[FreeNX-kNX] Release: FreeNX 0.7.2 "Priscilla Edition"

Terje Andersen terander at guard.zapto.org
Sun Mar 16 00:40:00 UTC 2008


Just wanted to congratulate you on yet another nice work!

Thanks for all your efforts.

	/Terje


On Sat, 2008-03-15 at 21:26 +0100, Fabian Franz wrote:
> Hi, my dear users and developers,
> 
> It is release time again!
> 
> And I am proud to present you today the FreeNX 0.7.2 "Priscilla Edition".
> 
> And as you can see here:
> 
> http://docs.google.com/Doc?docid=dfnr3gx_38xgzqggm
> 
> it is all green here. *happy*
> 
> It is literally to the point two months late, but the waiting allowed me to 
> implement lots of those last minute Feature Requests.
> 
> For those being impatient, download it and try it out:
> 
> http://prdownload.berlios.de/freenx/freenx-server-0.7.2.tar.gz
> 
> There have been some changes, which first of all is already viewable via 
> the name:
> 
> freenx was renamed to freenx-server as with qtnx and nxcl library we now 
> also have a freenx-client, which is at the moment waiting in the debian NEW  
> queue!
> 
> I am really proud of that. Okay, back to the freenx release:
> 
> The seonnd thing is that freenx no longer only contains bash scripts, but 
> also sources for some binaries and libraries, which enhance functionality.
> 
> As that made building more complicated I finally added a Makefile, with 
> which FreeNX can even be installed!
> 
> - So if the NoMachine GPL components are installed in for example 
>   /usr/NX, one would have to do:
> 
> $ cd freenx-server-0.7.2
> $ patch -p0 < gentoo-nomachine.diff
> $ make
> $ sudo make install
> $ sudo /usr/NX/bin/nxsetup --install
> 
> The binaries include nxpasswd and nxserver-helper.
> 
> The lib is nxredir, which was imported from freenx-utils.
> 
> Now lets check, what makes those binaries so special.
> 
> * nxpasswd was imported / forked from the last known revision of nxviewer.
> 
> It already was the last time a necessary component to run vncviewer and 
> most vncpasswd versions do not supply what is needed, so I decided to 
> include it in the tar ball.
> 
> * nxserver-helper:
> 
> Now that is one hell of a program. ;-)
> 
> I finally made the slave mode usable. This dramatically reduces session 
> login times and makes single sign on possible (with for example one time 
> pad keywords).
> 
> I am using the slave mode since I made it usable and it works really fine 
> for me, however I think that still a bit more testing is needed, before I 
> make it the default.
> 
> So if I get lots of reports like: "That new slave mode is so wonderfully", 
> there are high chances that it is the default the next time.
> 
> What this slave mode also makes possible (even though it is not yet 
> included in this release) is a suid nx wrapper imported from FreeNX 
> Redesign.
> 
> This means a login is possible via ssh to the user without loosing any 
> advantages of the nx user. (almost, loadbalancing would be more difficult 
> at the moment)
> 
> I already tested it and it works out of the box, however I would like to 
> only introduce it in a release once we have a working client. (qtnx is a 
> good possibility for that. Did I say I am proud of it, already?)
> 
> I once had made a nxssh wrapper, which gets the password from nxclient by 
> faking the first part of the protocol, then connecting as the user. With 
> that wrapper it is then as easy as:
> 
> ssh user at host /usr/NX/bin/nxserver-suid
> 
> to get to the NX> 103 successfully logged in prompt.
> 
> Apropos redesign. I think you all are eager to know what the status is.
> 
> The status is that 2 Google employees, Stephen Shirley and Al Riddoch have 
> done some nice work on the redesign already and its working! If anyone is 
> brave enough, it can be found in trunk/freenx-redesign.
> 
> Okay, lets continue.
> 
> * nxredir library
> 
> This is a small library, which I already basically programmed in 2005, but 
> now completed.
> 
> It is necessary for the new nxsmb frontend to work with both SBM port 139 
> and CIFS ort 445 style forwarding and to also allow connecting to samba 
> shares via konqueror smb://127.0.0.1/.
> 
> nxredir is now the default!
> 
> That means once samba sharing is enabled, all smb* programs can be used 
> normally.
> 
> This also finally solves all printing related problems without having to 
> patch sambas smbprint.
> 
> nxredir basically forwards all connections to 127.0.0.1:139 or 
> 127.0.0.1:445 to some other port based on the NXSAMBA_PORT environment 
> variable.
> 
> Now we come to all the bug fixes:
> 
> - Fixed the display of local sessions to display only 
>   when session type is VNC.
> - Fixed the issue that commercial NXClient was called with 0 parameters
>   and such the "Connection Wizard" came up.
> - Added catching of exception after failed nscd command.
> - Fixed helpers (desktop, viewer) to honour the
>   AGENT_EXTRA_OPTIONS_{RDP,RFB} parameters set in node.conf.
> - Fixed: Invoke curl with --proxy "" for automatic download of ppd files.
> - Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
> - Fixed: nxserver --send and nxserver --broadcast not working with load balancing.
> - Fixed: mport is not always written (Gentoo)
> - Fixed: nscd is run even if the daemon is not running (Gentoo)
> - Fixed: nxserver might fail if $USER is not set
> - Fixed a small bug in nxserver when password has spaces at the end or
>   beginning
> - Fixed round-robin mode of load balancing.
> - Fixed paths for some binaries, which get patched
> 
> Okay, so lots of bugs fixed.
> 
> A really big thanks goes out to Gentoo, whose patches I applied.
> 
> Now we come to the feature requests that have been done:
> 
> * Added freenx-server startup script. You can make a symlink to
>   /etc/init.d/ to have it start automatically.
> 
> Well this item was a wish to automatically cleanup the failed sessions 
> after a reboot for example and to make the permissions right of 
> /tmp/.X11-unix even if no Xserver is installed.
> 
> Distributors are asked to include this script to $PATH_BIN and add a 
> symlink to /etc/init.d/. It is not automatically installed by the Makefile 
> as each distribution has different ways to update the links to /etc/rc*.d/.
> 
> And it is optional even though it is generally recommended to install.
> 
> * Added nxsetup --test to test the configuration and connection to
>   localhost nxserver.
> 
> This item means it is now even easier to test if the ssh setup is okay.
> 
> Once installed and it stopped working, you only had the possibility to 
> reinstall and hope that it would work then again.
> 
> Now you can always test if the connection is still working generally.
> 
> This will hopefully make user support easier. Thanks to all contributors, 
> who do help on IRC or via Mail if someone needs help!
> 
> There have been also some more cases added, why sshd might fail to login.
> 
> * Set ENABLE_USESSION="1" option by default - its hard to find and those 
> who know can shut it off anyway. Added automatic adding of user nx to group 
> utmp.
> 
> This was a patch by the Gentoo portage and I found it nice. So nx sessions 
> will be in "$ w" command by default now.
> 
> And together with the slave mode you'll also only have one login per user 
> login.
> 
> * Added support for 3.1.0 and later backends. Made 2.0.0 backend the
>   default and added a fallback to 1.5.0 via the same detection mechanism.
> 
> Now this is one thing I should have already done a long time ago.
> 
> Now once a new NX libs version came out we always had to update 
> nxloadconfig to select the new backend even though only the version number 
> had been changed.
> 
> Now the 1.5.0 backend can be selected by those who still want to use it and 
> the default is 2.0.0, 2.1.0, 3.0.0 and 3.1.0 style.
> 
> * Suppress of pulldown menu (option in nomachine config)
> 
> FreeNX also now has the same option to suppress the pulldown menu in 
> rootless mode.
> 
> ENABLE_PULLDOWN_MENU="0" helps in the case where the pulldown menu is not 
> wanted.
> 
> * Do not show running sessions, when ENABLE_RESUME_RUNNING_SESSIONS="0"
> 
> It is now possible to select, which kind of sessions are resumable. All 
> sessions or only those that are suspended.
> 
> * Start a process in an already running session or start a new one 
> (rootless)
> 
> This option is not yet completely finished, however it already works even 
> though the client is returning an error.
> 
> If you set ENABLE_ADVANCED_SESSION_CONTROL="1" and then use "add <name>" as 
> session name, i.e. "add myhomeserver" you can start an application in an 
> already running rootless session.
> 
> Note: You can't resume this session via this way, if its not suspended 
> first.
> 
> I wrote an email explaining this feature to the list, which also explains a 
> possible usage scenario involving perl to reset auto-reconnect session to 
> true and usage of --plugin of nxclient.
> 
> This wish was granted for Berharnd Donaubauer.
> 
> * Add processor affinity option
> 
> FreeNX can now optionally use the TASKSET program to run all nx related 
> processes on one or two special cores.
> 
> The trick is that nxloadconfig is re-balancing the current shell and as 
> each FreeNX program depends on nxloadconfig, this means that all nx related 
> processes are put to the configured core.
> 
> This wish was granted for Gregory Carter. Have fun with it!
> 
> * Add nxacl component to see if session is allowed to start and to modify 
> any parameters necessary.
> 
> I like this one a lot. This was an implemented proposal for the redesign, 
> but it fits into FreeNX as well.
> 
> The idea is that nxserver is giving all information and parameters about 
> the session to nxacl via the first commandline argument.
> 
> nxacl can then do:
> 
> - allow a session: exit 0
> - deny a session: exit 1
> 
> and:
> 
> - change all parameters, by echo'ing them out.
> 
> The sample nxacl.sample in FreeNX 0.7.2 looks like:
> 
> # ...
> # Example 0: All allowed
> 
> allow_all()
> {
> 	# Parameters unchanged
> 	echo "$CMDLINE"
> 
> 	# Session allowed
> 	exit 0
> }
> 
> # Example 1: Allow only unix-kde sessions, deny others
> 
> allow_unix_kde()
> {
> 	type=$(getparam type)
> 	if [ "$type" != "unix-kde" ]
> 	then
> 		echo "Only sessions with type unix-kde are allowed."
> 		exit 1
> 	fi
> 
> 	allow_all
> }
> 
> # Example 3: Allow only unix-kde sessions, change type always to unix-kde 
> #            and virtualdesktop=1, rootless=0
> 
> allow_unix_kde_2()
> {
> 	changeparam type unix-kde
> 	changeparam virtualdesktop 1
> 	changeparam rootless 0
> 
> 	allow_all
> }
> 
> #
> # You can make as complex samples as you want, if you have one, I would be 
> # very interested!
> # Fabian
> #
> # Send it to: FreeNX-kNX at kde.org.
> #
> 
> # default action
> allow_all
> 
> I did love the policies you can set in NoMachine nxserver, but I wanted to 
> make it easy and flexible in the same way.
> 
> With this script each administrator can set as complex policies as needed, 
> but he is also so flexible that he can give access for example only to 
> USERs belonging to group kde or users or myusers or remoteusers or 
> whatever.
> 
> Perhaps someone wants to program a conversion from --ruleadd (like in !M 
> server) to nxacl shell script ;-)?
> 
> Patches are welcome.
> 
> It is working great!
> 
> Here comes the full ChangeLog:
> 
> 14.03.2008 FreeNX 0.7.2 "Priscilla Edition"
> 	* Opened the 0.7.2 development.
> 	* Fixed the display of local sessions to display only 
> 	  when session type is VNC.
> 	  (fabianx at bat.berlios.de)
> 	* Fixed the issue that commercial NXClient was called with 0 parameters
> 	  and such the "Connection Wizard" came up.
> 	  (fabianx at bat.berlios.de)
> 	* Added freenx-server startup script. You can make a symlink to
> 	  /etc/init.d/ to have it start automatically.
> 	  (fabianx at bat.berlios.de)
> 	* Added catching of exception after failed nscd command.
> 	  (fabianx at bat.berlios.de)
> 	* Invoke curl with --proxy "" for automatic download of ppd files.
> 	  (Wolfgang Schweer <schweer at cityweb.de>)
> 	* Reorganized nxsetup to have a function for parsing command line
> 	  options.
> 	  (fabianx at bat.berlios.de)
> 	* Added nxsetup --test to test the configuration and connection to
> 	  localhost nxserver.
> 	  (fabianx at bat.berlios.de)
> 	* Added -o ConnectTimeout 3 to nxnode-login for test-nx case.
> 	  (cedric briner <work at infomaniak.ch>)
> 	* Added more examples for "failed ssh connection to localhost" cases.
> 	  (cedric briner <work at infomaniak.ch>, fabianx at bat.berlios.de)
> 	* Fixed helpers (desktop, viewer) to honour the AGENT_EXTRA_OPTIONS_{RDP,RFB}
> 	  parameters set in node.conf.
> 	  (fabianx at bat.berlios.de)
> 	* Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
> 	  (fabianx at bat.berlios.de)
> 	* Fixed parsing of SMB port and added a fallback if mport file is empty.
> 	  (Patch from Gentoo Portage)
> 	* Run nscd only when nscd.pid is present.
> 	  (Patch from Gentoo Portage)
> 	* Fixed possible bug in nxserver when $USER is not set.
> 	  (Patch from Gentoo Portage)
> 	* Set ENABLE_USESSION="1" option by default - its hard to find and those who know can
> 	  shut it off anyway. Added automatic adding of user nx to group utmp.
> 	  (Patch by Gentoo Portage)
> 	* Added support for 3.1.0 and later backends. Made 2.0.0 backend the
> 	  default and added a fallback to 1.5.0 via the same detection mechanism.
> 	  (fabianx at bat.berlios.de)
> 	* Added the configuration key ENABLE_PULLDOWN_MENU to be able to
> 	  disable the pulldown menu for rootless sessions.
> 	  (fabianx at bat.berlios.de)
> 	* Fixed a small bug in nxserver when password has spaces at the end or
> 	  beginning.
> 	  (Dimitar Paskov)
> 	* Fixed round-robin mode of load balancing.
> 	  (fabianx at bat.berlios.de)
> 	* Added check for /tmp/.X11-unix/X*.
> 	  (Yves-Gael Cheny <yves-gael.cheny at tranquil-it-systems.fr>)
> 	* Fixed --send|--broadcast for load balancing case.
> 	  Note: ssh is used, so you need to either insert your root ssh password 
> 	  for the nodes again and again, use a public key + agent or use host keys.
> 	  (fabianx at bat.berlios.de)
> 	* Added possibility to use the new nxsmb backend. This enables us to support
> 	  CIFS and SMB printing at the same time - without recompiling samba -
> 	  via the nxredir preload library.
> 	  (fabianx at bat.berlios.de)
> 	* Added usage of nxredir library to forward port 139,445 to the
> 	  client side forwarded SMB port.
> 	  (fabianx at bat.berlios.de)
> 	* Made the slave mode finally functional. With that slave mode it is
> 	  possible to do a single sign on instead of the multiple logins used
> 	  before. It is also possible to use a suid wrapper to login as user.
> 	  With single sign on session startup is a lot faster. This is true 
> 	  especially if there are many printers and files to be shared.
> 	  (fabianx at bat.berlios.de)
> 	* Added detection of backend version and added this output 
> 	  to version string.
> 	  (fabianx at bat.berlios.de)
> 	* Added foomatic-ppdfile to the retested values.
> 	  (fabianx at bat.berlios.de)
> 	* Added possibility to balance all nx services to different cores
> 	  using taskset. Use for example USE_PROCESSOR_TASKSET="3,4" to 
> 	  balance all services to processor cores 3 and 4.
> 	  This wish was granted for Gregory Carter.
> 	  (fabianx at bat.berlios.de)
> 	* Added initial code to add an application to an already running
> 	  rootless session.
> 	  Set ENABLE_ADVANCED_SESSION_CONTROL="1" and use session name
> 	  like "add <sessionname>". Unfortunately the client returns an
> 	  error, but the application is started anyway.
> 	  The wish was granted for Bernhard Donaubauer.
> 	  (fabianx at bat.berlios.de)
> 	* Added option to disable the showing of running sessions.
> 	  Set ENABLE_SHOW_RUNNING_SESSIONS="0" if you want that behaviour.
> 	  (fabianx at bat.berlios.de)
> 	* Updated documentation in INSTALL file.
> 	  (fabianx at bat.berlios.de)
> 	* Added nxviewer-passwd to distribution. It is a fork of the
> 	  tightvnc vncpasswd part, which is necessary for FreeNX to work
> 	  with standard vncviewer.
> 	  (fabianx at bat.berlios.de)
> 	* Added a Makefile so FreeNX can be build and installed via.
> 	  $ make
> 	  $ # edit nxloadconfig to point where it should install to
> 	  $ make install
> 	  Hereby FreeNX is installed to where nxloadconfig points and
> 	  static paths in nxredir and nxsmb are adjusted accordingly.
> 	  So if you want it to be in /usr/NX/ be sure to apply
> 	  gentoo-nomachine.diff first or edit nxloadconfig manually.
> 	  (fabianx at bat.berlios.de)
> 	* Added nxacl.sample component. If you copy nxacl.sample to
> 	  $PATH_BIN/nxacl you can make as complex acl scenarios as you
> 	  want. You have complete control over all data and can deny
> 	  any session.
> 	  (fabianx at bat.berlios.de)
> 
> Have Fun!
> 
> We'll see if we do the next release like planned in 1 month or in 3 months 
> from now.
> 
> Best Wishes and may you have a very nice day / night / morning / evening / afternoon / ...,
> 
> Fabian
> 
> PS: These are exciting times :-).
> ________________________________________________________________
>      Were you helped on this list with your FreeNX problem?
>     Then please write up the solution in the FreeNX Wiki/FAQ:
>   http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>          Don't forget to check the NX Knowledge Base:
>                  http://www.nomachine.com/kb/ 
> 
> ________________________________________________________________
>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>       https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
> 




More information about the FreeNX-kNX mailing list