSION}_${SANITIZED_BRANCH}_${CI_COMMIT_SHA:0:6}_${OS_ARCH}.${PACKAGE_FORMAT}";
+  fi
+};
+
+function upload_to_s3() {
+  local package="$1";
+  local upload_filename="$2";
+
+  # Transfer to S3
+  python3 amazon-s3-bitbucket-pipelines-python/s3_upload.py "${S3_BUCKET}" "$package" "${S3_BUILD_DIRECTORY}/${upload_filename}";
+  # Use the Gitlab API to tell Gitlab where the artifact was stored
+  export S3_URL="https://${S3_BUCKET}.s3.amazonaws.com/${S3_BUILD_DIRECTORY}/${upload_filename}";
+  export BUILD_STATUS="{\"key\":\"doc\", \"state\":\"SUCCESSFUL\", \"name\":\"${upload_filename}\", \"url\":\"${S3_URL}\"}";
+  curl --request POST --header "PRIVATE-TOKEN:${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/statuses/${CI_COMMIT_SHA}?state=success&name=build-url&target_url=${S3_URL}";
+};
+function prepare_to_run_scripts_and_s3_uploads() {
+  export DEBIAN_FRONTEND=noninteractive;
+  apt-get update;
+  apt-get install -y ruby2.7 git;
+  apt-get install -y python3 python3-pip python3-boto3 curl pkg-config libxmlsec1-dev;
+  git clone https://bitbucket.org/awslabs/amazon-s3-bitbucket-pipelines-python.git;
+};
+
+detect_release_branch() {
+  if echo $CI_COMMIT_REF_NAME | grep -Pq '^release/([\d.]+)$'; then
+    export RELEASE_BRANCH=1;
+  fi
+}
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cc33bbc..435ccb1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,9 +4,11 @@ services:
 
 variables:
   GITLAB_SHARED_DIND_DIR: /builds/$CI_PROJECT_PATH/shared
+  GIT_FETCH_EXTRA_FLAGS: --tags
 
 stages:
   - build
+  - upload
 
 .prepare_build: &prepare_build
   - ls -l
@@ -19,22 +21,90 @@ stages:
   - cp -r builder/build/* output/
   - rm output/*.tar.gz
 
-build_deb:
+build_ubuntu_bionic:
   stage: build
   before_script:
     - *prepare_build
   after_script:
     - *prepare_artfacts
   script:
-    - echo "Always build Ubuntu 18"
-    - bash builder/build-distro ubuntu bionic
-    - if echo "$CI_COMMIT_BRANCH" | grep -Eq '(release|testing)'; then
-        echo "Build all distros";
-        bash builder/build-distro ubuntu focal;
-        bash builder/build-distro debian buster;
-        bash builder/build-distro debian bullseye;
-        bash builder/build-distro kali kali-rolling;
-      fi
+    - bash builder/build-package ubuntu bionic
   artifacts:
     paths:
       - output/
+
+build_ubuntu_focal:
+  stage: build
+  before_script:
+    - *prepare_build
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package ubuntu focal;
+  artifacts:
+    paths:
+      - output/
+
+build_debian_buster:
+  stage: build
+  before_script:
+    - *prepare_build
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package debian buster;
+  artifacts:
+    paths:
+      - output/
+
+build_debian_bullseye:
+  stage: build
+  before_script:
+    - *prepare_build
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package debian bullseye;
+  artifacts:
+    paths:
+      - output/
+
+build_kali_rolling:
+  stage: build
+  before_script:
+    - *prepare_build
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package kali kali-rolling;
+  artifacts:
+    paths:
+      - output/
+
+build_centos7:
+  stage: build
+  before_script:
+    - *prepare_build
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package centos core
+  artifacts:
+    paths:
+      - output/
+
+upload:
+  stage: upload
+  image: ubuntu:focal
+  before_script:
+    - . .ci/upload.sh
+  script:
+    - export S3_BUILD_DIRECTORY="kasmvnc/${CI_COMMIT_SHA}"
+    - prepare_to_run_scripts_and_s3_uploads
+    - export RELEASE_VERSION=$(.ci/next_release_version "$CI_COMMIT_REF_NAME")
+    - for package in `find output/ -type f -name 'kasmvncserver_*.deb' -or -name '*.rpm'`; do
+        prepare_upload_filename "$package";
+        echo;
+        echo "File to upload $upload_filename";
+        upload_to_s3 "$package" "$upload_filename";
+      done
diff --git a/builder/build-distro b/builder/build-package
similarity index 100%
rename from builder/build-distro
rename to builder/build-package

From 963ea6b6d34c71f0408f1eade880a52c576290b4 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 25 Mar 2021 22:03:58 +1300
Subject: [PATCH 25/30] Revert "README.md formatting"

This reverts commit fc12e385716e62aedf6c8960cc1a60be6d45db15.
---
 README.md | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 5010459..4ba504f 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,7 @@ We need help, especially in packaging KasmVNC for various operating systems. We
 We also need help with Windows, which is not currently supported. While KasmVNC can technically be built for Windows 10, it is unusably slow, due to all the changes that occured in Windows since the original Windows support was added in the chain of VNC forked projects.
 
 ### Compiling From Source
-See the builder/README.md. We containerize our build systems to ensure highly repeatable builds.
+See the builder/README.md. We containerize our build systems to ensure highly repeatable builds. 
 
 License & Legal
 ----
@@ -158,39 +158,39 @@ Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
 This distribution contains software from the X Window System.  This is:
 
  Copyright 1987, 1988, 1998  The Open Group
-
+ 
  Permission to use, copy, modify, distribute, and sell this software and its
  documentation for any purpose is hereby granted without fee, provided that
  the above copyright notice appear in all copies and that both that
  copyright notice and this permission notice appear in supporting
  documentation.
-
+ 
  The above copyright notice and this permission notice shall be included in
  all copies or substantial portions of the Software.
-
+ 
  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
  OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
  AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
+ 
  Except as contained in this notice, the name of The Open Group shall not be
  used in advertising or otherwise to promote the sale, use or other dealings
  in this Software without prior written authorization from The Open Group.
-
-
+ 
+ 
  Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, Massachusetts.
  All Rights Reserved
-
- Permission to use, copy, modify, and distribute this software and its
- documentation for any purpose and without fee is hereby granted,
+ 
+ Permission to use, copy, modify, and distribute this software and its 
+ documentation for any purpose and without fee is hereby granted, 
  provided that the above copyright notice appear in all copies and that
- both that copyright notice and this permission notice appear in
+ both that copyright notice and this permission notice appear in 
  supporting documentation, and that the name of Digital not be
  used in advertising or publicity pertaining to distribution of the
- software without specific, written prior permission.
-
+ software without specific, written prior permission.  
+ 
  DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
  ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
  DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR

From 40facbcc4603d6132728f164ff43faaf2d246a32 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 25 Mar 2021 22:04:08 +1300
Subject: [PATCH 26/30] Revert "Improve README.md"

This reverts commit e5cd3d67532e4c00a698c6612704f15bafdd36ac.
---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 4ba504f..2c5cc1e 100644
--- a/README.md
+++ b/README.md
@@ -43,10 +43,10 @@ sudo dpkg -i kasmvncserver_0.9.1~beta-1_amd64.deb
 sudo apt-get -f install
 
 # We provide an example script to run KasmVNC at #
-# /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start. It runs a VNC
-# server on display :10 and on interface 0.0.0.0. If you're happy with those
+`/usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start`. It runs a VNC
+# server on display `:10` and on interface `0.0.0.0`. If you're happy with those
 # defaults you can just use it as is:
-ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start ~/bin/
+ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start /usr/local/bin/
 
 # Create ~/.vnc directory and corresponding files.
 kasmvncserver-easy-start -d && kasmvncserver-easy-start -kill

From ca326ee1f15072762212a5f03e5f2729e9fbc910 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 25 Mar 2021 22:04:16 +1300
Subject: [PATCH 27/30] Revert "Update README: deb installation only"

This reverts commit 213f91c1a70992f90d8288bddcb03a41b8fa5f4c.
---
 README.md | 42 +++++++++++++++++++-----------------------
 1 file changed, 19 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index 2c5cc1e..c929286 100644
--- a/README.md
+++ b/README.md
@@ -33,44 +33,40 @@ Future Goals:
   - CI pipelines to create releases
 
 ### Installation
+We are currently developing releasable packages for major operating sytems. The install script available with releases will install dependencies, compile webp, and pull down and install the pre-compiled KasmVNC tarball. Currently, only Ubuntu 18.04 LTS is pre-compiled.
 
-#### Debian-based
+This installer assumes you already have a desktop environment installed, but have never configured a VNC server. Use the install script found in this project under builder/install/install.sh, currently Ubuntu 18.04LTS is the only operating system with pre-compiled binaries.
 
 ```sh
-wget -qO- https://github.com/kasmtech/KasmVNC/releases/download/v0.9.1-beta/kasmvncserver_0.9.1~beta-1_amd64.deb
+# install dependencies
+sudo apt-get -y install libjpeg-dev
 
-sudo dpkg -i kasmvncserver_0.9.1~beta-1_amd64.deb
-sudo apt-get -f install
+# install KasmVNC
+wget -qO- https://github.com/kasmtech/KasmVNC/releases/download/v0.9.1-beta/KasmVNC_0.9.1-beta_Ubuntu_18.04.tar.gz | sudo tar xz --strip 1 -C /
 
-# We provide an example script to run KasmVNC at #
-`/usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start`. It runs a VNC
-# server on display `:10` and on interface `0.0.0.0`. If you're happy with those
-# defaults you can just use it as is:
-ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start /usr/local/bin/
+# Generate an SSL Cert and change owner
+sudo mkdir /usr/local/share/kasmvnc/certs
+sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/share/kasmvnc/certs/self.pem -out /usr/local/share/kasmvnc/certs/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
+sudo chown $USER /usr/local/share/kasmvnc/certs/self.pem
 
-# Create ~/.vnc directory and corresponding files.
-kasmvncserver-easy-start -d && kasmvncserver-easy-start -kill
+# start kasmvnc and set password for remote access
+vncserver :1 -interface 0.0.0.0
+# stop kasmvnc to make config changes
+vncserver -kill :1
 
-# Modify vncstartup to launch your environment of choice, in this example LXDE
+# modify vncstartup to launch your environment of choice, in this example LXDE
 echo '/usr/bin/lxsession -s LXDE &' >> ~/.vnc/xstartup
 
 # The KasmVNC username is automatically set to your system username, you can mofify it if you wish
 vi ~/.vnc/config
 
-# Start KasmVNC with debug logging:
-kasmvncserver-easy-start -d
-tail -f ~/.vnc/`hostname`:10.log
+# launch KasmVNC
+vncserver $DISPLAY -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /usr/local/share/kasmvnc/certs/self.pem -sslOnly -FrameRate=24 -interface 0.0.0.0
 ```
 
-Now navigate to your system at https://[ip-address]:8443/
+Now navigate to your system at https://[ip-address]:8443/vnc.html
 
-To stop a running KasmVNC:
-
-```sh
-kasmvncserver-easy-start -kill
-```
-
-The options for vncserver:
+The options for vncserver in the example above:
 
 | Argument | Description |
 | -------- | ----------- |

From 4e8750e37a72ebfaac236055fc3f2adec3826ce5 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Thu, 25 Mar 2021 23:05:20 +1300
Subject: [PATCH 28/30] Disable passing of basicauth in vncserver

---
 unix/vncserver | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/unix/vncserver b/unix/vncserver
index 04c758e..68b4ad9 100644
--- a/unix/vncserver
+++ b/unix/vncserver
@@ -465,8 +465,7 @@ sub LoadConfig {
           }
 	  # change username option to basicAuth and add colon as required by Xvnc, password will be taken from file
 	  if ($k = "username") {
-            $config{"basicauth"} = "$v:";
-	    $vncUserName = $v;
+            next;
 	  } else {
             $config{$k} = $v;
           }

From 9b3e1f73f5136c775ca8caa2cd28b318d5246ee1 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Fri, 26 Mar 2021 01:10:43 +1300
Subject: [PATCH 29/30] Deb/rpm: update barebones images

---
 builder/dockerfile.centos_core.barebones.rpm.test        | 6 +++---
 builder/dockerfile.fedora_thirtythree.barebones.rpm.test | 6 +++---
 builder/dockerfile.ubuntu_focal.barebones.deb.test       | 3 +--
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/builder/dockerfile.centos_core.barebones.rpm.test b/builder/dockerfile.centos_core.barebones.rpm.test
index 33098d3..b5e22e9 100644
--- a/builder/dockerfile.centos_core.barebones.rpm.test
+++ b/builder/dockerfile.centos_core.barebones.rpm.test
@@ -2,6 +2,7 @@ FROM centos:centos7
 
 RUN yum install -y xterm
 RUN yum install -y vim less
+RUN yum install -y redhat-lsb-core
 
 ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/*.rpm /tmp
@@ -9,10 +10,9 @@ RUN yum localinstall -y /tmp/*.rpm
 
 RUN useradd -m foo
 
-USER foo:kasmvnc
+USER foo:kasmvnc-cert
 
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
   chmod +x ~/.vnc/xstartup
-RUN echo bar | kasmvncpasswd -f > $HOME/.kasmpasswd && chmod 0600 $HOME/.kasmpasswd
 
-ENTRYPOINT bash -c "vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
+ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
diff --git a/builder/dockerfile.fedora_thirtythree.barebones.rpm.test b/builder/dockerfile.fedora_thirtythree.barebones.rpm.test
index d9ab4d7..b592c89 100644
--- a/builder/dockerfile.fedora_thirtythree.barebones.rpm.test
+++ b/builder/dockerfile.fedora_thirtythree.barebones.rpm.test
@@ -2,6 +2,7 @@ FROM fedora:33
 
 RUN dnf install -y xterm
 RUN dnf install -y vim less
+RUN yum install -y redhat-lsb-core
 
 ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/*.rpm /tmp
@@ -9,10 +10,9 @@ RUN dnf localinstall -y /tmp/*.rpm
 
 RUN useradd -m foo
 
-USER foo:kasmvnc
+USER foo:kasmvnc-cert
 
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
   chmod +x ~/.vnc/xstartup
-RUN echo bar | kasmvncpasswd -f > $HOME/.kasmpasswd && chmod 0600 $HOME/.kasmpasswd
 
-ENTRYPOINT bash -c "vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
+ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
diff --git a/builder/dockerfile.ubuntu_focal.barebones.deb.test b/builder/dockerfile.ubuntu_focal.barebones.deb.test
index 4449d77..26b0c14 100644
--- a/builder/dockerfile.ubuntu_focal.barebones.deb.test
+++ b/builder/dockerfile.ubuntu_focal.barebones.deb.test
@@ -11,6 +11,5 @@ USER foo
 
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
   chmod +x ~/.vnc/xstartup
-RUN echo bar | kasmvncpasswd -f > $HOME/.kasmpasswd && chmod 0600 $HOME/.kasmpasswd
 
-ENTRYPOINT bash -c "vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
+ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "

From 29415a8c7d4fad73d910f266ca6b5ab2b93d6b59 Mon Sep 17 00:00:00 2001
From: matt <matt@kasmweb.com>
Date: Fri, 26 Mar 2021 19:53:04 +0000
Subject: [PATCH 30/30] Apply patch for 1.20.x

---
 builder/build.sh                       | 4 ++++
 builder/dockerfile.ubuntu_bionic.build | 1 +
 2 files changed, 5 insertions(+)

diff --git a/builder/build.sh b/builder/build.sh
index e9813f1..75794db 100755
--- a/builder/build.sh
+++ b/builder/build.sh
@@ -37,6 +37,10 @@ tar -C unix/xserver -xvf /tmp/xorg-server-${XORG_VER}.tar.bz2 --strip-components
 
 cd unix/xserver
 patch -Np1 -i ../xserver${XORG_PATCH}.patch
+if [[ $XORG_VER =~ ^1\.20\..*$ ]]; then
+  patch -Np1 -i ../xserver120.7.patch
+fi
+
 autoreconf -i
 # Configuring Xorg is long and has many distro-specific paths.
 # The distro paths start after prefix and end with the font path,
diff --git a/builder/dockerfile.ubuntu_bionic.build b/builder/dockerfile.ubuntu_bionic.build
index a21a716..cee01e1 100644
--- a/builder/dockerfile.ubuntu_bionic.build
+++ b/builder/dockerfile.ubuntu_bionic.build
@@ -2,6 +2,7 @@ FROM ubuntu:18.04
 
 ENV KASMVNC_BUILD_OS ubuntu
 ENV KASMVNC_BUILD_OS_CODENAME bionic
+ENV XORG_VER 1.20.10
 
 RUN sed -i 's$# deb-src$deb-src$' /etc/apt/sources.list