Initial Commmit

.dockerignore

@@ -0,0 +1,2 @@
+*
+!src

.gitattributes

@@ -0,0 +1,19 @@
+# Set default behaviour, in case users don't have core.autocrlf set.
+* text=auto
+
+# Explicitly declare text files we want to always be normalized and converted 
+# to native line endings on checkout.
+*.c text
+*.h text
+*.sah text
+*.suite text
+*.inc text
+*.js text
+*.json text
+
+# Declare files that will always have CRLF line endings on checkout.
+*.sln text eol=crlf
+
+# Denote all files that are truly binary and should not be modified.
+*.png binary
+*.jpg binary

.gitignore

@@ -0,0 +1,4 @@
+target
+.idea
+*.iml
+*.log

.gitlab-ci.yml

@@ -0,0 +1,196 @@
+image: docker
+services:
+  - docker:dind
+
+stages:
+  - build
+  - readme
+
+before_script:
+  - docker login --username $DOCKER_HUB_USERNAME --password $DOCKER_HUB_PASSWORD
+  - export SANITIZED_BRANCH="$(echo $CI_COMMIT_REF_NAME | sed -r 's#^release/##' | sed 's/\//_/g')"
+  - export SANITIZED_ROLLING_BRANCH=${SANITIZED_BRANCH}-rolling
+
+# Jobs for the develop and release branches. They should push to the private and public repos
+build_ubuntu_bionic:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-ubuntu-bionic-private:$SANITIZED_BRANCH -t  ${ORG_NAME}/core-ubuntu-bionic-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-ubuntu-bionic:$SANITIZED_BRANCH -t ${ORG_NAME}/core-ubuntu-bionic:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="ubuntu:18.04" --build-arg BG_IMG=bg_bionic.png -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-ubuntu-bionic-private:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-ubuntu-bionic-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-ubuntu-bionic:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-ubuntu-bionic:$SANITIZED_ROLLING_BRANCH
+  only:
+    - develop
+    - /^release\/.*$/
+  except:
+    - schedules
+
+build_cuda_bionic:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-cuda-bionic-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-cuda-bionic-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-cuda-bionic:$SANITIZED_BRANCH -t ${ORG_NAME}/core-cuda-bionic:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="nvidia/cuda:11.3.0-devel-ubuntu18.04" --build-arg BG_IMG=bg_bionic.png  -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-cuda-bionic-private:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-cuda-bionic-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-cuda-bionic:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-cuda-bionic:$SANITIZED_ROLLING_BRANCH
+  only:
+    - develop
+    - /^release\/.*$/
+  except:
+    - schedules
+
+build_remnux_bionic:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-remnux-bionic-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-remnux-bionic-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-remnux-bionic:$SANITIZED_BRANCH -t ${ORG_NAME}/core-remnux-bionic:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="remnux/remnux-distro:bionic" --build-arg START_XFCE4=1  --build-arg BG_IMG=bg_remnux.png --build-arg EXTRA_SH=remnux.sh  -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-remnux-bionic-private:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-remnux-bionic-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-remnux-bionic:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-remnux-bionic:$SANITIZED_ROLLING_BRANCH
+  only:
+    - develop
+    - /^release\/.*$/
+  except:
+    - schedules
+
+build_kali_rolling:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-kali-rolling-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-kali-rolling-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-kali-rolling:$SANITIZED_BRANCH -t ${ORG_NAME}/core-kali-rolling:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="kalilinux/kali-rolling:latest" --build-arg START_PULSEAUDIO="1" --build-arg EXTRA_SH="kali.sh"  --build-arg DISTRO="kali"  --build-arg LANG="" --build-arg LANGUAGE=""  --build-arg LC_ALL=""   -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-kali-rolling-private:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-kali-rolling-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-kali-rolling:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-kali-rolling:$SANITIZED_ROLLING_BRANCH
+  only:
+    - develop
+    - /^release\/.*$/
+  except:
+    - schedules
+
+build_centos:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-centos-7-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-centos-7-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-centos-7:$SANITIZED_BRANCH -t ${ORG_NAME}/core-centos-7:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="centos:centos7" --build-arg START_PULSEAUDIO="1" --build-arg START_XFCE4=1 --build-arg DISTRO="centos" --build-arg LANG="" --build-arg LANGUAGE="" --build-arg LC_ALL=""  -f dockerfile-kasm-core-centos .
+    - docker push ${ORG_NAME}/core-centos-7-private:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-centos-7-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-centos-7:$SANITIZED_BRANCH
+    - docker push ${ORG_NAME}/core-centos-7:$SANITIZED_ROLLING_BRANCH
+  only:
+    - develop
+    - /^release\/.*$/
+  except:
+    - schedules
+
+
+# These jobs should run on the feature/bugfix branches - anything that is not the develop or release branches. It should only push images to the private repos
+build_ubuntu_bionic_dev:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-ubuntu-bionic-private:$SANITIZED_BRANCH --build-arg BASE_IMAGE="ubuntu:18.04" --build-arg BG_IMG=bg_bionic.png -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-ubuntu-bionic-private:$SANITIZED_BRANCH
+  except:
+    - develop
+    - /^release\/.*$/
+
+
+build_cuda_bionic_dev:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-cuda-bionic-private:$SANITIZED_BRANCH --build-arg BASE_IMAGE="nvidia/cuda:11.3.0-devel-ubuntu18.04" --build-arg BG_IMG=bg_bionic.png  -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-cuda-bionic-private:$SANITIZED_BRANCH
+  except:
+    - develop
+    - /^release\/.*$/
+
+build_remnux_bionic_dev:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-remnux-bionic-private:$SANITIZED_BRANCH --build-arg BASE_IMAGE="remnux/remnux-distro:bionic" --build-arg START_XFCE4=1 --build-arg BG_IMG=bg_remnux.png --build-arg EXTRA_SH=remnux.sh -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-remnux-bionic-private:$SANITIZED_BRANCH
+  except:
+    - develop
+    - /^release\/.*$/
+
+build_kali_rolling_dev:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-kali-rolling-private:$SANITIZED_BRANCH --build-arg BASE_IMAGE="kalilinux/kali-rolling:latest" --build-arg START_PULSEAUDIO="1" --build-arg EXTRA_SH="kali.sh"  --build-arg DISTRO="kali"  --build-arg LANG="" --build-arg LANGUAGE="" --build-arg LC_ALL=""  -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-kali-rolling-private:$SANITIZED_BRANCH
+  except:
+    - develop
+    - /^release\/.*$/
+
+build_centos_dev:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-centos-7-private:$SANITIZED_BRANCH --build-arg BASE_IMAGE="centos:centos7" --build-arg START_PULSEAUDIO="1" --build-arg START_XFCE4=1 --build-arg DISTRO="centos"  --build-arg LANG="" --build-arg LANGUAGE="" --build-arg LC_ALL=""  -f dockerfile-kasm-core-centos .
+    - docker push ${ORG_NAME}/core-centos-7-private:$SANITIZED_BRANCH
+  except:
+    - develop
+    - /^release\/.*$/
+
+# These jobs are for the "rolling" release of the images. They should only run for scheduled jobs and should only push the rolling tags
+build_ubuntu_bionic_scheduled:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-ubuntu-bionic-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-ubuntu-bionic:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="ubuntu:18.04" --build-arg BG_IMG=bg_bionic.png -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-ubuntu-bionic-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-ubuntu-bionic:$SANITIZED_ROLLING_BRANCH
+  only:
+    - schedules
+
+build_cuda_bionic_schedules:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-cuda-bionic-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-cuda-bionic:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="nvidia/cuda:11.3.0-devel-ubuntu18.04" --build-arg BG_IMG=bg_bionic.png  -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-cuda-bionic-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-cuda-bionic:$SANITIZED_ROLLING_BRANCH
+  only:
+    - schedules
+
+build_remnux_bionic_schedules:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-remnux-bionic-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-remnux-bionic:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="remnux/remnux-distro:bionic" --build-arg START_XFCE4=1 --build-arg BG_IMG=bg_remnux.png --build-arg EXTRA_SH=remnux.sh -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-remnux-bionic-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-remnux-bionic:$SANITIZED_ROLLING_BRANCH
+  only:
+    - schedules
+
+build_kali_rolling_schedules:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-kali-rolling-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-kali-rolling:$SANITIZED_ROLLING_BRANCH  --build-arg BASE_IMAGE="kalilinux/kali-rolling:latest" --build-arg START_PULSEAUDIO="1" --build-arg EXTRA_SH="kali.sh"  --build-arg DISTRO="kali"  --build-arg LANG="" --build-arg LANGUAGE="" --build-arg LC_ALL=""  -f dockerfile-kasm-core .
+    - docker push ${ORG_NAME}/core-kali-rolling-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-kali-rolling:$SANITIZED_ROLLING_BRANCH
+  only:
+    - schedules
+
+build_centos_schedules:
+  stage: build
+  script:
+    - docker build -t ${ORG_NAME}/core-centos-7-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-centos-7:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="centos:centos7" --build-arg START_PULSEAUDIO="1" --build-arg START_XFCE4=1 --build-arg DISTRO="centos"  --build-arg LANG="" --build-arg LANGUAGE="" --build-arg LC_ALL=""  -f dockerfile-kasm-core-centos .
+    - docker push ${ORG_NAME}/core-centos-7-private:$SANITIZED_ROLLING_BRANCH
+    - docker push ${ORG_NAME}/core-centos-7:$SANITIZED_ROLLING_BRANCH
+  only:
+    - schedules
+
+
+update_readmes:
+  stage: readme
+  script:
+    - apk add git
+    - git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@${README_TEMPLATE_REPO}
+    - sed -e "/{about}/r docs/$KASM_IMAGE/README.md" -e "/{about}/d" dockerhub-readme-template/TEMPLATE.md > docs/$KASM_IMAGE/FULL_README.md
+    - cat docs/$KASM_IMAGE/FULL_README.md
+    - docker run -v $PWD:/workspace -e DOCKER_USERNAME="$README_USERNAME" -e DOCKER_PASSWORD="$README_PASSWORD" -e DOCKERHUB_REPOSITORY="${ORG_NAME}/$KASM_IMAGE-private" -e README_FILEPATH="/workspace/docs/$KASM_IMAGE/FULL_README.md" -e DESCRIPTION_FILEPATH="/workspace/docs/$KASM_IMAGE/description.txt"  kasmweb/dockerhub-updater:latest
+    - docker run -v $PWD:/workspace -e DOCKER_USERNAME="$README_USERNAME" -e DOCKER_PASSWORD="$README_PASSWORD" -e DOCKERHUB_REPOSITORY="${ORG_NAME}/$KASM_IMAGE" -e README_FILEPATH="/workspace/docs/$KASM_IMAGE/FULL_README.md" -e DESCRIPTION_FILEPATH="/workspace/docs/$KASM_IMAGE/description.txt"  kasmweb/dockerhub-updater:latest
+
+  only:
+    variables:
+      - $README_USERNAME
+      - $README_PASSWORD
+  parallel:
+    matrix:
+      - KASM_IMAGE: [core-centos-7, core-kali-rolling, core-remnux-bionic, core-cuda-bionic, core-ubuntu-bionic]

README.md

@@ -0,0 +1,34 @@
+![Logo][logo]
+# Workspaces Core Images
+This repository contains the base or **"Core"** images from which all other Workspaces images are derived.
+These images are based off popular linux distributions and container the wiring necessary to work within the Kasm platform.
+
+While these image are primarily built to run inside the Kasm platform, it can also be executed manually.  Please note that certain functionality, such as audio, uploads, downloads, and microphone passthrough are only available within the Kasm platform.
+
+```
+sudo docker run --rm  -it --shm-size=512m -p 6901:6901 -e VNC_PW=password kasmweb/<image>:<tag>
+```
+
+The container is now accessible via a browser : `https://<IP>:6901`
+
+ - **User** : `kasm_user`
+ - **Password**: `password`
+
+
+For more information about building custom images please review the  [**How To Guide**](https://kasmweb.com/docs/latest/how_to/building_images.html?utm_campaign=Github&utm_source=github)
+
+The Kasm team publishes applications and desktop images for use inside the platform. More information, including source can be found in the [Default Images List](https://kasmweb.com/docs/latest/guide/custom_images.html?utm_campaign=Github&utm_source=github)
+
+# About Workspaces
+Kasm Workspaces is a docker container streaming platform that enables you to deliver browser-based access to desktops, applications, and web services. Kasm uses a modern DevOps approach for programmatic delivery of services via Containerized Desktop Infrastructure (CDI) technology to create on-demand, disposable, docker containers that are accessible via web browser. The rendering of the graphical-based containers is powered by the open-source project   [**KasmVNC**](https://github.com/kasmtech/KasmVNC?utm_campaign=Github&utm_source=github)
+
+![Screenshot][Kasm_Workflow]
+
+Kasm Workspaces was developed to meet the most demanding secure collaboration requirements that is highly scalable, customizable, and easy to maintain.  Most importantly, Kasm provides a solution, rather than a service, so it is infinitely customizable to your unique requirements and includes a developer API so that it can be integrated with, rather than replace, your existing applications and workflows. Kasm can be deployed in the cloud (Public or Private), on-premise (Including Air-Gapped Networks), or in a hybrid configuration.
+
+# Live Demo
+A self-guided on-demand demo is available at [**kasmweb.com**](https://www.kasmweb.com/demo.html?utm_campaign=Github&utm_source=github)
+
+
+[logo]: https://cdn2.hubspot.net/hubfs/5856039/dockerhub/kasm_logo.png "Kasm Logo"
+[Kasm_Workflow]: https://cdn2.hubspot.net/hubfs/5856039/dockerhub/kasm_workflow_1440.gif "Kasm Workflow"

dockerfile-kasm-core

@@ -0,0 +1,162 @@
+ARG BASE_IMAGE="ubuntu:18.04"
+FROM $BASE_IMAGE AS install_tools
+ARG DISTRO=ubuntu
+
+### Install common tools
+
+COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
+RUN bash $INST_SCRIPTS/tools/install_tools.sh && rm -rf $INST_SCRIPTS/tools/
+
+FROM install_tools AS squid_builder
+
+### Build Squid
+RUN wget 'https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/a590f319f328a8a576cb966c2db5ec4a5b3b7b9b/output/kasm-squid-builder_ubuntu.tar.gz'
+RUN tar -xzf kasm-squid-builder_ubuntu.tar.gz -C /
+
+FROM install_tools
+
+MAINTAINER Kasm Tech "info@kasmweb.com"
+LABEL "com.kasmweb.image"="true"
+
+### Environment config
+ARG START_XFCE4=0
+ARG START_PULSEAUDIO=0
+ARG BG_IMG=bg_kasm.png
+ARG EXTRA_SH=noop.sh
+ARG DISTRO=ubuntu
+ARG LANG='en_US.UTF-8'
+ARG LANGUAGE='en_US:en'
+ARG LC_ALL='en_US.UTF-8'
+ENV DISPLAY=:1 \
+    VNC_PORT=5901 \
+    NO_VNC_PORT=6901 \
+    VNC_PORT=5901 \
+    AUDIO_PORT=4901 \
+    VNC_RESOLUTION=1280x720 \
+    MAX_FRAME_RATE=24 \
+    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7 -DLP_ClipDelay=0" \
+    HOME=/home/kasm-default-profile \
+    TERM=xterm \
+    STARTUPDIR=/dockerstartup \
+    INST_SCRIPTS=/dockerstartup/install \
+    KASM_VNC_PATH=/usr/share/kasmvnc \
+    DEBIAN_FRONTEND=noninteractive \
+    VNC_COL_DEPTH=24 \
+    VNC_RESOLUTION=1280x1024 \
+    VNC_PW=vncpassword \
+    VNC_VIEW_ONLY_PW=vncviewonlypassword \
+    LD_LIBRARY_PATH=/usr/local/lib/ \
+    OMP_WAIT_POLICY=PASSIVE \
+    SHELL=/bin/bash \
+    START_XFCE4=$START_XFCE4 \
+    START_PULSEAUDIO=$START_PULSEAUDIO \
+    LANG=$LANG \
+    LANGUAGE=$LANGUAGE \
+    LC_ALL=$LC_ALL
+
+EXPOSE $VNC_PORT \
+       $NO_VNC_PORT \
+       $UPLOAD_PORT \
+       $AUDIO_PORT
+
+WORKDIR $HOME
+RUN mkdir -p $HOME/Desktop
+
+
+### Install custom fonts
+COPY ./src/ubuntu/install/fonts $INST_SCRIPTS/fonts/
+RUN bash $INST_SCRIPTS/fonts/install_custom_fonts.sh && rm -rf $INST_SCRIPTS/fonts/
+
+### Install xfce UI
+COPY ./src/ubuntu/install/xfce $INST_SCRIPTS/xfce/
+RUN bash $INST_SCRIPTS/xfce/install_xfce_ui.sh && rm -rf $INST_SCRIPTS/xfce/
+ADD ./src/$DISTRO/xfce/.config/ $HOME/.config/
+RUN mkdir -p /usr/share/extra/backgrounds/
+RUN mkdir -p /usr/share/extra/icons/
+ADD /src/common/resources/images/bg_kasm.png  /usr/share/extra/backgrounds/bg_kasm.png
+ADD /src/common/resources/images/$BG_IMG  /usr/share/extra/backgrounds/bg_default.png
+ADD /src/common/resources/images/icon_ubuntu.png /usr/share/extra/icons/icon_ubuntu.png
+ADD /src/common/resources/images/icon_ubuntu.png /usr/share/extra/icons/icon_default.png
+ADD /src/common/resources/images/icon_kasm.png /usr/share/extra/icons/icon_kasm.png
+
+ADD ./src/common/xfce/window_manager_startup.sh $STARTUPDIR
+
+### Install kasm_vnc dependencies and binaries
+COPY ./src/ubuntu/install/kasm_vnc $INST_SCRIPTS/kasm_vnc/
+RUN bash $INST_SCRIPTS/kasm_vnc/install_kasm_vnc.sh && rm -rf $INST_SCRIPTS/kasm_vnc/
+
+### Install Kasm Upload Server
+COPY ./src/ubuntu/install/kasm_upload_server $INST_SCRIPTS/kasm_upload_server/
+RUN bash $INST_SCRIPTS/kasm_upload_server/install_kasm_upload_server.sh  && rm -rf $INST_SCRIPTS/kasm_upload_server/
+
+
+### Install Audio
+COPY ./src/ubuntu/install/audio $INST_SCRIPTS/audio/
+RUN bash $INST_SCRIPTS/audio/install_audio.sh  && rm -rf $INST_SCRIPTS/audio/
+
+### Install Audio Input
+COPY ./src/ubuntu/install/audio_input $INST_SCRIPTS/audio_input/
+RUN bash $INST_SCRIPTS/audio_input/install_audio_input.sh && rm -rf $INST_SCRIPTS/audio_input/
+
+### Copy built Squid
+COPY --from=squid_builder /usr/local/squid /usr/local/squid
+
+### Install Squid
+COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/
+RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/
+COPY ./src/ubuntu/install/squid/resources/*.conf /etc/squid/
+COPY ./src/ubuntu/install/squid/resources/start_squid.sh /etc/squid/start_squid.sh
+COPY ./src/ubuntu/install/squid/resources/SN.png /usr/local/squid/share/icons/SN.png
+RUN chown proxy:proxy /usr/local/squid/share/icons/SN.png
+COPY ./src/ubuntu/install/squid/resources/error_message/access_denied.html /usr/local/squid/share/errors/en/ERR_ACCESS_DENIED
+RUN chown proxy:proxy /usr/local/squid/share/errors/en/ERR_ACCESS_DENIED
+RUN rm -rf $INST_SCRIPTS/resources/
+
+RUN chmod +x /etc/squid/kasm_squid_adapter
+RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
+
+### Setup Container User - Libnss Wrapper
+COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/
+RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh  && rm -rf $INST_SCRIPTS/libnss/
+
+### configure startup
+COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
+ADD ./src/common/startup_scripts $STARTUPDIR
+RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME
+
+
+### extra configurations needed per distro variant
+COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
+RUN bash $INST_SCRIPTS/extra/$EXTRA_SH  && rm -rf $INST_SCRIPTS/extra/
+
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+### FIX PERMISSIONS ## Objective is to change the owner of non-home paths to root, remove write permissions, and set execute where required
+# these files are created on container first exec, by the default user, so we have to create them since default will not have write perm
+RUN touch $STARTUPDIR/wm.log \
+    && touch $STARTUPDIR/window_manager_startup.log \
+    && touch $STARTUPDIR/vnc_startup.log \
+    && touch $STARTUPDIR/no_vnc_startup.log \
+    && chown -R root:root $STARTUPDIR \
+    && find $STARTUPDIR -type d -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -exec chmod 644 {} \; \
+    && find $STARTUPDIR -type f -iname "*.sh" -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -iname "*.py" -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -iname "*.rb" -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -iname "*.pl" -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -iname "*.log" -exec chmod 666 {} \; \
+    && chmod 755 $STARTUPDIR/upload_server/kasm_upload_server \
+    && chmod 755 $STARTUPDIR/audio_input/kasm_audio_input_server \
+    && chmod 755 $STARTUPDIR/generate_container_user \
+    && chmod +x $STARTUPDIR/jsmpeg/kasm_audio_out-linux \
+    && rm -rf $STARTUPDIR/install \
+    && mkdir -p $STARTUPDIR/kasmrx/Downloads \
+    && chown 1000:1000 $STARTUPDIR/kasmrx/Downloads \
+    && chown -R root:root /usr/local/bin
+
+USER 1000
+
+ENTRYPOINT ["/dockerstartup/kasm_default_profile.sh", "/dockerstartup/vnc_startup.sh", "/dockerstartup/kasm_startup.sh"]
+CMD ["--wait"]

dockerfile-kasm-core-centos

@@ -0,0 +1,164 @@
+ARG BASE_IMAGE="centos:centos7"
+
+FROM $BASE_IMAGE AS install_tools
+ARG DISTRO=centos
+
+### Install common tools
+
+COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
+RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/"
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
+
+FROM install_tools AS squid_builder
+
+RUN wget --progress=dot:giga 'https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/a590f319f328a8a576cb966c2db5ec4a5b3b7b9b/output/kasm-squid-builder_centos.tar.gz'
+RUN tar -xzf kasm-squid-builder_centos.tar.gz -C /
+
+FROM install_tools
+
+MAINTAINER Kasm Tech "info@kasmweb.com"
+LABEL "com.kasmweb.image"="true"
+
+### Environment config
+ARG START_XFCE4=0
+ARG START_PULSEAUDIO=0
+ARG BG_IMG=bg_centos.png
+ARG EXTRA_SH=noop.sh
+ARG DISTRO=centos
+ARG LANG='en_US.UTF-8'
+ARG LANGUAGE='en_US:en'
+ARG LC_ALL='en_US.UTF-8'
+ENV DISPLAY=:1 \
+    VNC_PORT=5901 \
+    NO_VNC_PORT=6901 \
+    VNC_PORT=5901 \
+    AUDIO_PORT=4901 \
+    VNC_RESOLUTION=1280x720 \
+    MAX_FRAME_RATE=24 \
+    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7 -DLP_ClipDelay=0" \
+    HOME=/home/kasm-default-profile \
+    TERM=xterm \
+    STARTUPDIR=/dockerstartup \
+    INST_SCRIPTS=/dockerstartup/install \
+    KASM_VNC_PATH=/usr/share/kasmvnc \
+    DEBIAN_FRONTEND=noninteractive \
+    VNC_COL_DEPTH=24 \
+    VNC_RESOLUTION=1280x1024 \
+    VNC_PW=vncpassword \
+    VNC_VIEW_ONLY_PW=vncviewonlypassword \
+    LD_LIBRARY_PATH=/usr/local/lib/ \
+    OMP_WAIT_POLICY=PASSIVE \
+    SHELL=/bin/bash \
+    START_XFCE4=$START_XFCE4 \
+    START_PULSEAUDIO=$START_PULSEAUDIO \
+    LANG=$LANG \
+    LANGUAGE=$LANGUAGE \
+    LC_ALL=$LC_ALL \
+    SINGLE_APPLICATION=0
+
+EXPOSE $VNC_PORT \
+       $NO_VNC_PORT \
+       $UPLOAD_PORT \
+       $AUDIO_PORT
+
+WORKDIR $HOME
+RUN mkdir -p $HOME/Desktop
+
+### Ensure all needed packages are installed.
+### Consider "yum install -y gettext nss_wraper". There's a typo in nss_wraper
+### (should be nss_wrapper), and yum would just ignore it. Thus, a necessary
+### package would be missing. With skip_missing_names_on_install, yum will exit
+### with 1 exit code and that will stop image building.
+RUN yum-config-manager --setopt=skip_missing_names_on_install=False --save
+
+### Install custom fonts
+COPY ./src/ubuntu/install/fonts $INST_SCRIPTS/fonts/
+RUN bash $INST_SCRIPTS/fonts/install_custom_fonts.sh && rm -rf $INST_SCRIPTS/fonts/
+
+### Install xfce UI
+COPY ./src/ubuntu/install/xfce $INST_SCRIPTS/xfce/
+RUN bash $INST_SCRIPTS/xfce/install_xfce_ui.sh && rm -rf $INST_SCRIPTS/xfce/
+COPY ./src/$DISTRO/xfce/.config/ $HOME/.config/
+COPY /src/common/resources/images/bg_kasm.png /usr/share/backgrounds/bg_kasm.png
+COPY /src/common/resources/images/$BG_IMG /usr/share/backgrounds/bg_default.png
+COPY ./src/common/xfce/window_manager_startup.sh $STARTUPDIR
+
+### Install kasm_vnc dependencies and binaries
+COPY ./src/ubuntu/install/kasm_vnc $INST_SCRIPTS/kasm_vnc/
+RUN bash $INST_SCRIPTS/kasm_vnc/install_kasm_vnc.sh && rm -rf $INST_SCRIPTS/kasm_vnc/
+
+### Install Kasm Upload Server
+COPY ./src/ubuntu/install/kasm_upload_server $INST_SCRIPTS/kasm_upload_server/
+RUN bash $INST_SCRIPTS/kasm_upload_server/install_kasm_upload_server.sh  && rm -rf $INST_SCRIPTS/kasm_upload_server/
+
+
+### Install Audio
+COPY ./src/ubuntu/install/audio $INST_SCRIPTS/audio/
+RUN bash $INST_SCRIPTS/audio/install_audio.sh  && rm -rf $INST_SCRIPTS/audio/
+
+### Install Audio Input
+COPY ./src/ubuntu/install/audio_input $INST_SCRIPTS/audio_input/
+RUN bash $INST_SCRIPTS/audio_input/install_audio_input.sh && rm -rf $INST_SCRIPTS/audio_input/
+
+### Copy built Squid
+COPY --from=squid_builder /usr/local/squid /usr/local/squid
+
+### Install Squid
+COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/
+RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/
+COPY ./src/ubuntu/install/squid/resources/*.conf /etc/squid/
+COPY ./src/ubuntu/install/squid/resources/start_squid.sh /etc/squid/start_squid.sh
+COPY ./src/ubuntu/install/squid/resources/SN.png /usr/local/squid/share/icons/SN.png
+RUN chown proxy:proxy /usr/local/squid/share/icons/SN.png
+COPY ./src/ubuntu/install/squid/resources/error_message/access_denied.html /usr/local/squid/share/errors/en/ERR_ACCESS_DENIED
+RUN chown proxy:proxy /usr/local/squid/share/errors/en/ERR_ACCESS_DENIED
+RUN rm -rf "$INST_SCRIPTS/resources/"
+
+RUN chmod +x /etc/squid/kasm_squid_adapter
+RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
+
+### Setup Container User - Libnss Wrapper
+COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/
+RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh  && rm -rf $INST_SCRIPTS/libnss/
+
+### configure startup
+COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
+COPY ./src/common/startup_scripts $STARTUPDIR
+RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME
+
+
+### extra configurations needed per distro variant
+COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
+RUN bash $INST_SCRIPTS/extra/$EXTRA_SH  && rm -rf $INST_SCRIPTS/extra/
+
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+### FIX PERMISSIONS ## Objective is to change the owner of non-home paths to root, remove write permissions, and set execute where required
+# these files are created on container first exec, by the default user, so we have to create them since default will not have write perm
+RUN touch $STARTUPDIR/wm.log \
+    && touch $STARTUPDIR/window_manager_startup.log \
+    && touch $STARTUPDIR/vnc_startup.log \
+    && touch $STARTUPDIR/no_vnc_startup.log \
+    && chown -R root:root $STARTUPDIR \
+    && find $STARTUPDIR -type d -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -exec chmod 644 {} \; \
+    && find $STARTUPDIR -type f -iname "*.sh" -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -iname "*.py" -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -iname "*.rb" -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -iname "*.pl" -exec chmod 755 {} \; \
+    && find $STARTUPDIR -type f -iname "*.log" -exec chmod 666 {} \; \
+    && chmod 755 $STARTUPDIR/upload_server/kasm_upload_server \
+    && chmod 755 $STARTUPDIR/audio_input/kasm_audio_input_server \
+    && chmod 755 $STARTUPDIR/generate_container_user \
+    && chmod +x $STARTUPDIR/jsmpeg/kasm_audio_out-linux \
+    && rm -rf $STARTUPDIR/install \
+    && mkdir -p $STARTUPDIR/kasmrx/Downloads \
+    && chown 1000:1000 $STARTUPDIR/kasmrx/Downloads \
+    && chown -R root:root /usr/local/bin
+
+USER 1000
+
+ENTRYPOINT ["/dockerstartup/kasm_default_profile.sh", "/dockerstartup/vnc_startup.sh", "/dockerstartup/kasm_startup.sh"]
+CMD ["--wait"]

docs/core-centos-7/README.md

@@ -0,0 +1,7 @@
+# About This Image
+
+This Image contains a browser-accessible CentOS 7 with XFCE desktop environment.
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/image-screenshots/core-centos-7.png "Image Screenshot"

docs/core-centos-7/description.txt

@@ -0,0 +1 @@
+CentOS 7 base image for Kasm Workspaces

docs/core-cuda-bionic/README.md

@@ -0,0 +1,7 @@
+# About This Image
+
+This image contains a browser-accessible version of Ubuntu Bionic including the CUDA toolkit.
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/image-screenshots/core-cuda-bionic.png "Image Screenshot"

docs/core-cuda-bionic/description.txt

@@ -0,0 +1 @@
+CUDA toolkit base image for Kasm Workspaces

docs/core-kali-rolling/README.md

@@ -0,0 +1,7 @@
+# About This Image
+
+This image contains a browser-accessible version of Kali Linux. It comes pre-installed with the kali-linux-default Metapage
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/image-screenshots/core-kali-rolling.png "Image Screenshot"

docs/core-kali-rolling/description.txt

@@ -0,0 +1 @@
+Kali Rolling XFCE Desktop With Default Tools Metapackage

docs/core-remnux-bionic/README.md

@@ -0,0 +1,7 @@
+# About This Image
+
+This image contains a browser-accessible version of REMnux.
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/image-screenshots/core-remnux-bionic.png "Image Screenshot"

docs/core-remnux-bionic/description.txt

@@ -0,0 +1 @@
+REMnux base image for Kasm Workspaces

docs/core-ubuntu-bionic/README.md

@@ -0,0 +1,7 @@
+# About This Image
+
+This image contains a browser-accessible version of Ubuntu Bionic.
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/image-screenshots/core-ubuntu-bionic.png "Image Screenshot"

docs/core-ubuntu-bionic/description.txt

@@ -0,0 +1 @@
+Ubuntu Bionic base image for Kasm Workspaces

src/centos/xfce/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-desktop" version="1.0">
+  <property name="backdrop" type="empty">
+    <property name="screen0" type="empty">
+      <property name="monitor0" type="empty">
+        <property name="workspace0" type="empty">
+          <property name="color-style" type="int" value="0"/>
+          <property name="image-style" type="int" value="5"/>
+          <property name="last-image" type="string" value="/usr/share/backgrounds/bg_default.png"/>
+        </property>
+      </property>
+      <property name="monitorVNC-0" type="empty">
+        <property name="workspace0" type="empty">
+          <property name="color-style" type="int" value="2"/>
+          <property name="image-style" type="int" value="5"/>
+          <property name="last-image" type="string" value="/usr/share/backgrounds/bg_default.png"/>
+        </property>
+      </property>
+    </property>
+  </property>
+  <property name="last" type="empty">
+    <property name="window-width" type="int" value="1280"/>
+    <property name="window-height" type="int" value="1024"/>
+  </property>
+  <property name="desktop-icons" type="empty">
+    <property name="file-icons" type="empty">
+      <property name="show-filesystem" type="bool" value="false"/>
+      <property name="show-home" type="bool" value="false"/>
+      <property name="show-trash" type="bool" value="false"/>
+    </property>
+  </property>
+</channel>

src/centos/xfce/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-panel" version="1.0">
+  <property name="configver" type="int" value="2"/>
+  <property name="panels" type="array">
+    <value type="int" value="1"/>
+    <property name="panel-1" type="empty">
+      <property name="position" type="string" value="p=6;x=0;y=0"/>
+      <property name="length" type="uint" value="100"/>
+      <property name="position-locked" type="bool" value="true"/>
+      <property name="size" type="uint" value="30"/>
+      <property name="plugin-ids" type="array">
+        <value type="int" value="1"/>
+        <value type="int" value="3"/>
+        <value type="int" value="15"/>
+        <value type="int" value="2"/>
+        <value type="int" value="4"/>
+      </property>
+    </property>
+  </property>
+  <property name="plugins" type="empty">
+    <property name="plugin-1" type="string" value="applicationsmenu">
+      <property name="button-icon" type="string" value="/usr/share/icons/hicolor/256x256/apps/fedora-logo-icon.png"/>
+    </property>
+    <property name="plugin-3" type="string" value="tasklist"/>
+    <property name="plugin-15" type="string" value="separator">
+      <property name="expand" type="bool" value="true"/>
+      <property name="style" type="uint" value="0"/>
+    </property>
+    <property name="plugin-4" type="string" value="pager"/>
+    <property name="plugin-6" type="string" value="systray"/>
+    <property name="plugin-7" type="string" value="showdesktop"/>
+    <property name="plugin-8" type="string" value="separator"/>
+    <property name="plugin-9" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="14413071971.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-10" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="14413071972.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-11" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="14413071973.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-12" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="14413071974.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-13" type="string" value="separator"/>
+    <property name="plugin-14" type="string" value="directorymenu">
+      <property name="base-directory" type="string" value="/root"/>
+    </property>
+    <property name="plugin-2" type="string" value="systray"/>
+  </property>
+</channel>

src/common/install/profile_sync/kasm_background_profile_sync.sh

@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+set -x
+
+source $STARTUPDIR/generate_container_user
+
+LOCK_FILE=/tmp/.kasm_profile_sync.lock
+KASM_BACKGROUND_SYNC_TIMER="${KASM_BACKGROUND_SYNC_TIMER:-30}"
+KASM_BACKGROUND_SYNC_ERROR_BACKOFF="${KASM_BACKGROUND_SYNC_ERROR_BACKOFF:-60}"
+KASM_BACKGROUND_SYNC_CONN_TIMEOUT="${KASM_BACKGROUND_SYNC_CONN_TIMEOUT:-10}"
+KASM_BACKGROUND_SYNC_TIMEOUT="${KASM_BACKGROUND_SYNC_TIMEOUT:-120}"
+
+title="Kasm Background Profile Synchronization"
+error=false
+sync_error=false
+
+
+function unison_sync_stop {
+    echo "Checking For Stop Signal"
+    msg="Stop Background Sync Message Received. Exiting"
+    test -f /tmp/unison-stop && notify-send -u critical -t 0 -i /usr/share/icons/ubuntu-mono-dark/apps/22/gtg-panel.svg "$title : $(date)" "$msg" && rm /tmp/unison-stop && exit 0  || return 0
+}
+
+function unison_sync {
+    echo "Executing Unison Sync"
+    touch $LOCK_FILE
+    OUT=$(timeout --signal=KILL $KASM_BACKGROUND_SYNC_TIMEOUT unison kasm-profile -silent)
+    #FIXME -can we catch the timeout error code
+    case $? in
+        0)
+            msg="Kasm Profile Sync Successful"
+            echo $msg
+            if [ "$error" = true ] ; then
+                notify-send -u critical -t 0 -i /usr/share/icons/ubuntu-mono-dark/apps/22/gtg-panel.svg "$title : $(date)" "$msg"
+            fi
+            error=false
+
+            ;;
+        1)
+            echo  "all file transfers were successful; some files were skipped. $OUT"
+            ;;
+        2)
+            echo "non-fatal failures during file transfer. $OUT"
+            ;;
+        3)
+            msg="Fatal error occurred during profile sync. If the problem persists please contact an Administrator. $OUT"
+            echo $msg
+            if [ "$error" = false ] ; then
+                notify-send -u critical -t 0 -i /usr/share/icons/ubuntu-mono-dark/apps/22/dropboxstatus-x.svg "$title : $(date)" "$msg"
+            fi
+            error=true
+            ;;
+        *)
+            msg="unknown exit code occurred during profile sync. If the problem persists please contact an Administrator. $OUT"
+            echo $msg
+            if [ "$error" = false ] ; then
+                notify-send -u critical -t 0 -i /usr/share/icons/ubuntu-mono-dark/apps/22/dropboxstatus-x.svg "$title : $(date)" "$msg"
+            fi
+            error=true
+            ;;
+    esac
+    rm -f $LOCK_FILE
+}
+
+function test_fs_access {
+    echo "Testing Sync Directory Acccess"
+    OUT=$(timeout --signal=KILL $KASM_BACKGROUND_SYNC_CONN_TIMEOUT ls -d /kasm_profile_sync/)
+
+    case $? in
+        0)
+            msg="Sync directory access successful"
+            echo $msg
+            unison_sync
+            echo "Sleeping $KASM_BACKGROUND_SYNC_TIMER"
+            sleep $KASM_BACKGROUND_SYNC_TIMER
+            ;;
+
+        *)
+
+            msg="Unable to access profile sync directory. If the problem persists please contact an Administrator. $OUT"
+            echo $msg
+            if [ "$error" = false ] ; then
+                notify-send -u critical -t 0 -i /usr/share/icons/ubuntu-mono-dark/apps/22/dropboxstatus-x.svg "$title : $(date)" "$msg"
+            fi
+            error=true
+            echo "Sleeping $KASM_BACKGROUND_SYNC_ERROR_BACKOFF"
+            sleep $KASM_BACKGROUND_SYNC_ERROR_BACKOFF
+            ;;
+    esac
+}
+
+while true
+do
+    unison_sync_stop
+    test_fs_access
+done

src/common/scripts/kasm_hook_scripts/kasm_post_run_root.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+echo "Executing kasm_post_run_root.sh"

src/common/scripts/kasm_hook_scripts/kasm_post_run_user.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+echo "Executing kasm_post_run_user.sh"

src/common/scripts/kasm_hook_scripts/kasm_pre_shutdown_root.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+echo "Executing kasm_pre_shutdown_root.sh"

src/common/scripts/kasm_hook_scripts/kasm_pre_shutdown_user.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -e
+echo "Executing kasm_pre_shutdown_user.sh"
+PAUSE_ON_EXIT="false"
+for x in {1..10}
+do
+
+    if [[ $(wmctrl -l | awk '{$3=""; $2=""; $1=""; print $0}' | grep -i chrome) ]]
+    then
+        PAUSE_ON_EXIT="true"
+        echo "Closing Chrome Windows Attempt ($x)..."
+        timeout 1 wmctrl -c chrome
+        sleep .5
+    fi
+
+done
+
+for x in {1..10}
+do
+
+    if [[ $(wmctrl -l | awk '{$3=""; $2=""; $1=""; print $0}' | grep -i firefox) ]]
+    then
+        PAUSE_ON_EXIT="true"
+        echo "Closing Firefox Windows Attempt ($x)..."
+        timeout 1 wmctrl -c firefox
+        sleep .5
+    fi
+
+done
+
+if [ "${PAUSE_ON_EXIT}" == "true" ] ;
+then
+    echo "Sleeping..."
+    sleep 1
+fi
+
+echo "Done"

src/common/startup_scripts/browser_proxy_config.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+set -e
+if [[  -z "${http_proxy_address}" || -z "${http_proxy_port}"  ]]; then
+  echo "proxy configs not set"
+else
+    if [ -d $HOME/.mozilla/firefox/kasm/ ]; then
+        echo "Found default firefox profile. Setting Firefox proxy configurations"
+        out="$HOME/.mozilla/firefox/kasm/user.js"
+        echo "user_pref(\"network.proxy.http\", \"${http_proxy_address}\");" >> $out
+        echo "user_pref(\"network.proxy.http_port\", ${http_proxy_port});" >> $out
+        echo "user_pref(\"network.proxy.type\", 1);" >> $out
+        echo "user_pref(\"network.proxy.backup.ftp\", \"\");" >> $out
+        echo "user_pref(\"network.proxy.backup.ftp_port\", 0);" >> $out
+        echo "user_pref(\"network.proxy.backup.socks\", \"\");" >> $out
+        echo "user_pref(\"network.proxy.backup.socks_port\", 0);" >> $out
+        echo "user_pref(\"network.proxy.backup.ssl\", \"\");" >> $out
+        echo "user_pref(\"network.proxy.backup.ssl_port\", 0);" >> $out
+        echo "user_pref(\"network.proxy.ftp\", \"${http_proxy_address}\");" >> $out
+        echo "user_pref(\"network.proxy.ftp_port\", ${http_proxy_port});" >> $out
+        echo "user_pref(\"network.proxy.http\", \"${http_proxy_address}\");" >> $out
+        echo "user_pref(\"network.proxy.http_port\", ${http_proxy_port});" >> $out
+        echo "user_pref(\"network.proxy.share_proxy_settings\", true);">> $out
+        echo "user_pref(\"network.proxy.socks\", \"${http_proxy_address}\");" >> $out
+        echo "user_pref(\"network.proxy.socks_port\", ${http_proxy_port});" >> $out
+        echo "user_pref(\"network.proxy.ssl\", \"${http_proxy_address}\");" >> $out
+        echo "user_pref(\"network.proxy.ssl_port\", ${http_proxy_port});">> $out
+        echo "user_pref(\"network.proxy.type\", 1);" >> $out
+    fi
+fi
+
+
+if [[  -z "${browser_startup_url}"  ]]; then
+  echo "browser_startup_url not set"
+else
+    if [ -d $HOME/.mozilla/firefox/kasm/ ]; then
+        echo "Found default firefox profile. Setting Firefox startup url settings"
+        out="$HOME/.mozilla/firefox/kasm/user.js"
+        echo "user_pref(\"browser.startup.homepage\", \"${browser_startup_url}\");" >> $out
+        # Disable all the firefox firstrun and welcome tabs
+        echo "user_pref(\"browser.startup.firstrunSkipsHomepage\", false);" >> $out
+        echo "user_pref(\"toolkit.telemetry.reportingpolicy.firstRun\", false);" >> $out
+        echo "user_pref(\"browser.startup.homepage_override.mstone\", \"ignore\");" >> $out
+    fi
+fi

src/common/startup_scripts/generate_container_user

@@ -0,0 +1,44 @@
+detect_libnss_wrapper() {
+  if $(which dpkg &>/dev/null); then
+    libnss_wrapper_file=$(dpkg -S libnss_wrapper.so | awk -F' ' '{ print $2 }')
+    return
+  fi
+
+  if [ -r /usr/lib/libnss_wrapper.so ]; then
+      libnss_wrapper_file=/usr/lib/libnss_wrapper.so
+  elif [ -r /usr/lib64/libnss_wrapper.so ]; then
+      libnss_wrapper_file=/usr/lib64/libnss_wrapper.so
+  else
+      echo "no libnss_wrapper.so installed!"
+      exit 1
+  fi
+}
+
+# Set current user in nss_wrapper
+USER_ID=$(id -u)
+GROUP_ID=$(id -g)
+
+# Attempt to set the username to the kasm username
+USERNAME=${KASM_USER:-default}
+# Make the username posix compliant
+USERNAME=$(echo "$USERNAME" | sed -r 's#[^a-zA-Z0-9\._\-]#_#g')
+if ! echo "$USERNAME" | grep -qP "^[a-zA-Z0-9_\.][a-zA-Z0-9_\-\.]*"; then
+    USERNAME="default"
+fi
+export PS1="$USERNAME:\w\$ "
+
+if [ x"$USER_ID" != x"0" ]; then
+
+    NSS_WRAPPER_PASSWD=/tmp/passwd
+    NSS_WRAPPER_GROUP=/etc/group
+
+    cat /etc/passwd > $NSS_WRAPPER_PASSWD
+
+    echo "${USERNAME}:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/bin/bash" >> $NSS_WRAPPER_PASSWD
+
+    export NSS_WRAPPER_PASSWD
+    export NSS_WRAPPER_GROUP
+
+    detect_libnss_wrapper
+    export LD_PRELOAD="$libnss_wrapper_file"
+fi

src/common/startup_scripts/kasm_default_profile.sh

@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+set -ex
+DEFAULT_PROFILE_HOME=/home/kasm-default-profile
+PROFILE_SYNC_DIR=/kasm_profile_sync
+
+
+function copy_default_profile_to_home {
+    echo "Copying default profile to home directory"
+    cp -rp $DEFAULT_PROFILE_HOME/.  $HOME/
+    ls -la $HOME
+}
+
+function verify_profile_config {
+    echo "Verifying Uploads/Downloads Configurations"
+
+    mkdir -p $HOME/Uploads
+
+    if [ -d "$HOME/Desktop/Uploads" ]; then
+        echo "Uploads Desktop Symlink Exists"
+    else
+        echo "Creating Uploads Desktop Symlink"
+        ln -sf $HOME/Uploads $HOME/Desktop/Uploads
+    fi
+
+
+    mkdir -p $HOME/Downloads
+
+    if [ -d "$HOME/Desktop/Downloads" ]; then
+        echo "Downloads Desktop Symlink Exists"
+    else
+        echo "Creating Download Desktop Symlink"
+        ln -sf $HOME/Downloads $HOME/Desktop/Downloads
+    fi
+
+
+    if [ -d "$KASM_VNC_PATH/Downloads/Downloads" ]; then
+        echo "Downloads RX Symlink Exists"
+    else
+        echo "Creating Downloads RX Symlink"
+        ln -sf $HOME/Downloads $KASM_VNC_PATH/www/Downloads/Downloads
+    fi
+
+    ls -la $HOME/Desktop
+
+}
+
+if  [ -f "$HOME/.bashrc" ]; then
+    echo "Profile already exists. Will not copy default contents"
+else
+    echo "Profile Sync Directory Does Not Exist. No Sync will occur"
+    copy_default_profile_to_home
+fi
+
+verify_profile_config
+
+rm -rf $HOME/.config/pulse
+
+echo "Removing Default Profile Directory"
+rm -rf $DEFAULT_PROFILE_HOME/*
+
+# FIXME Temporary proxy config script
+$STARTUPDIR/browser_proxy_config.sh
+
+# unknown option ==> call command
+echo -e "\n\n------------------ EXECUTE COMMAND ------------------"
+echo "Executing command: '$@'"
+exec "$@"

src/common/startup_scripts/set_user_permission.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+### every exit != 0 fails the script
+set -e
+if [[ -n $DEBUG ]]; then
+    verbose="-v"
+fi
+
+for var in "$@"
+do
+    echo "fix permissions for: $var"
+    find "$var"/ -name '*.sh' -exec chmod $verbose a+x {} +
+    find "$var"/ -name '*.desktop' -exec chmod $verbose a+x {} +
+    chgrp -R 0 "$var" && chmod -R $verbose a+rw "$var" && find "$var" -type d -exec chmod $verbose a+x {} +
+done

src/common/startup_scripts/vnc_startup.sh

@@ -0,0 +1,263 @@
+#!/bin/bash
+### every exit != 0 fails the script
+set -e
+
+no_proxy="localhost,127.0.0.1"
+
+# dict to store processes
+declare -A KASM_PROCS
+
+# switch passwords to local variables
+tmpval=$VNC_VIEW_ONLY_PW
+unset VNC_VIEW_ONLY_PW
+VNC_VIEW_ONLY_PW=$tmpval
+tmpval=$VNC_PW
+unset VNC_PW
+VNC_PW=$tmpval
+
+STARTUP_COMPLETE=0
+
+######## FUNCTION DECLARATIONS ##########
+
+## print out help
+function help (){
+	echo "
+		USAGE:
+
+		OPTIONS:
+		-w, --wait      (default) keeps the UI and the vncserver up until SIGINT or SIGTERM will received
+		-s, --skip      skip the vnc startup and just execute the assigned command.
+		                example: docker run kasmweb/core --skip bash
+		-d, --debug     enables more detailed startup output
+		                e.g. 'docker run kasmweb/core --debug bash'
+		-h, --help      print out this help
+
+		Fore more information see: https://github.com/ConSol/docker-headless-vnc-container
+		"
+}
+
+## correct forwarding of shutdown signal
+function cleanup () {
+    kill -s SIGTERM $!
+    exit 0
+}
+
+function start_kasmvnc (){
+	if [[ $DEBUG == true ]]; then
+	  echo -e "\n------------------ Start KasmVNC Server ------------------------"
+	fi
+
+	DISPLAY_NUM=$(echo $DISPLAY | grep -Po ':\d+')
+
+	if [[ $STARTUP_COMPLETE == 0 ]]; then
+	    vncserver -kill $DISPLAY &> $STARTUPDIR/vnc_startup.log \
+	    || rm -rfv /tmp/.X*-lock /tmp/.X11-unix &> $STARTUPDIR/vnc_startup.log \
+	    || echo "no locks present"
+	fi
+
+    rm -rf $HOME/.vnc/*.pid
+
+	vncserver $DISPLAY -depth 24 -geometry $VNC_RESOLUTION -websocketPort $NO_VNC_PORT -cert ${HOME}/.vnc/self.pem -httpd ${KASM_VNC_PATH}/www -sslOnly -FrameRate=$MAX_FRAME_RATE -interface 0.0.0.0 $VNCOPTIONS
+
+	KASM_PROCS['kasmvnc']=$(cat $HOME/.vnc/*${DISPLAY_NUM}.pid)
+
+	if [[ $DEBUG == true ]]; then
+	  echo -e "\n------------------ Started Websockify  ----------------------------"
+	  echo "Websockify PID: ${KASM_PROCS['kasmvnc']}";
+	fi
+}
+
+function start_window_manager (){
+	echo -e "start window manager\n..."
+	$STARTUPDIR/window_manager_startup.sh #&> $STARTUPDIR/window_manager_startup.log
+}
+
+function start_audio_out_websocket (){
+	if [[ ${KASM_SVC_AUDIO:-1} == 1 ]]; then
+		echo 'Starting audio websocket server'
+		$STARTUPDIR/jsmpeg/kasm_audio_out-linux kasmaudio 8081 4901 ${HOME}/.vnc/self.pem ${HOME}/.vnc/self.pem "kasm_user:$VNC_PW"  &
+
+		KASM_PROCS['kasm_audio_out_websocket']=$!
+
+		if [[ $DEBUG == true ]]; then
+		  echo -e "\n------------------ Started Audio Out Websocket  ----------------------------"
+		  echo "Kasm Audio Out Websocket PID: ${KASM_PROCS['kasm_audio_out_websocket']}";
+		fi
+	fi
+}
+
+function start_audio_out (){
+	if [[ ${KASM_SVC_AUDIO:-1} == 1 ]]; then
+		echo 'Starting audio server'
+
+        if [ "${START_PULSEAUDIO:-0}" == "1" ] ;
+        then
+            echo "Starting Pulse"
+            pulseaudio --start
+        fi
+
+		if [[ $DEBUG == true ]]; then
+			echo 'Starting audio service in debug mode'
+			no_proxy=127.0.0.1 ffmpeg -f pulse -ar 44100 -i default -f mpegts -correct_ts_overflow 0 -codec:a mp2 -b:a 128k -ac 1 -muxdelay 0.001 http://127.0.0.1:8081/kasmaudio &
+			KASM_PROCS['kasm_audio_out']=$!
+		else
+			echo 'Starting audio service'
+			no_proxy=127.0.0.1 ffmpeg -v verbose -f pulse -ar 44100 -i default -f mpegts -correct_ts_overflow 0 -codec:a mp2 -b:a 128k -ac 1 -muxdelay 0.001 http://127.0.0.1:8081/kasmaudio > /dev/null 2>&1 &
+			KASM_PROCS['kasm_audio_out']=$!
+			echo -e "\n------------------ Started Audio Out  ----------------------------"
+			echo "Kasm Audio Out PID: ${KASM_PROCS['kasm_audio_out']}";
+		fi
+	fi
+}
+
+function start_audio_in (){
+	if [[ ${KASM_SVC_AUDIO_INPUT:-1} == 1 ]]; then
+		echo 'Starting audio input server'
+		$STARTUPDIR/audio_input/kasm_audio_input_server --ssl --auth-token "kasm_user:$VNC_PW" --cert ${HOME}/.vnc/self.pem --certkey ${HOME}/.vnc/self.pem &
+
+		KASM_PROCS['kasm_audio_in']=$!
+
+		if [[ $DEBUG == true ]]; then
+			echo -e "\n------------------ Started Audio Out Websocket  ----------------------------"
+			echo "Kasm Audio In PID: ${KASM_PROCS['kasm_audio_in']}";
+		fi
+	fi
+}
+
+function start_upload (){
+	if [[ ${KASM_SVC_UPLOADS:-1} == 1 ]]; then
+		echo 'Starting upload server'
+		cd $STARTUPDIR/upload_server/
+		./kasm_upload_server --ssl --auth-token "kasm_user:$VNC_PW" &
+
+		KASM_PROCS['upload_server']=$!
+
+		if [[ $DEBUG == true ]]; then
+			echo -e "\n------------------ Started Audio Out Websocket  ----------------------------"
+			echo "Kasm Audio In PID: ${KASM_PROCS['upload_server']}";
+		fi
+	fi
+}
+
+############ END FUNCTION DECLARATIONS ###########
+
+if [[ $1 =~ -h|--help ]]; then
+    help
+    exit 0
+fi
+
+# should also source $STARTUPDIR/generate_container_user
+source $HOME/.bashrc
+
+if [[ ${KASM_DEBUG:-0} == 1 ]]; then
+    echo -e "\n\n------------------ DEBUG KASM STARTUP -----------------"
+    export DEBUG=true
+    set -x
+fi
+
+trap cleanup SIGINT SIGTERM
+
+## resolve_vnc_connection
+VNC_IP=$(hostname -i)
+if [[ $DEBUG == true ]]; then
+  echo "IP Address used for external bind: $VNC_IP"
+fi
+
+# Create cert for KasmVNC
+mkdir -p ${HOME}/.vnc
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ${HOME}/.vnc/self.pem -out ${HOME}/.vnc/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
+
+# first entry is control, second is view (if only one is valid for both)
+mkdir -p "$HOME/.vnc"
+PASSWD_PATH="$HOME/.kasmpasswd"
+if [[ -f $PASSWD_PATH ]]; then
+    echo -e "\n---------  purging existing VNC password settings  ---------"
+    rm -f $PASSWD_PATH
+fi
+VNC_PW_HASH=$(python3 -c "import crypt; print(crypt.crypt('${VNC_PW}', '\$5\$kasm\$'));")
+VNC_VIEW_PW_HASH=$(python3 -c "import crypt; print(crypt.crypt('${VNC_VIEW_ONLY_PW}', '\$5\$kasm\$'));")
+echo "kasm_user:${VNC_PW_HASH}:ow" > $PASSWD_PATH
+echo "kasm_viewer:${VNC_VIEW_PW_HASH}:" >> $PASSWD_PATH
+chmod 600 $PASSWD_PATH
+
+
+# start processes
+start_kasmvnc
+start_window_manager
+start_audio_out_websocket
+start_audio_out
+start_audio_in
+start_upload
+
+STARTUP_COMPLETE=1
+
+
+## log connect options
+echo -e "\n\n------------------ KasmVNC environment started ------------------"
+
+# tail vncserver logs
+tail -f $HOME/.vnc/*$DISPLAY.log &
+
+KASMIP=$(hostname -i)
+echo "Kasm User ${KASM_USER}(${KASM_USER_ID}) started container id ${HOSTNAME} with local IP address ${KASMIP}"
+
+# start custom startup script
+custom_startup_script=/dockerstartup/custom_startup.sh
+if [ -f "$custom_startup_script" ]; then
+	if [ ! -x "$custom_startup_script" ]; then
+		echo "${custom_startup_script}: not executable, exiting"
+		exit 1
+	fi
+
+	"$custom_startup_script" || true
+fi
+
+# Monitor Kasm Services
+sleep 3
+while :
+do
+	for process in "${!KASM_PROCS[@]}"; do
+		if ! kill -0 "${KASM_PROCS[$process]}" ; then
+
+			# If DLP Policy is set to fail secure, default is to be resilient
+			if [[ ${DLP_PROCESS_FAIL_SECURE:-0} == 1 ]]; then
+				exit 1
+			fi
+
+			case $process in
+				kasmvnc)
+					echo "KasmVNC crashed, exiting container"
+					exit 1
+					# TODO: Is there a way to restore gracefully, restarting the container may be the best here
+					#start_kasmvnc
+					#/dockerstartup/custom_startup.sh
+					;;
+				kasm_audio_out_websocket)
+					echo "Restarting Audio Out Websocket Service"
+					start_audio_out_websocket
+					;;
+				kasm_audio_out)
+					echo "Restarting Audio Out Service"
+					start_audio_out
+					;;
+				kasm_audio_in)
+					echo "Audio In Service Failed"
+					# TODO: Needs work in python project to support auto restart
+					# start_audio_in
+					;;
+				upload_server)
+					echo "Restarting Upload Service"
+					# TODO: This will only work if both processes are killed, requires more work
+					start_upload
+					;;
+				*)
+					echo "Unknown Service: $process"
+					;;
+			esac
+		fi
+	done
+	sleep 3
+done
+
+
+echo "Exiting Kasm container"

src/common/xfce/window_manager_startup.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -e
+
+echo -e "\n------------------ Xfce4 window manager startup------------------"
+
+### disable screen saver and power management
+xset -dpms &
+xset s noblank &
+xset s off &
+
+if [ "${START_XFCE4}" == "1" ] ;
+    then
+        echo "Starting XFCE"
+        /usr/bin/startxfce4 --replace &
+    else
+        echo "Skipping XFCE Startup"
+    fi

src/ubuntu/icewm/.icewm/menu

@@ -0,0 +1,4 @@
+prog xterm xterm xterm
+separator
+prog Firefox /usr/lib/firefox/browser/icons/mozicon128.png firefox
+prog Chromium /usr/share/pixmaps/chromium-browser.png /usr/bin/chromium-browser

src/ubuntu/icewm/.icewm/preferences

@@ -0,0 +1,3 @@
+WorkspaceNames=" 1 "
+TaskBarShowMailboxStatus = 0
+TaskBarShowWorkspaces = 0

src/ubuntu/icewm/.icewm/theme

@@ -0,0 +1 @@
+Theme=win95/default.theme

src/ubuntu/icewm/.icewm/toolbar

@@ -0,0 +1,4 @@
+prog xterm xterm xterm
+separator
+prog Firefox /usr/lib/firefox/browser/icons/mozicon128.png firefox
+prog "Google Chrome" /usr/share/pixmaps/chromium-browser.png /usr/bin/chromium-browser

src/ubuntu/icewm/wm_startup.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+### every exit != 0 fails the script
+set -e
+
+echo -e "\n------------------ startup of IceWM window manager ------------------"
+
+### disable screensaver and power management
+xset -dpms &
+xset s noblank &
+xset s off &
+
+/usr/bin/icewm-session > $HOME/wm.log &
+sleep 1
+cat $HOME/wm.log

src/ubuntu/install/audio/install_audio.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+### every exit != 0 fails the script
+set -e
+
+echo "Install Audio Requirements"
+if [ "${DISTRO}" == "centos" ] ; then
+  yum install -y curl git
+  yum install -y epel-release
+  yum localinstall -y --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm
+  yum install -y ffmpeg pulseaudio-utils
+  yum remove -y pulseaudio-module-bluetooth
+else
+  apt-get update
+  apt-get install -y curl git ffmpeg
+fi
+
+cd $STARTUPDIR
+mkdir jsmpeg
+wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm_websocket_relay/5b1e1eaa251f7a423a818056e2e8cdb66c17ef98/kasm_websocket_relay_master.5b1e1e.tar.gz | tar xz --strip 1 -C $STARTUPDIR/jsmpeg
+chmod +x $STARTUPDIR/jsmpeg/kasm_audio_out-linux

src/ubuntu/install/audio_input/install_audio_input.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+### every exit != 0 fails the script
+set -e
+
+mkdir -p $STARTUPDIR/audio_input
+if [ "$DISTRO" = centos ]; then
+  wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm_audio_input_server/17b516ead4504f180358bf11bd735cb5eb28d032/kasm_audio_input_server_centos_core_feature_KASM-1476_centos_build_microphone_server.17b516.tar.gz | tar -xvz -C $STARTUPDIR/audio_input/
+else
+  wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm_audio_input_server/627e9301c4140cd70c82a798b33c2acae2860e28/kasm_audio_input_server_develop.627e93.tar.gz | tar -xvz -C $STARTUPDIR/audio_input/
+fi

src/ubuntu/install/extra/kali.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -ex
+
+apt-get update
+
+apt-get install -y procps  dbus-x11
+
+# Install the standard default kali tools
+#   https://tools.kali.org/kali-metapackages
+# kali-linux-default use mlocate which breaks plocate
+apt-get remove -y plocate
+apt-get install -y kali-linux-default
+
+# Kali  installs firefox by default. We need to update this install to utilze the system's certificate store
+#   in order for web filtering to work
+
+apt-get install -y p11-kit-modules
+
+rm -rf /usr/lib/firefox-esr/libnssckbi.so
+ln /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox-esr/libnssckbi.so
+
+
+# Kali includes chromium by default.
+CHROME_ARGS="--password-store=basic --no-sandbox --disable-gpu --user-data-dir --no-first-run"
+
+mv /usr/bin/chromium /usr/bin/chromium-orig
+cat >/usr/bin/chromium <<EOL
+#!/usr/bin/env bash
+/usr/bin/chromium-orig  ${CHROME_ARGS} "\$@"
+EOL
+chmod +x /usr/bin/chromium
+
+mkdir -p /etc/chromium/policies/managed
+cat >> /etc/chromium/policies/managed/default_managed_policy.json <<EOL
+{"CommandLineFlagSecurityWarningsEnabled": false, "DefaultBrowserSettingEnabled": false}
+EOL
+
+# Vanilla Chrome looks for policies in /etc/opt/chrome/policies/managed which is used by web filtering.
+#   Create a symlink here so filter is applied to chromium as well.
+mkdir -p /etc/opt/chrome/policies/
+ln -s /etc/chromium/policies/managed /etc/opt/chrome/policies/

src/ubuntu/install/extra/noop.sh

@@ -0,0 +1 @@
+#!/usr/bin/env bash

src/ubuntu/install/extra/remnux.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -xe
+
+# Remnux installs firefox by default. We need to update this install to utilze the system's certificate store
+#   in order for web filtering to work
+
+apt-get install -y p11-kit-modules
+
+rm /usr/lib/firefox/libnssckbi.so
+ln /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
+
+
+# Remnux includes bluetooth drivers which try to autoload causing pluse audio to fail
+sed -i "s/module-bluetooth-discover.so/module-bluetooth-discover.so.ignore/g"  /etc/pulse/default.pa

src/ubuntu/install/fonts/install_custom_fonts.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+### every exit != 0 fails the script
+set -e
+
+echo "Installing ttf-wqy-zenhei"
+if [ "$DISTRO" = centos ]; then
+  yum install -y wqy-zenhei-fonts
+else
+  apt-get install -y ttf-wqy-zenhei
+fi

src/ubuntu/install/kasm_upload_server/install_kasm_upload_server.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -ex
+
+mkdir $STARTUPDIR/upload_server
+if [ -f /etc/centos-release ]; then
+  wget --quiet https://kasmweb-build-artifacts.s3.amazonaws.com/kasm_upload_service/7a9ab9203b5b16502349bcf8bd8be1527d5e6cad/kasm_upload_service_centos_1.2.0.7a9ab9.tar.gz -O /tmp/kasm_upload_server.tar.gz
+else
+  wget --quiet https://kasmweb-build-artifacts.s3.amazonaws.com/kasm_upload_service/742b7f4ba521ee89969d2eddfbda0e7bd619944d/kasm_upload_service_1.2.0.742b7f.tar.gz -O /tmp/kasm_upload_server.tar.gz
+fi
+tar -xvf /tmp/kasm_upload_server.tar.gz -C $STARTUPDIR/upload_server
+rm /tmp/kasm_upload_server.tar.gz

src/ubuntu/install/kasm_vnc/install_kasm_vnc.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -e
+
+echo "Install KasmVNC server"
+cd /tmp
+
+if [ "${DISTRO}" == "kali" ]  ;
+then
+    BUILD_URL="https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/9144045718b7519088aaaf605001fa3d34f92b34/kasmvncserver_kali-rolling_0.9.3_master_914404_amd64.deb"
+elif [ "${DISTRO}" == "centos" ] ; then
+    BUILD_URL="https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/9144045718b7519088aaaf605001fa3d34f92b34/kasmvncserver_centos_core_0.9.3_master_914404_x86_64.rpm"
+else
+    BUILD_URL="https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/9144045718b7519088aaaf605001fa3d34f92b34/kasmvncserver_bionic_0.9.3_master_914404_amd64.deb"
+fi
+
+
+if [ "${DISTRO}" == "centos" ] ; then
+    wget $BUILD_URL -O kasmvncserver.rpm
+
+    yum localinstall -y kasmvncserver.rpm
+    rm kasmvncserver.rpm
+else
+    wget $BUILD_URL -O kasmvncserver.deb
+
+    apt-get update
+    apt-get install -y gettext ssl-cert
+    dpkg -i /tmp/kasmvncserver.deb
+    apt-get -yf install
+    rm -f /tmp/kasmvncserver.deb
+fi
+#mkdir $KASM_VNC_PATH/certs
+mkdir -p $KASM_VNC_PATH/www/Downloads
+chown -R 0:0 $KASM_VNC_PATH
+chmod -R og-w $KASM_VNC_PATH
+#chown -R 1000:0 $KASM_VNC_PATH/certs
+chown -R 1000:0 $KASM_VNC_PATH/www/Downloads
+ln -s $KASM_VNC_PATH/www/index.html $KASM_VNC_PATH/www/vnc.html

src/ubuntu/install/libnss/libnss_wrapper.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -e
+
+echo "Install nss-wrapper to be able to execute image as non-root user"
+if [ "${DISTRO}" == "centos" ] ; then
+  yum install -y centos-release-scl-rh && yum install -y nss_wrapper
+  yum install -y gettext
+  yum clean all
+else
+  apt-get update
+  apt-get install -y libnss-wrapper gettext
+  apt-get clean -y
+fi
+
+echo "add 'source generate_container_user' to .bashrc"
+
+# have to be added to hold all env vars correctly
+echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc

src/ubuntu/install/squid/install/install_squid.sh

@@ -0,0 +1,78 @@
+# update squid conf with user info
+set -ex
+
+if [ "$DISTRO" = centos ]; then
+  useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy
+fi
+
+mkdir /usr/local/squid/etc/ssl_cert -p
+chown proxy:proxy /usr/local/squid/etc/ssl_cert -R
+chmod 700 /usr/local/squid/etc/ssl_cert -R
+cd /usr/local/squid/etc/ssl_cert
+
+/usr/local/squid/libexec/security_file_certgen -c -s /usr/local/squid/var/logs/ssl_db -M 4MB
+chown proxy:proxy /usr/local/squid/var/logs/ssl_db -R
+
+chown -R proxy:proxy /usr/local/squid -R
+
+mkdir -p /etc/squid/
+
+# Trick so we can auto re-direct blocked urls to a special page
+cat >>/etc/squid/blocked.acl <<EOL
+.access_denied
+EOL
+chown -R proxy:proxy /etc/squid/blocked.acl
+
+
+if [ "$DISTRO" = centos ]; then
+  yum install -y memcached cyrus-sasl iproute
+else
+  apt-get install -y memcached sasl2-bin iproute2
+fi
+
+# Enable SASL in the memchache config
+echo "-S" >> /etc/memcached.conf
+
+mkdir -p /etc/sasl2
+cat >>/etc/sasl2/memcached.conf <<EOL
+mech_list: plain
+log_level: 5
+sasldb_path: /etc/sasl2/memcached-sasldb2
+EOL
+
+
+if [ "$DISTRO" = centos ]; then
+  KASM_SQUID_ADAPTER=https://kasmweb-build-artifacts.s3.amazonaws.com/kasm_squid_adapter/f06293b2e585dbee75728e84293fe61386289c27/kasm_squid_adapter_centos_feature_KASM-1474_centos_build.f06293.tar.gz
+else
+  KASM_SQUID_ADAPTER=https://kasmweb-build-artifacts.s3.amazonaws.com/kasm_squid_adapter/1cc3b450ee0bfb1aa76a0c3330f8d6e86b365448/kasm_squid_adapter_develop.1cc3b4.tar.gz
+fi
+wget -qO- ${KASM_SQUID_ADAPTER} | tar xz -C /etc/squid/
+ls -la /etc/squid
+chmod +x /etc/squid/kasm_squid_adapter
+
+# FIXME - This likely should be moved somewhere else to be more explicit
+# Install Cert utilities
+if [ "$DISTRO" = centos ]; then
+  yum install -y nss-tools
+else
+  apt-get install -y libnss3-tools
+fi
+
+# Create an empty cert9.db. This will be used by applications like Chrome
+mkdir -p $HOME/.pki/nssdb/
+certutil -N -d sql:$HOME/.pki/nssdb/ --empty-password
+chown 1000:1000 $HOME/.pki/nssdb/
+
+
+cat >/usr/bin/filter_ready <<EOL
+#!/usr/bin/env bash
+if [ "\${http_proxy}" == "http://127.0.0.1:3128" ] ;
+then
+    while netstat -lnt | awk '\$4 ~ /:3128/ {exit 1}'; do sleep 1; done
+    echo 'filter is ready'
+else
+    echo 'filter is not configured'
+fi
+
+EOL
+chmod +x /usr/bin/filter_ready

src/ubuntu/install/squid/resources/error_message/access_denied.html

@@ -0,0 +1,65 @@
+<html><head>
+<meta>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>Access Denied</title>
+<style type="text/css"><!--
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; }
+ --></style>
+</head><body id="%c">
+<div id="titles">
+<h1>ACCESS DENIED</h1>
+<h2>The requested URL has been rejected due to administrator policies</h2>
+</div>
+<hr>
+
+<div id="content">
+<h3>URL: </h3><div id="url"></div>
+<h3>Domain: </h3><div id="domain"></div>
+<h3>Category: </h3><div id="category"></div>
+
+<br>
+<br>
+<br>
+
+
+<div id="message"></div>
+
+<br>
+</div>
+
+<hr>
+</body>
+<script>
+var urlParams = new URLSearchParams(window.location.search);
+
+var url_elem = document.getElementById("url");
+var url = urlParams.get('url');
+if (url){
+   url_elem.innerText=url;
+};
+
+
+var category = urlParams.get('category');
+var category_elem = document.getElementById("category");
+if (category){
+   category_elem.innerText=category;
+};
+
+var domain_elem = document.getElementById("domain");
+var domain = urlParams.get('domain');
+if (domain){
+   domain_elem.innerText=domain;
+};
+
+var message_elem = document.getElementById("message");
+var message = urlParams.get('message');
+if (message){
+   message_elem.innerText= message;
+};
+
+</script>
+</html>

src/ubuntu/install/squid/resources/squid.conf

@@ -0,0 +1,54 @@
+# How many instances of our filter to we want running
+redirect_children 5
+
+on_unsupported_protocol tunnel all
+
+acl blocked_websites dstdomain "/etc/squid/blocked.acl"
+http_access deny blocked_websites
+
+acl ssl_bypass_domains ssl::server_name "/etc/squid/ssl_bump_bypass_domains.conf"
+acl ssl_bypass_ips     dst              "/etc/squid/ssl_bump_bypass_ips.conf
+
+deny_info ERR_ACCESS_DENIED  blocked_websites
+acl step1 at_step SslBump1
+ssl_bump peek step1
+ssl_bump splice ssl_bypass_domains
+ssl_bump splice ssl_bypass_ips
+ssl_bump bump all
+
+acl SSL_ports port 443
+acl Safe_ports port 80          # http
+acl Safe_ports port 21          # ftp
+acl Safe_ports port 443         # https
+acl Safe_ports port 70          # gopher
+acl Safe_ports port 210         # wais
+acl Safe_ports port 1025-65535  # unregistered ports
+acl Safe_ports port 280         # http-mgmt
+acl Safe_ports port 488         # gss-http
+acl Safe_ports port 591         # filemaker
+acl Safe_ports port 777         # multiling http
+acl CONNECT method CONNECT
+
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow localhost manager
+http_access deny manager
+http_access allow localhost
+http_access deny all
+
+#http_port 3128
+http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/squid.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
+sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /usr/local/squid/var/logs/ssl_db -M 4MB
+
+coredump_dir /var/spool/squid
+
+refresh_pattern ^ftp:           1440    20%     10080
+refresh_pattern ^gopher:        1440    0%      1440
+refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
+refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
+refresh_pattern .               0       20%     4320
+
+forwarded_for delete
+via off
+
+url_rewrite_program /bin/bash -c "/etc/squid/kasm_squid_adapter"

src/ubuntu/install/squid/resources/start_squid.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+set -ex
+IP=$(ip route get 1.1.1.1 | grep -oP "src \\K\\S+")
+
+mkdir /tmp/working_certs
+cd /tmp/working_certs
+
+if [ -f /etc/centos-release ]; then
+    DISTRO=centos
+fi
+
+if [ "$DISTRO" = centos ]; then
+    CERT_FILE=/etc/pki/ca-trust/source/anchors/squid.crt
+else
+    CERT_FILE=/usr/local/share/ca-certificates/squid.crt
+fi
+CERT_NAME="Squid Root CA"
+openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -extensions v3_ca -subj "/C=US/ST=CA/O=Kasm Technologies/CN=kasm.localhost.net" -keyout myCA.pem  -out myCA.pem
+openssl x509 -in myCA.pem -outform DER -out myCA.der
+openssl x509 -in myCA.pem -outform DER -out myCA.der
+cp myCA.pem  ${CERT_FILE}
+cp myCA.pem  /usr/local/squid/etc/ssl_cert/squid.pem
+if [ "$DISTRO" = centos ]; then
+    update-ca-trust
+else
+    update-ca-certificates
+fi
+
+cd $HOME
+rm -rf /tmp/working_certs
+
+for certDB in $(find / -name "cert9.db")
+do
+    certdir=$(dirname ${certDB});
+    echo "Updating $certdir"
+    certutil -A -n "${CERT_NAME}" -t "TCu,," -i ${CERT_FILE} -d sql:${certdir}
+done
+
+export MEMCACHE_PASSWORD="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13 )"
+echo $MEMCACHE_PASSWORD | saslpasswd2 -a memcached -c -f /etc/sasl2/memcached-sasldb2 kasm
+if [ "$DISTRO" = centos ]; then
+    MEMCACHE_USER=memcached
+else
+    MEMCACHE_USER=memcache
+fi
+chown $MEMCACHE_USER:$MEMCACHE_USER /etc/sasl2/memcached-sasldb2
+
+
+if [ "$DISTRO" = centos ]; then
+    /usr/bin/memcached -u $MEMCACHE_USER &
+else
+    /etc/init.d/memcached start
+fi
+/etc/squid/kasm_squid_adapter  --load-cache
+/usr/local/squid/sbin/squid -f /etc/squid/squid.conf
+
+echo "Done!"

src/ubuntu/install/tools/install_tools.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -e
+
+echo "Install some common tools for further installation"
+if [ "${DISTRO}" == "centos" ] ; then
+  yum install -y vim wget net-tools bzip2 python3
+  wget http://mirror.ghettoforge.org/distributions/gf/el/7/gf/x86_64/wmctrl-1.07-17.gf.el7.x86_64.rpm
+  yum localinstall -y wmctrl*.rpm
+  rm wmctrl*.rpm
+else
+  apt-get update
+  apt-get install -y vim wget net-tools locales bzip2 wmctrl
+  apt-get clean -y
+
+  echo "generate locales für en_US.UTF-8"
+  locale-gen en_US.UTF-8
+fi

src/ubuntu/install/unison/install_unison.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -ex
+
+apt-get update
+apt-get install -y unison
+
+# FIXME move unison home dir out of profile
+
+mkdir -p /etc/unison/
+chown 1000:1000 /etc/unison/
+
+# FIXME Find and test Trash and other dirs
+# FIXME Test Browser only
+cat >/etc/unison/kasm-profile.prf <<EOL
+root = /home/kasm-user/
+root = /kasm_profile_sync/
+prefer = /home/kasm-user/
+
+
+# Desktop Trash Directories
+ignore = Name .Trash*
+ignore = Path .local/share/Trash
+
+# Chromium Cache directory
+ignore = Path .cache/chromium
+
+# Chrome Downloads in progress
+ignore = Name *.crdownload
+
+# Other
+ignore = Name .Xauthority
+ignore = Path .config/pulse
+ignore = Path .unison
+
+diff = diff -y -W 79 --suppress-common-lines
+log = true
+logfile = /var/log/unison/unison.log
+auto = true
+batch = true
+EOL
+
+mkdir -p /var/log/unison/
+chown -R 1000:1000 /var/log/unison/

src/ubuntu/install/xfce/install_xfce_ui.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+### every exit != 0 fails the script
+set -e
+
+get_rid_of_policykit_error() {
+  rm /etc/xdg/autostart/xfce-polkit.desktop
+}
+
+disable_epel_nss_wrapper_that_breaks_firefox() {
+  yum-config-manager --setopt=epel.exclude=nss_wrapper --save
+}
+
+get_rid_of_xfce_battery_widget() {
+  yum remove -y xfce4-power-manager
+}
+
+echo "Install Xfce4 UI components"
+if [ "$DISTRO" != "centos" ]; then
+  apt-get update
+fi
+
+if [ "${DISTRO}" == "kali" ]  ;
+then
+    apt-get install -y supervisor kali-desktop-xfce
+    # Disable the power management plugin Xfce4 from starting and displaying an error
+    PLUGIN_ID=$(grep  power-manager-plugin /etc/xdg/xfce4/panel/default.xml | perl -n -e '/plugin-(\d+)/ && print $1')
+    sed -i "s@<value type=\"int\" value=\"${PLUGIN_ID}\"/>@@g" /etc/xdg/xfce4/panel/default.xml
+  elif [ "$DISTRO" = "ubuntu" ]; then
+    apt-get install -y supervisor xfce4 xfce4-terminal xterm
+  elif [ "$DISTRO" = "centos" ]; then
+    yum install -y epel-release
+    disable_epel_nss_wrapper_that_breaks_firefox
+    yum groupinstall xfce xterm -y
+    get_rid_of_policykit_error
+    get_rid_of_xfce_battery_widget
+fi
+
+
+if [ "$DISTRO" = "centos" ]; then
+  yum clean all
+else
+  apt-get purge -y pm-utils xscreensaver*
+  apt-get clean -y
+fi
+
+# Override default login script so users cant log themselves out of the desktop dession
+cat >/usr/bin/xfce4-session-logout <<EOL
+#!/usr/bin/env bash
+notify-send "Logout" "Please logout or destroy this desktop using the Kasm Control Panel" -i /usr/share/icons/ubuntu-mono-dark/actions/22/system-shutdown-panel-restart.svg
+EOL
+
+# Add a script for launching Thunar with libnss wrapper.
+# This is called by ~.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
+cat >/usr/bin/execThunar.sh <<EOL
+#!/bin/sh
+. $STARTUPDIR/generate_container_user
+/usr/bin/Thunar --daemon
+EOL
+chmod +x /usr/bin/execThunar.sh
+
+cat >/usr/bin/desktop_ready <<EOL
+#!/usr/bin/env bash
+until pids=\$(pidof xfce4-session); do sleep .5; done
+EOL
+chmod +x /usr/bin/desktop_ready

src/ubuntu/xfce/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/xfce4-desktop.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-desktop" version="1.0">
+  <property name="backdrop" type="empty">
+    <property name="screen0" type="empty">
+      <property name="monitor0" type="empty">
+        <property name="workspace0" type="empty">
+          <property name="color-style" type="int" value="0"/>
+          <property name="image-style" type="int" value="5"/>
+          <property name="last-image" type="string" value="/usr/share/extra/backgrounds/bg_default.png"/>
+        </property>
+      </property>
+      <property name="monitorVNC-0" type="empty">
+        <property name="workspace0" type="empty">
+          <property name="color-style" type="int" value="2"/>
+          <property name="image-style" type="int" value="5"/>
+          <property name="last-image" type="string" value="/usr/share/extra/backgrounds/bg_default.png"/>
+        </property>
+      </property>
+    </property>
+  </property>
+  <property name="last" type="empty">
+    <property name="window-width" type="int" value="1280"/>
+    <property name="window-height" type="int" value="1024"/>
+  </property>
+  <property name="desktop-icons" type="empty">
+    <property name="file-icons" type="empty">
+      <property name="show-filesystem" type="bool" value="false"/>
+      <property name="show-home" type="bool" value="false"/>
+      <property name="show-trash" type="bool" value="false"/>
+      <property name="show-removable" type="bool" value="false"/>
+    </property>
+    <property name="style" type="int" value="0"/>
+    <property name="show-thumbnails" type="bool" value="false"/>
+  </property>
+  <property name="desktop-menu" type="empty">
+    <property name="show" type="bool" value="false"/>
+  </property>
+  <property name="windowlist-menu" type="empty">
+    <property name="show" type="bool" value="false"/>
+  </property>
+</channel>

src/ubuntu/xfce/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml

@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-keyboard-shortcuts" version="1.0">
+    <property name="commands" type="empty">
+        <property name="default" type="empty">
+            <property name="&lt;Alt&gt;F1" type="empty"/>
+            <property name="&lt;Alt&gt;F2" type="empty">
+                <property name="startup-notify" type="empty"/>
+            </property>
+            <property name="&lt;Alt&gt;F3" type="empty">
+                <property name="startup-notify" type="empty"/>
+            </property>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Delete" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;l" type="empty"/>
+            <property name="XF86Display" type="empty"/>
+            <property name="&lt;Super&gt;p" type="empty"/>
+            <property name="&lt;Primary&gt;Escape" type="empty"/>
+            <property name="XF86WWW" type="empty"/>
+            <property name="XF86Mail" type="empty"/>
+        </property>
+        <property name="custom" type="empty">
+            <property name="override" type="bool" value="true"/>
+        </property>
+    </property>
+    <property name="xfwm4" type="empty">
+        <property name="default" type="empty">
+            <property name="&lt;Alt&gt;Insert" type="empty"/>
+            <property name="Escape" type="empty"/>
+            <property name="Left" type="empty"/>
+            <property name="Right" type="empty"/>
+            <property name="Up" type="empty"/>
+            <property name="Down" type="empty"/>
+            <property name="&lt;Alt&gt;Tab" type="empty"/>
+            <property name="&lt;Alt&gt;&lt;Shift&gt;Tab" type="empty"/>
+            <property name="&lt;Alt&gt;Delete" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Down" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Left" type="empty"/>
+            <property name="&lt;Shift&gt;&lt;Alt&gt;Page_Down" type="empty"/>
+            <property name="&lt;Alt&gt;F4" type="empty"/>
+            <property name="&lt;Alt&gt;F6" type="empty"/>
+            <property name="&lt;Alt&gt;F7" type="empty"/>
+            <property name="&lt;Alt&gt;F8" type="empty"/>
+            <property name="&lt;Alt&gt;F9" type="empty"/>
+            <property name="&lt;Alt&gt;F10" type="empty"/>
+            <property name="&lt;Alt&gt;F11" type="empty"/>
+            <property name="&lt;Alt&gt;F12" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Left" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;End" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Home" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Right" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Up" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_1" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_2" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_3" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_4" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_5" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_6" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_7" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_8" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_9" type="empty"/>
+            <property name="&lt;Alt&gt;space" type="empty"/>
+            <property name="&lt;Shift&gt;&lt;Alt&gt;Page_Up" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Right" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;d" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Up" type="empty"/>
+            <property name="&lt;Super&gt;Tab" type="empty"/>
+            <property name="&lt;Primary&gt;F1" type="empty"/>
+            <property name="&lt;Primary&gt;F2" type="empty"/>
+            <property name="&lt;Primary&gt;F3" type="empty"/>
+            <property name="&lt;Primary&gt;F4" type="empty"/>
+            <property name="&lt;Primary&gt;F5" type="empty"/>
+            <property name="&lt;Primary&gt;F6" type="empty"/>
+            <property name="&lt;Primary&gt;F7" type="empty"/>
+            <property name="&lt;Primary&gt;F8" type="empty"/>
+            <property name="&lt;Primary&gt;F9" type="empty"/>
+            <property name="&lt;Primary&gt;F10" type="empty"/>
+            <property name="&lt;Primary&gt;F11" type="empty"/>
+            <property name="&lt;Primary&gt;F12" type="empty"/>
+        </property>
+        <property name="custom" type="empty">
+            <property name="Up" type="string" value="up_key"/>
+            <property name="Left" type="string" value="left_key"/>
+            <property name="Escape" type="string" value="cancel_key"/>
+            <property name="Right" type="string" value="right_key"/>
+            <property name="Down" type="string" value="down_key"/>
+            <property name="override" type="bool" value="true"/>
+        </property>
+    </property>
+    <property name="providers" type="array">
+        <value type="string" value="commands"/>
+        <value type="string" value="xfwm4"/>
+    </property>
+</channel>
+

src/ubuntu/xfce/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/xfwm4.xml

@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfwm4" version="1.0">
+    <property name="general" type="empty">
+        <property name="activate_action" type="string" value="bring"/>
+        <property name="borderless_maximize" type="bool" value="true"/>
+        <property name="box_move" type="bool" value="true"/>
+        <property name="box_resize" type="bool" value="true"/>
+        <property name="button_layout" type="string" value="|"/>
+        <property name="button_offset" type="int" value="0"/>
+        <property name="button_spacing" type="int" value="0"/>
+        <property name="click_to_focus" type="bool" value="true"/>
+        <property name="cycle_apps_only" type="bool" value="false"/>
+        <property name="cycle_draw_frame" type="bool" value="true"/>
+        <property name="cycle_hidden" type="bool" value="true"/>
+        <property name="cycle_minimum" type="bool" value="true"/>
+        <property name="cycle_preview" type="bool" value="true"/>
+        <property name="cycle_tabwin_mode" type="int" value="0"/>
+        <property name="cycle_workspaces" type="bool" value="false"/>
+        <property name="double_click_action" type="string" value="maximize"/>
+        <property name="double_click_distance" type="int" value="5"/>
+        <property name="double_click_time" type="int" value="250"/>
+        <property name="easy_click" type="string" value="Alt"/>
+        <property name="focus_delay" type="int" value="250"/>
+        <property name="focus_hint" type="bool" value="true"/>
+        <property name="focus_new" type="bool" value="true"/>
+        <property name="frame_opacity" type="int" value="100"/>
+        <property name="full_width_title" type="bool" value="true"/>
+        <property name="horiz_scroll_opacity" type="bool" value="false"/>
+        <property name="inactive_opacity" type="int" value="100"/>
+        <property name="maximized_offset" type="int" value="0"/>
+        <property name="mousewheel_rollup" type="bool" value="true"/>
+        <property name="move_opacity" type="int" value="100"/>
+        <property name="placement_mode" type="string" value="center"/>
+        <property name="placement_ratio" type="int" value="20"/>
+        <property name="popup_opacity" type="int" value="100"/>
+        <property name="prevent_focus_stealing" type="bool" value="false"/>
+        <property name="raise_delay" type="int" value="250"/>
+        <property name="raise_on_click" type="bool" value="true"/>
+        <property name="raise_on_focus" type="bool" value="false"/>
+        <property name="raise_with_any_button" type="bool" value="true"/>
+        <property name="repeat_urgent_blink" type="bool" value="false"/>
+        <property name="resize_opacity" type="int" value="100"/>
+        <property name="scroll_workspaces" type="bool" value="false"/>
+        <property name="shadow_delta_height" type="int" value="0"/>
+        <property name="shadow_delta_width" type="int" value="0"/>
+        <property name="shadow_delta_x" type="int" value="0"/>
+        <property name="shadow_delta_y" type="int" value="-3"/>
+        <property name="shadow_opacity" type="int" value="50"/>
+        <property name="show_app_icon" type="bool" value="false"/>
+        <property name="show_dock_shadow" type="bool" value="true"/>
+        <property name="show_frame_shadow" type="bool" value="true"/>
+        <property name="show_popup_shadow" type="bool" value="false"/>
+        <property name="snap_resist" type="bool" value="false"/>
+        <property name="snap_to_border" type="bool" value="true"/>
+        <property name="snap_to_windows" type="bool" value="false"/>
+        <property name="snap_width" type="int" value="10"/>
+        <property name="sync_to_vblank" type="bool" value="false"/>
+        <property name="theme" type="string" value="Default"/>
+        <property name="tile_on_move" type="bool" value="true"/>
+        <property name="title_alignment" type="string" value="center"/>
+        <property name="title_font" type="string" value="Sans Bold 9"/>
+        <property name="title_horizontal_offset" type="int" value="0"/>
+        <property name="titleless_maximize" type="bool" value="false"/>
+        <property name="title_shadow_active" type="string" value="false"/>
+        <property name="title_shadow_inactive" type="string" value="false"/>
+        <property name="title_vertical_offset_active" type="int" value="0"/>
+        <property name="title_vertical_offset_inactive" type="int" value="0"/>
+        <property name="toggle_workspaces" type="bool" value="false"/>
+        <property name="unredirect_overlays" type="bool" value="true"/>
+        <property name="urgent_blink" type="bool" value="false"/>
+        <property name="use_compositing" type="bool" value="false"/>
+        <property name="workspace_count" type="int" value="1"/>
+        <property name="workspace_names" type="array">
+            <value type="string" value="Workspace 1"/>
+        </property>
+        <property name="wrap_cycle" type="bool" value="true"/>
+        <property name="wrap_layout" type="bool" value="true"/>
+        <property name="wrap_resistance" type="int" value="10"/>
+        <property name="wrap_windows" type="bool" value="true"/>
+        <property name="wrap_workspaces" type="bool" value="false"/>
+        <property name="zoom_desktop" type="bool" value="true"/>
+    </property>
+</channel>

src/ubuntu/xfce/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-desktop" version="1.0">
+  <property name="backdrop" type="empty">
+    <property name="screen0" type="empty">
+      <property name="monitor0" type="empty">
+        <property name="workspace0" type="empty">
+          <property name="color-style" type="int" value="0"/>
+          <property name="image-style" type="int" value="5"/>
+          <property name="last-image" type="string" value="/usr/share/extra/backgrounds/bg_default.png"/>
+        </property>
+      </property>
+      <property name="monitorVNC-0" type="empty">
+        <property name="workspace0" type="empty">
+          <property name="color-style" type="int" value="2"/>
+          <property name="image-style" type="int" value="5"/>
+          <property name="last-image" type="string" value="/usr/share/extra/backgrounds/bg_default.png"/>
+        </property>
+      </property>
+    </property>
+  </property>
+  <property name="last" type="empty">
+    <property name="window-width" type="int" value="1280"/>
+    <property name="window-height" type="int" value="1024"/>
+  </property>
+  <property name="desktop-icons" type="empty">
+    <property name="file-icons" type="empty">
+      <property name="show-filesystem" type="bool" value="false"/>
+      <property name="show-home" type="bool" value="false"/>
+      <property name="show-trash" type="bool" value="false"/>
+    </property>
+  </property>
+</channel>

src/ubuntu/xfce/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml

@@ -0,0 +1,153 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-keyboard-shortcuts" version="1.0">
+    <property name="commands" type="empty">
+        <property name="default" type="empty">
+            <property name="&lt;Alt&gt;F1" type="empty"/>
+            <property name="&lt;Alt&gt;F2" type="empty">
+                <property name="startup-notify" type="empty"/>
+            </property>
+            <property name="&lt;Alt&gt;F3" type="empty">
+                <property name="startup-notify" type="empty"/>
+            </property>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Delete" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;l" type="empty"/>
+            <property name="XF86Display" type="empty"/>
+            <property name="&lt;Super&gt;p" type="empty"/>
+            <property name="&lt;Primary&gt;Escape" type="empty"/>
+            <property name="XF86WWW" type="empty"/>
+            <property name="XF86Mail" type="empty"/>
+        </property>
+        <property name="custom" type="empty">
+            <property name="&lt;Alt&gt;F3" type="string" value="xfce4-appfinder">
+                <property name="startup-notify" type="bool" value="true"/>
+            </property>
+            <property name="&lt;Alt&gt;F1" type="string" value="xfce4-popup-applicationsmenu"/>
+            <property name="&lt;Alt&gt;F2" type="string" value="xfce4-appfinder --collapsed">
+                <property name="startup-notify" type="bool" value="true"/>
+            </property>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Delete" type="string" value="xflock4"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;l" type="string" value="xflock4"/>
+            <property name="XF86Mail" type="string" value="exo-open --launch MailReader"/>
+            <property name="XF86Display" type="string" value="xfce4-display-settings --minimal"/>
+            <property name="XF86WWW" type="string" value="exo-open --launch WebBrowser"/>
+            <property name="&lt;Super&gt;p" type="string" value="xfce4-display-settings --minimal"/>
+            <property name="&lt;Primary&gt;Escape" type="string" value="xfdesktop --menu"/>
+            <property name="override" type="bool" value="true"/>
+        </property>
+    </property>
+    <property name="xfwm4" type="empty">
+        <property name="default" type="empty">
+            <property name="&lt;Alt&gt;Insert" type="empty"/>
+            <property name="Escape" type="empty"/>
+            <property name="Left" type="empty"/>
+            <property name="Right" type="empty"/>
+            <property name="Up" type="empty"/>
+            <property name="Down" type="empty"/>
+            <property name="&lt;Alt&gt;Tab" type="empty"/>
+            <property name="&lt;Alt&gt;&lt;Shift&gt;Tab" type="empty"/>
+            <property name="&lt;Alt&gt;Delete" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Down" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Left" type="empty"/>
+            <property name="&lt;Shift&gt;&lt;Alt&gt;Page_Down" type="empty"/>
+            <property name="&lt;Alt&gt;F4" type="empty"/>
+            <property name="&lt;Alt&gt;F6" type="empty"/>
+            <property name="&lt;Alt&gt;F7" type="empty"/>
+            <property name="&lt;Alt&gt;F8" type="empty"/>
+            <property name="&lt;Alt&gt;F9" type="empty"/>
+            <property name="&lt;Alt&gt;F10" type="empty"/>
+            <property name="&lt;Alt&gt;F11" type="empty"/>
+            <property name="&lt;Alt&gt;F12" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Left" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;End" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Home" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Right" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Up" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_1" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_2" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_3" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_4" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_5" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_6" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_7" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_8" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_9" type="empty"/>
+            <property name="&lt;Alt&gt;space" type="empty"/>
+            <property name="&lt;Shift&gt;&lt;Alt&gt;Page_Up" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Right" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;d" type="empty"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Up" type="empty"/>
+            <property name="&lt;Super&gt;Tab" type="empty"/>
+            <property name="&lt;Primary&gt;F1" type="empty"/>
+            <property name="&lt;Primary&gt;F2" type="empty"/>
+            <property name="&lt;Primary&gt;F3" type="empty"/>
+            <property name="&lt;Primary&gt;F4" type="empty"/>
+            <property name="&lt;Primary&gt;F5" type="empty"/>
+            <property name="&lt;Primary&gt;F6" type="empty"/>
+            <property name="&lt;Primary&gt;F7" type="empty"/>
+            <property name="&lt;Primary&gt;F8" type="empty"/>
+            <property name="&lt;Primary&gt;F9" type="empty"/>
+            <property name="&lt;Primary&gt;F10" type="empty"/>
+            <property name="&lt;Primary&gt;F11" type="empty"/>
+            <property name="&lt;Primary&gt;F12" type="empty"/>
+        </property>
+        <property name="custom" type="empty">
+            <property name="Up" type="string" value="up_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_9" type="string" value="move_window_workspace_9_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_8" type="string" value="move_window_workspace_8_key"/>
+            <property name="Left" type="string" value="left_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_6" type="string" value="move_window_workspace_6_key"/>
+            <property name="&lt;Alt&gt;Insert" type="string" value="add_workspace_key"/>
+            <property name="&lt;Alt&gt;Tab" type="string" value="cycle_windows_key"/>
+            <property name="&lt;Alt&gt;&lt;Shift&gt;Tab" type="string" value="cycle_reverse_windows_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_7" type="string" value="move_window_workspace_7_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Right" type="string" value="right_workspace_key"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Right" type="string" value="move_window_right_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;d" type="string" value="show_desktop_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Up" type="string" value="up_workspace_key"/>
+            <property name="&lt;Primary&gt;F7" type="string" value="workspace_7_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Home" type="string" value="move_window_prev_workspace_key"/>
+            <property name="&lt;Alt&gt;F4" type="string" value="close_window_key"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Left" type="string" value="move_window_left_key"/>
+            <property name="&lt;Alt&gt;F6" type="string" value="stick_window_key"/>
+            <property name="&lt;Alt&gt;F10" type="string" value="maximize_window_key"/>
+            <property name="&lt;Alt&gt;F12" type="string" value="above_key"/>
+            <property name="&lt;Alt&gt;F9" type="string" value="hide_window_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Down" type="string" value="down_workspace_key"/>
+            <property name="&lt;Alt&gt;F8" type="string" value="resize_window_key"/>
+            <property name="&lt;Super&gt;Tab" type="string" value="switch_window_key"/>
+            <property name="Escape" type="string" value="cancel_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;End" type="string" value="move_window_next_workspace_key"/>
+            <property name="&lt;Primary&gt;F10" type="string" value="workspace_10_key"/>
+            <property name="&lt;Primary&gt;F11" type="string" value="workspace_11_key"/>
+            <property name="&lt;Alt&gt;F11" type="string" value="fullscreen_key"/>
+            <property name="&lt;Primary&gt;&lt;Shift&gt;&lt;Alt&gt;Up" type="string" value="move_window_up_key"/>
+            <property name="Right" type="string" value="right_key"/>
+            <property name="Down" type="string" value="down_key"/>
+            <property name="&lt;Alt&gt;F7" type="string" value="move_window_key"/>
+            <property name="&lt;Shift&gt;&lt;Alt&gt;Page_Down" type="string" value="lower_window_key"/>
+            <property name="&lt;Primary&gt;F12" type="string" value="workspace_12_key"/>
+            <property name="&lt;Primary&gt;F1" type="string" value="workspace_1_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;Left" type="string" value="left_workspace_key"/>
+            <property name="&lt;Primary&gt;F2" type="string" value="workspace_2_key"/>
+            <property name="&lt;Primary&gt;F4" type="string" value="workspace_4_key"/>
+            <property name="&lt;Primary&gt;F5" type="string" value="workspace_5_key"/>
+            <property name="&lt;Primary&gt;F6" type="string" value="workspace_6_key"/>
+            <property name="&lt;Alt&gt;space" type="string" value="popup_menu_key"/>
+            <property name="&lt;Primary&gt;F8" type="string" value="workspace_8_key"/>
+            <property name="&lt;Primary&gt;F9" type="string" value="workspace_9_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_1" type="string" value="move_window_workspace_1_key"/>
+            <property name="&lt;Alt&gt;Delete" type="string" value="del_workspace_key"/>
+            <property name="&lt;Shift&gt;&lt;Alt&gt;Page_Up" type="string" value="raise_window_key"/>
+            <property name="&lt;Primary&gt;F3" type="string" value="workspace_3_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_2" type="string" value="move_window_workspace_2_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_3" type="string" value="move_window_workspace_3_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_4" type="string" value="move_window_workspace_4_key"/>
+            <property name="&lt;Primary&gt;&lt;Alt&gt;KP_5" type="string" value="move_window_workspace_5_key"/>
+            <property name="override" type="bool" value="true"/>
+        </property>
+    </property>
+    <property name="providers" type="array">
+        <value type="string" value="commands"/>
+        <value type="string" value="xfwm4"/>
+    </property>
+</channel>

src/ubuntu/xfce/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-panel" version="1.0">
+  <property name="configver" type="int" value="2"/>
+  <property name="panels" type="array">
+    <value type="int" value="1"/>
+    <property name="panel-1" type="empty">
+      <property name="position" type="string" value="p=6;x=0;y=0"/>
+      <property name="length" type="uint" value="100"/>
+      <property name="position-locked" type="bool" value="true"/>
+      <property name="size" type="uint" value="30"/>
+      <property name="plugin-ids" type="array">
+        <value type="int" value="1"/>
+        <value type="int" value="3"/>
+        <value type="int" value="15"/>
+        <value type="int" value="2"/>
+        <value type="int" value="4"/>
+      </property>
+    </property>
+  </property>
+  <property name="plugins" type="empty">
+    <property name="plugin-1" type="string" value="applicationsmenu">
+      <property name="button-icon" type="string" value="/usr/share/extra/icons/icon_default.png"/>
+    </property>
+    <property name="plugin-3" type="string" value="tasklist"/>
+    <property name="plugin-15" type="string" value="separator">
+      <property name="expand" type="bool" value="true"/>
+      <property name="style" type="uint" value="0"/>
+    </property>
+    <property name="plugin-4" type="string" value="pager"/>
+    <property name="plugin-6" type="string" value="systray"/>
+    <property name="plugin-7" type="string" value="showdesktop"/>
+    <property name="plugin-8" type="string" value="separator"/>
+    <property name="plugin-9" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="14413071971.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-10" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="14413071972.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-11" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="14413071973.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-12" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="14413071974.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-13" type="string" value="separator"/>
+    <property name="plugin-14" type="string" value="directorymenu">
+      <property name="base-directory" type="string" value="/root"/>
+    </property>
+    <property name="plugin-2" type="string" value="systray"/>
+  </property>
+</channel>

src/ubuntu/xfce/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-session" version="1.0"> 
+  <property name="general" type="empty">
+    <property name="FailsafeSessionName" type="string" value="Failsafe"/>
+  </property>
+  <property name="sessions" type="empty">
+    <property name="Failsafe" type="empty">
+      <property name="IsFailsafe" type="bool" value="true"/>
+      <property name="Count" type="int" value="5"/>
+      <property name="Client0_Command" type="array">
+        <value type="string" value="xfwm4"/>
+      </property>
+      <property name="Client0_PerScreen" type="bool" value="false"/>
+      <property name="Client1_Command" type="array">
+        <value type="string" value="xfsettingsd"/>
+      </property>
+      <property name="Client1_PerScreen" type="bool" value="false"/>
+      <property name="Client2_Command" type="array">
+        <value type="string" value="xfce4-panel"/>
+      </property>
+      <property name="Client2_PerScreen" type="bool" value="false"/>
+      <property name="Client3_Command" type="array">
+        <value type="string" value="/usr/bin/execThunar.sh"/>
+      </property>
+      <property name="Client3_PerScreen" type="bool" value="false"/>
+      <property name="Client4_Command" type="array">
+        <value type="string" value="xfdesktop"/>
+      </property>
+      <property name="Client4_PerScreen" type="bool" value="false"/>
+    </property>
+  </property>
+  <property name="splash" type="empty">
+    <property name="Engine" type="string" value=""/>
+  </property>
+</channel>

src/ubuntu/xfce/.config/xfce4/xfconf/xfce-perchannel-xml/xfwm4.xml

@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfwm4" version="1.0">
+    <property name="general" type="empty">
+        <property name="activate_action" type="string" value="bring"/>
+        <property name="borderless_maximize" type="bool" value="true"/>
+        <property name="box_move" type="bool" value="true"/>
+        <property name="box_resize" type="bool" value="true"/>
+        <property name="button_layout" type="string" value="O|SHMC"/>
+        <property name="button_offset" type="int" value="0"/>
+        <property name="button_spacing" type="int" value="0"/>
+        <property name="click_to_focus" type="bool" value="true"/>
+        <property name="cycle_apps_only" type="bool" value="false"/>
+        <property name="cycle_draw_frame" type="bool" value="true"/>
+        <property name="cycle_hidden" type="bool" value="true"/>
+        <property name="cycle_minimum" type="bool" value="true"/>
+        <property name="cycle_preview" type="bool" value="true"/>
+        <property name="cycle_tabwin_mode" type="int" value="0"/>
+        <property name="cycle_workspaces" type="bool" value="false"/>
+        <property name="double_click_action" type="string" value="maximize"/>
+        <property name="double_click_distance" type="int" value="5"/>
+        <property name="double_click_time" type="int" value="250"/>
+        <property name="easy_click" type="string" value="Alt"/>
+        <property name="focus_delay" type="int" value="250"/>
+        <property name="focus_hint" type="bool" value="true"/>
+        <property name="focus_new" type="bool" value="true"/>
+        <property name="frame_opacity" type="int" value="100"/>
+        <property name="full_width_title" type="bool" value="true"/>
+        <property name="horiz_scroll_opacity" type="bool" value="false"/>
+        <property name="inactive_opacity" type="int" value="100"/>
+        <property name="maximized_offset" type="int" value="0"/>
+        <property name="mousewheel_rollup" type="bool" value="true"/>
+        <property name="move_opacity" type="int" value="100"/>
+        <property name="placement_mode" type="string" value="center"/>
+        <property name="placement_ratio" type="int" value="20"/>
+        <property name="popup_opacity" type="int" value="100"/>
+        <property name="prevent_focus_stealing" type="bool" value="false"/>
+        <property name="raise_delay" type="int" value="250"/>
+        <property name="raise_on_click" type="bool" value="true"/>
+        <property name="raise_on_focus" type="bool" value="false"/>
+        <property name="raise_with_any_button" type="bool" value="true"/>
+        <property name="repeat_urgent_blink" type="bool" value="false"/>
+        <property name="resize_opacity" type="int" value="100"/>
+        <property name="scroll_workspaces" type="bool" value="false"/>
+        <property name="shadow_delta_height" type="int" value="0"/>
+        <property name="shadow_delta_width" type="int" value="0"/>
+        <property name="shadow_delta_x" type="int" value="0"/>
+        <property name="shadow_delta_y" type="int" value="-3"/>
+        <property name="shadow_opacity" type="int" value="50"/>
+        <property name="show_app_icon" type="bool" value="false"/>
+        <property name="show_dock_shadow" type="bool" value="true"/>
+        <property name="show_frame_shadow" type="bool" value="true"/>
+        <property name="show_popup_shadow" type="bool" value="false"/>
+        <property name="snap_resist" type="bool" value="false"/>
+        <property name="snap_to_border" type="bool" value="true"/>
+        <property name="snap_to_windows" type="bool" value="false"/>
+        <property name="snap_width" type="int" value="10"/>
+        <property name="sync_to_vblank" type="bool" value="false"/>
+        <property name="theme" type="string" value="Default"/>
+        <property name="tile_on_move" type="bool" value="true"/>
+        <property name="title_alignment" type="string" value="center"/>
+        <property name="title_font" type="string" value="Sans Bold 9"/>
+        <property name="title_horizontal_offset" type="int" value="0"/>
+        <property name="titleless_maximize" type="bool" value="false"/>
+        <property name="title_shadow_active" type="string" value="false"/>
+        <property name="title_shadow_inactive" type="string" value="false"/>
+        <property name="title_vertical_offset_active" type="int" value="0"/>
+        <property name="title_vertical_offset_inactive" type="int" value="0"/>
+        <property name="toggle_workspaces" type="bool" value="false"/>
+        <property name="unredirect_overlays" type="bool" value="true"/>
+        <property name="urgent_blink" type="bool" value="false"/>
+        <property name="use_compositing" type="bool" value="false"/>
+        <property name="workspace_count" type="int" value="4"/>
+        <property name="workspace_names" type="array">
+            <value type="string" value="Workspace 1"/>
+            <value type="string" value="Workspace 2"/>
+            <value type="string" value="Workspace 3"/>
+            <value type="string" value="Workspace 4"/>
+        </property>
+        <property name="wrap_cycle" type="bool" value="true"/>
+        <property name="wrap_layout" type="bool" value="true"/>
+        <property name="wrap_resistance" type="int" value="10"/>
+        <property name="wrap_windows" type="bool" value="true"/>
+        <property name="wrap_workspaces" type="bool" value="false"/>
+        <property name="zoom_desktop" type="bool" value="true"/>
+    </property>
+</channel>
+

src/ubuntu/xfce/.config/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xsettings" version="1.0">
+    <property name="Net" type="empty">
+        <property name="ThemeName" type="empty"/>
+        <property name="IconThemeName" type="string" value="ubuntu-mono-dark"/>
+        <property name="DoubleClickTime" type="empty"/>
+        <property name="DoubleClickDistance" type="empty"/>
+        <property name="DndDragThreshold" type="empty"/>
+        <property name="CursorBlink" type="empty"/>
+        <property name="CursorBlinkTime" type="empty"/>
+        <property name="SoundThemeName" type="empty"/>
+        <property name="EnableEventSounds" type="empty"/>
+        <property name="EnableInputFeedbackSounds" type="empty"/>
+    </property>
+    <property name="Xft" type="empty">
+        <property name="DPI" type="int" value="-1"/>
+        <property name="Antialias" type="empty"/>
+        <property name="Hinting" type="empty"/>
+        <property name="HintStyle" type="empty"/>
+        <property name="RGBA" type="empty"/>
+    </property>
+    <property name="Gtk" type="empty">
+        <property name="CanChangeAccels" type="empty"/>
+        <property name="ColorPalette" type="empty"/>
+        <property name="FontName" type="empty"/>
+        <property name="IconSizes" type="empty"/>
+        <property name="KeyThemeName" type="empty"/>
+        <property name="ToolbarStyle" type="empty"/>
+        <property name="ToolbarIconSize" type="empty"/>
+        <property name="MenuImages" type="empty"/>
+        <property name="ButtonImages" type="empty"/>
+        <property name="MenuBarAccel" type="empty"/>
+        <property name="CursorThemeName" type="empty"/>
+        <property name="CursorThemeSize" type="empty"/>
+        <property name="DecorationLayout" type="empty"/>
+    </property>
+    <property name="Xfce" type="empty">
+        <property name="LastCustomDPI" type="int" value="96"/>
+    </property>
+</channel>