From 2af287db93df04beae00d690aa7f38d4e23a2104 Mon Sep 17 00:00:00 2001 From: thelamer Date: Wed, 8 Mar 2023 12:44:59 -0800 Subject: [PATCH] updating jammy to new format and adding dri3 support --- Dockerfile | 50 +++++++++++++---- Dockerfile.aarch64 | 54 +++++++++++++++---- .../default => defaults/default.conf} | 4 ++ .../{init-keygen => init-nginx} | 0 root/etc/s6-overlay/s6-rc.d/init-keygen/run | 12 ----- root/etc/s6-overlay/s6-rc.d/init-keygen/up | 1 - .../dependencies.d/init-os-end | 0 root/etc/s6-overlay/s6-rc.d/init-nginx/run | 30 +++++++++++ .../s6-rc.d/{init-keygen => init-nginx}/type | 0 root/etc/s6-overlay/s6-rc.d/init-nginx/up | 1 + root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/run | 10 ++++ .../contents.d/{init-keygen => init-nginx} | 0 12 files changed, 129 insertions(+), 33 deletions(-) rename root/{etc/nginx/sites-available/default => defaults/default.conf} (96%) rename root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/dependencies.d/{init-keygen => init-nginx} (100%) delete mode 100755 root/etc/s6-overlay/s6-rc.d/init-keygen/run delete mode 100644 root/etc/s6-overlay/s6-rc.d/init-keygen/up rename root/etc/s6-overlay/s6-rc.d/{init-keygen => init-nginx}/dependencies.d/init-os-end (100%) create mode 100755 root/etc/s6-overlay/s6-rc.d/init-nginx/run rename root/etc/s6-overlay/s6-rc.d/{init-keygen => init-nginx}/type (100%) create mode 100644 root/etc/s6-overlay/s6-rc.d/init-nginx/up rename root/etc/s6-overlay/s6-rc.d/user/contents.d/{init-keygen => init-nginx} (100%) diff --git a/Dockerfile b/Dockerfile index 8a3b860..fcd1d2c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,37 @@ # syntax=docker/dockerfile:1 +FROM node:12-buster as wwwstage + +ARG KASMWEB_RELEASE="master" + +RUN \ + echo "**** build clientside ****" && \ + export QT_QPA_PLATFORM=offscreen && \ + export QT_QPA_FONTDIR=/usr/share/fonts && \ + mkdir /src && \ + cd /src && \ + wget https://github.com/kasmtech/noVNC/tarball/${KASMWEB_RELEASE} -O - \ + | tar --strip-components=1 -xz && \ + npm install && \ + npm run-script build + +RUN \ + echo "**** organize output ****" && \ + mkdir /build-out && \ + cd /src && \ + rm -rf node_modules/ && \ + cp -R ./* /build-out/ && \ + cd /build-out && \ + rm *.md && \ + rm AUTHORS && \ + cp index.html vnc.html + + FROM ghcr.io/linuxserver/baseimage-ubuntu:jammy as buildstage -ARG KASMVNC_RELEASE="1.0.1" -ARG KASMWEB_RELEASE="develop" +ARG KASMVNC_RELEASE="maser" + +COPY --from=wwwstage /build-out /www RUN \ echo "**** install build deps ****" && \ @@ -20,6 +48,7 @@ RUN \ libavcodec-dev \ libdrm-dev \ libepoxy-dev \ + libgbm-dev \ libgif-dev \ libgnutls28-dev \ libgnutls28-dev \ @@ -68,14 +97,14 @@ RUN \ . && \ make -j4 && \ echo "**** build xorg ****" && \ - XORG_VER="1.20.7" && \ + XORG_VER="1.20.14" && \ XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##') && \ wget --no-check-certificate \ - -O /tmp/xorg-server-${XORG_VER}.tar.bz2 \ - "https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.bz2" && \ + -O /tmp/xorg-server-${XORG_VER}.tar.gz \ + "https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.gz" && \ tar --strip-components=1 \ -C unix/xserver \ - -xf /tmp/xorg-server-${XORG_VER}.tar.bz2 && \ + -xf /tmp/xorg-server-${XORG_VER}.tar.gz && \ cd unix/xserver && \ patch -Np1 -i ../xserver${XORG_PATCH}.patch && \ patch -s -p0 < ../CVE-2022-2320-v1.20.patch && \ @@ -101,9 +130,10 @@ RUN \ --disable-dri2 \ --enable-glx \ --disable-xwayland \ - --disable-dri3 && \ + --enable-dri3 && \ find . -name "Makefile" -exec sed -i 's/-Werror=array-bounds//g' {} \; && \ make -j4 + RUN \ echo "**** generate final output ****" && \ cd /src && \ @@ -119,8 +149,7 @@ RUN \ ln -s /usr/lib/x86_64-linux-gnu/dri dri && \ cd /src && \ mkdir -p builder/www && \ - curl -s https://kasm-ci.s3.amazonaws.com/kasmweb-${KASMWEB_RELEASE}.tar.gz \ - | tar xzf - -C builder/www && \ + cp -ax /www/* builder/www/ && \ cp builder/www/index.html builder/www/vnc.html && \ make servertarball && \ mkdir /build-out && \ @@ -207,6 +236,7 @@ RUN \ ffmpeg \ libfontenc1 \ libfreetype6 \ + libgbm1 \ libgcrypt20 \ libgl1-mesa-dri \ libglu1-mesa \ @@ -232,6 +262,7 @@ RUN \ libxfixes3 \ libxfont2 \ libxinerama1 \ + libxshmfence1 \ libxtst6 \ libyaml-tiny-perl \ nginx \ @@ -264,6 +295,7 @@ RUN \ xserver-xorg-video-amdgpu \ xserver-xorg-video-ati \ xserver-xorg-video-intel \ + xserver-xorg-video-qxl \ xterm \ xutils \ zlib1g && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 861a85a..9e2f346 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,9 +1,37 @@ # syntax=docker/dockerfile:1 +FROM node:12-buster as wwwstage + +ARG KASMWEB_RELEASE="master" + +RUN \ + echo "**** build clientside ****" && \ + export QT_QPA_PLATFORM=offscreen && \ + export QT_QPA_FONTDIR=/usr/share/fonts && \ + mkdir /src && \ + cd /src && \ + wget https://github.com/kasmtech/noVNC/tarball/${KASMWEB_RELEASE} -O - \ + | tar --strip-components=1 -xz && \ + npm install && \ + npm run-script build + +RUN \ + echo "**** organize output ****" && \ + mkdir /build-out && \ + cd /src && \ + rm -rf node_modules/ && \ + cp -R ./* /build-out/ && \ + cd /build-out && \ + rm *.md && \ + rm AUTHORS && \ + cp index.html vnc.html + + FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-jammy as buildstage -ARG KASMVNC_RELEASE="1.0.1" -ARG KASMWEB_RELEASE="develop" +ARG KASMVNC_RELEASE="maser" + +COPY --from=wwwstage /build-out /www RUN \ echo "**** install build deps ****" && \ @@ -20,6 +48,7 @@ RUN \ libavcodec-dev \ libdrm-dev \ libepoxy-dev \ + libgbm-dev \ libgif-dev \ libgnutls28-dev \ libgnutls28-dev \ @@ -68,14 +97,14 @@ RUN \ . && \ make -j4 && \ echo "**** build xorg ****" && \ - XORG_VER="1.20.7" && \ + XORG_VER="1.20.14" && \ XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##') && \ wget --no-check-certificate \ - -O /tmp/xorg-server-${XORG_VER}.tar.bz2 \ - "https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.bz2" && \ + -O /tmp/xorg-server-${XORG_VER}.tar.gz \ + "https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.gz" && \ tar --strip-components=1 \ -C unix/xserver \ - -xf /tmp/xorg-server-${XORG_VER}.tar.bz2 && \ + -xf /tmp/xorg-server-${XORG_VER}.tar.gz && \ cd unix/xserver && \ patch -Np1 -i ../xserver${XORG_PATCH}.patch && \ patch -s -p0 < ../CVE-2022-2320-v1.20.patch && \ @@ -101,9 +130,10 @@ RUN \ --disable-dri2 \ --enable-glx \ --disable-xwayland \ - --disable-dri3 && \ + --enable-dri3 && \ find . -name "Makefile" -exec sed -i 's/-Werror=array-bounds//g' {} \; && \ make -j4 + RUN \ echo "**** generate final output ****" && \ cd /src && \ @@ -116,11 +146,10 @@ RUN \ cp /src/unix/xserver/hw/vnc/Xvnc.man man/man1/Xvnc.1 && \ mkdir lib && \ cd lib && \ - ln -s /usr/lib/aarch64-linux-gnu/dri dri && \ + ln -s /usr/lib/x86_64-linux-gnu/dri dri && \ cd /src && \ mkdir -p builder/www && \ - curl -s https://kasm-ci.s3.amazonaws.com/kasmweb-${KASMWEB_RELEASE}.tar.gz \ - | tar xzf - -C builder/www && \ + cp -ax /www/* builder/www/ && \ cp builder/www/index.html builder/www/vnc.html && \ make servertarball && \ mkdir /build-out && \ @@ -201,12 +230,13 @@ RUN \ echo 'deb https://deb.nodesource.com/node_18.x jammy main' \ > /etc/apt/sources.list.d/nodesource.list && \ apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y \ + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ ca-certificates \ dbus-x11 \ ffmpeg \ libfontenc1 \ libfreetype6 \ + libgbm1 \ libgcrypt20 \ libgl1-mesa-dri \ libglu1-mesa \ @@ -232,6 +262,7 @@ RUN \ libxfixes3 \ libxfont2 \ libxinerama1 \ + libxshmfence1 \ libxtst6 \ libyaml-tiny-perl \ nginx \ @@ -263,6 +294,7 @@ RUN \ xserver-xorg-core \ xserver-xorg-video-amdgpu \ xserver-xorg-video-ati \ + xserver-xorg-video-qxl \ xterm \ xutils \ zlib1g && \ diff --git a/root/etc/nginx/sites-available/default b/root/defaults/default.conf similarity index 96% rename from root/etc/nginx/sites-available/default rename to root/defaults/default.conf index 32e6762..2dfebc4 100644 --- a/root/etc/nginx/sites-available/default +++ b/root/defaults/default.conf @@ -1,4 +1,6 @@ server { + #auth_basic "Login"; + #auth_basic_user_file /etc/nginx/.htpasswd; listen 3000 default_server; listen [::]:3000 default_server; location / { @@ -47,6 +49,8 @@ server { } server { + #auth_basic "Login"; + #auth_basic_user_file /etc/nginx/.htpasswd; listen 3001 ssl; listen [::]:3001 ssl; ssl_certificate /config/ssl/cert.pem; diff --git a/root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/dependencies.d/init-keygen b/root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/dependencies.d/init-nginx similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/dependencies.d/init-keygen rename to root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/dependencies.d/init-nginx diff --git a/root/etc/s6-overlay/s6-rc.d/init-keygen/run b/root/etc/s6-overlay/s6-rc.d/init-keygen/run deleted file mode 100755 index c645f22..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-keygen/run +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/with-contenv bash - -if [ ! -f "/config/ssl/cert.pem" ]; then - mkdir -p /config/ssl - openssl req -new -x509 \ - -days 3650 -nodes \ - -out /config/ssl/cert.pem \ - -keyout /config/ssl/cert.key \ - -subj "/C=US/ST=CA/L=Carlsbad/O=Linuxserver.io/OU=LSIO Server/CN=*" - chmod 600 /config/ssl/cert.key - chown -R abc:abc /config/ssl -fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-keygen/up b/root/etc/s6-overlay/s6-rc.d/init-keygen/up deleted file mode 100644 index cacd3ec..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-keygen/up +++ /dev/null @@ -1 +0,0 @@ -/etc/s6-overlay/s6-rc.d/init-keygen/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-keygen/dependencies.d/init-os-end b/root/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-os-end similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-keygen/dependencies.d/init-os-end rename to root/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-os-end diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx/run b/root/etc/s6-overlay/s6-rc.d/init-nginx/run new file mode 100755 index 0000000..58bc355 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx/run @@ -0,0 +1,30 @@ +#!/usr/bin/with-contenv bash + +# nginx Path +NGINX_CONFIG=/etc/nginx/sites-available/default + +# user passed env vars +CPORT="${CUSTOM_PORT:-3000}" +CHPORT="${CUSTOM_HTTPS_PORT:-3001}" +CUSER="${CUSTOM_USER:-abc}" + +# create self signed cert +if [ ! -f "/config/ssl/cert.pem" ]; then + mkdir -p /config/ssl + openssl req -new -x509 \ + -days 3650 -nodes \ + -out /config/ssl/cert.pem \ + -keyout /config/ssl/cert.key \ + -subj "/C=US/ST=CA/L=Carlsbad/O=Linuxserver.io/OU=LSIO Server/CN=*" + chmod 600 /config/ssl/cert.key + chown -R abc:abc /config/ssl +fi + +# modify nginx config +cp /defaults/default.conf ${NGINX_CONFIG} +sed -i "s/3000/$CPORT/g" ${NGINX_CONFIG} +sed -i "s/3001/$CHPORT/g" ${NGINX_CONFIG} +if [ ! -z ${PASSWORD+x} ]; then + printf "${CUSER}:$(openssl passwd -apr1 ${PASSWORD})\n" > /etc/nginx/.htpasswd + sed -i 's/#//g' ${NGINX_CONFIG} +fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-keygen/type b/root/etc/s6-overlay/s6-rc.d/init-nginx/type similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-keygen/type rename to root/etc/s6-overlay/s6-rc.d/init-nginx/type diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx/up b/root/etc/s6-overlay/s6-rc.d/init-nginx/up new file mode 100644 index 0000000..b3b5b49 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-nginx/run diff --git a/root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/run b/root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/run index c18e901..245820d 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/run @@ -1,7 +1,17 @@ #!/usr/bin/with-contenv bash +# Pass gpu flags if mounted +if [ -e /dev/dri/renderD* ]; then + HW3D="-hw3d" +fi +if [ -z ${DRINODE+x} ]; then + DRINODE="/dev/dri/renderD128" +fi + s6-setuidgid abc \ /usr/local/bin/Xvnc $DISPLAY \ + ${HW3D} \ + -drinode ${DRINODE} \ -disableBasicAuth \ -SecurityTypes None \ -AlwaysShared \ diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-keygen b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/user/contents.d/init-keygen rename to root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx