Before after X: sierpnia 2012

czwartek, 23 sierpnia 2012

Multiseat - final thoughts (so far)

Now I am happily running an up-to-date Debian Wheezy. However, some precautions must be made when upgrading. I wrote such a script:

#!/bin/bash

SENSITIVE="wmctrl xserver-xephyr lightdm policykit"

PACKAGES=`apt-get --dry-run dist-upgrade | awk '/^The following packages will be upgraded:/,/^[1-9]./' | tail -n +2 | head -n -1`

echo "Searching sensitive packages:"
echo
echo $SENSITIVE
echo
echo "in:"
echo
echo $PACKAGES
echo

FOUND=0

for i in $SENSITIVE; do
echo $PACKAGES | grep $i 2>&1 >/dev/null && echo Found: $i && FOUND=1
done

if [ $FOUND -eq 0 ]; then
echo No sensitive packages found in upgrade.
fi

The script can be run after apt-get update to see if any of the packages enumerated in "SENSITIVE" are to be upgraded this time. If yes, care must be taken.

Policy kit needs a paragraph of its own. At this moment Debian Wheezy comes with policykit-1 version 0.105. This is the last version in which the actions' permissions are customized using .pkla files. From 0.106 on (0.107 is the latest now) the format and naming of the directories and files has changed.

Another thing is systemd, which one day can become The Right Way of doing things.

USB in multiseat

Here is how I configured my machine in order for users @ multiseat can mount USB drives.

First of all, in modern Debian distributions there is polkit-1. The policy kit infrastructure consists of, among others, a D-BUS service org.freedesktop.PolicyKit1 implemented as /usr/lib/policykit-1/polkitd. The service is used on behalf of user applications wanting to talk to privileged processes, the latter being described by so called actions stored in /usr/share/polkit-1/actions/. Policy kit's job is either to grant permission for an application to talk to a privileged process, or not. Each action, apart from the service it describes, provides default permissions for different kinds of sessions: active sessions, inactive sessions and any kind of sessions. For example, org.freedesktop.udisks.policy file contains descriptions of a number of actions related to disks (like mount/unmount and such).

It turns out, that of the n + 1 X sessions (Xinerama + n seats), only the Xinerama session happens to be ACTIVE. All other sessions, started through Xephyrs, are PASSIVE. And by default PASSIVE sessions are not allowed to mount USB drives, which is expressed by <allow_inactive>no</allow_inactive> in org.freedesktop.udisks.policy. Nor are they allowed to suspend the machine, see org.freedesktop.upower.policy. In different places advice can be found to edit .policy files. Don't! It is not the right way to do it. Instead, create files in /etc/polkit-1/localauthority/50-local.d/. I use the following two:

10-org.freedesktop.upower.pkla:

[Suspend/hibernate permissions]
Identity=unix-group:power
Action=org.freedesktop.upower.suspend
ResultAny=yes
ResultInactive=yes
ResultActive=yes

20-org.freedesktop.udisks.pkla:

[Storage Permissions]
Identity=unix-group:storage
Action=org.freedesktop.udisks.change;org.freedesktop.udisks.drive-detach;org.freedesktop.udisks.drive-eject;org.freedesktop.udisks.filesystem-mount;org.freedesktop.udisks.filesystem-unmount-others
ResultAny=yes
ResultInactive=yes
ResultActive=yes

In order for this setup to work, the users in question must belong to groups power and storage.

I handle mounting USB drives manually, that is, in a file manager drives show up automatically after plugging in, but one of the users (each time it can be a different user) must explicitly mount them for him/herself. In LXDE's pcmanfm->Edit->Preferences->Volume management "Mount removable media automatically when they are inserted" and "Mount mountable volumes automatically on program startup" are unchecked. In other words, the multiseat users must collaborate to decide who mounts the newly inserted USB drive. If it were to happen automatically, the user whose file manager mounts the drive first wins the race. And race is not what we want here.

As you might have noticed, I use LXDE. Gnome-3 looks to heavy. And besides, with Xephyr's lack of GLX support, only the classic appearance is available, so I choose the lighter alternative.

Debian Wheezy - on hard disk

I just wanted to let you know that as of today, 23rd August 2012, I am using the most up-to-date Debian Wheezy with lightdm and LXDE, installed to the hard disk of my computer. It just works.

sobota, 18 sierpnia 2012

Xephyr

Remember me complaining I was not Keith Packard?

I am still not ;P

But I am kind of closer to a good solution with an up-to-date Xephyr.

You know, at my Faculty of Electronics and Information Technology I in fact learnt just one thing, everything else follows from that: "It works better when turned on" (a small addendum to it is that "computerization of a mess makes a bigger mess"). And this (not being turned on) is the very reason of Wheezy's Xephyr not handling evdev protocol.

So how can it be turned on? Fortunately, it is fairly simple: do apt-get source xserver-xephyr, then apt-get buid-dep xserver-xephyr, and then edit xorg-server-<some numbers>/debian/rules: after --enable-kdrive \ add a new line which reads --enable-kdrive-evdev \.

Then dpkg-buildpackage -uc -us, after some 15 minutes the build stopped with an error regarding libGL; however in xorg-server-1.12.3/debian/xserver-xephyr/usr/bin/Xephyr there was a new Xephyr binary. I tested it and it works ok!

I know that this is a kind of a poor man's solution: the package should build nicely to the end. It is desired to at least know and understand why the build stops and whether it should worry us. Nevertheless, it seems that Xephyr should not be a showstopper for the multiseat config, that is, we are not forced to use a binary from an ancient distribution.

Configuration of ligthdm 1.2

The configuration is pretty similar to that of lightdm 1.0. The changes are indicated in red.

+-/etc

| |

| +-/default

| | |

| | +-multiseat

| |

| +-/lightdm

| | |

| | +-lightdm.conf

| |

| +-/X11

| | |

| | +-xorg.conf

| |

| +-/init.d

| | |

| | +-multiseat

| |

| +-/udev

| | |

| | +-/rules.d

| | |

| | +-00-multiseat.rules

| |

| +-/multiseat

| |

| +-multiseat.conf

| |

| +-/scripts

| |

| +-helper-functions

| |

| +-match-and-name

| |

| +-multiseat-greeter-1

| |

| +-multiseat-greeter-<n>

| |

| +-fake-greeter

| |

| +-Xephyr-seat-1

| |

| +-Xephyr-seat-<n>

+-/usr

+-/share

+-/xgreeters

+-multiseat-greeter-1.desktop
|
+-multiseat-greeter-<n>.desktop

+-xinerama.desktop

The lithdm.conf is different than in lightdm 1.0, because it explicitly specifies a distinct xserver-command for each seat, the same with greeter-session.

The xserver-command for the seat <n> references its corresponding Xephyr-seat-<n> script, which, in turn, has its seat number hardcoded. The greeter-session for the seat <n> references its corresponding multiseat-greeter-<n>.desktop file, which has a hardcoded reference to its corresponding multiseat-greeter-<n>, which in, turn, has its seat number hardcoded.

The /etc/init.d/multiseat is changed now because it has a LSB-style header, making it suitable for a dependency-based boot. To create appropriate symlinks call

$ update-rc.d multiseat defaults

Multiseat setup - multiseat-greeter-1.desktop

[Desktop Entry]
Name=LightDM GTK+ Greeter
Comment=This runs the GTK+ greeter, it should only be run from LightDM
Exec=/etc/multiseat/scripts/multiseat-greeter-1
Type=Application
X-Ubuntu-Gettext-Domain=lightdm

Multiseat setup - multiseat-greeter-1

#!/bin/bash
#
#multiseat wrapper around ligthdm greeter in order to position 1 Xephyr instance
#
. /etc/multiseat/scripts/helper-functions

PRIMARY=`get_conf 0 PRIMARY`
SEAT=1

if [ $SEAT != $PRIMARY ]; then
    XEP=`XAUTHORITY=/var/run/lightdm/root/:0 xwininfo -root -children -display :0 | grep "Xephyr on :$SEAT" --max-count=1`;
    XEPHYR_WIN_ID=`echo ${XEP} | cut -d' ' -f1`;
    DISPLACEMENT=`get_conf $SEAT DISPLACEMENT`
    DISPLAY=:0 XAUTHORITY=/var/run/lightdm/root/:0 wmctrl 2>&1 -v -i -r ${XEPHYR_WIN_ID} -e 0,${DISPLACEMENT},-1,-1;
fi

XAUTHORITY=/var/run/lightdm/root/:$SEAT
DISPLAY=:$SEAT
exec /usr/sbin/lightdm-gtk-greeter

Multiseat setup - Xephyr-seat-1

#!/bin/bash
#
# $1 - display number of this Xephyr

. /etc/multiseat/scripts/helper-functions

trap "" usr1

XEPHYR=/root/Xephyr-new
export DISPLAY=:0
export XAUTHORITY=/var/run/lightdm/root/:0

SEAT=1

SIZE=`get_conf $SEAT SIZE`
KEYBOARD=`get_conf $SEAT KEYBOARD`
LAYOUT=`get_conf $SEAT LAYOUT`
MOUSE=`get_conf $SEAT MOUSE`
DPI=`get_conf $SEAT DPI`

exec $XEPHYR -retro -screen ${SIZE} -keybd evdev,,device=/dev/input/${KEYBOARD},xkbrules=evdev,xkbmodel=evdev,xkblayout=${LAYOUT} -mouse evdev,,device=/dev/input/${MOUSE} -dpi ${DPI} $1

Multiseat setup - init.d/multiseat

#!/bin/sh
### BEGIN INIT INFO
# Provides:          multiseat
# Required-Start:    bootlogs
# Required-Stop:
# Default-Start:     1 2 3 4 5
# Default-Stop:
# Short-Description: Trigger udev rules
# Description:       For some reason the rules for multiseat config need to be
#                    fired once more and later than at the very beginning.
### END INIT INFO

/sbin/udevadm trigger

Multiseat setup - lightdm.conf

[LightDM]
greeter-user=root
user-authority-in-system-dir=false
common-vt=true

[SeatDefaults]
xserver-allow-tcp=false
greeter-hide-users=true
user-session=lightdm-xsession
session-wrapper=/etc/X11/Xsession

[Seat:0]
xserver-command=X -br -dpms -s 0 -novtswitch
greeter-session=xinerama

[Seat:1]
xserver-command=/etc/multiseat/scripts/Xephyr-seat-1
greeter-session=multiseat-greeter-1

[Seat:2]
xserver-command=/etc/multiseat/scripts/Xephyr-seat-2
greeter-session=multiseat-greeter-2

lightdm 1.2, debian Wheezy

The time has come and lightdm 1.2 is in Wheezy. There is no way but making it work. The good news is that I did it; I have a working system prepared as a customized Debian Live on a USB stick. The not so good news (but not so terribly bad either) is that the configuration is a little less elegant. However, there are only 2 small patches to lightdm to make it work. Actually, these are the same as the first 2 patches out of the 4 used in lightdm 1.0.

Here is the story: the 2 patches deal with removing unused lock files from /tmp (their presence influences the choice of the display number in subsequent runs of lightdm) and with adding an option to use the same vt for all X servers. This is the same as with lightdm 1.0. The difference is that the 2 remaining patches have not been applied. They don't apply at all, they are not even close, because the architecture of lightdm changed since 1.0 and the processes are started in a different way while the 2 remaining patches added an option to pass seat numbers to X servers and to greeters; both X servers and greeters are started as new processes. But there is a satisfying workaround: do not even try applying them, the trade-off being a less elegant configuration.

In the lightdm 1.0 solution there is one central multiseat.conf, which is used both by udev to name event interface nodes in /dev/input and by multiseat scripts to associate keyboards/mice with seats and to move X servers into their corresponding positions within one big Xinerama screen. The multiseat scripts were generic, so they needed to be told (in an invocation parameter) which seat they relate to; the solution was also nicely scalable - there was only one file, the multiseat.conf, which needed to be edited to specify the keyboards/mice matching to their seats. In the lightdm 1.2 solution the scripts cannot be told which seat they relate to (because lightdm is not patched to do so, for the reasons explained earlier), so some of them are copied, in as many instances as there are seats, and by their construction they relate to a fixed seat. The good thing is that the patches which have been applied are really simple, so it might be easier to make it to the lightdm mainline.

You can get the changes from here:

bzr branch lp:~andrzejtp2010/lightdm/lightdm-1.2-xephyr-multiseat

bzr diff -r1493 > multiseat.patch

and follow the build instruction from here.

Stay tuned.