KasmVNC icon indicating copy to clipboard operation
KasmVNC copied to clipboard

Published 20 hours ago verified publisher icon kasmtech

Create rpm for Fedora 33

Open ledestin opened this issue 4 years ago • 4 comments

@clbr I'm having problems building on Fedora 33, could you please give me a hand?

configure: error: Package requirements (glproto >= 1.4.17 gl >= 7.1.0) were not
met:

Package dependency requirement 'gl >= 7.1.0' could not be satisfied.           
Package 'gl' has version '1.2', required version is '>= 7.1.0'                 

Consider adjusting the PKG_CONFIG_PATH environment variable if you             
installed software in a non-standard prefix.                                   

Alternatively, you may set the environment variables GL_CFLAGS                 
and GL_LIBS to avoid the need to call pkg-config.                              
See the pkg-config man page for more details.

Here's what provides libGL:

[root@8184883e4598 /]# dnf provides /usr/lib/libGL.so*                         
Last metadata expiration check: 1:51:00 ago on Mon Feb 15 08:56:09 2021.       
libglvnd-devel-1:1.3.2-2.fc33.i686 : Development files for libglvnd            
Repo        : fedora
Matched from:
Filename    : /usr/lib/libGL.so

libglvnd-glx-1:1.3.2-2.fc33.i686 : GLX support for libglvnd                    
Repo        : fedora
Matched from:
Filename    : /usr/lib/libGL.so.1
Filename    : /usr/lib/libGL.so.1.7.0

I could patch configure.ac to ignore libGL version, in fact, it compiles successfully if I do.

Thoughts?

ledestin avatar Feb 15 '21 10:02 ledestin

On Mon, 15 Feb 2021 02:53:23 -0800 Dmitry Maksyoma [email protected] wrote:

@clbr I'm having problems building on Fedora 33, could you please give me a hand?

configure: error: Package requirements (glproto >= 1.4.17 gl >= 7.1.0) were not
met:

Package dependency requirement 'gl >= 7.1.0' could not be satisfied.
Package 'gl' has version '1.2', required version is '>= 7.1.0'

...

Thoughts?

https://bugs.archlinux.org/task/64532?getfile=18026

tl;dr the dummies in charge of glvnd used incompatible versioning. Just change the check to check for 1.2 locally (not globally, since most systems do not use glvnd yet).

clbr avatar Feb 15 '21 11:02 clbr

@clbr Thanks. Turned out, Xorg 1.20 is already using v1.2, and I was using old Xorg.

Now that rpm builds, I have this warning:

kasmvncserver.x86_64: W: crypto-policy-non-compliance-gnutls-1 /usr/bin/Xkasmvnc gnutls_priority_set_direct
This application package calls a function to explicitly set crypto ciphers for
SSL/TLS. That may cause the application not to use the system-wide set
cryptographic policy and should be modified in accordance to:
https://fedoraproject.org/wiki/Packaging:CryptoPolicies

TigerVNC, again, ignores this warning. @kasmtech Should we try to resolve this?

ledestin avatar Feb 16 '21 11:02 ledestin

@clbr , I wonder if this may be our issue with late versions of Debian and Ubuntu. While the following article only warns against hard coding ciphers, the same may apply to SSL/TLS versions, it wants you to use the system profile. @ledestin can you try commenting out the SSL_CTX_set_options line. The following is a link to the commit where this was added, but it should be nearly identical to the branch you are on.

https://github.com/kasmtech/KasmVNC/commit/a27744bca61a07bf5d82f1d5703d067430d22818

https://fedoraproject.org/wiki/Packaging:CryptoPolicies

kasmtech avatar Feb 16 '21 11:02 kasmtech

No, that's unrelated. This warning is about gnutls, which is used in common/rfb/*SecurityTLS.cxx for TLS encrypted VNC - it's not used at all in kasm. We use openssl for the https and websocket connections, and the VNC socket is not exposed by default.

The SSL_CTX_set_options line disables SSLv2 and SSLv3 versions. Those are from the IE5 era and highly insecure. We do not have a set cipher line anywhere, which is what the fedora guideline warns against for openssl.

clbr avatar Feb 16 '21 11:02 clbr