From dec79fe35b5be71a43a121a12a044ad9ca1dbc3d Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Mon, 13 Sep 2021 18:00:23 +0200
Subject: [PATCH] Upgrade to focal and better password management
Password persistance now uses a copy of /etc/shadow file instead of
persisting the whole /etc directory. This makes upgrades safer
---
docker-compose.yml | 5 +++--
docker/vnc/Dockerfile | 32 +++++++++++---------------------
docker/vnc/shadow_monitor.sh | 12 ++++++++++++
docker/vnc/start.sh | 9 +++++++++
4 files changed, 35 insertions(+), 23 deletions(-)
create mode 100755 docker/vnc/shadow_monitor.sh
diff --git a/docker-compose.yml b/docker-compose.yml
index 0303740..2f41dcf 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,12 +10,13 @@ services:
USER: ${VNCUSER}
SSL_PORT: 443
PASSWORD: ${PASSWORD}
+ REPO: ${REPO}
expose:
- 443
- 80
volumes:
- vnc_shared:/home/shared
- - etc:/etc
+ - etc_shadow:/opt/shadow
- home:/home
shm_size: '2gb'
cap_add:
@@ -30,7 +31,7 @@ services:
- vnc_shared:/srv/shared/
volumes:
- etc:
+ etc_shadow:
home:
vnc_shared:
external: true
diff --git a/docker/vnc/Dockerfile b/docker/vnc/Dockerfile
index 347536a..80b9bc3 100644
--- a/docker/vnc/Dockerfile
+++ b/docker/vnc/Dockerfile
@@ -1,13 +1,13 @@
-From dorowu/ubuntu-desktop-lxde-vnc:bionic
+From dorowu/ubuntu-desktop-lxde-vnc:focal as tlvnc
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
- autoconf \
aspell-es \
aspell-it \
+ autoconf \
chromium-browser \
cron \
emacs \
@@ -16,20 +16,22 @@ RUN apt-get update \
git-cola \
gnome-system-tools \
imagemagick \
+ inotify-tools \
libaspell-dev \
libreoffice \
- mysql-workbench \
nginx-full \
pandoc \
poppler-utils \
- python-pip \
- python-virtualenv \
python3-pip \
python3-virtualenv \
rename \
- vim-nox
+ vim-nox \
+ wget
-RUN apt-get purge -y x11vnc
+RUN wget https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
+RUN dpkg -i mysql-apt-config_0.8.15-1_all.deb
+RUN apt-get update
+RUN apt-get install -y mysql-workbench-community
RUN update-alternatives --auto convert
RUN update-alternatives --auto identify
@@ -46,20 +48,6 @@ COPY pam_nginx /etc/pam.d/nginx
# Logo
COPY logo.png /usr/local/share
-## Install latest x11vnc
-RUN mkdir -p /opt
-WORKDIR /opt
-RUN git clone git://github.com/LibVNC/x11vnc
-### Download source deps
-RUN sed -i.bak -e 's/^# \(deb-src .*\)$/\1/' /etc/apt/sources.list
-RUN apt-get update
-RUN apt-get build-dep -y x11vnc
-WORKDIR /opt/x11vnc
-RUN git checkout 0.9.15
-RUN autoreconf -fiv
-RUN ./autogen.sh && ./configure && make && make install
-RUN ln -s /usr/local/bin/x11vnc /usr/bin/x11vnc
-
# Add xlaunch script
COPY xlaunch.sh /opt/
RUN chmod +x /opt/xlaunch.sh
@@ -74,4 +62,6 @@ RUN date > /build_date
COPY start.sh /tlstart.sh
RUN chmod +x /tlstart.sh
+COPY shadow_monitor.sh /
+
ENTRYPOINT ["/tlstart.sh"]
diff --git a/docker/vnc/shadow_monitor.sh b/docker/vnc/shadow_monitor.sh
new file mode 100755
index 0000000..805d5cc
--- /dev/null
+++ b/docker/vnc/shadow_monitor.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+sleep 10
+
+while true; do
+ modif=$(inotifywait --event move /etc)
+ echo "Modif : '$modif'"
+ if [ ! -z "$(echo $modif | grep 'MOVED_FROM nshadow')" ]; then
+ echo "Shadow file has changed"
+ sync
+ cp /etc/shadow /opt/shadow/shadow
+ fi
+done
diff --git a/docker/vnc/start.sh b/docker/vnc/start.sh
index da51439..32dcaad 100644
--- a/docker/vnc/start.sh
+++ b/docker/vnc/start.sh
@@ -219,5 +219,14 @@ fi
# Automatically reconnect on connection drop
sed -i -e 's/\(autoconnect=1\)/\1\&reconnect=1/' /usr/local/lib/web/frontend/static/js/app.1f2067be7db4becef715.js
+if [ -f "/opt/shadow/shadow" ]
+then
+ echo "Copying shadow file"
+ cp /opt/shadow/shadow /etc/shadow
+ sync
+fi
+
+/shadow_monitor.sh &
+
# run final exec
exec /start.sh
--
GitLab