Add systemd unit file for xvnc

Resolves: bz#891802
2017-04-06 11:11:46 +02:00 · 2017-04-06 11:11:46 +02:00 · 2a8c8c1415
commit 2a8c8c1415
parent 491ae3ae9c
3 changed files with 62 additions and 1 deletions
--- a/tigervnc.spec
+++ b/tigervnc.spec
@ -1,6 +1,6 @@
 Name:           tigervnc
 Version:        1.7.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A TigerVNC remote display system

 %global _hardened_build 1
@ -12,6 +12,8 @@ Source0:        %{name}-%{version}.tar.gz
 Source1:        vncserver.service
 Source2:        vncserver.sysconfig
 Source3:        10-libvnc.conf
+Source4:        xvnc.service
+Source5:        xvnc.socket

 BuildRequires:  libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
 BuildRequires:  libXext-devel, xorg-x11-server-source, libXi-devel
@ -263,6 +265,8 @@ popd
 # Install systemd unit file
 mkdir -p %{buildroot}%{_unitdir}
 install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/vncserver@.service
+install -m644 %{SOURCE4} %{buildroot}%{_unitdir}/xvnc@.service
+install -m644 %{SOURCE5} %{buildroot}%{_unitdir}/xvnc.socket
 rm -rf %{buildroot}%{_initrddir}

 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
@ -311,6 +315,8 @@ fi

 %post server
 %systemd_post vncserver.service
+%systemd_post xvnc.service
+%systemd_post xvnc.socket

 %triggerun -- tigervnc-server < 1.0.90-6
 %{_bindir}/systemd-sysv-convert --save vncserver >/dev/null 2>&1 ||:
@ -318,6 +324,8 @@ fi

 %preun server
 %systemd_preun vncserver.service
+%systemd_preun xvnc.service
+%systemd_preun xvnc.socket

 %postun server
 %systemd_postun
@ -331,6 +339,8 @@ fi
 %files server
 %config(noreplace) %{_sysconfdir}/sysconfig/vncservers
 %{_unitdir}/vncserver@.service
+%{_unitdir}/xvnc@.service
+%{_unitdir}/xvnc.socket
 %{_bindir}/x0vncserver
 %{_bindir}/vncserver
 %{_mandir}/man1/vncserver.1*
@ -361,6 +371,10 @@ fi
 %{_datadir}/icons/hicolor/*/apps/*

 %changelog
+* Thu Apr 06 2017 Jan Grulich <jgrulich@redhat.com> - 1.7.1-4
+- Added systemd unit file for xvnc
+  Resolves: bz#891802
+
 * Tue Apr 04 2017 Jan Grulich <jgrulich@redhat.com> - 1.7.1-3
 - Bug 1438704 - CVE-2017-7392 CVE-2017-7393 CVE-2017-7394
                CVE-2017-7395 CVE-2017-7396 tigervnc: various flaws
--- a/xvnc.service
+++ b/xvnc.service
@ -0,0 +1,38 @@
+# The vncserver service unit file
+#
+# Quick HowTo:
+# 1. Copy this file to /etc/systemd/system/xvnc@.service
+# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket
+# 3. Run `systemctl daemon-reload`
+# 4. Run `systemctl enable xvnc.socket`
+#
+# DO NOT RUN THIS SERVICE if your local area network is
+# untrusted!  For a secure way of using VNC, you should
+# limit connections to the local host and then tunnel from
+# the machine you want to view VNC on (host A) to the machine
+# whose VNC output you want to view (host B)
+#
+# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
+#
+# this will open a connection on port 590N of your hostA to hostB's port 590M
+# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
+# See the ssh man page for details on port forwarding)
+#
+# You can then point a VNC client on hostA at vncdisplay N of localhost and with
+# the help of ssh, you end up seeing what hostB makes available on port 590M
+#
+# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
+#
+# Use "-localhost" to prevent remote VNC clients connecting except when
+# doing so through a secure tunnel.  See the "-via" option in the
+# `man vncviewer' manual page.
+
+
+[Unit]
+Description=XVNC Per-Connection Daemon
+
+[Service]
+ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
+User=nobody
+StandardInput=socket
+StandardError=syslog
--- a/xvnc.socket
+++ b/xvnc.socket
@ -0,0 +1,9 @@
+[Unit]
+Description=XVNC Server
+
+[Socket]
+ListenStream=5900
+Accept=yes
+
+[Install]
+WantedBy=sockets.target