Bug 1780839 - Wrong content of tigervnc systemd files
Summary: Wrong content of tigervnc systemd files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: tigervnc
Version: 30
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Grulich
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-07 14:16 UTC by Gunnar Thielebein
Modified: 2020-01-04 22:15 UTC (History)
4 users (show)

Fixed In Version: tigervnc-1.10.0-2.fc31 tigervnc-1.10.1-1.fc30
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-12-12 01:54:18 UTC
Type: Bug


Attachments (Terms of Use)

Description Gunnar Thielebein 2019-12-07 14:16:37 UTC
Description of problem:

After installation of tigervnc in Fedora 30 one can find some example systemd files shipped in /usr/lib/systemd/system/:

find / -regex ".*vnc.*\.\(service\|socket\)"
find: ‘/run/user/1000/gvfs’: Permission denied
/usr/lib/systemd/system/xvnc@.service
/usr/lib/systemd/system/xvnc.socket
/usr/lib/systemd/system/vncserver@.service
/usr/lib/systemd/user/vncserver@.service

The `xvnc@.service` file contains some X11 display configuration.

The `xvnc.socket` file contains, what looks like the xvnc@.service content.

The `vncservice@.service` files in systemd/user and systemd/system looks correct
on first sight. 

Version-Release number of selected component (if applicable):

$ rpm --query -f /usr/lib/systemd/system/xvnc@.service
tigervnc-server-1.10.0-1.fc30.x86_64

How reproducible:

Always.

Steps to Reproduce:
1. Install tigervnc
2. Check socketfile /usr/lib/systemd/system/xvnc.socket
3. Check /usr/lib/systemd/system/xvnc@.service

Actual results:

content of the service file:

```
cat /usr/lib/systemd/system/xvnc@.service
# This file contains configuration of libvnc.so module
#
# To get libvnc.so module working, do this:
# 1. run "vncpasswd" from tigervnc-server package as root user
# 2. uncomment configuration lines below
#
# Please note you can specify any option which Xvnc accepts.
# Refer to `Xvnc -help` output for detailed list of options.

#Section "Module"
#    Load "vnc"
#EndSection

#Section "Screen"
#    Identifier "Screen0"
#    DefaultDepth 16
#    Option "SecurityTypes" "VncAuth"
#    Option "PasswordFile" "/root/.vnc/passwd"
#EndSection
```

Content of the socket file:

```
$ cat /usr/lib/systemd/system/xvnc.socket
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/xvnc@.service
# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable xvnc.socket`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=XVNC Per-Connection Daemon

[Service]
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
User=nobody
StandardInput=socket
StandardError=syslog
```


Expected results:

Content of the service file should look like:

```
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/xvnc@.service
# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable xvnc.socket`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=XVNC Per-Connection Daemon

[Service]
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
User=nobody
StandardInput=socket
StandardError=syslog
```

Content of the socket file should look similiar to the content of Archlinux article: https://wiki.archlinux.org/index.php/Tightvnc#On_demand_multi-user_mode

```
/etc/systemd/system/xvnc.socket

[Unit]
Description=XVNC Server

[Socket]
ListenStream=5900
Accept=yes

[Install]
WantedBy=sockets.target
```

Comment 1 Fedora Update System 2019-12-10 08:34:15 UTC
FEDORA-2019-8bcab526a8 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8bcab526a8

Comment 2 Fedora Update System 2019-12-10 08:34:16 UTC
FEDORA-2019-60932d345a has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-60932d345a

Comment 3 Fedora Update System 2019-12-11 01:04:10 UTC
tigervnc-1.10.0-2.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8bcab526a8

Comment 4 Fedora Update System 2019-12-11 01:41:34 UTC
tigervnc-1.10.0-2.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-60932d345a

Comment 5 Fedora Update System 2019-12-12 01:54:18 UTC
tigervnc-1.10.0-2.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2019-12-21 01:26:57 UTC
tigervnc-1.10.1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8005476e72

Comment 7 Fedora Update System 2020-01-04 22:15:18 UTC
tigervnc-1.10.1-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.