[FreeNX-kNX] Release: FreeNX 0.7.2 "Priscilla Edition"
Terje Andersen
terander at guard.zapto.org
Sun Mar 16 00:40:00 UTC 2008
Just wanted to congratulate you on yet another nice work!
Thanks for all your efforts.
/Terje
On Sat, 2008-03-15 at 21:26 +0100, Fabian Franz wrote:
> Hi, my dear users and developers,
>
> It is release time again!
>
> And I am proud to present you today the FreeNX 0.7.2 "Priscilla Edition".
>
> And as you can see here:
>
> http://docs.google.com/Doc?docid=dfnr3gx_38xgzqggm
>
> it is all green here. *happy*
>
> It is literally to the point two months late, but the waiting allowed me to
> implement lots of those last minute Feature Requests.
>
> For those being impatient, download it and try it out:
>
> http://prdownload.berlios.de/freenx/freenx-server-0.7.2.tar.gz
>
> There have been some changes, which first of all is already viewable via
> the name:
>
> freenx was renamed to freenx-server as with qtnx and nxcl library we now
> also have a freenx-client, which is at the moment waiting in the debian NEW
> queue!
>
> I am really proud of that. Okay, back to the freenx release:
>
> The seonnd thing is that freenx no longer only contains bash scripts, but
> also sources for some binaries and libraries, which enhance functionality.
>
> As that made building more complicated I finally added a Makefile, with
> which FreeNX can even be installed!
>
> - So if the NoMachine GPL components are installed in for example
> /usr/NX, one would have to do:
>
> $ cd freenx-server-0.7.2
> $ patch -p0 < gentoo-nomachine.diff
> $ make
> $ sudo make install
> $ sudo /usr/NX/bin/nxsetup --install
>
> The binaries include nxpasswd and nxserver-helper.
>
> The lib is nxredir, which was imported from freenx-utils.
>
> Now lets check, what makes those binaries so special.
>
> * nxpasswd was imported / forked from the last known revision of nxviewer.
>
> It already was the last time a necessary component to run vncviewer and
> most vncpasswd versions do not supply what is needed, so I decided to
> include it in the tar ball.
>
> * nxserver-helper:
>
> Now that is one hell of a program. ;-)
>
> I finally made the slave mode usable. This dramatically reduces session
> login times and makes single sign on possible (with for example one time
> pad keywords).
>
> I am using the slave mode since I made it usable and it works really fine
> for me, however I think that still a bit more testing is needed, before I
> make it the default.
>
> So if I get lots of reports like: "That new slave mode is so wonderfully",
> there are high chances that it is the default the next time.
>
> What this slave mode also makes possible (even though it is not yet
> included in this release) is a suid nx wrapper imported from FreeNX
> Redesign.
>
> This means a login is possible via ssh to the user without loosing any
> advantages of the nx user. (almost, loadbalancing would be more difficult
> at the moment)
>
> I already tested it and it works out of the box, however I would like to
> only introduce it in a release once we have a working client. (qtnx is a
> good possibility for that. Did I say I am proud of it, already?)
>
> I once had made a nxssh wrapper, which gets the password from nxclient by
> faking the first part of the protocol, then connecting as the user. With
> that wrapper it is then as easy as:
>
> ssh user at host /usr/NX/bin/nxserver-suid
>
> to get to the NX> 103 successfully logged in prompt.
>
> Apropos redesign. I think you all are eager to know what the status is.
>
> The status is that 2 Google employees, Stephen Shirley and Al Riddoch have
> done some nice work on the redesign already and its working! If anyone is
> brave enough, it can be found in trunk/freenx-redesign.
>
> Okay, lets continue.
>
> * nxredir library
>
> This is a small library, which I already basically programmed in 2005, but
> now completed.
>
> It is necessary for the new nxsmb frontend to work with both SBM port 139
> and CIFS ort 445 style forwarding and to also allow connecting to samba
> shares via konqueror smb://127.0.0.1/.
>
> nxredir is now the default!
>
> That means once samba sharing is enabled, all smb* programs can be used
> normally.
>
> This also finally solves all printing related problems without having to
> patch sambas smbprint.
>
> nxredir basically forwards all connections to 127.0.0.1:139 or
> 127.0.0.1:445 to some other port based on the NXSAMBA_PORT environment
> variable.
>
> Now we come to all the bug fixes:
>
> - Fixed the display of local sessions to display only
> when session type is VNC.
> - Fixed the issue that commercial NXClient was called with 0 parameters
> and such the "Connection Wizard" came up.
> - Added catching of exception after failed nscd command.
> - Fixed helpers (desktop, viewer) to honour the
> AGENT_EXTRA_OPTIONS_{RDP,RFB} parameters set in node.conf.
> - Fixed: Invoke curl with --proxy "" for automatic download of ppd files.
> - Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
> - Fixed: nxserver --send and nxserver --broadcast not working with load balancing.
> - Fixed: mport is not always written (Gentoo)
> - Fixed: nscd is run even if the daemon is not running (Gentoo)
> - Fixed: nxserver might fail if $USER is not set
> - Fixed a small bug in nxserver when password has spaces at the end or
> beginning
> - Fixed round-robin mode of load balancing.
> - Fixed paths for some binaries, which get patched
>
> Okay, so lots of bugs fixed.
>
> A really big thanks goes out to Gentoo, whose patches I applied.
>
> Now we come to the feature requests that have been done:
>
> * Added freenx-server startup script. You can make a symlink to
> /etc/init.d/ to have it start automatically.
>
> Well this item was a wish to automatically cleanup the failed sessions
> after a reboot for example and to make the permissions right of
> /tmp/.X11-unix even if no Xserver is installed.
>
> Distributors are asked to include this script to $PATH_BIN and add a
> symlink to /etc/init.d/. It is not automatically installed by the Makefile
> as each distribution has different ways to update the links to /etc/rc*.d/.
>
> And it is optional even though it is generally recommended to install.
>
> * Added nxsetup --test to test the configuration and connection to
> localhost nxserver.
>
> This item means it is now even easier to test if the ssh setup is okay.
>
> Once installed and it stopped working, you only had the possibility to
> reinstall and hope that it would work then again.
>
> Now you can always test if the connection is still working generally.
>
> This will hopefully make user support easier. Thanks to all contributors,
> who do help on IRC or via Mail if someone needs help!
>
> There have been also some more cases added, why sshd might fail to login.
>
> * Set ENABLE_USESSION="1" option by default - its hard to find and those
> who know can shut it off anyway. Added automatic adding of user nx to group
> utmp.
>
> This was a patch by the Gentoo portage and I found it nice. So nx sessions
> will be in "$ w" command by default now.
>
> And together with the slave mode you'll also only have one login per user
> login.
>
> * Added support for 3.1.0 and later backends. Made 2.0.0 backend the
> default and added a fallback to 1.5.0 via the same detection mechanism.
>
> Now this is one thing I should have already done a long time ago.
>
> Now once a new NX libs version came out we always had to update
> nxloadconfig to select the new backend even though only the version number
> had been changed.
>
> Now the 1.5.0 backend can be selected by those who still want to use it and
> the default is 2.0.0, 2.1.0, 3.0.0 and 3.1.0 style.
>
> * Suppress of pulldown menu (option in nomachine config)
>
> FreeNX also now has the same option to suppress the pulldown menu in
> rootless mode.
>
> ENABLE_PULLDOWN_MENU="0" helps in the case where the pulldown menu is not
> wanted.
>
> * Do not show running sessions, when ENABLE_RESUME_RUNNING_SESSIONS="0"
>
> It is now possible to select, which kind of sessions are resumable. All
> sessions or only those that are suspended.
>
> * Start a process in an already running session or start a new one
> (rootless)
>
> This option is not yet completely finished, however it already works even
> though the client is returning an error.
>
> If you set ENABLE_ADVANCED_SESSION_CONTROL="1" and then use "add <name>" as
> session name, i.e. "add myhomeserver" you can start an application in an
> already running rootless session.
>
> Note: You can't resume this session via this way, if its not suspended
> first.
>
> I wrote an email explaining this feature to the list, which also explains a
> possible usage scenario involving perl to reset auto-reconnect session to
> true and usage of --plugin of nxclient.
>
> This wish was granted for Berharnd Donaubauer.
>
> * Add processor affinity option
>
> FreeNX can now optionally use the TASKSET program to run all nx related
> processes on one or two special cores.
>
> The trick is that nxloadconfig is re-balancing the current shell and as
> each FreeNX program depends on nxloadconfig, this means that all nx related
> processes are put to the configured core.
>
> This wish was granted for Gregory Carter. Have fun with it!
>
> * Add nxacl component to see if session is allowed to start and to modify
> any parameters necessary.
>
> I like this one a lot. This was an implemented proposal for the redesign,
> but it fits into FreeNX as well.
>
> The idea is that nxserver is giving all information and parameters about
> the session to nxacl via the first commandline argument.
>
> nxacl can then do:
>
> - allow a session: exit 0
> - deny a session: exit 1
>
> and:
>
> - change all parameters, by echo'ing them out.
>
> The sample nxacl.sample in FreeNX 0.7.2 looks like:
>
> # ...
> # Example 0: All allowed
>
> allow_all()
> {
> # Parameters unchanged
> echo "$CMDLINE"
>
> # Session allowed
> exit 0
> }
>
> # Example 1: Allow only unix-kde sessions, deny others
>
> allow_unix_kde()
> {
> type=$(getparam type)
> if [ "$type" != "unix-kde" ]
> then
> echo "Only sessions with type unix-kde are allowed."
> exit 1
> fi
>
> allow_all
> }
>
> # Example 3: Allow only unix-kde sessions, change type always to unix-kde
> # and virtualdesktop=1, rootless=0
>
> allow_unix_kde_2()
> {
> changeparam type unix-kde
> changeparam virtualdesktop 1
> changeparam rootless 0
>
> allow_all
> }
>
> #
> # You can make as complex samples as you want, if you have one, I would be
> # very interested!
> # Fabian
> #
> # Send it to: FreeNX-kNX at kde.org.
> #
>
> # default action
> allow_all
>
> I did love the policies you can set in NoMachine nxserver, but I wanted to
> make it easy and flexible in the same way.
>
> With this script each administrator can set as complex policies as needed,
> but he is also so flexible that he can give access for example only to
> USERs belonging to group kde or users or myusers or remoteusers or
> whatever.
>
> Perhaps someone wants to program a conversion from --ruleadd (like in !M
> server) to nxacl shell script ;-)?
>
> Patches are welcome.
>
> It is working great!
>
> Here comes the full ChangeLog:
>
> 14.03.2008 FreeNX 0.7.2 "Priscilla Edition"
> * Opened the 0.7.2 development.
> * Fixed the display of local sessions to display only
> when session type is VNC.
> (fabianx at bat.berlios.de)
> * Fixed the issue that commercial NXClient was called with 0 parameters
> and such the "Connection Wizard" came up.
> (fabianx at bat.berlios.de)
> * Added freenx-server startup script. You can make a symlink to
> /etc/init.d/ to have it start automatically.
> (fabianx at bat.berlios.de)
> * Added catching of exception after failed nscd command.
> (fabianx at bat.berlios.de)
> * Invoke curl with --proxy "" for automatic download of ppd files.
> (Wolfgang Schweer <schweer at cityweb.de>)
> * Reorganized nxsetup to have a function for parsing command line
> options.
> (fabianx at bat.berlios.de)
> * Added nxsetup --test to test the configuration and connection to
> localhost nxserver.
> (fabianx at bat.berlios.de)
> * Added -o ConnectTimeout 3 to nxnode-login for test-nx case.
> (cedric briner <work at infomaniak.ch>)
> * Added more examples for "failed ssh connection to localhost" cases.
> (cedric briner <work at infomaniak.ch>, fabianx at bat.berlios.de)
> * Fixed helpers (desktop, viewer) to honour the AGENT_EXTRA_OPTIONS_{RDP,RFB}
> parameters set in node.conf.
> (fabianx at bat.berlios.de)
> * Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
> (fabianx at bat.berlios.de)
> * Fixed parsing of SMB port and added a fallback if mport file is empty.
> (Patch from Gentoo Portage)
> * Run nscd only when nscd.pid is present.
> (Patch from Gentoo Portage)
> * Fixed possible bug in nxserver when $USER is not set.
> (Patch from Gentoo Portage)
> * Set ENABLE_USESSION="1" option by default - its hard to find and those who know can
> shut it off anyway. Added automatic adding of user nx to group utmp.
> (Patch by Gentoo Portage)
> * Added support for 3.1.0 and later backends. Made 2.0.0 backend the
> default and added a fallback to 1.5.0 via the same detection mechanism.
> (fabianx at bat.berlios.de)
> * Added the configuration key ENABLE_PULLDOWN_MENU to be able to
> disable the pulldown menu for rootless sessions.
> (fabianx at bat.berlios.de)
> * Fixed a small bug in nxserver when password has spaces at the end or
> beginning.
> (Dimitar Paskov)
> * Fixed round-robin mode of load balancing.
> (fabianx at bat.berlios.de)
> * Added check for /tmp/.X11-unix/X*.
> (Yves-Gael Cheny <yves-gael.cheny at tranquil-it-systems.fr>)
> * Fixed --send|--broadcast for load balancing case.
> Note: ssh is used, so you need to either insert your root ssh password
> for the nodes again and again, use a public key + agent or use host keys.
> (fabianx at bat.berlios.de)
> * Added possibility to use the new nxsmb backend. This enables us to support
> CIFS and SMB printing at the same time - without recompiling samba -
> via the nxredir preload library.
> (fabianx at bat.berlios.de)
> * Added usage of nxredir library to forward port 139,445 to the
> client side forwarded SMB port.
> (fabianx at bat.berlios.de)
> * Made the slave mode finally functional. With that slave mode it is
> possible to do a single sign on instead of the multiple logins used
> before. It is also possible to use a suid wrapper to login as user.
> With single sign on session startup is a lot faster. This is true
> especially if there are many printers and files to be shared.
> (fabianx at bat.berlios.de)
> * Added detection of backend version and added this output
> to version string.
> (fabianx at bat.berlios.de)
> * Added foomatic-ppdfile to the retested values.
> (fabianx at bat.berlios.de)
> * Added possibility to balance all nx services to different cores
> using taskset. Use for example USE_PROCESSOR_TASKSET="3,4" to
> balance all services to processor cores 3 and 4.
> This wish was granted for Gregory Carter.
> (fabianx at bat.berlios.de)
> * Added initial code to add an application to an already running
> rootless session.
> Set ENABLE_ADVANCED_SESSION_CONTROL="1" and use session name
> like "add <sessionname>". Unfortunately the client returns an
> error, but the application is started anyway.
> The wish was granted for Bernhard Donaubauer.
> (fabianx at bat.berlios.de)
> * Added option to disable the showing of running sessions.
> Set ENABLE_SHOW_RUNNING_SESSIONS="0" if you want that behaviour.
> (fabianx at bat.berlios.de)
> * Updated documentation in INSTALL file.
> (fabianx at bat.berlios.de)
> * Added nxviewer-passwd to distribution. It is a fork of the
> tightvnc vncpasswd part, which is necessary for FreeNX to work
> with standard vncviewer.
> (fabianx at bat.berlios.de)
> * Added a Makefile so FreeNX can be build and installed via.
> $ make
> $ # edit nxloadconfig to point where it should install to
> $ make install
> Hereby FreeNX is installed to where nxloadconfig points and
> static paths in nxredir and nxsmb are adjusted accordingly.
> So if you want it to be in /usr/NX/ be sure to apply
> gentoo-nomachine.diff first or edit nxloadconfig manually.
> (fabianx at bat.berlios.de)
> * Added nxacl.sample component. If you copy nxacl.sample to
> $PATH_BIN/nxacl you can make as complex acl scenarios as you
> want. You have complete control over all data and can deny
> any session.
> (fabianx at bat.berlios.de)
>
> Have Fun!
>
> We'll see if we do the next release like planned in 1 month or in 3 months
> from now.
>
> Best Wishes and may you have a very nice day / night / morning / evening / afternoon / ...,
>
> Fabian
>
> PS: These are exciting times :-).
> ________________________________________________________________
> Were you helped on this list with your FreeNX problem?
> Then please write up the solution in the FreeNX Wiki/FAQ:
> http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
> Don't forget to check the NX Knowledge Base:
> http://www.nomachine.com/kb/
>
> ________________________________________________________________
> FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>
More information about the FreeNX-kNX
mailing list