Update base image to Ubuntu 24.04

Dockerfile.m4

@@ -4,11 +4,11 @@ m4_changequote([[, ]])
 ## "build" stage
 ##################################################
 
-m4_ifdef([[CROSS_ARCH]], [[FROM docker.io/CROSS_ARCH/ubuntu:22.04]], [[FROM docker.io/ubuntu:22.04]]) AS build
+m4_ifdef([[CROSS_ARCH]], [[FROM docker.io/CROSS_ARCH/ubuntu:24.04]], [[FROM docker.io/ubuntu:24.04]]) AS build
 m4_ifdef([[CROSS_QEMU]], [[COPY --from=docker.io/hectorm/qemu-user-static:latest CROSS_QEMU CROSS_QEMU]])
 
 # Enable source repositories
-RUN sed -i 's/^#\s*\(deb-src\s\)/\1/g' /etc/apt/sources.list
+RUN sed -i '/^Types: deb$/s/$/ deb-src/' /etc/apt/sources.list.d/ubuntu.sources
 
 # Install packages
 RUN export DEBIAN_FRONTEND=noninteractive \
@@ -90,9 +90,7 @@ RUN cmake ./ \
 		-D CMAKE_INSTALL_PREFIX=/opt/libjpeg-turbo \
 		-D CMAKE_POSITION_INDEPENDENT_CODE=1 \
 		../
-RUN make -j"$(nproc)"
-RUN make deb
-RUN dpkg -i ./libjpeg-turbo_*.deb
+RUN make -j"$(nproc)" install
 
 # Build VirtualGL
 ARG VIRTUALGL_TREEISH=3.1.1
@@ -113,9 +111,7 @@ RUN cmake ./ \
 		-D CMAKE_POSITION_INDEPENDENT_CODE=1 \
 		-D VGL_EGLBACKEND=1 \
 		../
-RUN make -j"$(nproc)"
-RUN make deb
-RUN dpkg -i ./virtualgl_*.deb
+RUN make -j"$(nproc)" install
 
 # Build TurboVNC
 ARG TURBOVNC_TREEISH=3.1.1
@@ -143,9 +139,7 @@ RUN cmake ./ \
 		-D TVNC_GLX=1 \
 		-D TVNC_NVCONTROL=1 \
 		../
-RUN make -j"$(nproc)"
-RUN make deb
-RUN dpkg -i ./turbovnc_*.deb
+RUN make -j"$(nproc)" install
 
 # Build xrdp
 ARG XRDP_TREEISH=v0.10.0
@@ -157,7 +151,8 @@ RUN git checkout "${XRDP_TREEISH:?}"
 RUN git submodule update --init --recursive
 RUN ./bootstrap
 RUN ./configure \
-		--prefix=/usr \
+		--prefix=/opt/xrdp \
+		--enable-strict-locations \
 		--enable-vsock \
 		--enable-tjpeg \
 		--enable-fuse \
@@ -166,8 +161,7 @@ RUN ./configure \
 		--enable-mp3lame \
 		--enable-pixman \
 		--enable-ipv6
-RUN make -j"$(nproc)"
-RUN checkinstall --default --pkgname=xrdp --pkgversion=9:999 --pkgrelease=0
+RUN make -j"$(nproc)" install
 
 # Build xorgxrdp
 ARG XORGXRDP_TREEISH=v0.10.1
@@ -178,9 +172,12 @@ RUN git clone "${XORGXRDP_REMOTE:?}" ./
 RUN git checkout "${XORGXRDP_TREEISH:?}"
 RUN git submodule update --init --recursive
 RUN ./bootstrap
-RUN ./configure --enable-glamor
-RUN make -j"$(nproc)"
-RUN checkinstall --default --pkgname=xorgxrdp --pkgversion=9:999 --pkgrelease=0
+RUN ./configure \
+		--prefix=/opt/xrdp \
+		--enable-strict-locations \
+		--enable-glamor \
+		PKG_CONFIG_PATH=/opt/xrdp/lib/pkgconfig
+RUN make -j"$(nproc)" install
 
 # Build xrdp PulseAudio module
 ARG XRDP_PULSEAUDIO_TREEISH=v0.7
@@ -190,21 +187,24 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get build-dep -y pulseaudio
 RUN apt-get source pulseaudio && mv ./pulseaudio-*/ ./pulseaudio/
 WORKDIR /tmp/pulseaudio/
 RUN meson ./build/
-RUN mkdir /tmp/xrdp-pulseaudio/
-WORKDIR /tmp/xrdp-pulseaudio/
+RUN mkdir /tmp/pulseaudio-module-xrdp/
+WORKDIR /tmp/pulseaudio-module-xrdp/
 RUN git clone "${XRDP_PULSEAUDIO_REMOTE:?}" ./
 RUN git checkout "${XRDP_PULSEAUDIO_TREEISH:?}"
 RUN git submodule update --init --recursive
 RUN ./bootstrap
-RUN ./configure PULSE_DIR=/tmp/pulseaudio/
-RUN make -j"$(nproc)"
-RUN checkinstall --default --pkgname=xrdp-pulseaudio --pkgversion=9:999 --pkgrelease=0
+RUN ./configure \
+		--prefix=/opt/xrdp \
+		--with-module-dir=/opt/xrdp/lib/pulse/modules \
+		PKG_CONFIG_PATH=/opt/xrdp/lib/pkgconfig \
+		PULSE_DIR=/tmp/pulseaudio/
+RUN make -j"$(nproc)" install
 
 ##################################################
 ## "main" stage
 ##################################################
 
-m4_ifdef([[CROSS_ARCH]], [[FROM docker.io/CROSS_ARCH/ubuntu:22.04]], [[FROM docker.io/ubuntu:22.04]]) AS main
+m4_ifdef([[CROSS_ARCH]], [[FROM docker.io/CROSS_ARCH/ubuntu:24.04]], [[FROM docker.io/ubuntu:24.04]]) AS main
 m4_ifdef([[CROSS_QEMU]], [[COPY --from=docker.io/hectorm/qemu-user-static:latest CROSS_QEMU CROSS_QEMU]])
 
 # Copy APT config
@@ -307,8 +307,8 @@ m4_ifelse(ENABLE_NVIDIA_SUPPORT, 1, [[m4_dnl
 	&& rm -rf /var/lib/apt/lists/*
 
 # Add Mozilla Team repository
-RUN curl --proto '=https' --tlsv1.3 -sSf 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x0AB215679C571D1C8325275B9BDB3D89CE49EC21' | gpg --dearmor -o /etc/apt/trusted.gpg.d/mozillateam.gpg \
-	&& printf '%s\n' "deb [signed-by=/etc/apt/trusted.gpg.d/mozillateam.gpg] https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/mozillateam.list
+RUN curl --proto '=https' --tlsv1.3 -sSf 'https://packages.mozilla.org/apt/repo-signing-key.gpg' | gpg --dearmor -o /etc/apt/trusted.gpg.d/mozilla.gpg \
+	&& printf '%s\n' 'deb [signed-by=/etc/apt/trusted.gpg.d/mozilla.gpg] https://packages.mozilla.org/apt mozilla main' > /etc/apt/sources.list.d/mozilla.list
 
 # Install extra packages
 RUN export DEBIAN_FRONTEND=noninteractive \
@@ -387,7 +387,6 @@ RUN export DEBIAN_FRONTEND=noninteractive \
 		xfce4-panel-profiles \
 		xfce4-pulseaudio-plugin \
 		xfce4-screenshooter \
-		xfce4-statusnotifier-plugin \
 		xfce4-taskmanager \
 		xfce4-terminal \
 		xfce4-whiskermenu-plugin \
@@ -401,23 +400,17 @@ RUN export DEBIAN_FRONTEND=noninteractive \
 		zip \
 	&& rm -rf /var/lib/apt/lists/*
 
-# Install libjpeg-turbo from package
-RUN --mount=type=bind,from=build,source=/tmp/libjpeg-turbo/,target=/tmp/libjpeg-turbo/ dpkg -i /tmp/libjpeg-turbo/build/libjpeg-turbo_*.deb
-
-# Install VirtualGL from package
-RUN --mount=type=bind,from=build,source=/tmp/virtualgl/,target=/tmp/virtualgl/ dpkg -i /tmp/virtualgl/build/virtualgl_*.deb
+# Copy libjpeg-turbo build
+COPY --from=build /opt/libjpeg-turbo/ /opt/libjpeg-turbo/
 
-# Install TurboVNC from package
-RUN --mount=type=bind,from=build,source=/tmp/turbovnc/,target=/tmp/turbovnc/ dpkg -i /tmp/turbovnc/build/turbovnc_*.deb
+# Copy VirtualGL build
+COPY --from=build /opt/VirtualGL/ /opt/VirtualGL/
 
-# Install xrdp from package
-RUN --mount=type=bind,from=build,source=/tmp/xrdp/,target=/tmp/xrdp/ dpkg -i /tmp/xrdp/xrdp_*.deb
+# Copy TurboVNC build
+COPY --from=build /opt/TurboVNC/ /opt/TurboVNC/
 
-# Install xorgxrdp from package
-RUN --mount=type=bind,from=build,source=/tmp/xorgxrdp/,target=/tmp/xorgxrdp/ dpkg -i /tmp/xorgxrdp/xorgxrdp_*.deb
-
-# Install xrdp PulseAudio module from package
-RUN --mount=type=bind,from=build,source=/tmp/xrdp-pulseaudio/,target=/tmp/xrdp-pulseaudio/ dpkg -i /tmp/xrdp-pulseaudio/xrdp-pulseaudio_*.deb
+# Copy xrdp, xorgxrdp and PulseAudio module builds
+COPY --from=build /opt/xrdp/ /opt/xrdp/
 
 # Environment
 ENV SVDIR=/etc/service/
@@ -430,6 +423,7 @@ ENV UNPRIVILEGED_USER_SHELL=/bin/bash
 ENV UNPRIVILEGED_USER_HOME=/home/user
 ENV SERVICE_XRDP_BOOTSTRAP_ENABLED=false
 ENV SERVICE_XORG_HEADLESS_ENABLED=false
+ENV XRDP_RSAKEYS_PATH=/etc/xrdp/rsakeys.ini
 ENV XRDP_TLS_KEY_PATH=/etc/xrdp/key.pem
 ENV XRDP_TLS_CRT_PATH=/etc/xrdp/cert.pem
 ENV STARTUP=xfce4-session
@@ -449,10 +443,9 @@ RUN printf '%s\n' "${TZ:?}" > /etc/timezone \
 
 # Setup PATH
 ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
-ENV PATH=/opt/libjpeg-turbo/bin:/opt/VirtualGL/bin:/opt/TurboVNC/bin:${PATH}
+ENV PATH=/opt/libjpeg-turbo/bin:/opt/VirtualGL/bin:/opt/TurboVNC/bin:/opt/xrdp/sbin:/opt/xrdp/bin:${PATH}
 
 # Setup D-Bus
-RUN mkdir /run/dbus/ && chown messagebus:messagebus /run/dbus/
 RUN dbus-uuidgen > /etc/machine-id
 RUN ln -sf /etc/machine-id /var/lib/dbus/machine-id
 
@@ -461,7 +454,10 @@ RUN printf '%s\n' 'session required pam_env.so readenv=1' >> /etc/pam.d/xrdp-ses
 
 # Remove default keys and certificates
 RUN rm -f /etc/ssh/ssh_host_*
-RUN rm -f "${XRDP_TLS_KEY_PATH:?}" "${XRDP_TLS_CRT_PATH:?}"
+
+# Remove default user and group
+RUN if id -u "${UNPRIVILEGED_USER_UID:?}" >/dev/null 2>&1; then userdel -f "$(id -nu "${UNPRIVILEGED_USER_UID:?}")"; fi
+RUN if id -g "${UNPRIVILEGED_USER_GID:?}" >/dev/null 2>&1; then groupdel "$(id -nu "${UNPRIVILEGED_USER_GID:?}")"; fi
 
 # Forward logs to Docker log collector
 RUN ln -sf /dev/stdout /var/log/xorg-headless.log
@@ -489,10 +485,10 @@ RUN find /etc/X11/xorg.conf.d/ -type d -not -perm 0755 -exec chmod 0755 '{}' ';'
 RUN find /etc/X11/xorg.conf.d/ -type f -not -perm 0644 -exec chmod 0644 '{}' ';'
 
 # Copy xrdp config
-COPY --chown=root:root ./config/xrdp/ /etc/xrdp/
-RUN find /etc/xrdp/ -type d -not -perm 0755 -exec chmod 0755 '{}' ';'
-RUN find /etc/xrdp/ -type f -not -perm 0644 -exec chmod 0644 '{}' ';'
-RUN find /etc/xrdp/ -type f -name '*.sh' -not -perm 0755 -exec chmod 0755 '{}' ';'
+COPY --chown=root:root ./config/xrdp/ /opt/xrdp/etc/xrdp/
+RUN find /opt/xrdp/etc/xrdp/ -type d -not -perm 0755 -exec chmod 0755 '{}' ';'
+RUN find /opt/xrdp/etc/xrdp/ -type f -not -perm 0644 -exec chmod 0644 '{}' ';'
+RUN find /opt/xrdp/etc/xrdp/ -type f -name '*.sh' -not -perm 0755 -exec chmod 0755 '{}' ';'
 
 # Copy PulseAudio config
 COPY --chown=root:root ./config/pulse/ /etc/pulse/

config/X11/Xsession.d/60xdg

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# shellcheck disable=SC2034
+{
+	set -a
+	XDG_DATA_DIRS=/usr/share/xubuntu:/usr/share/xfce4:/usr/local/share:/usr/share
+	XDG_CONFIG_DIRS=/etc/xdg/xdg-xubuntu:/etc/xdg
+	XDG_CURRENT_DESKTOP=XFCE
+	XDG_SESSION_DESKTOP=xubuntu
+	XDG_SESSION_TYPE=x11
+	XDG_MENU_PREFIX=xfce-
+	XDG_DATA_HOME="${HOME:?}"/.local/share
+	XDG_CONFIG_HOME="${HOME:?}"/.config
+	XDG_CACHE_HOME="${HOME:?}"/.cache
+	XDG_RUNTIME_DIR=/run/user/"$(id -u)"
+	set +a
+}

config/X11/xorg.conf.d/10-xrdp.conf

@@ -0,0 +1,3 @@
+Section "Files"
+	ModulePath "/opt/xrdp/lib/xorg/modules"
+EndSection

config/apt/preferences.d/firefox.pref

@@ -1,3 +1,3 @@
 Package: firefox
-Pin: release o=LP-PPA-mozillateam
-Pin-Priority: 900
+Pin: origin packages.mozilla.org
+Pin-Priority: 1000

config/xrdp/sesman.ini

@@ -1,6 +1,4 @@
 [Globals]
-ListenAddress=127.0.0.1
-ListenPort=3350
 EnableUserWindowManager=true
 UserWindowManager=startwm.sh
 DefaultWindowManager=startwm.sh
@@ -28,7 +26,7 @@ SyslogLevel=INFO
 [Xorg]
 param=/usr/lib/xorg/Xorg
 param=-config
-param=xrdp/xorg.conf
+param=/opt/xrdp/etc/X11/xrdp/xorg.conf
 param=-noreset
 param=-nolisten
 param=tcp
@@ -57,4 +55,5 @@ EnableConsole=true
 ConsoleLevel=INFO
 
 [SessionVariables]
-PULSE_SCRIPT=/etc/xrdp/pulse/default.pa
+PULSE_SCRIPT=/opt/xrdp/etc/xrdp/pulse/default.pa
+PULSE_DLPATH=/opt/xrdp/lib/pulse/modules:/usr/lib/pulse-16.1+dfsg1/modules

run.sh

@@ -45,6 +45,10 @@ printf '%s\n' "Creating \"${CONTAINER_NAME:?}\" container..."
 	--shm-size 2g \
 	--publish 3322:3322/tcp \
 	--publish 3389:3389/tcp \
+	--mount type=tmpfs,dst=/etc/xrdp/ \
+	--mount type=tmpfs,dst=/home/ \
+	--mount type=tmpfs,dst=/tmp/ \
+	--mount type=tmpfs,dst=/run/ \
 	${CONTAINER_DEVICES?} \
 	"${IMAGE_NAME:?}" "$@" >/dev/null
 

scripts/bin/container-init

@@ -104,14 +104,24 @@ if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
 	ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' >/dev/null
 fi
 
+# Generate xrdp RSA keys if they do not exist
+if [ ! -f "${XRDP_RSAKEYS_PATH:?}" ]; then
+	mkdir -p "$(dirname "${XRDP_RSAKEYS_PATH:?}")"
+	(umask 077 \
+		&& xrdp-keygen xrdp "${XRDP_RSAKEYS_PATH:?}" \
+	) >/dev/null
+fi
+
 # Generate RDP certificate if it does not exist
 if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CRT_PATH:?}" ]; then
 	FQDN=$(hostname --fqdn)
 
+	mkdir -p "$(dirname "${XRDP_TLS_KEY_PATH:?}")"
 	(umask 077 \
 		&& openssl ecparam -genkey -name prime256v1 > "${XRDP_TLS_KEY_PATH:?}" \
 	) >/dev/null
 
+	mkdir -p "$(dirname "${XRDP_TLS_CRT_PATH:?}")"
 	(umask 022 \
 		&& openssl req -x509 -sha256 -days 3650 -subj "/CN=${FQDN:?}" -addext "subjectAltName=DNS:${FQDN:?}" -key "${XRDP_TLS_KEY_PATH:?}" > "${XRDP_TLS_CRT_PATH:?}" \
 	) >/dev/null

scripts/service/xrdp-sesman/run

@@ -3,4 +3,4 @@
 set -eu
 
 exec 2>&1
-exec xrdp-sesman --nodaemon
+exec xrdp-sesman --config /opt/xrdp/etc/xrdp/sesman.ini --nodaemon

scripts/service/xrdp/run

@@ -3,4 +3,4 @@
 set -eu
 
 exec 2>&1
-exec xrdp --nodaemon
+exec xrdp --config /opt/xrdp/etc/xrdp/xrdp.ini --nodaemon

xfreerdp.sh

@@ -9,7 +9,7 @@ RDP_DOMAIN=Xorg
 RDP_USER=user
 RDP_PASSWORD=password
 
-exec xfreerdp \
+exec xfreerdp3 \
 	/v:"${RDP_HOST:?}":"${RDP_PORT:?}" \
 	/u:"${RDP_DOMAIN:?}"\\"${RDP_USER:?}" /p:"${RDP_PASSWORD:?}" \
 	/log-level:INFO /cert:ignore \