Release v5.3.0

CHANGELOG.md

@@ -2,17 +2,17 @@
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html) since version 4.0.0.
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html) since version 4.0.
 
 Project website: https://github.com/mviereck/x11docker
 
-## [Unreleased]
+## [5.3.0](https://github.com/mviereck/x11docker/releases/tag/v5.3.0) - 2018-10-11
 ### Added
  - `--launcher`: Replaces `--starter`, creates an application launcher.
 ### Changed
  - Major code cleanup and restructuring. New: commented `main()` routine.
  - `--dbus`: Always uses `dbus-run-session`, doesn't try `dbus-launch` anymore.
- - `--xpra`: Allow choice of vfb with `--xdummy` or `--xvfb`. 
+ - `--xpra`: Allow choice of virtual frame buffer with `--xdummy` or `--xvfb`. 
    If not specified: defaults to Xvfb, fallback to Xdummy.
 ### Deprecated
  - `--starter`: Use `--launcher` instead.

README.md

@@ -196,7 +196,8 @@ further (deeper surgery in system): `cups pulseaudio xserver-xorg-legacy`.
 Scope of x11docker is to run dockered GUI applications while preserving and improving container isolation.
 Core concept is:
  - Run a second X server to avoid [X security leaks](http://www.windowsecurity.com/whitepapers/unix_security/Securing_X_Windows.html).
-   - This in opposite to widespread solutions that share host X socket of display :0, thus breaking container isolation, allowing keylogging and remote host control. (x11docker provides this with option `--hostdisplay`).
+   - This in opposite to widespread solutions that share host X socket of display :0, thus breaking container isolation, allowing keylogging and remote host control. 
+     (However, x11docker provides this with option `--hostdisplay`).
    - Authentication is done with MIT-MAGIC-COOKIE, stored separate from file `~/.Xauthority`.
  - Create container user similar to host user to [avoid root in container](http://blog.dscpl.com.au/2015/12/don-run-as-root-inside-of-docker.html).
    - You can also specify another user with `--user=USERNAME` or a non-existing one with `--user=UID:GID`.
@@ -315,14 +316,14 @@ For troubleshooting, run `x11docker` or `x11docker-gui` in a terminal.
 | Xfce | `x11docker --desktop x11docker/xfce` |
 | [CDE Common Desktop Environment](https://en.wikipedia.org/wiki/Common_Desktop_Environment) | `x11docker --desktop --systemd --cap-default x11docker/cde` |
 | Mate | `x11docker --desktop x11docker/mate` |
-| Enlightenment (Based on [Void Linux](https://www.voidlinux.org/)) | `x11docker --desktop --gpu --runit x11docker/enlightenment` |
+| Enlightenment (based on [Void Linux](https://www.voidlinux.org/)) | `x11docker --desktop --gpu --runit x11docker/enlightenment` |
 | [Trinity](https://www.trinitydesktop.org/) (successor of KDE 3) | `x11docker --desktop x11docker/trinity` |
 | Cinnamon | `x11docker --desktop --gpu --dbus-system x11docker/cinnamon` |
 | [deepin](https://www.deepin.org/en/dde/) | `x11docker --desktop --gpu --systemd x11docker/deepin` |
-| [LiriOS](https://liri.io/) (Needs at least docker 18.06 <br> or this [xcb bugfix](https://github.com/mviereck/x11docker/issues/76).) (based on Fedora) | `x11docker --desktop --gpu lirios/unstable` |
+| [LiriOS](https://liri.io/) (needs at least docker 18.06 <br> or this [xcb bugfix](https://github.com/mviereck/x11docker/issues/76).) (based on Fedora) | `x11docker --desktop --gpu lirios/unstable` |
 | KDE Plasma | `x11docker --desktop --gpu x11docker/plasma` |
 | KDE Plasma as nested Wayland compositor | `x11docker --gpu x11docker/plasma startplasmacompositor` |
-| LXDE with wine and PlayOnLinux and a <br> persistent `HOME` folder to preserve <br> installed Windows applications, <br> and with Pulseaudio sound. | `x11docker --desktop --home --pulseaudio x11docker/lxde-wine` |
+| LXDE with wine and PlayOnLinux and <br> a persistent `HOME` folder to preserve <br> installed Windows applications, <br> and with Pulseaudio sound. | `x11docker --desktop --home --pulseaudio x11docker/lxde-wine` |
 
 ## Adjust images for your needs
 For persistant changes of image system adjust Dockerfile and rebuild. To add custom applications to x11docker example images you can create a new Dockerfile based on them. Example:

x11docker

@@ -11,7 +11,7 @@
 # Type 'x11docker --help' or scroll down to read usage information.
 # More documentation at:  https://github.com/mviereck/x11docker
 
-Version="5.3.0-beta"
+Version="5.3.0"
 
 usage() {                       # --help: show usage information
   echo "
@@ -404,7 +404,7 @@ ${Colredbg}x11docker ERROR:${Colnorm} $Message
   [ -d "$Cachefolder" ] && mkfile "$Cachefolder/error" # also regarded by finish() for exit code
 
   # output to X dialogbox
-  [ "$Silent" = "no" ] && env $Terminalxenv alertbox "x11docker ERROR" "$Message"
+  [ "$Silent" = "no" ] && export ${Terminalxenv:-DISPLAY} && alertbox "x11docker ERROR" "$Message"
 
   finish 1
 }
@@ -2891,8 +2891,8 @@ mode=$Screensize
       # workaround as nxagent ignores XAUTHORITY and fails to start if option -auth is given. Option -ac above complies "xhost +" and is disabled in xinitrc
       [ "$Xauthentication" = "yes" ] && {
         $Mksu "cp '$Hostxauthority' '$Xservercookie'"
-        $Mksu "$Xauth -f '$Xclientcookie' add   $Newdisplay . $(mcookie)"
-        $Mksu "$Xauth -f '$Xclientcookie' nlist $Newdisplay | $Xauth -f '$Xservercookie' nmerge -"
+        $Mksu "$Xauthexe -f '$Xclientcookie' add   $Newdisplay . $(mcookie)"
+        $Mksu "$Xauthexe -f '$Xclientcookie' nlist $Newdisplay | $Xauthexe -f '$Xservercookie' nmerge -"
       }
       # fake NXclient
       export NX_CLIENT="$Cachefolder/nx_client"
@@ -3032,7 +3032,7 @@ create_xinitrc() {              # create xinitrc: set up X environment, create c
               *)
                 echo "verbose 'Requesting $Trusted cookie from X server'"
                 echo "echo 'Requesting $Trusted cookie from X server'"
-                echo "$Xauth -v -i -f Xclientcookie generate $Newdisplay . $Trusted timeout 3600 | rmcr"
+                echo "$Xauthexe -v -i -f Xclientcookie generate $Newdisplay . $Trusted timeout 3600 | rmcr"
               ;;
             esac
           ;;
@@ -3062,15 +3062,15 @@ create_xinitrc() {              # create xinitrc: set up X environment, create c
         echo     "  # still no cookie? try to create one without extension security"
         echo     "  verbose -d 'Failed to retrieve trusted cookie from X server. Will bake one myself.'"
         echo     "  echo 'Failed to retrieve trusted cookie from X server. Will bake one myself.'"
-        echo     "  $Xauth -v -i -f Xclientcookie add :$Newdisplaynumber . $(mcookie) | rmcr"
+        echo     "  $Xauthexe -v -i -f Xclientcookie add :$Newdisplaynumber . $(mcookie) | rmcr"
         echo     "  ls -l $Xclientcookie"
         echo     "}"
         echo     "# create prepared cookie with localhost identification disabled by ffff, needed if X socket is shared. ffff means 'familiy wild'"
-        echo     "Cookie=\$($Xauth -i -f Xclientcookie nlist | rmcr | sed -e 's/^..../ffff/')"
-        echo     "echo \"\$Cookie\" | $Xauth -v -i -f Xclientcookie nmerge - | rmcr"
+        echo     "Cookie=\$($Xauthexe -i -f Xclientcookie nlist | rmcr | sed -e 's/^..../ffff/')"
+        echo     "echo \"\$Cookie\" | $Xauthexe -v -i -f Xclientcookie nmerge - | rmcr"
         echo     "cp $Xclientcookie $Xservercookie"
         echo     "[ -s '$Xclientcookie' ] || warning 'Cookie creation failed!'"
-        echo     "verbose -d \"Created cookie: \$($Xauth -f Xclientcookie list 2>&1 | rmcr)\""
+        echo     "verbose -d \"Created cookie: \$($Xauthexe -f Xclientcookie list 2>&1 | rmcr)\""
         echo     "chmod 644 $Xclientcookie"
         [ "$Xserver" = "--hostdisplay" ] && echo "[ '\$Xhostentry' = 'yes' ] && env XAUTHORITY=$Hostxauthority xhost -SI:localuser:$Hostuser | rmcr"
         [ "$Xserver" = "--nxagent" ]     && echo "rm $Xclientcookie.bak"
@@ -3820,6 +3820,7 @@ create_dockerrc() {             # create dockerrc: This script runs as root (or
   # can get lost e.g. if using --pw=sudo or --pw=pkexec
   while read Line; do
     echo "export '$Line'"
+    verbose -d "Found docker environment variable: $Line"
   done < <(env | grep -e '^DOCKER_')
 
   # possible Windows pathes to docker.exe
@@ -4129,8 +4130,6 @@ create_dockerrc() {             # create dockerrc: This script runs as root (or
   echo "verbose -d \"Container PID: \$Containerpid\""
   echo "echo \$Containerpid >> $Containerpidfile"
   echo ""
-  echo "rmcr '$Containerlogfile'"
-  echo ""
   # container.CMD.sh will wait until setup script is ready
   [ "$Switchcontaineruser" = "no" ] && echo "$Dockerexe exec --tty -u root $Containername /bin/sh $Cshare/containerrootrc 2>&1 | rmcr >>$Containerlogfile"
   echo "exit 0"
@@ -5050,7 +5049,7 @@ check_hostxenv() {              # check environment variables for host X display
 
   # get cookie from host display
   [ "${XAUTHORITY:-}" ] && {
-    $Mksu "$Xauth -i -f ${XAUTHORITY:-} nlist $Hostdisplay 2>/dev/null | rmcr | $Xauth -f $Hostxauthority nmerge - 2>/dev/null"
+    $Mksu "$Xauthexe -i -f ${XAUTHORITY:-} nlist $Hostdisplay 2>/dev/null | rmcr | $Xauthexe -f $Hostxauthority nmerge - 2>/dev/null"
     chown $Hostuser $Hostxauthority
     chmod 600 $Hostxauthority
   } || {
@@ -5268,15 +5267,15 @@ check_option_interferences() {  # check multiple option interferences, change se
 
   # check xauth
   [ "$Xauthentication" = "yes" ] && {
-    command -v xauth.exe >/dev/null && Xauth="xauth.exe"
-    command -v xauth     >/dev/null && Xauth="xauth"
-    command -v $Xauth    >/dev/null || {
+    command -v xauth.exe >/dev/null && Xauthexe="xauth.exe"
+    command -v xauth     >/dev/null && Xauthexe="xauth"
+    command -v $Xauthexe    >/dev/null || {
       warning "Command 'xauth' not found.
   Please install 'xauth' to allow X cookie authentication.
   Fallback: Disabling X authentication protocol. (option --no-auth)"
       Xauthentication="no"
     }
-    command -v $Xauth | grep -q VcXsrv && {
+    command -v $Xauthexe | grep -q VcXsrv && {
       Vcxsrvversion="$(vcxsrv.exe -version 2>&1 | rmcr | grep Release | cut -d' ' -f2)"
       verlt "$Vcxsrvversion" "1.20.0.1" && {
         warning "Please update X server VcXsrv to at least version 1.20.0.1.
@@ -5305,7 +5304,7 @@ check_option_interferences() {  # check multiple option interferences, change se
   # --hostdisplay --gpu
   [ "$Xserver" = "--hostdisplay" ] && [ "$Sharegpu" = "yes" ] && {
     note "To allow GPU acceleration (option --gpu) with --hostdisplay,
-  x11docker will allow trusted cookies."
+  x11docker will allow trusted cookies. That enables option --clipboard, too."
     Trusted="yes"
   }
 
@@ -5575,7 +5574,8 @@ option_messages() {             # some messages depending on options, but not ch
       } || {
         warning "Option --hostdisplay with trusted cookies provides
       QUITE BAD CONTAINER ISOLATION !
-  Keylogging and controlling host applications is possible!"
+  Keylogging and controlling host applications is possible!
+  It is recommended to use another X server option like --xpra or --nxagent."
       }
       [ "$Desktopmode" = "yes" ] && note "Can not avoid to use host window manager
   along with option --hostdisplay.
@@ -6022,7 +6022,7 @@ declare_variables() {           # declare variables
   Xtest=""                                        # enable extension Xtest yes/no. If empty, yes for --xpra/--xdummy/--xvfb, otherwise no
   Xkblayout=""                                    # option '--keymap': Layout for keymap, compare /usr/share/X11/xkb/symbols
   Xcomposite="yes"                                # +extension COMPOSITE yes/no
-  Xauth="xauth"                                   # either 'xauth' or 'xauth.exe'
+  Xauthexe="xauth"                                # either 'xauth' or 'xauth.exe'
 
   # Main options influencing --auto
   Autochooseserver="yes"                          # option '--auto': automatically choose X server (default)
@@ -6125,7 +6125,7 @@ declare_variables() {           # declare variables
   Xhost=""                                        # option '--xhost': custom xhost setting on new X server
 
   # special options not starting X or docker
-  Checkorphaned="no"                              # option '--cleanup': check for non-removed containers and maybe root-owned files in cache
+  Cleanup="no"                                    # option '--cleanup': check for non-removed containers and maybe root-owned files in cache
   Createlauncher="no"                             # option '--launcher': create application launcher on desktop and exit yes/no
   Installermode=""                                # options --install/--update/--remove
 
@@ -6354,7 +6354,7 @@ ${2:-}"                ; shift ;;        # add custom root command in container
 
      #### special options not starting X or docker
       --launcher|--starter) Createlauncher="yes" ;;        # create application launcher on desktop and exit
-      --cleanup)       Checkorphaned="yes"  ;;             # check for orphaned containers and files owned by root, created by docker)
+      --cleanup)       Cleanup="yes"  ;;                   # check for orphaned containers and files owned by root, created by docker)
       --install|--update|--update-master|--remove) Installermode="${1:-}" ;;   # installer
       --wmlist)        echo $Wm_all ; exit 0 ;;            # special option for x11docker-gui to retrieve list of window managers
 
@@ -6399,12 +6399,12 @@ main() {
   trap finish EXIT
   trap finish_sigint SIGINT
 
-  exec 3>&2                     # stderr channel for warning() and error()
+  exec 3>&2                     # stderr channel for warning(), error(), note(), debugnote() and --verbose
   exec 4>&2                     # stderr channel for --stderr
 
   declare_variables
   parse_options "$@"
-  check_runmode                 # run image, or host executeable, or X only     # --exe, --xonly
+  check_runmode                 # modes: run image, or host command, or X only  # --exe, --xonly
 
   [ "$Silent" = "yes" ]    && exec 3>/dev/null                                  # --silent
   [ "$Debugmode" = "yes" ] && {                                                 # --debug
@@ -6427,7 +6427,7 @@ Parsed options:    $Parsedoptions"
 
   # Special x11docker jobs
   [ "$Createlauncher" = "yes" ] && { create_launcher ; exit ; }                 # --launcher: Create application launcher icon on desktop
-  [ "$Checkorphaned" = "yes" ]  && { cleanup ; exit ; }                         # --cleanup: Clean up cache and x11docker containers
+  [ "$Cleanup" = "yes" ]  && { cleanup ; exit ; }                               # --cleanup: Clean up cache and orphaned x11docker containers
   [ "$Installermode" ]          && {                                            # --install, --update, --update-master, --remove
     [ "$Startuser" = "root" ] || [ "$Winsubsystem" ] || error "Must run as root to install, update or remove x11docker."
     installer $Installermode
@@ -6445,7 +6445,7 @@ Parsed options:    $Parsedoptions"
   check_containerhome           # create persistant container home on host      # --home, --homedir, --homebasedir
   setup_fifo                    # open message channels for container, dockerrc, xinitrc and watchpidlist()
 
-  check_screensize              # size of new X server                          # --size
+  check_screensize              # size of host X and of new X server            # --size
   check_windowmanager           # WM for single apps in e.g. Xephyr             # --wm  
   [ "$Sharegpu" = "yes" ]       && setup_gpu                                    # --gpu
   [ "$Sharewebcam" = "yes" ]    && setup_webcam                                 # --webcam
@@ -6550,11 +6550,7 @@ main "$@"
 
 #### ToDo notes for development
 todo() {
-# BUG sudo x11docker --xpra fails
-
 # further checks of pam.d
-
-# --xonly: not default for empty x11docker image name?
 # --internet to allow internet access, otherwise --net=none?
 # --group-add: further checks? mismatch messagebus-101-systemd-journal
 
@@ -6577,12 +6573,13 @@ todo() {
 # BUG x11docker/deepin: new builds have strange issues
 # BUG x11docker/fluxbox on arch: background missing, sometimes no context menu. where is the difference?
 
-# check xhost +localhost
 # BUG error message window in wayland fails: xterm: no display. should use konsole
 # x11docker-gui: menu entry management? persistant command storage?
 # --update: regard possible location in /opt?
 # BUG?: x11docker/xwayland nested: where is the X socket ??
 
+# check multimonitor behaviour
+# check xhost +localhost
 # --weston/x: allow tty switch/option --vt if running as root?
 # --systemd: try to avoid xhost +SI:localuser:$Containeruser, needed by deepin, it does not recognize XAUTHORITY
 # --no-init no-new-privileges switchuser: exec fails, but why?
@@ -6592,7 +6589,6 @@ todo() {
 # --lang: find out locale package names for several distris for documentation
 # further check of xpra server crashes with jess/atom and chromium. --mmap=no avoids the bug: xpra bug report?
 
-# check multimonitor behaviour
 # --keymap does not work on tty with --kwin and --kwin-xwayland. No idea how to set it.
 # bug report to docker about --volume waylandsocket in --volume
 # --xpra-xwayland, xdummy-xwayland: use kwin-wayland as fallback for missing weston?