From 282493792050747ef2e90ac4ce164045aad67d7a Mon Sep 17 00:00:00 2001 From: Bojan Smojver Date: Apr 03 2017 22:49:00 +0000 Subject: Do not attempt xrdp restarts, may cause dnf transaction problems. Stop depending on Xorg server, xorgxrdp already does. Add README.Fedora. --- diff --git a/README.Fedora b/README.Fedora new file mode 100644 index 0000000..91d1636 --- /dev/null +++ b/README.Fedora @@ -0,0 +1,29 @@ +Restarts +======== + +Service restarts after RPM package upgrades have been disabled on purpose. +This is to avoid a situation where an update is performed from within a +session running on xrdp, which can then cause dnf to only perform part of the +transaction and leave the system in a state that requires further manual +intervention, including removal of duplicate packages etc. + +So, it will be up to the user/admin to restart xrdp service after any RPM +package upgrade. This is in line with what other GUI systems like Xorg and +Wayland do. + +xorgxrdp +======== + +On Fedora, /usr/bin/Xorg is a script that starts either +/usr/libexec/Xorg.wrap, which is a SUID binary, or /usr/libexec/Xorg, if the +former does not exist. Xrdp binary makes sure that SUID of the Xorg.wrap +binary is not obeyed. + +However, the Xorg.wrap has an additional hurdle to clear, because by default, +it will only allow users logged into the console to start it. + +So, in order to run the Xorg xrdp session via xrogxrdp, normally a user +account not logged onto the console will be used. To avoid Xorg.wrap refusing +to run, put the following into /etc/X11/Xwrapper.config: + +allowed_users = anybody diff --git a/xrdp.spec b/xrdp.spec index 0dbd94c..b8c8657 100644 --- a/xrdp.spec +++ b/xrdp.spec @@ -4,7 +4,7 @@ Summary: Open source remote desktop protocol (RDP) server Name: xrdp Epoch: 1 Version: 0.9.2 -Release: 2%{?dist} +Release: 3%{?dist} License: ASL 2.0 Group: Applications/Internet URL: http://www.xrdp.org/ @@ -13,6 +13,7 @@ Source1: xrdp-sesman.pamd Source2: xrdp.sysconfig Source3: xrdp.logrotate Source4: openssl.conf +Source5: README.Fedora Patch0: xrdp-0.9.1-sesman.patch Patch1: xrdp-0.9.2-xrdp-ini.patch Patch2: xrdp-0.9.2-service.patch @@ -32,7 +33,6 @@ BuildRequires: nasm Requires: tigervnc-server-minimal # xorgxrdp is another back end (small, so require it too) Requires: xorgxrdp -Requires: xorg-x11-server-Xorg Requires: xorg-x11-xinit Requires(post): systemd @@ -55,6 +55,7 @@ talk to xrdp. %prep %autosetup -p1 +%{__cp} %{SOURCE5} . # create 'bash -l' based startwm, to pick up PATH etc. echo '#!/bin/bash -l @@ -120,11 +121,9 @@ fi chmod 400 %{_sysconfdir}/xrdp/cert.pem chmod 400 %{_sysconfdir}/xrdp/key.pem -systemctl try-restart xrdp.service >/dev/null 2>&1 || : - %files -%doc COPYING *.txt +%doc COPYING *.txt README.Fedora %dir %{_libdir}/xrdp %dir %{_sysconfdir}/xrdp %dir %{_sysconfdir}/xrdp/pulse @@ -190,7 +189,12 @@ systemctl try-restart xrdp.service >/dev/null 2>&1 || : %{_libdir}/pkgconfig/rfxcodec.pc %changelog -* Fri Mar 31 2017 Bojan Smojver - 1:0.9.2-2 +* Tue Apr 4 2017 Bojan Smojver - 1:0.9.2-3 +- Do not attempt xrdp restarts, may cause dnf transaction problems +- Stop depending on Xorg server, xorgxrdp already does +- Add README.Fedora + +* Mon Apr 3 2017 Bojan Smojver - 1:0.9.2-2 - Stop using /usr/libexec/Xorg, not present on EL7 * Fri Mar 31 2017 Bojan Smojver - 1:0.9.2-1