Package for Debian?

[sunweaver]

@dimbor-ru: This is awesome, that you still maintain FreeNX server. Would you be interested in an official Debian package + upload to Debian?

[dimbor-ru]

Naturally, it would be interesting to me and to our entire small community. A bureaucratic procedures for creating an official package scare me now. (To make a working curve package for devuan I tortured literally all my friends package mantainers. And it turned out so-so.)

It would be ideal to find a volunteer who would take ownership of the package and leave me more time to develop the code. Otherwise, I am ready to go this way myself. In this case, people who answer my stupid questions will be greatly appreciated.

[sunweaver]

Hi,

On So 05 Jan 2020 18:04:18 CET, dimbor-ru wrote: Naturally, it would be interesting to me and to our entire small community. A bureaucratic procedures for creating an official package scare me now. (To make a working curve package for devuan I tortured literally all my friends package mantainers. And it turned out so-so.) It would be ideal to find a volunteer who would take ownership of the package and leave me more time to develop the code. Otherwise, I am ready to go this way myself. In this case, people who answer my stupid questions will be greatly appreciated.

For research purposes and also for providing another nx-libs use case in Debian, I'd be happy to maintain that package. (Note that I am also maintaining nx-libs upstream, X2Go in Debian and several other remote desktop related software packages). I will "need" / prefer to have a proper upstream release for bringing an official upload to Debian testing/unstable. Would it make sense to tag the current state (or an earlier, more stable state) with a release number? It may require to update some minor things: * README.md * date and version in man pages * copyright headers (with recent copyright holders) * upstream ChangeLog Note that I haven't looked at the code, yet, but surely will if you are interested in getting a hand with the DEB packaging work. Furthermore, I am the upstream maintainer of the RDA shared library, a lib providing an API for desktop environment developers that recognizes remote desktop technologies being run under. Greets, Mike (aka sunweaver at debian.org [1]) [1] https://qa.debian.org/developer.php?login=sunweaver%40debian.org -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[dimbor-ru]

Firstly I must say that your competence is not in question and does not require advertising. Therefore, the project will go under your patronage with pleasure.

About README.md: I wrote it in a hurry, without any rules, only to give a general idea. Changes are welcome.

The copyright headers of the old freenx are fully retained. Where I seriously changed something, I added my nickname. Indeed, this mostly a collection of old junk is of interest for experiments.

Man pages: They are not here now. Except old nxpasswd. But most likely he is inefficient. The circuit with vnc has not been tested. Just now I wondered what man pages are needed there and with what content.

Upstream ChangeLog: If we are talking about debian/changelog - this is a stub and must die. (The rest in that dir is also training.) ChangeLog in main tree I will try to supplement in one to two weeks.

I also started a VERSION file. But my variant of versioning now exists, so that there are differences between the old and the new product only. If you tell me how to do it right, it will be fine.

[paoletto]

Hi, and apologies for replying to this ticket: are there instructions for how to assemble a home made debian package?
Are there parts that need to be compiled or is everything off prebuilt binaries?
I see this project has no release or artifact, but the instructions seem a bit unclear, or at least it's not clear to me what part of the instruction is the updated part with the recommended way to assemble the software nowadays

thanks in advance 🙏

[dimbor-ru]

It's actually not as hard as it seems. The final part of the readme file describes a possible solution to the problem with the nxclient on the client side, which means it does not apply to the assembly of the freenx-server package. If you use opennx on the client side, these dances with nxclient binaries are not needed at all.
The package freenx-server is built in the standard Debian way: after 'git clone ...' run the command 'dpkg-buildpackage -us -uc'

[paoletto]

Thank you! i'll try that asap!
Ironically, the client fix works perfectly and i could already make use of it!
My problem was for the server side, as i was unsure what the exact steps were (also wrt. binary packages from nomachine.com).
Hope to be able to drop the nx-workstation trial version asap :D

[sunweaver]

In fact, I still would like to bring the freenx-server to Debian some time...

[paoletto]

Thank you! i'll try that asap! Ironically, the client fix works perfectly and i could already make use of it! My problem was for the server side, as i was unsure what the exact steps were (also wrt. binary packages from nomachine.com). Hope to be able to drop the nx-workstation trial version asap :D

So i managed to test this one. I built the libs from the arctica project, and freenx from this repo, adding the necessary deps. All went well but somehow, after installation, i do not seem to be able to connect to the server. I get a bunch of different errors in the client ranging from authentication failed to other stuff.
I tried to adjust sshd_config enabling public key auth etc, but didn't help..
Ideas?
Client can connect to other servers running nx-workstation

[dimbor-ru]

On server side

1. nxsetup --test (from root) must be sucessfully
2. note, on modern systems in sshd_config must be present strings:
   AuthorizedKeysFile %h/.ssh/authorized_keys2 %h/.ssh/authorized_keys
   PubkeyAcceptedKeyTypes=+ssh-dss
3. to start session user 'nx' should be properly authorized. See youre auth.log ... etc.
   The nxserver does not authorize the user 'nx'. sshd does it.
4. At next nxerver authorize real user with sudo. If not see /var/log/nxserver.log.

[paoletto]

@dimbor-ru thank you so much for your reply!

I did the checks you recommend, as well as adjusting sshd_config as per your instructions

after that, the current status is:

# nxsetup --test

----> Testing your nxserver connection ...
Warning: Identity file /var/lib/nxserver/home/.ssh/client.id_dsa.key not accessible: No such file or directory.
nx@127.0.0.1: Permission denied (publickey,password).
Fatal error: Could not connect to NX Server.

Please check your ssh setup:

The following are _examples_ of what you might need to check.

  - Make sure "nx" is one of the AllowUsers in sshd_config.
    (or that the line is outcommented/not there)
  - Make sure "nx" is one of the AllowGroups in sshd_config.
    (or that the line is outcommented/not there)
  - Make sure your sshd allows public key authentication.
  - Make sure your sshd is really running on port 22.
  - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2.
    (this should be a filename not a pathname+filename)
  - Make sure you allow ssh on localhost, this could come from some
    restriction of:
      -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost
      -the iptables. add to it:
         $ iptables -A INPUT  -i lo -j ACCEPT
         $ iptables -A OUTPUT -o lo -j ACCEPT

And the auth log reports:
sshd[182911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=nx

Also, i do not seem to have the file authorized_keys2 anywhere in the system, nor in the freenx_server deb package.
I think i might have done something wrong along the way.

Just to be clear, this is what i added to sshd_config:

RSAAuthentication yes
PubkeyAuthentication yes
#PasswordAuthentication no
PermitEmptyPasswords yes
#AuthorizedKeysFile /usr/NX/home/nx/.ssh/authorized_keys /usr/NX/home/nx/.ssh/authorized_keys2
AuthorizedKeysFile %h/.ssh/authorized_keys2<--->%h/.ssh/authorized_keys
PubkeyAcceptedKeyTypes=+ssh-dss

AllowUsers nx 
AllowGroups nx 

[dimbor-ru]

Warning: Identity file /var/lib/nxserver/home/.ssh/client.id_dsa.key not accessible: No such file or directory.

First command after package install must be nxsetup --install
Unfortunately, this doesn't seem to be reflected in the documentation for the package.

[dimbor-ru]

PermitEmptyPasswords yes

This is very bold, but overkill for the nxserver ;)

[paoletto]

Warning: Identity file /var/lib/nxserver/home/.ssh/client.id_dsa.key not accessible: No such file or directory.

First command after package install must be nxsetup --install Unfortunately, this doesn't seem to be reflected in the documentation for the package.

Thanks! that did help! after nexsetup --install and and some tuning i finally get the client to connect (i think), now, however, failing after getting welcomed with:

NX> 105 startsession  --virtualdesktop="1" --application="startlxqt" --link="adsl" --backingstore="1" --stream="0" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="localhost" --type="unix-application" --geometry="1024x768+768+320" --client="linux" --keyboard="pc102/no" --screeninfo="1024x768x24+render"

NX> 1004 Error: Session did not start.
NX> 596 Session start failed.
NX> 999 Bye
NX> 280 Exiting on signal: 15

I selected custom session with startlxqt as im trying to connect to 127.0.0.1 from a running DE

PermitEmptyPasswords yes

This is very bold, but overkill for the nxserver ;)

Apologies, i added that hoping it could help, and in the end it remained. Now i removed it, however interestingly nxsetup --test still fails, this time with

# nxsetup --test

----> Testing your nxserver connection ...
sign_and_send_pubkey: no mutual signature supported
nx@127.0.0.1: Permission denied (publickey,password).
Fatal error: Could not connect to NX Server.

But since it seems nxclient gets past that, successfully listing active session, can i assume the sshd part is correct now?

[dimbor-ru]

nxsetup --test

----> Testing your nxserver connection ...
sign_and_send_pubkey: no mutual signature supported
nx@127.0.0.1: Permission denied (publickey,password).
Fatal error: Could not connect to NX Server.

You need to add string: "PubkeyAcceptedKeyTypes=+ssh-dss"
to file /etc/ssh/ssh_config too.

But since it seems nxclient gets past that, successfully listing active session, can i assume the sshd part is correct now?

Yes, it seems to be ok here.

Now look at /home/$user/.xsession-errors:XXXXX. May be you need to give full path for "startlxqt".

Otnerwise please setup NX_LOG_LEVEL=1 in /etc/nxserver/node.conf.d/03-logging.conf, run nxsetup --mkdb. Then see log files and sessions log dirs at /home/$user/.nx/

[paoletto]

nxsetup --test
----> Testing your nxserver connection ...
sign_and_send_pubkey: no mutual signature supported
nx@127.0.0.1: Permission denied (publickey,password).
Fatal error: Could not connect to NX Server.

You need to add string: "PubkeyAcceptedKeyTypes=+ssh-dss" to file /etc/ssh/ssh_config too.

Aha, thanks! this one made nxsetup --test succeed correctly!

But since it seems nxclient gets past that, successfully listing active session, can i assume the sshd part is correct now?

Yes, it seems to be ok here.

Now look at /home/$user/.xsession-errors:XXXXX. May be you need to give full path for "startlxqt".

Otnerwise please setup NX_LOG_LEVEL=1 in /etc/nxserver/node.conf.d/03-logging.conf, run nxsetup --mkdb. Then see log files and sessions log dirs at /home/$user/.nx/

Thanks, after doing that, by looking at the logs, the issue appears to be
Sorry, user nx is not allowed to execute '/bin/bash -c /usr/bin/nxnode --startsession' as <myuser> on <hostname>.
Not sure though how to give permission?

My /etc/sudoers.d/nxserver looks like:

$ sudo cat /etc/sudoers.d/nxserver 
Defaults:nx targetpw,passwd_tries=1,timestamp_timeout=0.3,umask=0777
nx    ALL= (%users) /bin/bash -c /usr/bin/nxnode *

User_Alias      ADMINS = %nxadmin
User_Alias      USERS = %users

ADMINS  ALL= NOPASSWD: /bin/bash -c /usr/bin/nxserver --admin
USERS   ALL= NOPASSWD: /usr/sbin/lpadmin

USERS   ALL= NOPASSWD: /sbin/mount.cifs
USERS   ALL= NOPASSWD: /bin/umount

[dimbor-ru]

Not sure though how to give permission?

The next steps depend on the specifics of your Linux distribution.
Check output of command: sudo -l -U nx

• in file /etc/sudoers must be present string: '#includedir /etc/sudoers.d'
  (with #)
• real user must be in a group 'users'
• user 'nx' must be in a group 'sudo' or 'wheel'
• others googled reasons for youre system

[paoletto]

Not sure though how to give permission?

Тow the steps depend on the features of your Linux distribution. Check output of command: sudo -l -U nx

* in file /etc/sudoers must be present string: '#includedir /etc/sudoers.d'
  (with #)

* real user must be in a group 'users'

* user 'nx' must be in a group 'sudo' or 'wheel'

* others googled reasons for youre system

Thanks! i had indeed both nx and local users not in the required groups. I suppose this used to be in post_install scripts or something. Anyway now i added nx to sudo and local users to users and i got past that.
However the display connection terminates immediately after the window is formed without even the time to show content.

for the records, i'm on ubuntu 22.04, and also the include line in the /etc/sudoers file starts with @ (@include).

this is the whole log block for a connection (to be safe i chose "run the console" instead of custom command, after apt install xterm), that i cannot make much sense of.
The same happens with all custom commands i tried (i also tried wmaker, in addition to gnome-session, startlxqt, etc)

[24.08 13:46:34.985: 122839/122839] -- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND=
[24.08 13:46:34.986: 122839/122839] HELLO NXSERVER - Version 3.5.0-2.1.1-CE OS (GPL, using backend: 3.5.99.27)
[24.08 13:46:34.986: 122839/122839] NX> 105[24.08 13:46:35.019: 122839/122839] hello NXCLIENT - Version 3.5.0
[24.08 13:46:35.023: 122839/122839] NX> 134 Accepted protocol: 3.5.0
[24.08 13:46:35.025: 122839/122839] NX> 105[24.08 13:46:35.028: 122839/122839] SET SHELL_MODE SHELL
[24.08 13:46:35.030: 122839/122839] NX> 105[24.08 13:46:35.032: 122839/122839] SET AUTH_MODE PASSWORD
[24.08 13:46:35.033: 122839/122839] NX> 105[24.08 13:46:35.034: 122839/122839] login
[24.08 13:46:35.036: 122839/122839] NX> 101 User:[24.08 13:46:35.122: 122839/122839] paolo2
[24.08 13:46:35.124: 122839/122839] NX> 102 Password:
[24.08 13:46:35.222: 122839/122839] Info: Auth method:[24.08 13:46:35.225: 122839/122839] su[24.08 13:46:35.274: 122839/122839] NX> 103 Welcome to: yogak user: paolo2
[24.08 13:46:35.277: 122839/122839] NX> 105[24.08 13:46:35.327: 122839/122839] > listsession --user="paolo2" --status="suspended,running" --geometry="2560x1440x24+render" --type="unix-console"
NX> 127 Sessions list of user 'paolo2' for reconnect:

Display Type             Session ID                       Options  Depth Screen         Status      Session Name
------- ---------------- -------------------------------- -------- ----- -------------- ----------- ------------------------------


NX> 148 Server capacity: not reached for user: paolo2
[24.08 13:46:35.348: 122839/122839] NX> 105[24.08 13:46:38.740] [24.08 13:46:38.743] startsession --virtualdesktop="1" --link="adsl" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="localhost" --type="unix-console" --geometry="1024x768+768+320" --client="linux" --keyboard="pc102/no" --screeninfo="1024x768x24+render"

[24.08 13:46:38.774] &virtualdesktop=1&link=adsl&backingstore=1&encryption=1&cache=16M&images=64M&shmem=1&shpix=1&strict=0&composite=1&media=0&session=localhost&type=unix-console&geometry=1024x768+768+320&client=linux&keyboard=pc102/no&screeninfo=1024x768x24+render&clientproto=3.5.0&login_method=SU&user=paolo2&userip=127.0.0.1&session_id=6FBA22C1498CE9AEFEBF8814D80409E9&display=2000&host=127.0.0.1
NX> 1000 NXNODE - Version 3.5.0-2.1.1-CE OS (GPL, using backend: 3.5.99.27)
[24.08 13:46:38.912: 122839/123161] server_nxnode_echo >&1: NX> 1000 NXNODE - Version 3.5.0-2.1.1-CE OS (GPL, using backend: 3.5.99.27)
NX> 733 Agent pid: 123441:
NX> 1009 Session status: starting
[24.08 13:46:38.936: 122839/123161] server_nxnode_echo >&1: NX> 733 Agent pid: 123441:
[24.08 13:46:38.936: 122839/123161] server_nxnode_start_wait: set status 6FBA22C1498CE9AEFEBF8814D80409E9: Starting
NX> 700 Session id: yogak-2000-6FBA22C1498CE9AEFEBF8814D80409E9
NX> 705 Session display: 2000
NX> 703 Session type: unix-console
NX> 701 Proxy cookie: a32876fb060129e65e66fbf94ea7f075
NX> 702 Proxy IP: 127.0.0.1
NX> 706 Agent cookie: a32876fb060129e65e66fbf94ea7f075
NX> 704 Session cache: unix-console
NX> 707 SSL tunneling: 1
NX> 710 Session status: running
NX> 1002 Commit
NX> 1006 Session status: running
[24.08 13:46:38.942: 122839/123161] server_nxnode_echo >&1: NX> 700 Session id: yogak-2000-6FBA22C1498CE9AEFEBF8814D80409E9
NX> 705 Session display: 2000
NX> 703 Session type: unix-console
NX> 701 Proxy cookie: a32876fb060129e65e66fbf94ea7f075
NX> 702 Proxy IP: 127.0.0.1
NX> 706 Agent cookie: a32876fb060129e65e66fbf94ea7f075
NX> 704 Session cache: unix-console
NX> 707 SSL tunneling: 1
NX> 710 Session status: running
[24.08 13:46:38.943: 122839/122839] NX> 105[24.08 13:46:38.943: 122839/123161] server_nxnode_start_wait: set status 6FBA22C1498CE9AEFEBF8814D80409E9: Running
[24.08 13:46:39.042: 122839/122839] > bye
[24.08 13:46:39.044: 122839/122839] Bye
[24.08 13:46:39.046: 122839/122839] NX> 999 Bye
[24.08 13:46:39.048: 122839/122839] Session stage: proxy display starting 127.0.0.1:6000
NX> 1009 Session status: terminating
[24.08 13:46:42.588: 122839/123161] server_nxnode_start_wait: set status 6FBA22C1498CE9AEFEBF8814D80409E9: Terminating

[paoletto]

In fact, I still would like to bring the freenx-server to Debian some time...

would that require also bringing all the arctica-project nx libraries as well?

[dimbor-ru]

would that require also bringing all the arctica-project nx libraries as well?

This need package depends + nxdialog if he not stay in depends.

Now look at /home/$user/.xsession-errors:XXXXX. May be you need to give full path for "startlxqt".

File is present? If session trying to start, it should be.

[paoletto]

Now look at /home/$user/.xsession-errors:XXXXX. May be you need to give full path for "startlxqt".

File is present? If session trying to start, it should be.

Yes, and i both tried with startlxqt and /usr/bin/startlxqt (same with wmaker and the others).
I get a black window titled paolo2@yogak:2000 - localhost (GPL edition) that stays up one maybe two seconds and then closes

[dimbor-ru]

Then see log files and sessions log dirs at /home/$user/.nx/

x-server session log locate at "?-hostname-port-sessid/session"
nxnode log placed in nxnode-sessid.log (in case NX_LOG_LEVEL=1)
Let me to show their.

[dimbor-ru]

plus /home/$user/.xsession-errors:port

[paoletto]

plus /home/$user/.xsession-errors:port

Thanks for the suggestion! The problem was actually reported there:
/usr/bin/dbus-launch: No such file or directory

I installed dbus-x11 through apt, and now i can start sessions :-)
I suppose this should be a dependency of the package?

Many thanks, in any case! 🙇