[FreeNX-kNX] Release: FreeNX 0.7.2 "Priscilla Edition"
Fabian Franz
FabianFranz at gmx.de
Sat Mar 15 20:26:02 UTC 2008
Hi, my dear users and developers,
It is release time again!
And I am proud to present you today the FreeNX 0.7.2 "Priscilla Edition".
And as you can see here:
http://docs.google.com/Doc?docid=dfnr3gx_38xgzqggm
it is all green here. *happy*
It is literally to the point two months late, but the waiting allowed me to
implement lots of those last minute Feature Requests.
For those being impatient, download it and try it out:
http://prdownload.berlios.de/freenx/freenx-server-0.7.2.tar.gz
There have been some changes, which first of all is already viewable via
the name:
freenx was renamed to freenx-server as with qtnx and nxcl library we now
also have a freenx-client, which is at the moment waiting in the debian NEW
queue!
I am really proud of that. Okay, back to the freenx release:
The seonnd thing is that freenx no longer only contains bash scripts, but
also sources for some binaries and libraries, which enhance functionality.
As that made building more complicated I finally added a Makefile, with
which FreeNX can even be installed!
- So if the NoMachine GPL components are installed in for example
/usr/NX, one would have to do:
$ cd freenx-server-0.7.2
$ patch -p0 < gentoo-nomachine.diff
$ make
$ sudo make install
$ sudo /usr/NX/bin/nxsetup --install
The binaries include nxpasswd and nxserver-helper.
The lib is nxredir, which was imported from freenx-utils.
Now lets check, what makes those binaries so special.
* nxpasswd was imported / forked from the last known revision of nxviewer.
It already was the last time a necessary component to run vncviewer and
most vncpasswd versions do not supply what is needed, so I decided to
include it in the tar ball.
* nxserver-helper:
Now that is one hell of a program. ;-)
I finally made the slave mode usable. This dramatically reduces session
login times and makes single sign on possible (with for example one time
pad keywords).
I am using the slave mode since I made it usable and it works really fine
for me, however I think that still a bit more testing is needed, before I
make it the default.
So if I get lots of reports like: "That new slave mode is so wonderfully",
there are high chances that it is the default the next time.
What this slave mode also makes possible (even though it is not yet
included in this release) is a suid nx wrapper imported from FreeNX
Redesign.
This means a login is possible via ssh to the user without loosing any
advantages of the nx user. (almost, loadbalancing would be more difficult
at the moment)
I already tested it and it works out of the box, however I would like to
only introduce it in a release once we have a working client. (qtnx is a
good possibility for that. Did I say I am proud of it, already?)
I once had made a nxssh wrapper, which gets the password from nxclient by
faking the first part of the protocol, then connecting as the user. With
that wrapper it is then as easy as:
ssh user at host /usr/NX/bin/nxserver-suid
to get to the NX> 103 successfully logged in prompt.
Apropos redesign. I think you all are eager to know what the status is.
The status is that 2 Google employees, Stephen Shirley and Al Riddoch have
done some nice work on the redesign already and its working! If anyone is
brave enough, it can be found in trunk/freenx-redesign.
Okay, lets continue.
* nxredir library
This is a small library, which I already basically programmed in 2005, but
now completed.
It is necessary for the new nxsmb frontend to work with both SBM port 139
and CIFS ort 445 style forwarding and to also allow connecting to samba
shares via konqueror smb://127.0.0.1/.
nxredir is now the default!
That means once samba sharing is enabled, all smb* programs can be used
normally.
This also finally solves all printing related problems without having to
patch sambas smbprint.
nxredir basically forwards all connections to 127.0.0.1:139 or
127.0.0.1:445 to some other port based on the NXSAMBA_PORT environment
variable.
Now we come to all the bug fixes:
- Fixed the display of local sessions to display only
when session type is VNC.
- Fixed the issue that commercial NXClient was called with 0 parameters
and such the "Connection Wizard" came up.
- Added catching of exception after failed nscd command.
- Fixed helpers (desktop, viewer) to honour the
AGENT_EXTRA_OPTIONS_{RDP,RFB} parameters set in node.conf.
- Fixed: Invoke curl with --proxy "" for automatic download of ppd files.
- Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
- Fixed: nxserver --send and nxserver --broadcast not working with load balancing.
- Fixed: mport is not always written (Gentoo)
- Fixed: nscd is run even if the daemon is not running (Gentoo)
- Fixed: nxserver might fail if $USER is not set
- Fixed a small bug in nxserver when password has spaces at the end or
beginning
- Fixed round-robin mode of load balancing.
- Fixed paths for some binaries, which get patched
Okay, so lots of bugs fixed.
A really big thanks goes out to Gentoo, whose patches I applied.
Now we come to the feature requests that have been done:
* Added freenx-server startup script. You can make a symlink to
/etc/init.d/ to have it start automatically.
Well this item was a wish to automatically cleanup the failed sessions
after a reboot for example and to make the permissions right of
/tmp/.X11-unix even if no Xserver is installed.
Distributors are asked to include this script to $PATH_BIN and add a
symlink to /etc/init.d/. It is not automatically installed by the Makefile
as each distribution has different ways to update the links to /etc/rc*.d/.
And it is optional even though it is generally recommended to install.
* Added nxsetup --test to test the configuration and connection to
localhost nxserver.
This item means it is now even easier to test if the ssh setup is okay.
Once installed and it stopped working, you only had the possibility to
reinstall and hope that it would work then again.
Now you can always test if the connection is still working generally.
This will hopefully make user support easier. Thanks to all contributors,
who do help on IRC or via Mail if someone needs help!
There have been also some more cases added, why sshd might fail to login.
* Set ENABLE_USESSION="1" option by default - its hard to find and those
who know can shut it off anyway. Added automatic adding of user nx to group
utmp.
This was a patch by the Gentoo portage and I found it nice. So nx sessions
will be in "$ w" command by default now.
And together with the slave mode you'll also only have one login per user
login.
* Added support for 3.1.0 and later backends. Made 2.0.0 backend the
default and added a fallback to 1.5.0 via the same detection mechanism.
Now this is one thing I should have already done a long time ago.
Now once a new NX libs version came out we always had to update
nxloadconfig to select the new backend even though only the version number
had been changed.
Now the 1.5.0 backend can be selected by those who still want to use it and
the default is 2.0.0, 2.1.0, 3.0.0 and 3.1.0 style.
* Suppress of pulldown menu (option in nomachine config)
FreeNX also now has the same option to suppress the pulldown menu in
rootless mode.
ENABLE_PULLDOWN_MENU="0" helps in the case where the pulldown menu is not
wanted.
* Do not show running sessions, when ENABLE_RESUME_RUNNING_SESSIONS="0"
It is now possible to select, which kind of sessions are resumable. All
sessions or only those that are suspended.
* Start a process in an already running session or start a new one
(rootless)
This option is not yet completely finished, however it already works even
though the client is returning an error.
If you set ENABLE_ADVANCED_SESSION_CONTROL="1" and then use "add <name>" as
session name, i.e. "add myhomeserver" you can start an application in an
already running rootless session.
Note: You can't resume this session via this way, if its not suspended
first.
I wrote an email explaining this feature to the list, which also explains a
possible usage scenario involving perl to reset auto-reconnect session to
true and usage of --plugin of nxclient.
This wish was granted for Berharnd Donaubauer.
* Add processor affinity option
FreeNX can now optionally use the TASKSET program to run all nx related
processes on one or two special cores.
The trick is that nxloadconfig is re-balancing the current shell and as
each FreeNX program depends on nxloadconfig, this means that all nx related
processes are put to the configured core.
This wish was granted for Gregory Carter. Have fun with it!
* Add nxacl component to see if session is allowed to start and to modify
any parameters necessary.
I like this one a lot. This was an implemented proposal for the redesign,
but it fits into FreeNX as well.
The idea is that nxserver is giving all information and parameters about
the session to nxacl via the first commandline argument.
nxacl can then do:
- allow a session: exit 0
- deny a session: exit 1
and:
- change all parameters, by echo'ing them out.
The sample nxacl.sample in FreeNX 0.7.2 looks like:
# ...
# Example 0: All allowed
allow_all()
{
# Parameters unchanged
echo "$CMDLINE"
# Session allowed
exit 0
}
# Example 1: Allow only unix-kde sessions, deny others
allow_unix_kde()
{
type=$(getparam type)
if [ "$type" != "unix-kde" ]
then
echo "Only sessions with type unix-kde are allowed."
exit 1
fi
allow_all
}
# Example 3: Allow only unix-kde sessions, change type always to unix-kde
# and virtualdesktop=1, rootless=0
allow_unix_kde_2()
{
changeparam type unix-kde
changeparam virtualdesktop 1
changeparam rootless 0
allow_all
}
#
# You can make as complex samples as you want, if you have one, I would be
# very interested!
# Fabian
#
# Send it to: FreeNX-kNX at kde.org.
#
# default action
allow_all
I did love the policies you can set in NoMachine nxserver, but I wanted to
make it easy and flexible in the same way.
With this script each administrator can set as complex policies as needed,
but he is also so flexible that he can give access for example only to
USERs belonging to group kde or users or myusers or remoteusers or
whatever.
Perhaps someone wants to program a conversion from --ruleadd (like in !M
server) to nxacl shell script ;-)?
Patches are welcome.
It is working great!
Here comes the full ChangeLog:
14.03.2008 FreeNX 0.7.2 "Priscilla Edition"
* Opened the 0.7.2 development.
* Fixed the display of local sessions to display only
when session type is VNC.
(fabianx at bat.berlios.de)
* Fixed the issue that commercial NXClient was called with 0 parameters
and such the "Connection Wizard" came up.
(fabianx at bat.berlios.de)
* Added freenx-server startup script. You can make a symlink to
/etc/init.d/ to have it start automatically.
(fabianx at bat.berlios.de)
* Added catching of exception after failed nscd command.
(fabianx at bat.berlios.de)
* Invoke curl with --proxy "" for automatic download of ppd files.
(Wolfgang Schweer <schweer at cityweb.de>)
* Reorganized nxsetup to have a function for parsing command line
options.
(fabianx at bat.berlios.de)
* Added nxsetup --test to test the configuration and connection to
localhost nxserver.
(fabianx at bat.berlios.de)
* Added -o ConnectTimeout 3 to nxnode-login for test-nx case.
(cedric briner <work at infomaniak.ch>)
* Added more examples for "failed ssh connection to localhost" cases.
(cedric briner <work at infomaniak.ch>, fabianx at bat.berlios.de)
* Fixed helpers (desktop, viewer) to honour the AGENT_EXTRA_OPTIONS_{RDP,RFB}
parameters set in node.conf.
(fabianx at bat.berlios.de)
* Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
(fabianx at bat.berlios.de)
* Fixed parsing of SMB port and added a fallback if mport file is empty.
(Patch from Gentoo Portage)
* Run nscd only when nscd.pid is present.
(Patch from Gentoo Portage)
* Fixed possible bug in nxserver when $USER is not set.
(Patch from Gentoo Portage)
* Set ENABLE_USESSION="1" option by default - its hard to find and those who know can
shut it off anyway. Added automatic adding of user nx to group utmp.
(Patch by Gentoo Portage)
* Added support for 3.1.0 and later backends. Made 2.0.0 backend the
default and added a fallback to 1.5.0 via the same detection mechanism.
(fabianx at bat.berlios.de)
* Added the configuration key ENABLE_PULLDOWN_MENU to be able to
disable the pulldown menu for rootless sessions.
(fabianx at bat.berlios.de)
* Fixed a small bug in nxserver when password has spaces at the end or
beginning.
(Dimitar Paskov)
* Fixed round-robin mode of load balancing.
(fabianx at bat.berlios.de)
* Added check for /tmp/.X11-unix/X*.
(Yves-Gael Cheny <yves-gael.cheny at tranquil-it-systems.fr>)
* Fixed --send|--broadcast for load balancing case.
Note: ssh is used, so you need to either insert your root ssh password
for the nodes again and again, use a public key + agent or use host keys.
(fabianx at bat.berlios.de)
* Added possibility to use the new nxsmb backend. This enables us to support
CIFS and SMB printing at the same time - without recompiling samba -
via the nxredir preload library.
(fabianx at bat.berlios.de)
* Added usage of nxredir library to forward port 139,445 to the
client side forwarded SMB port.
(fabianx at bat.berlios.de)
* Made the slave mode finally functional. With that slave mode it is
possible to do a single sign on instead of the multiple logins used
before. It is also possible to use a suid wrapper to login as user.
With single sign on session startup is a lot faster. This is true
especially if there are many printers and files to be shared.
(fabianx at bat.berlios.de)
* Added detection of backend version and added this output
to version string.
(fabianx at bat.berlios.de)
* Added foomatic-ppdfile to the retested values.
(fabianx at bat.berlios.de)
* Added possibility to balance all nx services to different cores
using taskset. Use for example USE_PROCESSOR_TASKSET="3,4" to
balance all services to processor cores 3 and 4.
This wish was granted for Gregory Carter.
(fabianx at bat.berlios.de)
* Added initial code to add an application to an already running
rootless session.
Set ENABLE_ADVANCED_SESSION_CONTROL="1" and use session name
like "add <sessionname>". Unfortunately the client returns an
error, but the application is started anyway.
The wish was granted for Bernhard Donaubauer.
(fabianx at bat.berlios.de)
* Added option to disable the showing of running sessions.
Set ENABLE_SHOW_RUNNING_SESSIONS="0" if you want that behaviour.
(fabianx at bat.berlios.de)
* Updated documentation in INSTALL file.
(fabianx at bat.berlios.de)
* Added nxviewer-passwd to distribution. It is a fork of the
tightvnc vncpasswd part, which is necessary for FreeNX to work
with standard vncviewer.
(fabianx at bat.berlios.de)
* Added a Makefile so FreeNX can be build and installed via.
$ make
$ # edit nxloadconfig to point where it should install to
$ make install
Hereby FreeNX is installed to where nxloadconfig points and
static paths in nxredir and nxsmb are adjusted accordingly.
So if you want it to be in /usr/NX/ be sure to apply
gentoo-nomachine.diff first or edit nxloadconfig manually.
(fabianx at bat.berlios.de)
* Added nxacl.sample component. If you copy nxacl.sample to
$PATH_BIN/nxacl you can make as complex acl scenarios as you
want. You have complete control over all data and can deny
any session.
(fabianx at bat.berlios.de)
Have Fun!
We'll see if we do the next release like planned in 1 month or in 3 months
from now.
Best Wishes and may you have a very nice day / night / morning / evening / afternoon / ...,
Fabian
PS: These are exciting times :-).
More information about the FreeNX-kNX
mailing list