diff --git a/.editorconfig b/.editorconfig old mode 100755 new mode 100644 diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/issue.bug.yml b/.github/ISSUE_TEMPLATE/issue.bug.yml old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/issue.feature.yml b/.github/ISSUE_TEMPLATE/issue.feature.yml old mode 100755 new mode 100644 diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml old mode 100755 new mode 100644 index 2c307843..d07cf121 --- a/.github/workflows/call_issue_pr_tracker.yml +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -8,6 +8,9 @@ on: pull_request_review: types: [submitted,edited,dismissed] +permissions: + contents: read + jobs: manage-project: permissions: diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml old mode 100755 new mode 100644 index fd9434ca..5033f110 --- a/.github/workflows/call_issues_cron.yml +++ b/.github/workflows/call_issues_cron.yml @@ -4,6 +4,9 @@ on: - cron: '10 17 * * *' workflow_dispatch: +permissions: + contents: read + jobs: stale: permissions: diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml old mode 100755 new mode 100644 index 9510bb42..99e1f13f --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -3,6 +3,9 @@ name: External Trigger Main on: workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-master: runs-on: ubuntu-latest diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml old mode 100755 new mode 100644 index d46c9a49..83789a13 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -5,6 +5,9 @@ on: - cron: '58 * * * *' workflow_dispatch: +permissions: + contents: read + jobs: external-trigger-scheduler: runs-on: ubuntu-latest diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml old mode 100755 new mode 100644 index 8dd18b9c..10e6bc01 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -2,8 +2,14 @@ name: Greetings on: [pull_request_target, issues] +permissions: + contents: read + jobs: greeting: + permissions: + issues: write + pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/first-interaction@v1 diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml old mode 100755 new mode 100644 index 672e2594..de54f02e --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -5,6 +5,9 @@ on: - cron: '9 23 * * 0' workflow_dispatch: +permissions: + contents: read + jobs: package-trigger-scheduler: runs-on: ubuntu-latest diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml old mode 100755 new mode 100644 diff --git a/Jenkinsfile b/Jenkinsfile index 61b598b2..9415e2b4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -94,7 +94,11 @@ pipeline { env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml' + if ( env.SYFT_IMAGE_TAG == null ) { + env.SYFT_IMAGE_TAG = 'latest' + } } + echo "Using syft image tag ${SYFT_IMAGE_TAG}" sh '''#! /bin/bash echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' script{ @@ -778,7 +782,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:latest \ + ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" @@ -888,6 +892,7 @@ pipeline { -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ -e NODE_NAME=\"${NODE_NAME}\" \ + -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \ -t ghcr.io/linuxserver/ci:latest \ python3 test_build.py''' } @@ -986,7 +991,7 @@ pipeline { "target_commitish": "master",\ "name": "'${META_TAG}'",\ "body": "**CI Report:**\\n\\n'${CI_URL:-N/A}'\\n\\n**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start - printf '","draft": false,"prerelease": false}' >> releasebody.json + printf '","draft": false,"prerelease": true}' >> releasebody.json paste -d'\\0' start releasebody.json > releasebody.json.done curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done''' } diff --git a/README.md b/README.md index d69fd9f1..67b11068 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,6 @@ [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") [![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.") [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.") -[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.") [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.") [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget") @@ -22,7 +21,6 @@ Find us at: * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! * [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team. * [Discourse](https://discourse.linuxserver.io) - post on our community forum. -* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images. * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories. * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget @@ -55,7 +53,6 @@ The architectures supported by this image are: | :----: | :----: | ---- | | x86-64 | ✅ | amd64-\ | | arm64 | ✅ | arm64v8-\ | -| armhf | ❌ | | ## Version Tags diff --git a/jenkins-vars.yml b/jenkins-vars.yml index 00f49a94..18cdc8b9 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -3,7 +3,7 @@ # jenkins variables project_name: docker-rdesktop external_type: os -release_type: stable +release_type: prerelease release_tag: latest ls_branch: master repo_vars: diff --git a/readme-vars.yml b/readme-vars.yml index 531236e2..123036ad 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -1,226 +1,11 @@ ---- - # project information project_name: rdesktop -project_url: "http://xrdp.org/" -project_logo: "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/rdesktop.png" -project_blurb: | - [{{ project_name|capitalize }}]({{ project_url }}) - Containers containing full desktop environments in many popular flavors for Alpine, Ubuntu, Arch, and Fedora accessible via RDP. project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" -project_categories: "Remote Desktop" -# supported architectures -available_architectures: - - {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} - - {arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} -# development version -development_versions: true -development_versions_items: - - {tag: "latest", desc: "XFCE Alpine"} - - {tag: "ubuntu-xfce", desc: "XFCE Ubuntu"} - - {tag: "fedora-xfce", desc: "XFCE Fedora"} - - {tag: "arch-xfce", desc: "XFCE Arch"} - - {tag: "debian-xfce", desc: "XFCE Debian"} - - {tag: "alpine-kde", desc: "KDE Alpine"} - - {tag: "ubuntu-kde", desc: "KDE Ubuntu"} - - {tag: "fedora-kde", desc: "KDE Fedora"} - - {tag: "arch-kde", desc: "KDE Arch"} - - {tag: "debian-kde", desc: "KDE Debian"} - - {tag: "alpine-mate", desc: "MATE Alpine"} - - {tag: "ubuntu-mate", desc: "MATE Ubuntu"} - - {tag: "fedora-mate", desc: "MATE Fedora"} - - {tag: "arch-mate", desc: "MATE Arch"} - - {tag: "debian-mate", desc: "MATE Debian"} - - {tag: "alpine-i3", desc: "i3 Alpine"} - - {tag: "ubuntu-i3", desc: "i3 Ubuntu"} - - {tag: "fedora-i3", desc: "i3 Fedora"} - - {tag: "arch-i3", desc: "i3 Arch"} - - {tag: "debian-i3", desc: "i3 Debian"} - - {tag: "alpine-openbox", desc: "Openbox Alpine"} - - {tag: "ubuntu-openbox", desc: "Openbox Ubuntu"} - - {tag: "fedora-openbox", desc: "Openbox Fedora"} - - {tag: "arch-openbox", desc: "Openbox Arch"} - - {tag: "debian-openbox", desc: "Openbox Debian"} - - {tag: "alpine-icewm", desc: "IceWM Alpine"} - - {tag: "ubuntu-icewm", desc: "IceWM Ubuntu"} - - {tag: "fedora-icewm", desc: "IceWM Fedora"} - - {tag: "arch-icewm", desc: "IceWM Arch"} - - {tag: "debian-icewm", desc: "IceWM Debian"} -# container parameters -param_container_name: "{{ project_name }}" -param_usage_include_ports: true -param_ports: - - {external_port: "3389", internal_port: "3389", port_desc: "RDP access port"} -# optional variables -opt_param_usage_include_vols: true -opt_param_volumes: - - {vol_path: "/var/run/docker.sock", vol_host_path: "/var/run/docker.sock", desc: "Docker Socket on the system, if you want to use Docker in the container"} - - {vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/data", desc: "abc users home directory"} -opt_custom_params: - - {name: "shm-size", name_compose: "shm_size", value: "1gb", desc: "We set this to 1 gig to prevent modern web browsers from crashing"} -opt_security_opt_param: true -opt_security_opt_param_vars: - - {run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function as syscalls are unknown to Docker"} -opt_param_device_map: true -opt_param_devices: - - {device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "Add this for GL support (Linux hosts only)"} -# application setup block -app_setup_block_enabled: true -app_setup_block: | - **The Default USERNAME and PASSWORD is: abc/abc** - - **Unlike our other containers these Desktops are not designed to be upgraded by Docker, you will keep your home directory but anything you installed system level will be lost if you upgrade an existing container. To keep packages up to date instead use Ubuntu's own apt, Alpine's apk, Fedora's dnf, or Arch's pacman program** - - You will need a Remote Desktop client to access this container [Wikipedia List](https://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software), by default it listens on 3389, but you can change that port to whatever you wish on the host side IE `3390:3389`. - The first thing you should do when you login to the container is to change the abc users password by issuing the `passwd` command. - - **Modern GUI desktop apps (including some flavors terminals) have issues with the latest Docker and syscall compatibility, you can use Docker with the `--security-opt seccomp=unconfined` setting to allow these syscalls or try [podman](https://podman.io/) as they have updated their codebase to support them** - - If you ever lose your password you can always reset it by execing into the container as root: - - ```bash - docker exec -it rdesktop passwd abc - ``` - - By default we perform all logic for the abc user and we recommend using that user only in the container, but new users can be added as long as there is a `startwm.sh` executable script in their home directory. - All of these containers are configured with passwordless sudo, we make no efforts to secure or harden these containers and we do not recommend ever publishing their ports to the public Internet. - - ## Options - - All application settings are passed via environment variables: - - | Variable | Description | - | :----: | --- | - | LC_ALL | Set the Language for the container to run as IE `fr_FR.UTF-8` `ar_AE.UTF-8` | - | NO_DECOR | If set the application will run without window borders. (Decor can be enabled and disabled with Ctrl+Shift+d) | - | NO_FULL | Do not autmatically fullscreen applications when using openbox. | - - ### Language Support - Internationalization - - The environment variable `LC_ALL` can be used to start this image in a different language than English simply pass for example to launch the Desktop session in French `LC_ALL=fr_FR.UTF-8`. Some languages like Chinese, Japanese, or Korean will be missing fonts needed to render properly known as cjk fonts, but others may exist and not be installed. We only ensure fonts for Latin characters are present. Fonts can be installed with a mod on startup. - - To install cjk fonts on startup as an example pass the environment variables(Debian): - - ``` - -e DOCKER_MODS=linuxserver/mods:universal-package-install - -e INSTALL_PACKAGES=fonts-noto-cjk - -e LC_ALL=zh_CN.UTF-8 - ``` - - ## PRoot Apps - - All images include [proot-apps](https://github.com/linuxserver/proot-apps) which allow portable applications to be installed to persistent storage in the user's `$HOME` directory. These applications and their settings will persist upgrades of the base container and can be mounted into different flavors of rdesktop containers. IE if you are running an Alpine based container you will be able to use the same `/config` directory mounted into an Ubuntu based container and retain the same applications and settings as long as they were installed with `proot-apps install`. - - A list of linuxserver.io supported applications is located [HERE](https://github.com/linuxserver/proot-apps?tab=readme-ov-file#supported-apps). - - ## Open Source GPU Acceleration - - For accelerated apps or games, render devices can be mounted into the container and leveraged by applications using: - - `--device /dev/dri:/dev/dri` - - This feature only supports **Open Source** GPU drivers: - - | Driver | Description | - | :----: | --- | - | Intel | i965 and i915 drivers for Intel iGPU chipsets | - | AMD | AMDGPU, Radeon, and ATI drivers for AMD dedicated or APU chipsets | - | NVIDIA | nouveau2 drivers only, closed source NVIDIA drivers lack DRI3 support | - - ## Nvidia GPU Support - - **Nvidia is not compatible with Alpine based images** - - Nvidia support is available by leveraging Zink for OpenGL support. This can be enabled with the following run flags: - - | Variable | Description | - | :----: | --- | - | --gpus all | This can be filtered down but for most setups this will pass the one Nvidia GPU on the system | - | --runtime nvidia | Specify the Nvidia runtime which mounts drivers and tools in from the host | - - The compose syntax is slightly different for this as you will need to set nvidia as the default runtime: - - ``` - sudo nvidia-ctk runtime configure --runtime=docker --set-as-default - sudo service docker restart - ``` - - And to assign the GPU in compose: - - ``` - services: - myimage: - image: myname/myimage:mytag - deploy: - resources: - reservations: - devices: - - driver: nvidia - count: 1 - capabilities: [compute,video,graphics,utility] - ``` -# init diagram -init_diagram: | - "rdesktop:latest": { - docker-mods - base { - fix-attr +\nlegacy cont-init - } - docker-mods -> base - legacy-services - custom services - init-services -> legacy-services - init-services -> custom services - custom services -> legacy-services - legacy-services -> ci-service-check - init-migrations -> init-adduser - init-os-end -> init-config - init-rdesktop-end -> init-config - init-config -> init-config-end - init-os-end -> init-crontab-config - init-mods-end -> init-custom-files - init-adduser -> init-device-perms - base -> init-envfile - init-os-end -> init-keygen - base -> init-migrations - base -> init-mods - init-config-end -> init-mods - init-mods -> init-mods-end - init-mods-package-install -> init-mods-end - init-mods -> init-mods-package-install - base -> init-os-end - init-adduser -> init-os-end - init-device-perms -> init-os-end - init-envfile -> init-os-end - init-migrations -> init-os-end - init-keygen -> init-rdesktop - init-keygen -> init-rdesktop-config - init-video -> init-rdesktop-end - init-custom-files -> init-services - init-mods-end -> init-services - init-rdesktop -> init-video - init-rdesktop-config -> init-video - init-services -> svc-cron - svc-cron -> legacy-services - init-services -> svc-xrdp - svc-xrdp-sesman -> svc-xrdp - svc-xrdp -> legacy-services - init-services -> svc-xrdp-sesman - svc-xrdp-sesman -> legacy-services - } - Base Images: { - "baseimage-rdesktop:alpine320" <- "baseimage-alpine:3.20" - } - "rdesktop:latest" <- Base Images -# changelog -changelogs: - - {date: "06.08.24:", desc: "Refresh all images using new bases, add Debian, bump Ubuntu to Noble."} - - {date: "27.05.24:", desc: "Rebase to Alpine 3.20 and Fedora 40."} - - {date: "17.01.24:", desc: "Sync webtop logic changes rebase to Alpine 3.19 and Fedora 39."} - - {date: "18.05.23:", desc: "Rebase all Alpine images to 3.18, deprecate armhf."} - - {date: "27.10.22:", desc: "Rebase all Ubuntu images to Jammy 22.04."} - - {date: "26.10.22:", desc: "Rebase Alpine xfce to 3.16, migrate to s6v3."} - - {date: "05.03.22:", desc: "Organize tags differently to run Ubuntu at latest LTS, make Alpine latest, add docs about GPU accel."} - - {date: "05.05.21:", desc: "Reduce default packages to their flavour specific basics."} - - {date: "05.04.21:", desc: "Add Alpine flavour."} - - {date: "06.04.20:", desc: "Start PulseAudio in images to support audio"} - - {date: "28.02.20:", desc: "Initial Releases"} +project_deprecation_status: true +project_deprecation_message: | + Please migrate to an Ubuntu-based tag. For more info, see + https://info.linuxserver.io/issues/2025-08-23-rdesktop/ +full_custom_readme: | + {% raw -%} + Up to date documentation is available [here](https://github.com/linuxserver/docker-rdesktop/blob/ubuntu-xfce/README.md). + {%- endraw %} diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-rdesktop b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-rdesktop new file mode 100644 index 00000000..e69de29b