From 20876547a18c3933f4e765f9e9437e862dc59b16 Mon Sep 17 00:00:00 2001 From: Ryan Kuba Date: Fri, 3 Mar 2023 11:09:08 +0000 Subject: [PATCH] Resolve KASM-4031 "Feature/ alpine 317" --- .gitlab-ci.yml | 76 ++++++++++- builder/build-apk | 17 +++ builder/build-apk-inside-docker | 11 ++ builder/build-package | 2 + builder/build-rpm-inside-docker | 4 +- builder/build.sh | 6 +- builder/dockerfile.alpine_317.apk.build | 7 + builder/dockerfile.alpine_317.build | 76 +++++++++++ builder/dockerfile.oracle_8.rpm.build | 2 +- .../dockerfile.oracle_9.barebones.rpm.test | 23 ++++ builder/dockerfile.oracle_9.build | 61 +++++++++ builder/dockerfile.oracle_9.rpm.build | 23 ++++ oracle/kasmvncserver9.spec | 123 ++++++++++++++++++ 13 files changed, 424 insertions(+), 7 deletions(-) create mode 100755 builder/build-apk create mode 100755 builder/build-apk-inside-docker create mode 100644 builder/dockerfile.alpine_317.apk.build create mode 100644 builder/dockerfile.alpine_317.build create mode 100644 builder/dockerfile.oracle_9.barebones.rpm.test create mode 100644 builder/dockerfile.oracle_9.build create mode 100644 builder/dockerfile.oracle_9.rpm.build create mode 100644 oracle/kasmvncserver9.spec diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9148f7b..3f43dfc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -349,6 +349,42 @@ build_oracle_8_arm: paths: - output/ +build_oracle_9: + stage: build + allow_failure: true + before_script: + - *prepare_build + - *prepare_www + after_script: + - *prepare_artfacts + script: + - bash builder/build-package oracle 9; + only: + variables: + - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME + artifacts: + paths: + - output/ + +build_oracle_9_arm: + stage: build + allow_failure: true + tags: + - oci-fixed-arm64 + before_script: + - *prepare_build + - *prepare_www + after_script: + - *prepare_artfacts + script: + - bash builder/build-package oracle 9; + only: + variables: + - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME + artifacts: + paths: + - output/ + build_opensuse_15: stage: build allow_failure: true @@ -421,6 +457,42 @@ build_fedora_thirtyseven_arm: paths: - output/ +build_alpine_317: + stage: build + allow_failure: true + before_script: + - *prepare_build + - *prepare_www + after_script: + - *prepare_artfacts + script: + - bash builder/build-package alpine 317; + only: + variables: + - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME + artifacts: + paths: + - output/ + +build_alpine_317_arm: + stage: build + allow_failure: true + tags: + - oci-fixed-arm64 + before_script: + - *prepare_build + - *prepare_www + after_script: + - *prepare_artfacts + script: + - bash builder/build-package alpine 317; + only: + variables: + - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME + artifacts: + paths: + - output/ + test: stage: test before_script: @@ -447,12 +519,12 @@ upload: done - export S3_BUILD_DIRECTORY="kasmvnc/${CI_COMMIT_SHA}" - export RELEASE_VERSION=$(.ci/next_release_version "$CI_COMMIT_REF_NAME") - - for package in `find output/ -type f -name '*.deb' -or -name '*.rpm'`; do + - for package in `find output/ -type f -name '*.deb' -or -name '*.rpm' -or -name '*.tgz'`; do prepare_upload_filename "$package"; upload_filename="${S3_BUILD_DIRECTORY}/$upload_filename"; echo; echo "File to upload $upload_filename"; upload_to_s3 "$package" "$upload_filename" "$S3_BUCKET"; - UPLOAD_NAME=$(basename $upload_filename | sed 's#kasmvncserver_##' | sed -r 's#_([0-9]{1,3}\.){2}[0-9]{1,2}_\S+?([a-f0-9]{6})##' | sed -r 's#\.(deb|rpm)##'); + UPLOAD_NAME=$(basename $upload_filename | sed 's#kasmvncserver_##' | sed -r 's#_([0-9]{1,3}\.){2}[0-9]{1,2}_\S+?([a-f0-9]{6})##' | sed -r 's#\.(deb|rpm|tgz)##'); curl --request POST --header "PRIVATE-TOKEN:${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/statuses/${CI_COMMIT_SHA}?state=success&name=${UPLOAD_NAME}&target_url=${S3_URL}"; done diff --git a/builder/build-apk b/builder/build-apk new file mode 100755 index 0000000..73fa677 --- /dev/null +++ b/builder/build-apk @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e + +. builder/os_ver_cli.sh + +cd "$(dirname "$0")/.." + +docker build -t kasmvnc_apkbuilder_${os}:${os_codename} -f \ + builder/dockerfile.${os}_${os_codename}.apk.build . + +source_dir=$(echo $PWD) +L_UID=$(id -u) +L_GID=$(id -g) +docker run --rm -v "$source_dir":/src --user $L_UID:$L_GID \ + kasmvnc_apkbuilder_${os}:${os_codename} /bin/bash -c \ + '/src/builder/build-apk-inside-docker' diff --git a/builder/build-apk-inside-docker b/builder/build-apk-inside-docker new file mode 100755 index 0000000..08617f7 --- /dev/null +++ b/builder/build-apk-inside-docker @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +os=alpine +os_codename=$(cat /etc/os-release | awk '/VERSION_ID/' | grep -o '[[:digit:]]' | tr -d '\n' | head -c 3) + +mkdir -p /src/builder/build/${os}_${os_codename} +mv \ + /src/builder/build/kasmvnc.${os}_${os_codename}.tar.gz \ + /src/builder/build/${os}_${os_codename}/kasmvnc.${os}_${os_codename}_$(uname -m).tgz diff --git a/builder/build-package b/builder/build-package index 9718846..598230d 100755 --- a/builder/build-package +++ b/builder/build-package @@ -10,6 +10,8 @@ detect_package_format() { package_format=rpm if ls builder/dockerfile*"$os"* | grep -q .deb.build; then package_format=deb + elif ls builder/dockerfile*"$os"* | grep -q .apk.build; then + package_format=apk fi } diff --git a/builder/build-rpm-inside-docker b/builder/build-rpm-inside-docker index 7839dba..69cf978 100755 --- a/builder/build-rpm-inside-docker +++ b/builder/build-rpm-inside-docker @@ -8,7 +8,7 @@ prepare_build_env() { } copy_spec_and_tar_with_binaries() { - cp /tmp/kasmvncserver.spec ~/rpmbuild/SPECS/ + cp /tmp/*.spec ~/rpmbuild/SPECS/ cp /src/builder/build/kasmvnc.${os}_${os_codename}.tar.gz \ ~/rpmbuild/SOURCES/ } @@ -30,6 +30,6 @@ fi os_dir="build/${os}_${os_codename}" prepare_build_env -rpmbuild -ba ~/rpmbuild/SPECS/kasmvncserver.spec +rpmbuild -ba ~/rpmbuild/SPECS/*.spec copy_rpm_to_build_dir rpmlint "$os_dir"/*.rpm || true diff --git a/builder/build.sh b/builder/build.sh index 6e6832d..7728bc1 100755 --- a/builder/build.sh +++ b/builder/build.sh @@ -86,7 +86,7 @@ autoreconf -i # components. ensure_crashpad_can_fetch_line_number_by_address # remove gl check for opensuse -if [ "${KASMVNC_BUILD_OS}" == "opensuse" ]; then +if [ "${KASMVNC_BUILD_OS}" == "opensuse" ] || ([ "${KASMVNC_BUILD_OS}" == "oracle" ] && [ "${KASMVNC_BUILD_OS_CODENAME}" == 9 ]); then sed -i 's/LIBGL="gl >= 7.1.0"/LIBGL="gl >= 1.1"/g' configure fi # build X11 @@ -95,7 +95,7 @@ fi --with-xkb-output=/var/lib/xkb \ --with-xkb-bin-directory=/usr/bin \ --with-default-font-path="/usr/share/fonts/X11/misc,/usr/share/fonts/X11/cyrillic,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,built-ins" \ - --with-sha1=libcrypto \ + --with-sha1=libcrypto \ --without-dtrace --disable-dri \ --disable-static \ --disable-xinerama --disable-xvfb --disable-xnest --disable-xorg \ @@ -121,6 +121,8 @@ if [ -d /usr/lib/x86_64-linux-gnu/dri ]; then ln -s /usr/lib/x86_64-linux-gnu/dri dri elif [ -d /usr/lib/aarch64-linux-gnu/dri ]; then ln -s /usr/lib/aarch64-linux-gnu/dri dri +elif [ -d /usr/lib/xorg/modules/dri ]; then + ln -s /usr/lib/xorg/modules/dri dri else ln -s /usr/lib64/dri dri fi diff --git a/builder/dockerfile.alpine_317.apk.build b/builder/dockerfile.alpine_317.apk.build new file mode 100644 index 0000000..732f5f0 --- /dev/null +++ b/builder/dockerfile.alpine_317.apk.build @@ -0,0 +1,7 @@ +FROM alpine:3.17 + +RUN apk add shadow bash + +RUN useradd -m docker && echo "docker:docker" | chpasswd + +USER docker diff --git a/builder/dockerfile.alpine_317.build b/builder/dockerfile.alpine_317.build new file mode 100644 index 0000000..5450db9 --- /dev/null +++ b/builder/dockerfile.alpine_317.build @@ -0,0 +1,76 @@ +FROM alpine:3.17 + +ENV KASMVNC_BUILD_OS alpine +ENV KASMVNC_BUILD_OS_CODENAME 317 +ENV XORG_VER 1.20.7 + +RUN \ + echo "**** install build deps ****" && \ + apk add \ + alpine-release \ + alpine-sdk \ + autoconf \ + automake \ + bash \ + ca-certificates \ + cmake \ + coreutils \ + curl \ + eudev-dev \ + font-cursor-misc \ + font-misc-misc \ + font-util-dev \ + git \ + grep \ + jq \ + libdrm-dev \ + libepoxy-dev \ + libjpeg-turbo-dev \ + libjpeg-turbo-static \ + libpciaccess-dev \ + libtool \ + libwebp-dev \ + libx11-dev \ + libxau-dev \ + libxcb-dev \ + libxcursor-dev \ + libxcvt-dev \ + libxdmcp-dev \ + libxext-dev \ + libxfont2-dev \ + libxkbfile-dev \ + libxrandr-dev \ + libxshmfence-dev \ + libxtst-dev \ + mesa-dev \ + mesa-dri-gallium \ + meson \ + nettle-dev \ + openssl-dev \ + pixman-dev \ + procps \ + shadow \ + tar \ + tzdata \ + wayland-dev \ + wayland-protocols \ + xcb-util-dev \ + xcb-util-image-dev \ + xcb-util-keysyms-dev \ + xcb-util-renderutil-dev \ + xcb-util-wm-dev \ + xinit \ + xkbcomp \ + xkbcomp-dev \ + xkeyboard-config \ + xorgproto \ + xorg-server-common \ + xorg-server-dev \ + xtrans + +RUN useradd -m docker && echo "docker:docker" | chpasswd + +COPY --chown=docker:docker . /src/ + +USER docker +ENTRYPOINT ["/src/builder/build.sh"] diff --git a/builder/dockerfile.oracle_8.rpm.build b/builder/dockerfile.oracle_8.rpm.build index edc637d..d9e814f 100644 --- a/builder/dockerfile.oracle_8.rpm.build +++ b/builder/dockerfile.oracle_8.rpm.build @@ -13,7 +13,7 @@ RUN dnf install -y \ tree \ vim -COPY oracle/*.spec /tmp +COPY oracle/kasmvncserver.spec /tmp RUN dnf builddep -y /tmp/*.spec RUN useradd -m docker && echo "docker:docker" | chpasswd diff --git a/builder/dockerfile.oracle_9.barebones.rpm.test b/builder/dockerfile.oracle_9.barebones.rpm.test new file mode 100644 index 0000000..df8b435 --- /dev/null +++ b/builder/dockerfile.oracle_9.barebones.rpm.test @@ -0,0 +1,23 @@ +FROM oraclelinux:9 + +ENV STARTUPDIR=/dockerstartup + +RUN dnf install -y \ + less \ + redhat-lsb-core \ + vim \ + xterm +RUN dnf config-manager --set-enabled ol9_codeready_builder +RUN dnf install -y oracle-epel-release-el9 + +ARG KASMVNC_PACKAGE_DIR +COPY $KASMVNC_PACKAGE_DIR/*.rpm /tmp +RUN dnf localinstall -y /tmp/*.rpm + +RUN mkdir -p $STARTUPDIR +COPY startup/vnc_startup_barebones.sh $STARTUPDIR + +RUN useradd -m foo +USER foo:kasmvnc-cert + +ENTRYPOINT "/$STARTUPDIR/vnc_startup_barebones.sh" diff --git a/builder/dockerfile.oracle_9.build b/builder/dockerfile.oracle_9.build new file mode 100644 index 0000000..a7bc22d --- /dev/null +++ b/builder/dockerfile.oracle_9.build @@ -0,0 +1,61 @@ +FROM oraclelinux:9 + +ENV KASMVNC_BUILD_OS oracle +ENV KASMVNC_BUILD_OS_CODENAME 9 +ENV XORG_VER 1.20.10 + +# Install from stock repos +RUN dnf config-manager --set-enabled ol9_distro_builder +RUN dnf install -y \ + bzip2-devel \ + ca-certificates \ + cmake \ + dnf-plugins-core \ + gcc \ + gcc-c++ \ + git \ + gnutls-devel \ + libjpeg-turbo-devel \ + libpng-devel \ + libtiff-devel \ + make \ + mesa-dri-drivers \ + mesa-libGL-devel \ + openssl-devel \ + openssl-devel \ + patch \ + tigervnc-server \ + wget \ + xorg-x11-font-utils \ + zlib-devel + +# Enable additional repos (epel, powertools, and fusion) +RUN dnf config-manager --set-enabled ol9_codeready_builder +RUN dnf install -y oracle-epel-release-el9 +RUN dnf install -y --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-9.noarch.rpm + +# Install from new repos +RUN dnf install -y \ + giflib-devel \ + lbzip2 \ + libXfont2-devel \ + libxkbfile-devel \ + xorg-x11-server-devel \ + xorg-x11-xtrans-devel \ + libXrandr-devel \ + libXtst-devel \ + libXcursor-devel + +# Additions for webp +RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz +RUN cd /tmp && tar -xzf /tmp/libwebp-* +RUN cd /tmp/libwebp-1.0.2 && \ + ./configure --enable-static --disable-shared && \ + make && make install + +RUN useradd -m docker && echo "docker:docker" | chpasswd + +COPY --chown=docker:docker . /src/ + +USER docker +ENTRYPOINT ["/src/builder/build.sh"] diff --git a/builder/dockerfile.oracle_9.rpm.build b/builder/dockerfile.oracle_9.rpm.build new file mode 100644 index 0000000..50f504d --- /dev/null +++ b/builder/dockerfile.oracle_9.rpm.build @@ -0,0 +1,23 @@ +FROM oraclelinux:9 + +ENV KASMVNC_BUILD_OS oracle +ENV KASMVNC_BUILD_OS_CODENAME 9 + +RUN dnf config-manager --set-enabled ol9_codeready_builder +RUN dnf config-manager --set-enabled ol9_distro_builder +RUN dnf install -y \ + gpg* \ + less \ + redhat-lsb-core \ + rng-tools \ + rpm* \ + rpmlint \ + rsync \ + tree \ + vim + +COPY oracle/kasmvncserver9.spec /tmp + +RUN useradd -m docker && echo "docker:docker" | chpasswd + +USER docker diff --git a/oracle/kasmvncserver9.spec b/oracle/kasmvncserver9.spec new file mode 100644 index 0000000..a74285e --- /dev/null +++ b/oracle/kasmvncserver9.spec @@ -0,0 +1,123 @@ +Name: kasmvncserver +Version: 1.0.0 +Release: 1%{?dist} +Summary: VNC server accessible from a web browser + +License: GPLv2+ +URL: https://github.com/kasmtech/KasmVNC + +BuildRequires: rsync +Requires: xorg-x11-xauth, xkeyboard-config, xorg-x11-server-utils, openssl, perl, perl-Switch, perl-YAML-Tiny, perl-Hash-Merge-Simple, perl-Scalar-List-Utils, perl-List-MoreUtils, perl-Try-Tiny, hostname +Conflicts: tigervnc-server, tigervnc-server-minimal + +%description +KasmVNC provides remote web-based access to a Desktop or application. +While VNC is in the name, KasmVNC differs from other VNC variants such +as TigerVNC, RealVNC, and TurboVNC. KasmVNC has broken from the RFB +specification which defines VNC, in order to support modern technologies +and increase security. KasmVNC is accessed by users from any modern +browser and does not support legacy VNC viewer applications. KasmVNC +uses a modern YAML based configuration at the server and user level, +allowing for ease of management. KasmVNC is maintained by Kasm +Technologies Corp, www.kasmweb.com. + +WARNING: this package requires EPEL and CodeReady builder. + +%prep + +%install +rm -rf $RPM_BUILD_ROOT + +TARGET_OS=$KASMVNC_BUILD_OS +TARGET_OS_CODENAME=$KASMVNC_BUILD_OS_CODENAME +TARBALL=$RPM_SOURCE_DIR/kasmvnc.${TARGET_OS}_${TARGET_OS_CODENAME}.tar.gz +TAR_DATA=$(mktemp -d) +tar -xzf "$TARBALL" -C "$TAR_DATA" + +SRC=$TAR_DATA/usr/local +SRC_BIN=$SRC/bin +DESTDIR=$RPM_BUILD_ROOT +DST_MAN=$DESTDIR/usr/share/man/man1 + +mkdir -p $DESTDIR/usr/bin $DESTDIR/usr/share/man/man1 \ + $DESTDIR/usr/share/doc/kasmvncserver $DESTDIR/usr/lib \ + $DESTDIR/usr/share/perl5 $DESTDIR/etc/kasmvnc +cp $SRC_BIN/Xvnc $DESTDIR/usr/bin; +cp $SRC_BIN/vncserver $DESTDIR/usr/bin; +cp -a $SRC_BIN/KasmVNC $DESTDIR/usr/share/perl5 +cp $SRC_BIN/vncconfig $DESTDIR/usr/bin; +cp $SRC_BIN/kasmvncpasswd $DESTDIR/usr/bin; +cp $SRC_BIN/kasmxproxy $DESTDIR/usr/bin; +cp -r $SRC/lib/kasmvnc/ $DESTDIR/usr/lib/kasmvncserver +cd $DESTDIR/usr/bin && ln -s kasmvncpasswd vncpasswd; +cp -r $SRC/share/doc/kasmvnc*/* $DESTDIR/usr/share/doc/kasmvncserver/ +rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \ + --exclude www/utils/ --exclude .eslintrc --exclude configure \ + $SRC/share/kasmvnc $DESTDIR/usr/share + +sed -i -e 's!pem_certificate: .\+$!pem_certificate: /etc/pki/tls/private/kasmvnc.pem!' \ + $DESTDIR/usr/share/kasmvnc/kasmvnc_defaults.yaml +sed -i -e 's!pem_key: .\+$!pem_key: /etc/pki/tls/private/kasmvnc.pem!' \ + $DESTDIR/usr/share/kasmvnc/kasmvnc_defaults.yaml +sed -e 's/^\([^#]\)/# \1/' $DESTDIR/usr/share/kasmvnc/kasmvnc_defaults.yaml > \ + $DESTDIR/etc/kasmvnc/kasmvnc.yaml +cp $SRC/man/man1/Xvnc.1 $DESTDIR/usr/share/man/man1/; +cp $SRC/share/man/man1/vncserver.1 $DST_MAN; +cp $SRC/share/man/man1/vncconfig.1 $DST_MAN; +cp $SRC/share/man/man1/vncpasswd.1 $DST_MAN; +cp $SRC/share/man/man1/kasmxproxy.1 $DST_MAN; +cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1; + + +%files +%config(noreplace) /etc/kasmvnc + +/usr/bin/* +/usr/lib/kasmvncserver +/usr/share/man/man1/* +/usr/share/perl5/KasmVNC +/usr/share/kasmvnc + +%license /usr/share/doc/kasmvncserver/LICENSE.TXT +%doc /usr/share/doc/kasmvncserver/README.md + +%changelog +* Tue Nov 29 2022 KasmTech - 1.0.0-1 +- WebRTC UDP transit support with support of STUN servers +- Lossless compression using multi-threaded WASM QOI decoder client side +- New yaml based configuration +- Significantly improved FPS through both client-side and server-side improvements. +- Support for the admin to define arbitrary http response headers for the built in web server +- Support for additional mouse buttons +- Refinement of vncserver checks and user prompts +- Added send_full_frame to developer API, forces full frame to be sent to all connected users that have at least read permission. +* Tue Mar 22 2022 KasmTech - 0.9.3~beta-1 +* Fri Feb 12 2021 KasmTech - 0.9.1~beta-1 +- Initial release of the rpm package. + +%post + kasmvnc_group="kasmvnc-cert" + + create_kasmvnc_group() { + if ! getent group "$kasmvnc_group" >/dev/null; then + groupadd --system "$kasmvnc_group" + fi + } + + make_self_signed_certificate() { + local cert_file=/etc/pki/tls/private/kasmvnc.pem + [ -f "$cert_file" ] && return 0 + + openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ + -keyout "$cert_file" \ + -out "$cert_file" -subj \ + "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none" + chgrp "$kasmvnc_group" "$cert_file" + chmod 640 "$cert_file" + } + + create_kasmvnc_group + make_self_signed_certificate + +%postun + rm -f /etc/pki/tls/private/kasmvnc.pem