From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 23 01:02:14 2022 Received: (at 58014) by debbugs.gnu.org; 23 Sep 2022 05:02:14 +0000 Received: from localhost ([127.0.0.1]:39053 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1obapI-00056b-My for submit@debbugs.gnu.org; Fri, 23 Sep 2022 01:02:14 -0400 Received: from mail-qk1-f175.google.com ([209.85.222.175]:42536) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1obapF-00054z-Gd for 58014@debbugs.gnu.org; Fri, 23 Sep 2022 01:02:10 -0400 Received: by mail-qk1-f175.google.com with SMTP id d15so7604483qka.9 for <58014@debbugs.gnu.org>; Thu, 22 Sep 2022 22:02:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date; bh=YrorYe90Kub66keRTh+v0ojqYIYCWNFXJbF56CN4jdY=; b=qRMxldOT14zFVO4eRUPyN/u2k8glxotIi5dNskuU3onfHO3wEM73DL8mo5kUqgCi02 Ke+/nYBLaj9k6E9CJMTq+E0OvjsiHMtwh9VhUxSSqPTADrTpGO+hfiUqBh2fcS3I/9q2 h4oBAcpQHkKn+btcG6gG2EsR9gCLY1v29C3TjavqAvVNdqrWysDSrjdzuJRDh4mkDPWZ IsvSyRgUZhWfXIIL8hVuZfdLltdkuKmctsV3UJuTKeWx31V8hbrj82v1aO5MWKNMUaw7 z2YXwrmMEZTzIyOsImE5+vPmNZJnWmah9sN6wxuapXVakQK/0s14A0e5O/jY58vk1Qkr XyDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=YrorYe90Kub66keRTh+v0ojqYIYCWNFXJbF56CN4jdY=; b=VoBuqZ6JTdCR+2ANT63Y57ZP6AjqoFPf5vlOtynimndpoCjcDBY20Lp95lVM8v3a5k V+OnbCllbdtx9N2JBmJHQjHyCq/iI2zeVVpYcSTDd7RF20s2s/45vkT0lObk0OLjXkJV xEf4ews0R4qShdg1VXmn8vGiuEaDI7cHNQuc16w1YPcEwbhk7IRLN9LLngADPUibAQ1g vi7W3bHyGKtwy5rwQobqG5E4Ry/d/Fp2cz9Z6Kto6+wSolkhNGRbQXEhHULCol2KPtXY qH+SPIThu3AfMkeWfUIo3Sc4ji0zQ5emk2RXaBQ7oYY+QrZqBvaykPYUTmngK6MUwh7I H7iA== X-Gm-Message-State: ACrzQf2FXGXAUcU2L8mgvmct/ujupgp4LPdWEPNLh0hlPYq3A4pV2XbZ x/QfHuPcIj7kMKm6fKTtJ5WA+h6778k= X-Google-Smtp-Source: AMsMyM6J9NgML5Amu6UCOoWlgvxlWwXpsXWlQxZS8wKfkNm88SPsoLFLAdglh2CSKCV0XEW37g0e6g== X-Received: by 2002:a05:620a:2e5:b0:6cf:6307:7d22 with SMTP id a5-20020a05620a02e500b006cf63077d22mr3893562qko.463.1663909323333; Thu, 22 Sep 2022 22:02:03 -0700 (PDT) Received: from localhost.localdomain ([2607:fad8:4:3::1001]) by smtp.gmail.com with ESMTPSA id de4-20020a05620a370400b006bbb07ebd83sm5263534qkb.108.2022.09.22.22.02.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Sep 2022 22:02:02 -0700 (PDT) From: Maxim Cournoyer To: 58014@debbugs.gnu.org Subject: [PATCH 15/15] services: Add xvnc-service-type. Date: Fri, 23 Sep 2022 01:00:42 -0400 Message-Id: <20220923050042.29893-15-maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220923050042.29893-1-maxim.cournoyer@gmail.com> References: <20220923050042.29893-1-maxim.cournoyer@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58014 Cc: Maxim Cournoyer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/vnc.scm: New file. * gnu/tests/vnc.scm: Likewise. * gnu/local.mk: Register them. --- doc/guix.texi | 163 +++++++++++++++++++++++++++- gnu/local.mk | 2 + gnu/services/vnc.scm | 247 +++++++++++++++++++++++++++++++++++++++++++ gnu/tests/vnc.scm | 200 +++++++++++++++++++++++++++++++++++ 4 files changed, 608 insertions(+), 4 deletions(-) create mode 100644 gnu/services/vnc.scm create mode 100644 gnu/tests/vnc.scm diff --git a/doc/guix.texi b/doc/guix.texi index b04ec25399..26dcc7fdbe 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17514,6 +17514,7 @@ declaration. * Web Services:: Web servers. * Certificate Services:: TLS certificates via Let's Encrypt. * DNS Services:: DNS daemons. +* VNC Services:: VNC daemons. * VPN Services:: VPN daemons. * Network File System:: NFS related services. * Continuous Integration:: Cuirass and Laminar services. @@ -21005,6 +21006,7 @@ started by the @dfn{login manager}, by default the GNOME Display Manager (GDM). @cindex GDM @cindex GNOME, login manager +@anchor{gdm} GDM of course allows users to log in into window managers and desktop environments other than GNOME; for those using GNOME, GDM is required for features such as automatic screen locking. @@ -21306,6 +21308,7 @@ Relogin after logout. @cindex lightdm, graphical login manager @cindex display manager, lightdm +@anchor{lightdm} @defvr {Scheme Variable} lightdm-service-type This is the type of the service to run the @url{https://github.com/canonical/lightdm,LightDM display manager}. Its @@ -21509,10 +21512,11 @@ Extra configuration values to append to the seat configuration section. @cindex Xorg, configuration @deftp {Data Type} xorg-configuration -This data type represents the configuration of the Xorg graphical display -server. Note that there is no Xorg service; instead, the X server is started -by a ``display manager'' such as GDM, SDDM, and SLiM@. Thus, the configuration -of these display managers aggregates an @code{xorg-configuration} record. +This data type represents the configuration of the Xorg graphical +display server. Note that there is no Xorg service; instead, the X +server is started by a ``display manager'' such as GDM, SDDM, LightDM or +SLiM@. Thus, the configuration of these display managers aggregates an +@code{xorg-configuration} record. @table @asis @item @code{modules} (default: @code{%default-xorg-modules}) @@ -30779,6 +30783,157 @@ Defaults to @samp{()}. @c %end of fragment +@node VNC Services +@subsection VNC Services +@cindex VNC (virtual network computing) +@cindex XDMCP (x display manager control protocol) + +The @code{(gnu services vnc)} module provides services related to +@dfn{Virtual Network Computing} (VNC), which makes it possible to +locally use graphical Xorg applications running on a remote machine. +Combined with a graphical manager that supports the @dfn{X Display +Manager Control Protocol}, such as GDM (@pxref{gdm}) or LightDM +(@pxref{lightdm}), it is possible to remote an entire desktop for a +multi-user environment. + +@subsubheading Xvnc + +Xvnc is a VNC server that spawns its own X window server; which means it +can run on headless servers. The Xvnc implementations provided by the +@code{tigervnc-server} and @code{turbovnc} aim to be fast and efficient. + +@defvar {Scheme Variable} xvnc-service-type + +The @code{xvnc-server-type} service can be configured via the +@code{xvnc-configuration} record, documented below. A second virtual +display could be made available on a remote machine for via the +following configuration: +@end defvar + +@lisp +(service xvnc-service-type (xvnc-configuration (display-number 10) +@end lisp + +As a demonstration, the @command{xclock} command could then be started +on the remote machine on display number 10, and it could be display +locally via the @command{vncviewer} command: +@example +# Start xclock on the remote machine. +ssh -L5910:localhost:5910 -- guix shell xclock -- env DISPLAY=:10 xclock +# Access it via VNC. +guix shell tigervnc-client -- vncviewer localhost:5910 +@end example + +The following configuration combines XDMCP and Inetd to allow multiple +users to concurrently use the remote system, login in graphically via +the GDM display manager: + +@lisp +(operating-system + [...] + (services (cons* + [...] + (service xvnc-service-type (xvnc-configuration + (display-number 5) + (localhost? #f) + (xdmcp? #t) + (inetd? #t))) + (modify-services %desktop-services + (gdm-service-type config => (gdm-configuration + (inherit config) + (auto-suspend? #f) + (xdmcp? #t))))))) +@end lisp + +A remote user could then connect to it by using the @command{vncviewer} +command or a compatible VNC client and start a desktop session of their +choosing: +@example +vncviewer remote-host:5905 +@end example + +@quotation Warning +Unless your machine is in a controlled environment, for security +reasons, the @code{localhost?} configuration of the +@code{xvnc-configuration} record should be left to its default @code{#t} +value and exposed via a secure means such as an SSH port forward. The +XDMCP port, UDP 177 should also be blocked from the outside by a +firewall, as it is not a secure protocol and can expose login +credentials in clear. +@end quotation + +@c Use (configuration->documentation 'xvnc-configuration) to regenerate +@c the documentation. +@c %start of fragment +@deftp {Data Type} xvnc-configuration +Available @code{xvnc-configuration} fields are: + +@table @asis +@item @code{xvnc} (default: @code{tigervnc-server}) (type: file-like) +The package that provides the Xvnc binary. + +@item @code{display-number} (default: @code{0}) (type: number) +The display number used by Xvnc. You should set this to a number not +already used a Xorg server. + +@item @code{geometry} (default: @code{"1024x768"}) (type: string) +The size of the desktop to be created. + +@item @code{depth} (default: @code{24}) (type: color-depth) +The pixel depth in bits of the desktop to be created. Accepted values +are 16, 24 or 32. + +@item @code{port} (type: maybe-port) +The port on which to listen for connections from viewers. When left +unspecified, it defaults to 5900 plus the display number. + +@item @code{ipv4?} (default: @code{#t}) (type: boolean) +Use IPv4 for incoming and outgoing connections. + +@item @code{ipv6?} (default: @code{#t}) (type: boolean) +Use IPv6 for incoming and outgoing connections. + +@item @code{password-file} (type: maybe-string) +The password file to use, if any. Refer to vncpasswd(1) to learn how to +generate such a file. + +@item @code{xdmcp?} (default: @code{#f}) (type: boolean) +Query the XDMCP server for a session. This enables users to log in a +desktop session from the login manager screen. For a multiple users +scenario, you'll want to enable the @code{inetd?} option as well, so +that each connection to the VNC server is handled separately rather than +shared. + +@item @code{inetd?} (default: @code{#f}) (type: boolean) +Use an Inetd-style service, which runs the Xvnc server on demand. + +@item @code{frame-rate} (default: @code{60}) (type: number) +The maximum number of updates per second sent to each client. + +@item @code{security-types} (default: @code{("None")}) (type: security-types) +The allowed security schemes to use for incoming connections. The +default is "None", which is safe given that Xvnc is configured to +authenticate the user via the display manager, and only for local +connections. Accepted values are any of the following: ("None" +"VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" "X509None" "X509Vnc") + +@item @code{localhost?} (default: @code{#t}) (type: boolean) +Only allow connections from the same machine. It is set to #true by +default for security, which means SSH or another secure means should be +used to expose the remote port. + +@item @code{log-level} (default: @code{30}) (type: log-level) +The log level, a number between 0 and 100, 100 meaning most verbose +output. The log messages are output to syslog. + +@item @code{extra-options} (default: @code{()}) (type: strings) +This can be used to provide extra Xvnc options not exposed via this + record. + +@end table + +@end deftp +@c %end of fragment @node VPN Services @subsection VPN Services diff --git a/gnu/local.mk b/gnu/local.mk index ef1bae5f3c..eaccf763c7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -689,6 +689,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/sysctl.scm \ %D%/services/telephony.scm \ %D%/services/version-control.scm \ + %D%/services/vnc.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ %D%/services/xorg.scm \ @@ -768,6 +769,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/telephony.scm \ %D%/tests/version-control.scm \ %D%/tests/virtualization.scm \ + %D%/tests/vnc.scm \ %D%/tests/web.scm INSTALLER_MODULES = \ diff --git a/gnu/services/vnc.scm b/gnu/services/vnc.scm new file mode 100644 index 0000000000..15c3c14fee --- /dev/null +++ b/gnu/services/vnc.scm @@ -0,0 +1,247 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services vnc) + #:use-module (gnu packages vnc) + #:use-module ((gnu services) #:hide (delete)) + #:use-module (gnu system shadow) + #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) + #:use-module (guix gexp) + #:use-module (guix records) + + #:export (xvnc-configuration + xvnc-configuration-xvnc + xvnc-configuration-display-number + xvnc-configuration-geometry + xvnc-configuration-depth + xvnc-configuration-port + xvnc-configuration-ipv4? + xvnc-configuration-ipv6? + xvnc-configuration-password-file + xvnc-configuration-xdmcp? + xvnc-configuration-inetd? + xvnc-configuration-frame-rate + xvnc-configuration-security-types + xvnc-configuration-localhost? + xvnc-configuration-log-level + xvnc-configuration-extra-options + + xvnc-service-type)) + +;;; +;;; Xvnc. +;;; + +(define (color-depth? x) + (member x '(16 24 32))) + +(define (port? x) + (and (number? x) + (and (>= x 0) (<= x 65535)))) + +(define-maybe/no-serialization port) + +(define-maybe/no-serialization string) + +(define %security-types '("None" "VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" + "X509None" "X509Vnc")) + +(define (security-type? x) + (member x %security-types)) + +(define (security-types? x) + (and (list? x) + (and-map security-type? x))) + +(define (log-level? x) + (and (number? x) + (and (>= x 0) (<= x 100)))) + +(define (strings? x) + (and (list? x) + (and-map string? x))) + +(define-configuration/no-serialization xvnc-configuration + (xvnc + (file-like tigervnc-server) + "The package that provides the Xvnc binary.") + (display-number + (number 0) + "The display number used by Xvnc. You should set this to a number not +already used by a Xorg server. When remoting a complete desktop session via +XDMCP and using a compatible VNC viewer as provided by the +@code{tigervnc-client} or @code{turbovnc} packages, the geometry is +automatically adjusted.") + (geometry + (string "1024x768") + "The size of the desktop to be created.") + (depth + (color-depth 24) + "The pixel depth in bits of the desktop to be created. Accepted values are +16, 24 or 32.") + (port + maybe-port + "The port on which to listen for connections from viewers. When left +unspecified, it defaults to 5900 plus the display number.") + (ipv4? + (boolean #t) + "Use IPv4 for incoming and outgoing connections.") + (ipv6? + (boolean #t) + "Use IPv6 for incoming and outgoing connections.") + (password-file + maybe-string + "The password file to use, if any. Refer to vncpasswd(1) to learn how to +generate such a file.") + (xdmcp? + (boolean #f) + "Query the XDMCP server for a session. This enables users to log in a +desktop session from the login manager screen. For a multiple users scenario, +you'll want to enable the @code{inetd?} option as well, so that each +connection to the VNC server is handled separately rather than shared.") + (inetd? + (boolean #f) + "Use an Inetd-style service, which runs the Xvnc server on demand.") + (frame-rate + (number 60) + "The maximum number of updates per second sent to each client.") + (security-types + (security-types (list "None")) + (format #f "The allowed security schemes to use for incoming connections. +The default is \"None\", which is safe given that Xvnc is configured to +authenticate the user via the display manager, and only for local connections. +Accepted values are any of the following: ~s" %security-types)) + (localhost? + (boolean #t) + "Only allow connections from the same machine. It is set to @code{#true} +by default for security, which means SSH or another secure means should be +used to expose the remote port.") + (log-level + (log-level 30) + "The log level, a number between 0 and 100, 100 meaning most verbose +output. The log messages are output to syslog.") + (extra-options + (strings '()) + "This can be used to provide extra Xvnc options not exposed via this + record.")) + +(define (xvnc-configuration->command-line-arguments config) + "Derive the command line arguments to used to launch the Xvnc daemon from +CONFIG, a object." + (match-record config + (xvnc display-number geometry depth port ipv4? ipv6? password-file xdmcp? + inetd? frame-rate security-types localhost? log-level extra-options) + #~(list #$(file-append xvnc "/bin/Xvnc") + #$(format #f ":~a" display-number) + "-geometry" #$geometry + "-depth" #$(number->string depth) + #$@(if inetd? + (list "-inetd") + '()) + #$@(if (not inetd?) + (if (maybe-value-set? port) + (list "-rfbport" (number->string port)) + '()) + '()) + #$@(if (not inetd?) + (if ipv4? + (list "-UseIPv4") + '()) + '()) + #$@(if (not inetd?) + (if ipv6? + (list "-UseIPv6") + '()) + '()) + #$@(if (maybe-value-set? password-file) + (list "-PasswordFile" password-file) + '()) + "-FrameRate" #$(number->string frame-rate) + "-SecurityTypes" #$(string-join security-types ",") + #$@(if localhost? + (list "-localhost") + '()) + "-Log" #$(format #f "*:syslog:~a" log-level) + #$@(if xdmcp? + (list "-query" "localhost" "-once") + '()) + #$@extra-options))) + +(define %xvnc-accounts + (list (user-group + (name "xvnc") + (system? #t)) + (user-account + (name "xvnc") + (group "xvnc") + (system? #t) + (comment "User for Xvnc server")))) + +(define (xvnc-shepherd-service config) + "Return a for Xvnc with CONFIG." + (let* ((display-number (xvnc-configuration-display-number config)) + (port (if (maybe-value-set? (xvnc-configuration-port config)) + (xvnc-configuration-port config) + #f)) + (port* (or port (+ 5900 display-number)))) + (shepherd-service + (provision '(xvnc vncserver)) + (documentation "Run the Xvnc server.") + (requirement '(networking syslogd)) + (start (if (xvnc-configuration-inetd? config) + #~(let* ((inaddr (if #$(xvnc-configuration-localhost? config) + INADDR_LOOPBACK + INADDR_ANY)) + (in6addr (if #$(xvnc-configuration-localhost? config) + IN6ADDR_LOOPBACK + IN6ADDR_ANY)) + (ipv4-socket (and #$(xvnc-configuration-ipv4? config) + (make-socket-address AF_INET inaddr + #$port*))) + (ipv6-socket (and #$(xvnc-configuration-ipv6? config) + (make-socket-address AF_INET6 in6addr + #$port*)))) + (make-inetd-constructor + #$(xvnc-configuration->command-line-arguments config) + `(,@(if ipv4-socket + (list (endpoint ipv4-socket)) + '()) + ,@(if ipv6-socket + (list (endpoint ipv6-socket)) + '())) + #:user "xvnc" + #:group "xvnc")) + #~(make-forkexec-constructor + #$(xvnc-configuration->command-line-arguments config) + #:user "xvnc" + #:group "xvnc"))) + (stop #~(make-inetd-destructor))))) + +(define xvnc-service-type + (service-type + (name 'xvnc) + (default-value (xvnc-configuration)) + (description "Run the Xvnc server, which creates a virtual X11 session and +allow remote clients connecting to it via the remote framebuffer (RFB) +protocol.") + (extensions (list (service-extension + shepherd-root-service-type + (compose list xvnc-shepherd-service)) + (service-extension account-service-type + (const %xvnc-accounts)))))) diff --git a/gnu/tests/vnc.scm b/gnu/tests/vnc.scm new file mode 100644 index 0000000000..34c2db1203 --- /dev/null +++ b/gnu/tests/vnc.scm @@ -0,0 +1,200 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Maxim Cournoyer . +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests vnc) + #:use-module (gnu bootloader) + #:use-module (gnu bootloader grub) + #:use-module (gnu packages) + #:use-module (gnu packages ocr) + #:use-module (gnu packages glib) + #:use-module (gnu services) + #:use-module (gnu services dbus) + #:use-module (gnu services desktop) + #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (gnu services vnc) + #:use-module (gnu services xorg) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system shadow) + #:use-module (gnu system vm) + #:use-module (gnu tests) + #:use-module (guix gexp) + #:use-module (guix modules) + #:export (%test-xvnc)) + +(define %xvnc-os + (operating-system + ;; Usual boilerplate. + (host-name "komputilo") + (timezone "Europe/Berlin") + (locale "en_US.UTF-8") + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/sdX")))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + (users (cons (user-account + (name "dummy") + (group "users") + (supplementary-groups '("wheel" "netdev" + "audio" "video"))) + %base-user-accounts)) + (packages (append (map specification->package + '("dbus" ;for dbus-run-session + "dconf" + "gnome-settings-daemon" ;for schemas + "ratpoison" + "tigervnc-client" + "xterm")) + %base-packages + (list `(,glib "bin") + glib))) + (services (cons* + (service openssh-service-type (openssh-configuration + (permit-root-login #t) + (allow-empty-passwords? #t))) + (service xvnc-service-type (xvnc-configuration + (display-number 5) + (security-types (list "None")) + (log-level 100) + (localhost? #f) + (xdmcp? #t) + (inetd? #t))) + (modify-services %desktop-services + (gdm-service-type config => (gdm-configuration + (inherit config) + (auto-login? #t) + (auto-suspend? #f) + (default-user "root") + (debug? #t) + (xdmcp? #t)))))))) + +(define (run-xvnc-test) + "Run tests in %XVNC-OS." + + (define os (marionette-operating-system + %xvnc-os + #:imported-modules (source-module-closure + '((gnu services herd))))) + + (define vm (virtual-machine + (operating-system os) + (memory-size 1024))) + + (define test + (with-imported-modules (source-module-closure + '((gnu build marionette) + (guix build utils))) + #~(begin + (use-modules (gnu build marionette) + (guix build utils) + (srfi srfi-26) + (srfi srfi-64)) + + (let ((marionette (make-marionette (list #$vm)))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "xvnc") + + (test-assert "service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'xvnc)) + marionette)) + + (test-assert "wait for port 5905, IPv4" + (wait-for-tcp-port 5905 marionette)) + + (test-assert "wait for port 5905, IPv6" + (wait-for-tcp-port 5905 marionette + #:address + '(make-socket-address + AF_INET6 (inet-pton AF_INET6 "::1") 5905))) + + (test-assert "gdm auto-suspend is disabled" + ;; More a GDM than a Xvnc test, but since it's a cross-cutting + ;; concern and we have everything set up here, we might as well + ;; check it here. + (marionette-eval + '(begin + ;; Check that DCONF_PROFILE is set... + (invoke "/bin/sh" "-lc" "\ +pgrep gdm | head -n1 | xargs -I{} grep -Fq DCONF_PROFILE /proc/{}/environ") + + ;; ... and that + (invoke "/bin/sh" "-lc" "\ +sudo -E -u gdm env DCONF_PROFILE=/etc/dconf/profile/gdm dbus-run-session \ +gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type \ +| grep -Fq nothing")) + marionette)) + + (test-assert "vnc lands on the gdm login screen" + ;; This test runs vncviewer on the local VM and verifies that it + ;; manages to access the GDM login screen (via XDMCP). + (begin + (define (ratpoison-abort) + (marionette-control "sendkey ctrl-g" marionette)) + + (define (ratpoison-help) + (marionette-control "sendkey ctrl-t" marionette) + (marionette-type "?" marionette) + (sleep 1)) ;wait for help screen to appear + + (define (ratpoison-exec command) + (marionette-control "sendkey ctrl-t" marionette) + (marionette-type "!" marionette) + (marionette-type (string-append command "\n") marionette)) + + ;; Wait until the ratpoison help screen can be displayed; this + ;; means the window manager is ready. + (wait-for-screen-text marionette + (cut string-contains <> "key bindings") + #:ocr #$(file-append tesseract-ocr + "/bin/tesseract") + #:pre-action ratpoison-help + #:post-action ratpoison-abort) + + ;; Run vncviewer and expect the GDM login screen (accessed via + ;; XDMCP). This can take a while to appear on slower machines. + (ratpoison-exec "vncviewer localhost:5905") + ;; XXX: tesseract narrowly recognizes "Guix" as "uix" from the + ;; background image; ocrad fares worst. Sadly, 'Username' is + ;; not recognized at all. + (wait-for-screen-text marionette + (cut string-contains <> "uix") + #:ocr #$(file-append tesseract-ocr + "/bin/tesseract") + #:timeout 120))) + + (test-end))))) + + (gexp->derivation "xvnc-test" test)) + +(define %test-xvnc + (system-test + (name "xvnc") + (description "Basic tests for the Xvnc service. One of the tests validate +that XDMCP works with GDM, and is therefore heavy in terms of disk and memory +requirements.") + (value (run-xvnc-test)))) -- 2.37.3