latest changes

docker/guacd.Dockerfile

@@ -5,11 +5,24 @@
 # Why: The official guacamole/guacd image uses FreeRDP 2.x, which crashes
 # silently when connecting to Windows 11 22H2+ hosts due to NLA/CredSSP
 # cipher-suite changes introduced by Microsoft. FreeRDP 3.x fixes this.
-# guacamole-server 1.6.0 (June 2025) has explicit FreeRDP 3.x support.
 # Ubuntu 24.04 ships freerdp3-dev (FreeRDP 3.5.1+) in its universe repo.
 #
-# Note: FreeRDP 3.x support in guacamole is currently marked experimental
-# for some features (RemoteApp), but basic RDP/NLA works correctly.
+# Source: built from git main branch (post-1.6.0) to pick up FreeRDP 3.x
+# crash fixes that landed after the June 2025 release tarball.
+#
+# Build notes:
+# - CPPFLAGS=-Wno-error=deprecated-declarations suppresses build-time warnings from
+#   FreeRDP 3.x headers marking some fields/functions as deprecated; these are
+#   warnings only and do NOT affect runtime behavior.
+# - CPPFLAGS=-DHAVE_FREERDP_VERIFYCERTIFICATEEX=1 fixes a macro name mismatch bug
+#   in guacamole-server 1.6.0: configure.ac's AC_CHECK_MEMBERS generates the macro
+#   HAVE_STRUCT_FREERDP_VERIFYCERTIFICATEEX (with STRUCT_ infix), but rdp.c checks
+#   HAVE_FREERDP_VERIFYCERTIFICATEEX (without STRUCT_ infix), so the check is always
+#   false. This means guacamole never registers the VerifyCertificateEx callback, which
+#   FreeRDP 3.x calls during TLS certificate verification. The NULL callback causes a
+#   silent connection drop ~430ms after keymap loading. Defining the macro manually
+#   forces rdp.c to register rdp_inst->VerifyCertificateEx (correct FreeRDP 3.x path)
+#   instead of the legacy rdp_inst->VerifyCertificate (padding in FreeRDP 3.x).
 
 FROM ubuntu:24.04
 
@@ -22,6 +35,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
     ca-certificates \
     curl \
+    gdb \
+    git \
     freerdp3-dev \
     libcairo2-dev \
     libjpeg-turbo8-dev \
@@ -39,16 +54,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     pkgconf \
     && rm -rf /var/lib/apt/lists/*
 
-ARG GUACAMOLE_VERSION=1.6.0
-
 RUN FREERDP_PLUGIN_DIR=$(pkg-config --variable=libdir freerdp3 2>/dev/null)/freerdp3 \
-    && echo "Building guacamole-server ${GUACAMOLE_VERSION} with FreeRDP plugin dir: ${FREERDP_PLUGIN_DIR}" \
-    && curl -fsSL \
-        "https://downloads.apache.org/guacamole/${GUACAMOLE_VERSION}/source/guacamole-server-${GUACAMOLE_VERSION}.tar.gz" \
-       | tar -xzf - \
-    && cd "guacamole-server-${GUACAMOLE_VERSION}" \
+    && echo "Building guacamole-server (git main) with FreeRDP plugin dir: ${FREERDP_PLUGIN_DIR}" \
+    && git clone --depth=1 https://github.com/apache/guacamole-server.git \
+    && cd guacamole-server \
     && autoreconf -fi \
-    && CPPFLAGS="-Wno-error=deprecated-declarations" \
+    && CPPFLAGS="-Wno-error=deprecated-declarations -DHAVE_FREERDP_VERIFYCERTIFICATEEX=1" \
+       CFLAGS="-g -O0" \
        ./configure \
            --prefix=/usr \
            --sysconfdir=/etc \
@@ -56,11 +68,11 @@ RUN FREERDP_PLUGIN_DIR=$(pkg-config --variable=libdir freerdp3 2>/dev/null)/free
     && make -j"$(nproc)" \
     && make install \
     && ldconfig \
-    && cd / && rm -rf "guacamole-server-${GUACAMOLE_VERSION}"
+    && cd / && rm -rf guacamole-server
 
 # guacd log level is passed via -L flag; exposed as env var for docker-compose
 ENV GUACD_LOG_LEVEL=info
 
 EXPOSE 4822
 
-CMD sh -c "exec /usr/sbin/guacd -b 0.0.0.0 -f -L \"${GUACD_LOG_LEVEL}\""
+CMD sh -c "ulimit -c unlimited && exec /usr/sbin/guacd -b 0.0.0.0 -f -L \"${GUACD_LOG_LEVEL}\""