From unknown Fri Mar 29 01:33:46 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#672: SSH-Agent-Forwarding in pyhoca-gui does not survive reconnects Reply-To: Robert Siemer , 672@bugs.x2go.org Resent-From: Robert Siemer Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 12 Nov 2014 23:40:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 672 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.141583532327048 (code B); Wed, 12 Nov 2014 23:40:01 +0000 Received: (at submit) by bugs.x2go.org; 12 Nov 2014 23:35:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=ham version=3.3.2 X-Greylist: delayed 586 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Thu, 13 Nov 2014 00:35:18 CET Received: from miranda.backsla.sh (woi4u.backsla.sh [213.239.218.239]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 3B35E5DB35 for ; Thu, 13 Nov 2014 00:35:18 +0100 (CET) Received: from [192.168.2.107] (dslb-088-074-175-125.088.074.pools.vodafone-ip.de [88.74.175.125]) by miranda.backsla.sh (Postfix) with ESMTPSA id 1085AD3006D for ; Thu, 13 Nov 2014 00:55:23 +0100 (CET) Message-ID: <5463EC5A.9000109@backsla.sh> Date: Thu, 13 Nov 2014 00:25:14 +0100 From: Robert Siemer User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Package: x2goserver Version: 4.0.1.18 Pyhoca-gui supports SSH-agent-forwarding, but that doesn’t survive a reconnect with session resumption. As far as I understand the following happens: (-pyhoca is configured to do SSH-agent-forwarding) -pyhoca connects via SSH to the X2Go server -the sshd creates a unix domain socket in /tmp/ssh-XXXXXX/agend.PID -the sshd sets SSH_AUTH_SOCKET containing the name of the socket -sshd starts whatever is requests by the X2Go client having that environment -SSH-agent-forwarding works whenever the SSH-connection dies (proper session suspend with disconnect or connection is “cut”) it continues like this: -SSH is connected again -unix domain socket and environment is set up, but -the programs (the X11 clients in a resumed X2Go session) are still running in the old environment with outdated SSH_AUTH_SOCKET info -the programs from before can’t access the SSH-agent -...unless the new value gets setup in the old environments possible fix is this: -X2Go on the server side does not start any new programs in the X2Go session or resumes an X2Go session, until: -an only-session-dependent symbolic link is set up pointing to the socket from SSH_AUTH_SOCKET -SSH_AUTH_SOCKET is set to that symbolic link Result: -as the name of symbolic link is fixed for the session, no environment variables need to be updated -the link always points to the socket created by the sshd for this connection -the ssh-agent can be reached From unknown Fri Mar 29 01:33:46 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#672: X2Go issue (in src:x2goserver) has been marked as pending for release Reply-To: Mike Gabriel , 672@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 13 Nov 2014 11:10:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 672 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: Received: via spool by 672-submit@bugs.x2go.org id=B672.14158768682448 (code B ref 672); Thu, 13 Nov 2014 11:10:01 +0000 Received: (at 672) by bugs.x2go.org; 13 Nov 2014 11:07:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id A57005DB3F; Thu, 13 Nov 2014 12:07:26 +0100 (CET) From: Mike Gabriel To: 672-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 672@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20141113110727.A57005DB3F@ymir.das-netzwerkteam.de> Date: Thu, 13 Nov 2014 12:07:26 +0100 (CET) tag #672 pending fixed #672 4.0.1.19 thanks Hello, X2Go issue #672 (src:x2goserver) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=7fdcc5d The issue will most likely be fixed in src:x2goserver (4.0.1.19). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 7fdcc5dd27566bea4171f192a1c99c3e2657ac77 Author: Mike Gabriel Date: Thu Nov 13 12:07:22 2014 +0100 Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea. diff --git a/debian/changelog b/debian/changelog index 9598c24..2daf624 100644 --- a/debian/changelog +++ b/debian/changelog @@ -42,6 +42,9 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium - Also enforce /bin/sh as shell in su command in x2goprint. - README.i18n: Add file that explains the translation workflow for this package. Thanks to Mark Pedersen-Cook for drafting this file. + - Make SSH agent forwarding work after having reconnected via SSH and + having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming + up with that idea. * debian/control: + Add D (x2goserver): libfile-which-perl. * debian/x2goserver.docs: From unknown Fri Mar 29 01:33:46 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#672: X2Go issue (in src:x2goserver) has been marked as closed Reply-To: X2Go Release Manager , 672@bugs.x2go.org Resent-From: X2Go Release Manager Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Tue, 24 Feb 2015 20:55:12 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 672 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: pending Received: via spool by 672-submit@bugs.x2go.org id=B672.142481128413348 (code B ref 672); Tue, 24 Feb 2015 20:55:12 +0000 Received: (at 672) by bugs.x2go.org; 24 Feb 2015 20:54:44 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 2764F3BE75; Tue, 24 Feb 2015 21:54:10 +0100 (CET) From: X2Go Release Manager To: 672-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 672@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150224205411.2764F3BE75@ymir.das-netzwerkteam.de> Date: Tue, 24 Feb 2015 21:54:10 +0100 (CET) close #672 thanks Hello, we are very hopeful that X2Go issue #672 reported by you has been resolved in the new release (4.0.1.19) of the X2Go source project »src:x2goserver«. You can view the complete changelog entry of src:x2goserver (4.0.1.19) below, and you can use the following link to view all the code changes between this and the last release of src:x2goserver. http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=49c91751e560ad09ab4490cc3bd6687509c05755;hp=724d2eefe399485a71e79c705a0aad125e853230 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goserver. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goserver Version: 4.0.1.19-0x2go1 Status: RELEASE Date: Tue, 24 Feb 2015 21:49:22 +0100 Fixes: 405 632 633 638 644 664 668 671 672 675 676 678 697 698 700 712 715 727 728 770 Changes: x2goserver (4.0.1.19-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (4.0.1.19): - Use File::Which to detect if sshfs command is available before trying to mount a client-side folder. - Be a bit more tolerant when trying to detect if a desktop icon is to be removed (using regexp, not eq). - Xsession script: Prevent bash failures when sourcing external bash scripts beyond our scope. (Fixes: #632, #675). - x2gogetapps: Support scanning of sub-directories when searching for .desktop files. We allow to dive down one level into subdirs, we on purpose do not recursively dive into the complete subtree. (Fixes: #633). - Make man2html an optional tool. Don't fail if it is missing on the build system (required for openSUSE/SLES builds). - Fix x2goserver-xsession/Makefile on SUSE. Detect SUSE distro and create Xsession related directory symlinks (xinitrc.d and Xclients.d). - Hack for x2goserver-xsession/Makefile during SUSE builds. If directoy /usr/share/doc/packages/brp-check-suse is present, the build env is also considered to be a SUSE system. - Trigger Xsession code for SUSE systems (look for /etc/SUSE-brand or /etc/SuSE-release for SUSE system recognition). (Fixes: #671). - x2gosqlitewrapper.c: Fix rpmlint error: no-return-in-nonvoid-function. Return the exitcode of execve(). - Fix gramma in error message (in x2goresume-session). - x2gocleansessions: Call x2gormforward also on terminated sessions. This will make sure that re-assigned ports are really available on new session startup. - x2golistsessions(_root): Only update session state in session DB if x2goagent's state file really exists. This addresses a problem that occurs when x2golistsessions gets called via an x2gobroker-agent. The x2golistsessions script may show session states (--all-servers) of sessions on other servers that have session states files on their remote /tmp dirs. These files are not accessible for that x2golistsessions script and should simply be ignored. (Fixes: #638). - Provide pam_namespace support for has_agent_state_file() function. - Fix missing session list output if state file does not exist on the machine that runs x2golistsessions(_root). - Accept more verbose "DENY" output from x2godesktopsharing. - Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around the executed command (in x2gocleansessions and x2golistsessions_root). - Also enforce /bin/sh as shell in su command in x2goprint. - README.i18n: Add file that explains the translation workflow for this package. Thanks to Mark Pedersen-Cook for drafting this file. - Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea. - Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes). - Document session startup / resumption failures (and their reasons) in server-side log output. - Handle AD domain users gracefully when X2Go is used with SQLite DB backend. (Fixes: #664). - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. - Allow usernames in session IDs of length 48 chars. - Start sshfs with a timeout of 30 seconds (because it never finishes if something is wrong with the client-side TCP socket). Also remove/unmount mountpoints erroneously registered sshfs mountpoints if sshfs command times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes: #405). - Handle execution of ss command from Perl script x2golistdesktops in a way that not only works on Debian, but also on Fedora et al. (Fixes: #727). - Provide legacy support for old File::Path packages in x2godbadmin. (Fixes: #715). - Fix wrong evocation of x2gosyslog ("error" -> "err"). - Use "undef $dbh" instead of "$dbh->disconnect()". Fixes SQLite3 issues on SLE 11.x. - Only call $dbh->sqlite_busy_timeout() if the $dbh object is capable of that. Works around a too-old DBD::SQLite package on SLE 11.x. - Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be set in the X2Go session's environment. (Fixes: #644). - Add man page for x2gogetapps. Weave into that a security / disclaimer message as proposed by Stefan Baur. (Fixes: #728). * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700). + Bump Standards: to 3.9.6. No changes needed. + Don't depend on libdb-pg-perl for armhf builds. (Fixes: #712). Thanks to Heinrich Schuchardt for providing information on this. + Upgrade to D again (bin:package x2goserver): xfonts-base (Fixes: #770). * debian/x2goserver.docs: + Install README.i18n file into bin:package x2goserver. * x2goserver.spec: + Add to R: perl(File::Which). + Additionally adapt to building on openSUSE/SLES. + No shell expansion possible in obs-build, detect perl version only for non-SUSE builds. + Add to R: x2goserver-xsession. + Don't mention /etc/x2go/x2gosql/sql twice (directly and with wildcard). + No %{_sysconfdir}/x2go/Xclients.d on SUSE systems. + Use %{_localstatedir} instead of %{_sharedstatedir}. + Use proper if... then... clauses. + For SUSE builds: Add to R: shadow (useradd, groupadd). + Replace historical "egrep" with "grep -E". + Systemd support for SUSE >= 12.10. + Set %defattr macro for every bin:package. + SUSE and Fedora/RHEL have different package group names. + Add x2goserver-rpmlintrc file to handle some rpmlint errors and warnings. + SUSE has openssh, but no openssh-server. + Add to R (x2goserver): perl-X2Go-Server. + Add to R (diverse): perl(Config::Simple), perl(Switch) and perl(Capture::Tiny). + Add to R (x2goserver): perl(File::BaseDir). + Don't hard-code /var/lib/ in $HOME path of to-be-created user "x2gouser". + Add to BR: findutils. + For Fedora-like systems, don't make x2goserver bin:package authoritative for non-X2Go directories. (Fixes: #676). + Remove macro call %systemd_pre for Fedora/EPEL-7 builds. No such macro in Fedora/RHEL7. (Fixes: 698). + Create system user x2gouser with $HOME in /var/lib/x2go. (Fixes: #697). + Always set BuildRoot: parameter. + BuildRequires: SUSE <= 11.3 has xorg-x11, not xinit. + Requires (x2goserver-xsession): SUSE <= 11.3 has xorg-x11, not xinit. + No Bashisms in scriptlets. + rpmlint requires shared-mime-info at build time on SLE <= 11.3. + "%set_permissions" / "%verify_permissions" macros are not know in SLE <= 11.3. Using "%run permissions" and "%verify permissions" instead. + On SUSE, add permissions.d/x2goserver. + Fix SQLite wrapper permissions (02775 -> 02755) + Use if then clauses for creating user/group x2goprint. . [ Matthew L. Dailey ] * New upstream version (4.0.1.19): - x2gocleansessions: Redirect stdin, stdout and stderr to /dev/null, test for the existence of the file descriptor before issuing the close, only capture the file descriptor backreference in the regex and send any close failures to syslog. (Fixes: #678). . [ Lars Wendler ] * New upstream version (4.0.1.19): - Use "printf" instead of "echo -n". (Fixes: #668). From unknown Fri Mar 29 01:33:46 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#672 closed by X2Go Release Manager (X2Go issue (in src:x2goserver) has been marked as closed) Message-ID: References: <20150224205411.2764F3BE75@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending X-X2go-PR-Message: they-closed 672 X-X2go-PR-Package: x2goserver X-X2go-PR-Source: x2goserver Date: Tue, 24 Feb 2015 20:55:36 +0000 Content-Type: multipart/mixed; boundary="----------=_1424811336-13792-0" This is a multi-part message in MIME format... ------------=_1424811336-13792-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2goserver package: #672: SSH-Agent-Forwarding in pyhoca-gui does not survive reconnects It has been closed by X2Go Release Manager . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager <= git-admin@x2go.org> by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1424811336-13792-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 24 Feb 2015 20:54:36 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 2764F3BE75; Tue, 24 Feb 2015 21:54:10 +0100 (CET) From: X2Go Release Manager To: 672-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 672@bugs.x2go.org Subject: X2Go issue (in src:x2goserver) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150224205411.2764F3BE75@ymir.das-netzwerkteam.de> Date: Tue, 24 Feb 2015 21:54:10 +0100 (CET) close #672 thanks Hello, we are very hopeful that X2Go issue #672 reported by you has been resolved in the new release (4.0.1.19) of the X2Go source project »src:x2goserver«. You can view the complete changelog entry of src:x2goserver (4.0.1.19) below, and you can use the following link to view all the code changes between this and the last release of src:x2goserver. http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=49c91751e560ad09ab4490cc3bd6687509c05755;hp=724d2eefe399485a71e79c705a0aad125e853230 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goserver. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goserver Version: 4.0.1.19-0x2go1 Status: RELEASE Date: Tue, 24 Feb 2015 21:49:22 +0100 Fixes: 405 632 633 638 644 664 668 671 672 675 676 678 697 698 700 712 715 727 728 770 Changes: x2goserver (4.0.1.19-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (4.0.1.19): - Use File::Which to detect if sshfs command is available before trying to mount a client-side folder. - Be a bit more tolerant when trying to detect if a desktop icon is to be removed (using regexp, not eq). - Xsession script: Prevent bash failures when sourcing external bash scripts beyond our scope. (Fixes: #632, #675). - x2gogetapps: Support scanning of sub-directories when searching for .desktop files. We allow to dive down one level into subdirs, we on purpose do not recursively dive into the complete subtree. (Fixes: #633). - Make man2html an optional tool. Don't fail if it is missing on the build system (required for openSUSE/SLES builds). - Fix x2goserver-xsession/Makefile on SUSE. Detect SUSE distro and create Xsession related directory symlinks (xinitrc.d and Xclients.d). - Hack for x2goserver-xsession/Makefile during SUSE builds. If directoy /usr/share/doc/packages/brp-check-suse is present, the build env is also considered to be a SUSE system. - Trigger Xsession code for SUSE systems (look for /etc/SUSE-brand or /etc/SuSE-release for SUSE system recognition). (Fixes: #671). - x2gosqlitewrapper.c: Fix rpmlint error: no-return-in-nonvoid-function. Return the exitcode of execve(). - Fix gramma in error message (in x2goresume-session). - x2gocleansessions: Call x2gormforward also on terminated sessions. This will make sure that re-assigned ports are really available on new session startup. - x2golistsessions(_root): Only update session state in session DB if x2goagent's state file really exists. This addresses a problem that occurs when x2golistsessions gets called via an x2gobroker-agent. The x2golistsessions script may show session states (--all-servers) of sessions on other servers that have session states files on their remote /tmp dirs. These files are not accessible for that x2golistsessions script and should simply be ignored. (Fixes: #638). - Provide pam_namespace support for has_agent_state_file() function. - Fix missing session list output if state file does not exist on the machine that runs x2golistsessions(_root). - Accept more verbose "DENY" output from x2godesktopsharing. - Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around the executed command (in x2gocleansessions and x2golistsessions_root). - Also enforce /bin/sh as shell in su command in x2goprint. - README.i18n: Add file that explains the translation workflow for this package. Thanks to Mark Pedersen-Cook for drafting this file. - Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea. - Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes). - Document session startup / resumption failures (and their reasons) in server-side log output. - Handle AD domain users gracefully when X2Go is used with SQLite DB backend. (Fixes: #664). - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. - Allow usernames in session IDs of length 48 chars. - Start sshfs with a timeout of 30 seconds (because it never finishes if something is wrong with the client-side TCP socket). Also remove/unmount mountpoints erroneously registered sshfs mountpoints if sshfs command times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes: #405). - Handle execution of ss command from Perl script x2golistdesktops in a way that not only works on Debian, but also on Fedora et al. (Fixes: #727). - Provide legacy support for old File::Path packages in x2godbadmin. (Fixes: #715). - Fix wrong evocation of x2gosyslog ("error" -> "err"). - Use "undef $dbh" instead of "$dbh->disconnect()". Fixes SQLite3 issues on SLE 11.x. - Only call $dbh->sqlite_busy_timeout() if the $dbh object is capable of that. Works around a too-old DBD::SQLite package on SLE 11.x. - Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be set in the X2Go session's environment. (Fixes: #644). - Add man page for x2gogetapps. Weave into that a security / disclaimer message as proposed by Stefan Baur. (Fixes: #728). * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700). + Bump Standards: to 3.9.6. No changes needed. + Don't depend on libdb-pg-perl for armhf builds. (Fixes: #712). Thanks to Heinrich Schuchardt for providing information on this. + Upgrade to D again (bin:package x2goserver): xfonts-base (Fixes: #770). * debian/x2goserver.docs: + Install README.i18n file into bin:package x2goserver. * x2goserver.spec: + Add to R: perl(File::Which). + Additionally adapt to building on openSUSE/SLES. + No shell expansion possible in obs-build, detect perl version only for non-SUSE builds. + Add to R: x2goserver-xsession. + Don't mention /etc/x2go/x2gosql/sql twice (directly and with wildcard). + No %{_sysconfdir}/x2go/Xclients.d on SUSE systems. + Use %{_localstatedir} instead of %{_sharedstatedir}. + Use proper if... then... clauses. + For SUSE builds: Add to R: shadow (useradd, groupadd). + Replace historical "egrep" with "grep -E". + Systemd support for SUSE >= 12.10. + Set %defattr macro for every bin:package. + SUSE and Fedora/RHEL have different package group names. + Add x2goserver-rpmlintrc file to handle some rpmlint errors and warnings. + SUSE has openssh, but no openssh-server. + Add to R (x2goserver): perl-X2Go-Server. + Add to R (diverse): perl(Config::Simple), perl(Switch) and perl(Capture::Tiny). + Add to R (x2goserver): perl(File::BaseDir). + Don't hard-code /var/lib/ in $HOME path of to-be-created user "x2gouser". + Add to BR: findutils. + For Fedora-like systems, don't make x2goserver bin:package authoritative for non-X2Go directories. (Fixes: #676). + Remove macro call %systemd_pre for Fedora/EPEL-7 builds. No such macro in Fedora/RHEL7. (Fixes: 698). + Create system user x2gouser with $HOME in /var/lib/x2go. (Fixes: #697). + Always set BuildRoot: parameter. + BuildRequires: SUSE <= 11.3 has xorg-x11, not xinit. + Requires (x2goserver-xsession): SUSE <= 11.3 has xorg-x11, not xinit. + No Bashisms in scriptlets. + rpmlint requires shared-mime-info at build time on SLE <= 11.3. + "%set_permissions" / "%verify_permissions" macros are not know in SLE <= 11.3. Using "%run permissions" and "%verify permissions" instead. + On SUSE, add permissions.d/x2goserver. + Fix SQLite wrapper permissions (02775 -> 02755) + Use if then clauses for creating user/group x2goprint. . [ Matthew L. Dailey ] * New upstream version (4.0.1.19): - x2gocleansessions: Redirect stdin, stdout and stderr to /dev/null, test for the existence of the file descriptor before issuing the close, only capture the file descriptor backreference in the regex and send any close failures to syslog. (Fixes: #678). . [ Lars Wendler ] * New upstream version (4.0.1.19): - Use "printf" instead of "echo -n". (Fixes: #668). ------------=_1424811336-13792-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 12 Nov 2014 23:35:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=ham version=3.3.2 X-Greylist: delayed 586 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Thu, 13 Nov 2014 00:35:18 CET Received: from miranda.backsla.sh (woi4u.backsla.sh [213.239.218.239]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 3B35E5DB35 for ; Thu, 13 Nov 2014 00:35:18 +0100 (CET) Received: from [192.168.2.107] (dslb-088-074-175-125.088.074.pools.vodafone-ip.de [88.74.175.125]) by miranda.backsla.sh (Postfix) with ESMTPSA id 1085AD3006D for ; Thu, 13 Nov 2014 00:55:23 +0100 (CET) Message-ID: <5463EC5A.9000109@backsla.sh> Date: Thu, 13 Nov 2014 00:25:14 +0100 From: Robert Siemer User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: SSH-Agent-Forwarding in pyhoca-gui does not survive reconnects Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Package: x2goserver Version: 4.0.1.18 Pyhoca-gui supports SSH-agent-forwarding, but that doesn’t survive a reconnect with session resumption. As far as I understand the following happens: (-pyhoca is configured to do SSH-agent-forwarding) -pyhoca connects via SSH to the X2Go server -the sshd creates a unix domain socket in /tmp/ssh-XXXXXX/agend.PID -the sshd sets SSH_AUTH_SOCKET containing the name of the socket -sshd starts whatever is requests by the X2Go client having that environment -SSH-agent-forwarding works whenever the SSH-connection dies (proper session suspend with disconnect or connection is “cut”) it continues like this: -SSH is connected again -unix domain socket and environment is set up, but -the programs (the X11 clients in a resumed X2Go session) are still running in the old environment with outdated SSH_AUTH_SOCKET info -the programs from before can’t access the SSH-agent -...unless the new value gets setup in the old environments possible fix is this: -X2Go on the server side does not start any new programs in the X2Go session or resumes an X2Go session, until: -an only-session-dependent symbolic link is set up pointing to the socket from SSH_AUTH_SOCKET -SSH_AUTH_SOCKET is set to that symbolic link Result: -as the name of symbolic link is fixed for the session, no environment variables need to be updated -the link always points to the socket created by the sshd for this connection -the ssh-agent can be reached ------------=_1424811336-13792-0--