bug#22930: bug#24049: GuixSD - problem with X11 forwarding

[Maxim Cournoyer <maxim.cournoyer@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 1630 bytes --]

Hello,

ludo@gnu.org (Ludovic Courtès) writes:

[...]

> I believe this is a bug in lshd fixed by something along the lines of
> the attached patch.
>
> Niels, what do you think?
>
> (Strangely I can’t find equivalent code in OpenSSH.)
>
> Thanks,
> Ludo’.
>
> --- /tmp/lsh-2.1/src/server_x11.c	2016-08-01 11:58:54.714647794 +0200
> +++ /tmp/lsh-2.1/src/server_x11.c.new	2016-08-01 11:58:46.606563478 +0200
> @@ -151,7 +151,7 @@ DEFINE_COMMAND(open_forwarded_x11)
>  #define X11_MIN_DISPLAY 10
>  #define X11_MAX_DISPLAY 1000
>  
> -/* FIXME: Create the /tmp/.X11-unix directory, if needed. Figure out
> +/* FIXME: Figure out
>   * if and how we should use /tmp/.X17-lock. Consider using display
>   * "unix:17" instead of just ":17".
>   */
> @@ -253,6 +253,7 @@ open_x11_socket(struct ssh_channel *chan
>  
>    old_umask = umask(0077);
>    
> +  mkdir(X11_SOCKET_DIR, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
>    old_cd = lsh_pushd(X11_SOCKET_DIR, &dir, 0, 0);
>    if (old_cd < 0)
>      {

I tried the above fix and ran a VM with the attached config (the custom
kernel stuff was to try something else at the same time).  It fixes the
error about the directory, but it would still fail at X11 forwarding
(there was an error message: "Can't find any xauth information for X11
display").

I ended up figuring out it needed libxau to work; combined with your
patch, this fixes X11 forwarding.

Fixed in commit 0ec195ff02.

For the record, I've done the tests in a VM using the attached system
config.  The custom kernel stuff is unrelated.

Thanks,

Closing,

Maxim


[-- Attachment #2: config-custom-kernel.scm --]
[-- Type: text/plain, Size: 2063 bytes --]

(use-modules (gnu))
(use-service-modules networking ssh desktop)
(use-package-modules
 admin
 disk
 aspell
 gettext
 ghostscript ;; gs-fonts
 fonts ;; font-dejavu font-gnu-freefont-ttf
 base
 ssh rsync wget screen
 version-control
 emacs
 emacs-xyz
 xorg
 xdisorg
 certs)

(define make-linux-libre (@@ (gnu packages linux) make-linux-libre))

(define-public %linux-kernel-with-fault-injection
  (make-linux-libre "5.8.13"            ;version
                    "1wm8rsq53dd01wjnd4bz61daz9f7zm55sh1dssmpqwgdwh3cpshp" ;hash
                    '("x86_64-linux")   ;supported systems
   #:configuration-file (@@ (gnu packages linux) kernel-config)
   #:extra-version "with-fault-injection"
   #:extra-options (append (@@ (gnu packages linux) %default-extra-linux-options)
                           `(("CONFIG_FAULT_INJECTION" . #t)
                             ("CONFIG_FAIL_MAKE_REQUEST" . #t)
                             ("CONFIG_FAIL_MMC_REQUEST" . #t)
                             ("CONFIG_FAULT_INJECTION_DEBUG_FS" . #t)))
   #:patches '()))

(operating-system
  (host-name "g1")
  (timezone "America/New_York")
  (locale "en_US.utf8")
  (bootloader (grub-configuration (target "/dev/sda")))
  (file-systems (cons (file-system
			(device "g1sd")
			(mount-point "/")
			(type "ext4"))
		      %base-file-systems))
  (kernel %linux-kernel-with-fault-injection)
  (users (cons* (user-account
		 (name "test")
		 (group "users")
		 (supplementary-groups '("wheel"))
		 (home-directory "/home/test"))
		%base-user-accounts))
  (packages
   (cons*
    glibc-utf8-locales
    parted
    gs-fonts font-dejavu font-gnu-freefont-ttf
    gnu-make
    openssh nss-certs rsync wget git
    screen
    emacs
    xauth                               ;used by lsh
    xeyes                               ;for testing
    %base-packages))
  (services (cons* (lsh-service #:port-number 22
                                #:allow-empty-passwords? #t
                                #:root-login? #t)
                   (service dhcp-client-service-type)
		   %base-services)))