publicWagsHome/KasmVNC
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rpm: create certificate on postinst, remove on postrm

Browse Source
This commit is contained in:
Dmitry Maksyoma
2021-02-12 18:11:27 +13:00
parent b97633ca10
commit e9e7ecd74d
5 changed files with 35 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
builder/dockerfile.centos_core.barebones.rpm.test
View File

@@ -10,12 +10,11 @@ RUN yum localinstall -y /tmp/*.rpm
RUN useradd -m foo RUN useradd -m foo
USER foo USER foo:kasmvnc
RUN mkdir -p ~/.config/openbox && echo xterm > ~/.config/openbox/autostart && chmod +x ~/.config/openbox/autostart RUN mkdir -p ~/.config/openbox && echo xterm > ~/.config/openbox/autostart && chmod +x ~/.config/openbox/autostart
RUN mkdir ~/.vnc && echo '/usr/bin/openbox-session &' >> ~/.vnc/xstartup && \ RUN mkdir ~/.vnc && echo '/usr/bin/openbox-session &' >> ~/.vnc/xstartup && \
chmod +x ~/.vnc/xstartup chmod +x ~/.vnc/xstartup
RUN openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $HOME/.vnc/self.pem -out $HOME/.vnc/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
RUN echo bar | kasmvncpasswd -f > $HOME/.kasmpasswd && chmod 0600 $HOME/.kasmpasswd RUN echo bar | kasmvncpasswd -f > $HOME/.kasmpasswd && chmod 0600 $HOME/.kasmpasswd
ENTRYPOINT bash -c "vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert $HOME/.vnc/self.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log " ENTRYPOINT bash -c "vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "

2
builder/dockerfile.centos_core.rpm.test
View File

@@ -52,7 +52,7 @@ RUN yum localinstall -y /tmp/*.rpm
### END CUSTOM STUFF ### ### END CUSTOM STUFF ###
RUN chown -R 1000:0 $HOME RUN chown -R 1000:0 $HOME
USER 1000 USER 1000:kasmvnc
WORKDIR $HOME WORKDIR $HOME
RUN mkdir ~/.vnc && echo '/usr/bin/xfce4-session &' >> ~/.vnc/xstartup && \ RUN mkdir ~/.vnc && echo '/usr/bin/xfce4-session &' >> ~/.vnc/xstartup && \

12
builder/startup/vnc_startup.sh
View File

@@ -21,12 +21,14 @@ detect_www_dir() {
detect_cert_location() { detect_cert_location() {
local tarball_cert="$HOME/.vnc/self.pem" local tarball_cert="$HOME/.vnc/self.pem"
local package_cert="/etc/ssl/certs/ssl-cert-snakeoil.pem" local deb_cert="/etc/ssl/certs/ssl-cert-snakeoil.pem"
local package_key="/etc/ssl/private/ssl-cert-snakeoil.key" local deb_key="/etc/ssl/private/ssl-cert-snakeoil.key"
local use_cert= local rpm_cert="/etc/pki/tls/private/kasmvnc.pem"
if [[ -f "$package_cert" ]]; then if [[ -f "$deb_cert" ]]; then
cert_option="-cert $package_cert -key $package_key" cert_option="-cert $deb_cert -key $deb_key"
elif [[ -f "$rpm_cert" ]]; then
cert_option="-cert $rpm_cert"
else else
cert_option="-cert $tarball_cert" cert_option="-cert $tarball_cert"
fi fi

2
builder/test-rpm-barebones
View File

@@ -9,7 +9,5 @@ os_codename="core"
docker build --build-arg KASMVNC_PACKAGE_DIR="build/${os}_${os_codename}" \ docker build --build-arg KASMVNC_PACKAGE_DIR="build/${os}_${os_codename}" \
-t kasmvnctester_barebones_${os}:$os_codename \ -t kasmvnctester_barebones_${os}:$os_codename \
-f dockerfile.${os}_${os_codename}.barebones.rpm.test . -f dockerfile.${os}_${os_codename}.barebones.rpm.test .
echo
echo "You will be asked to set password. User name is docker."
docker run -it -p 443:8443 --rm -e "VNC_USER=foo" -e "VNC_PW=bar" \ docker run -it -p 443:8443 --rm -e "VNC_USER=foo" -e "VNC_PW=bar" \
kasmvnctester_barebones_${os}:$os_codename kasmvnctester_barebones_${os}:$os_codename

26
centos/kasmvncserver.spec
View File

@@ -40,7 +40,29 @@ DESTDIR=$RPM_BUILD_ROOT make -f /src/debian/Makefile.to_fakebuild_tar_package in
--slave "$mandir/man1/$generic_command.1.gz" "$generic_command.1.gz" \ --slave "$mandir/man1/$generic_command.1.gz" "$generic_command.1.gz" \
"$mandir/man1/$kasm_command.1.gz" "$mandir/man1/$kasm_command.1.gz"
done done
;;
kasmvnc_group="kasmvnc"
create_kasmvnc_group() {
if ! getent group "$kasmvnc_group" >/dev/null; then
groupadd --system "$kasmvnc_group"
fi
}
make_self_signed_certificate() {
local cert_file=/etc/pki/tls/private/kasmvnc.pem
[ -f "$cert_file" ] && return 0
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout "$cert_file" \
-out "$cert_file" -subj \
"/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
chgrp "$kasmvnc_group" "$cert_file"
chmod 640 "$cert_file"
}
create_kasmvnc_group
make_self_signed_certificate
%postun %postun
bindir=/usr/bin bindir=/usr/bin
@@ -51,3 +73,5 @@ DESTDIR=$RPM_BUILD_ROOT make -f /src/debian/Makefile.to_fakebuild_tar_package in
generic_command=`echo "$kasm_command" | sed -e 's/kasm//'`; generic_command=`echo "$kasm_command" | sed -e 's/kasm//'`;
update-alternatives --remove "$generic_command" "$bindir/$kasm_command" update-alternatives --remove "$generic_command" "$bindir/$kasm_command"
done done
rm -f /etc/pki/tls/private/kasmvnc.pem