new version full rebuild with claude opus 4.6 and own rdp daemon
This commit is contained in:
felixg
@@ -1,43 +1,47 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
#
|
||||
# Custom guacd image built against FreeRDP 3.x on Ubuntu 24.04.
|
||||
# Custom guacd image built against FreeRDP 3.8.0+ on Ubuntu 24.04.
|
||||
#
|
||||
# Why: The official guacamole/guacd image uses FreeRDP 2.x, which crashes
|
||||
# silently when connecting to Windows 11 22H2+ hosts due to NLA/CredSSP
|
||||
# cipher-suite changes introduced by Microsoft. FreeRDP 3.x fixes this.
|
||||
# Ubuntu 24.04 ships freerdp3-dev (FreeRDP 3.5.1+) in its universe repo.
|
||||
#
|
||||
# Source: built from git main branch (post-1.6.0) to pick up FreeRDP 3.x
|
||||
# crash fixes that landed after the June 2025 release tarball.
|
||||
# Why FreeRDP from source: Ubuntu 24.04 ships freerdp3-dev 3.5.1.
|
||||
# guacamole-server git main (1.7-dev) targets FreeRDP 3.8.0+:
|
||||
# - gdi.c's GUAC_ASSERT(current_context == NULL) is gated #if MINOR < 8
|
||||
# so with 3.5.x it fires when GFX calls begin_paint before desktop_resize
|
||||
# - gdi_resize() in 3.8.0+ calls EndPaint internally, which guacamole relies on
|
||||
# - GFX pipeline surface synchronisation is fixed in 3.8.0+
|
||||
# Building 3.x HEAD from source (always >= 3.8.0 by now) gives us the
|
||||
# correct FreeRDP that guacamole-server git main was developed against.
|
||||
#
|
||||
# Build notes:
|
||||
# - CPPFLAGS=-Wno-error=deprecated-declarations suppresses build-time warnings from
|
||||
# FreeRDP 3.x headers marking some fields/functions as deprecated; these are
|
||||
# warnings only and do NOT affect runtime behavior.
|
||||
# - CPPFLAGS=-DHAVE_FREERDP_VERIFYCERTIFICATEEX=1 fixes a macro name mismatch bug
|
||||
# in guacamole-server 1.6.0: configure.ac's AC_CHECK_MEMBERS generates the macro
|
||||
# HAVE_STRUCT_FREERDP_VERIFYCERTIFICATEEX (with STRUCT_ infix), but rdp.c checks
|
||||
# HAVE_FREERDP_VERIFYCERTIFICATEEX (without STRUCT_ infix), so the check is always
|
||||
# false. This means guacamole never registers the VerifyCertificateEx callback, which
|
||||
# FreeRDP 3.x calls during TLS certificate verification. The NULL callback causes a
|
||||
# silent connection drop ~430ms after keymap loading. Defining the macro manually
|
||||
# forces rdp.c to register rdp_inst->VerifyCertificateEx (correct FreeRDP 3.x path)
|
||||
# instead of the legacy rdp_inst->VerifyCertificate (padding in FreeRDP 3.x).
|
||||
# - CPPFLAGS=-DHAVE_FREERDP_VERIFYCERTIFICATEEX=1 fixes a macro name mismatch
|
||||
# in guacamole-server: configure.ac generates HAVE_STRUCT_FREERDP_VERIFYCERTIFICATEEX
|
||||
# (AC_CHECK_MEMBERS adds STRUCT_ prefix) but rdp.c checks
|
||||
# HAVE_FREERDP_VERIFYCERTIFICATEEX (no STRUCT_). Without this the VerifyCertificateEx
|
||||
# callback is never registered, causing a silent drop ~430ms after keymap load.
|
||||
# - display-flush.c / display-plan.c patch: loop over layers doesn't advance
|
||||
# `current` before `continue` when pending_frame.buffer is NULL → infinite loop
|
||||
# or GUAC_ASSERT abort. Fixed by replacing the GUAC_ASSERT with a pointer advance.
|
||||
# - gdi.c patch: GUAC_ASSERT(current_context == NULL) in desktop_resize fires on
|
||||
# FreeRDP 3.5.x because the GFX pipeline calls begin_paint then gdi_resize before
|
||||
# end_paint. Replaced with a guard that calls end_paint if context is still open.
|
||||
# With FreeRDP 3.8.0+ this code is inside #if MINOR < 8 so the patch is harmless.
|
||||
# - user.c patch: guac_user_supports_webp() dereferences image_mimetypes without
|
||||
# NULL check → SIGSEGV when client didn't send image MIME types.
|
||||
|
||||
FROM ubuntu:24.04
|
||||
|
||||
COPY docker/patch-display-flush.py /patch-display-flush.py
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# Build dependencies
|
||||
# Build dependencies for guacamole-server AND FreeRDP source build
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
autoconf \
|
||||
automake \
|
||||
build-essential \
|
||||
ca-certificates \
|
||||
cmake \
|
||||
curl \
|
||||
gdb \
|
||||
git \
|
||||
freerdp3-dev \
|
||||
libcairo2-dev \
|
||||
libjpeg-turbo8-dev \
|
||||
libossp-uuid-dev \
|
||||
@@ -51,16 +55,58 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
libvncserver-dev \
|
||||
libwebp-dev \
|
||||
libwebsockets-dev \
|
||||
libkrb5-dev \
|
||||
libavcodec-dev \
|
||||
libavutil-dev \
|
||||
libswscale-dev \
|
||||
libusb-1.0-0-dev \
|
||||
pkgconf \
|
||||
zlib1g-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Build FreeRDP 3.x from source (3.8.0+ required for guacamole-server git main).
|
||||
# We install to /usr with lib under lib/ (not lib/x86_64-linux-gnu/) so that
|
||||
# pkg-config --variable=libdir freerdp3 returns /usr/lib cleanly.
|
||||
# Optional features (audio, printing, X11 display, H264, Kerberos) are disabled
|
||||
# since guacd runs headless and we have disable-audio: true.
|
||||
RUN git clone --depth=1 --branch 3.22.0 https://github.com/FreeRDP/FreeRDP.git /tmp/freerdp \
|
||||
&& cmake -S /tmp/freerdp -B /tmp/freerdp-build \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
-DCMAKE_INSTALL_PREFIX=/usr \
|
||||
-DCMAKE_INSTALL_LIBDIR=lib \
|
||||
-DWITH_X11=OFF \
|
||||
-DWITH_WAYLAND=OFF \
|
||||
-DWITH_PULSEAUDIO=OFF \
|
||||
-DWITH_ALSA=OFF \
|
||||
-DWITH_OSS=OFF \
|
||||
-DWITH_CUPS=OFF \
|
||||
-DWITH_FFMPEG=OFF \
|
||||
-DWITH_OPENH264=OFF \
|
||||
-DWITH_JPEG=ON \
|
||||
-DWITH_CAIRO=ON \
|
||||
-DWITH_CHANNELS=ON \
|
||||
-DWITH_CLIENT=ON \
|
||||
-DWITH_CLIENT_COMMON=ON \
|
||||
-DWITH_SERVER=OFF \
|
||||
-DWITH_SAMPLE=OFF \
|
||||
-DBUILD_TESTING=OFF \
|
||||
-DWITH_GSSAPI=OFF \
|
||||
-DWITH_FUSE=OFF \
|
||||
&& cmake --build /tmp/freerdp-build -j"$(nproc)" \
|
||||
&& cmake --install /tmp/freerdp-build \
|
||||
&& ldconfig \
|
||||
&& rm -rf /tmp/freerdp /tmp/freerdp-build
|
||||
|
||||
# Build guacamole-server from git main against our newly installed FreeRDP 3.x.
|
||||
RUN FREERDP_PLUGIN_DIR=$(pkg-config --variable=libdir freerdp3 2>/dev/null)/freerdp3 \
|
||||
&& echo "Building guacamole-server (git main) with FreeRDP plugin dir: ${FREERDP_PLUGIN_DIR}" \
|
||||
&& echo "FreeRDP version: $(pkg-config --modversion freerdp3)" \
|
||||
&& git clone --depth=1 https://github.com/apache/guacamole-server.git \
|
||||
&& cd guacamole-server \
|
||||
&& python3 /patch-display-flush.py \
|
||||
&& autoreconf -fi \
|
||||
&& CPPFLAGS="-Wno-error=deprecated-declarations -DHAVE_FREERDP_VERIFYCERTIFICATEEX=1" \
|
||||
CFLAGS="-g -O0" \
|
||||
CFLAGS="-O2 -Wno-error=unused-variable" \
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
@@ -75,4 +121,4 @@ ENV GUACD_LOG_LEVEL=info
|
||||
|
||||
EXPOSE 4822
|
||||
|
||||
CMD sh -c "ulimit -c unlimited && exec /usr/sbin/guacd -b 0.0.0.0 -f -L \"${GUACD_LOG_LEVEL}\""
|
||||
CMD sh -c "exec /usr/sbin/guacd -b 0.0.0.0 -f -L \"${GUACD_LOG_LEVEL}\""
|
||||
|
||||
Reference in New Issue
Block a user