Opened 11 months ago

Closed 9 months ago

#14024 closed enhancement (fixed)

tigervnc-1.11.0

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (6)

comment:1 by Bruce Dubbs, 11 months ago

TigerVNC 1.11.0 is now available. This is a new major release of TigerVNC, but also a security release. Users that rely on the TLS feature in the viewers are recommended to upgrade as soon as possible.

Lots of changes have been made since the last release, but the highlights are:

  • A security issue has been fixed in how the viewers handle TLS certificate exceptions
  • vncserver has gotten a major redesign to be compatible with modern distributions
  • The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel)
  • Middle mouse button emulation in the native viewer, for devices with only two mouse buttons
  • The Java viewer now supports Java 9+, but also now requires Java 8+
  • Support for alpha cursors in the Java viewer (a feature already supported in the native viewer)
  • The password and username can now be specified via the environment for the native viewer
  • Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16
  • The official builds have been fixed to work on the upcoming macOS 11
  • The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy

comment:2 by Bruce Dubbs, 11 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:3 by Bruce Dubbs, 11 months ago

This package builds OK, but the scripts they have make assumptions and won't start in LFS.

I updated the install instructions, but need to figure out usage and add that to the book.

Leaving open for now.

Last edited 11 months ago by Bruce Dubbs (previous) (diff)

comment:4 by Douglas R. Reno, 9 months ago

In order to use the systemd unit, you have to do the following:

Setup a user mapping in /etc/tigervnc/vncserver.users

For example, you might want to setup :1 to be your user:

echo :1=$(whoami) >> /etc/tigervnc/vncserver.users

In my case, that results in the following:

renodr [ /sources/tigervnc-1.11.0/unix/vncserver ]$ cat /etc/tigervnc/vncserver.users 
# TigerVNC User assignment
#
# This file assigns users to specific VNC display numbers.
# The syntax is <display>=<username>. E.g.:
#
# :2=andrew
# :3=lisa
:1=renodr

The systemd unit does require modification. It currently mentions a deprecated location for PIDFile= (/var/run), and needs to be changed to "/run/vncserver-%i.pid". It also needs the SELinuxContext parameter removed.

An Xsession file has to be present on the system in a search path defined in /usr/libexec/vncserver. I modified mine locally to also refer to /etc/X11/tigervnc, and put an Xsession file that I borrowed from Arch Linux in /etc/X11/tigervnc/Xsession.

Next, you'll need a configuration file in ~/.vnc/config. This will contain something similar to the following (which is only a base to go off of, including geometry and session):

renodr [ /sources/tigervnc-1.11.0/unix/vncserver ]$ cat ~/.vnc/config
session=LXDE
geometry=1024x768

The session= argument has to match something in /usr/share/xsessions. Geometry should be set to whatever you want the VNC Resolution to be set to.

For security purposes, you could also add "localhost" to the ~/.vnc/config file to prevent remote users from logging in.

Next, the PAM file needs modification:

renodr [ /sources/tigervnc-1.11.0/unix/vncserver ]$ cat tigervnc.pam
#%PAM-1.0
# pam_selinux.so close should be the first session rule
-session   required     pam_selinux.so close
session    required     pam_loginuid.so
-session   required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    required     pam_limits.so
-session   optional     pam_systemd.so
session    required     pam_unix.so
-session   optional     pam_reauthorize.so prepare

Needs to be come:

# Begin /etc/pam.d/tigervnc
  
session    required     pam_loginuid.so
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    required     pam_limits.so
session    optional     pam_systemd.so
session    required     pam_unix.so

# End /etc/pam.d/tigervnc

After this, you can use "systemctl start vncserver@:1" to start your session up, and then attempt to connect from a remote machine.

As a reminder, you can use "systemctl status vncserver@:1" to check on the status of the service. In my case, the following:

renodr [ /sources/tigervnc-1.11.0/unix/vncserver ]$ sudo systemctl status vncserver@:1
● vncserver@:1.service - Remote desktop service (VNC)
     Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; disabled; vendor preset: enabled)
     Active: active (running) since Wed 2020-10-21 21:22:54 CDT; 2s ago
    Process: 20406 ExecStart=/usr/libexec/vncsession-start :1 (code=exited, status=0/SUCCESS)
   Main PID: 20412 (vncsession)
      Tasks: 1 (limit: 4915)
     Memory: 1.5M
        CPU: 9ms
     CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
             ‣ 20412 /usr/sbin/vncsession renodr :1

Oct 21 21:22:54 POOH systemd[1]: Starting Remote desktop service (VNC)...
Oct 21 21:22:54 POOH systemd[1]: Started Remote desktop service (VNC).

comment:5 by Douglas R. Reno, 9 months ago

I'm going to leave this open for Bruce to review it, but the changes for systemd were made at r23831

comment:6 by Bruce Dubbs, 9 months ago

Resolution: fixed
Status: assignedclosed

Made a small wording tweak. Otherwise looks good. Closing.

Note: See TracTickets for help on using tickets.