GUACAMOLE-2012: Fix SSH connection to FIPS servers which only offer A…

…ES GCM
apache · Jan 9, 2025 · c9b341e · c9b341e
1 parent af6a5bb
commit c9b341e
Show file tree

Hide file tree

Showing 176 changed files with 14,095 additions and 3,571 deletions.
diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -0,0 +1,29 @@
+name: Pull request CI build
+
+# Run build for all pull requests
+on:
+  pull_request:
+
+# Limit to only one build for a given PR source branch at a time,
+# cancelling any in-progress builds
+concurrency:
+  group: guacamole-server-pr-${{ github.head_ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  docker_build:
+    name: Run docker build
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Build Docker container
+        shell: sh
+        run: |
+          docker build --pull --no-cache --force-rm .
diff --git a/.gitignore b/.gitignore
@@ -48,3 +48,7 @@ doc/*/doxygen-output
 
 # IDE metadata
 nbproject/
+
+# Compilation database, as may be generated by tools like Bear
+.cache/
+compile_commands.json
diff --git a/Dockerfile b/Dockerfile
@@ -22,18 +22,26 @@
 #
 
 # The Alpine Linux image that should be used as the basis for the guacd image
-ARG ALPINE_BASE_IMAGE=latest
+# NOTE: Using 3.18 because the required openssl1.1-compat-dev package was
+# removed in more recent versions.
+ARG ALPINE_BASE_IMAGE=3.18
 FROM alpine:${ALPINE_BASE_IMAGE} AS builder
 
+# FreeRDP version (default to version 3)
+ARG FREERDP_VERSION=3
+
 # Install build dependencies
 RUN apk add --no-cache                \
         autoconf                      \
         automake                      \
         build-base                    \
         cairo-dev                     \
+        cjson-dev                     \
         cmake                         \
+        cunit-dev                     \
         git                           \
         grep                          \
+        krb5-dev                      \
         libjpeg-turbo-dev             \
         libpng-dev                    \
         libtool                       \
@@ -42,7 +50,10 @@ RUN apk add --no-cache                \
         openssl1.1-compat-dev         \
         pango-dev                     \
         pulseaudio-dev                \
-        util-linux-dev
+        sdl2-dev                      \
+        sdl2_ttf-dev                  \
+        util-linux-dev                \
+        webkit2gtk-dev
 
 # Copy source to container for sake of build
 ARG BUILD_DIR=/tmp/guacamole-server
@@ -61,7 +72,7 @@ ARG PREFIX_DIR=/opt/guacamole
 # library (these can be overridden at build time if a specific version is
 # needed)
 #
-ARG WITH_FREERDP='2(\.\d+)+'
+ARG WITH_FREERDP="${FREERDP_VERSION}(\.\d+)+"
 ARG WITH_LIBSSH2='libssh2-\d+(\.\d+)+'
 ARG WITH_LIBTELNET='\d+(\.\d+)+'
 ARG WITH_LIBVNCCLIENT='LibVNCServer-\d+(\.\d+)+'
@@ -83,22 +94,26 @@ ARG FREERDP_OPTS="\
     -DWITH_CUPS=OFF \
     -DWITH_DIRECTFB=OFF \
     -DWITH_FFMPEG=OFF \
+    -DWITH_FUSE=OFF \
     -DWITH_GSM=OFF \
     -DWITH_GSSAPI=OFF \
     -DWITH_IPP=OFF \
     -DWITH_JPEG=ON \
+    -DWITH_KRB5=ON \
     -DWITH_LIBSYSTEMD=OFF \
     -DWITH_MANPAGES=OFF \
     -DWITH_OPENH264=OFF \
     -DWITH_OPENSSL=ON \
     -DWITH_OSS=OFF \
     -DWITH_PCSC=OFF \
+    -DWITH_PKCS11=OFF \
     -DWITH_PULSE=OFF \
     -DWITH_SERVER=OFF \
     -DWITH_SERVER_INTERFACE=OFF \
     -DWITH_SHADOW_MAC=OFF \
     -DWITH_SHADOW_X11=OFF \
     -DWITH_SSE2=ON \
+    -DWITH_SWSCALE=OFF \
     -DWITH_WAYLAND=OFF \
     -DWITH_X11=OFF \
     -DWITH_X264=OFF \
@@ -138,11 +153,14 @@ ARG LIBWEBSOCKETS_OPTS="\
 # Build guacamole-server and its core protocol library dependencies
 RUN ${BUILD_DIR}/src/guacd-docker/bin/build-all.sh
 
+# Determine location of the FREERDP library based on the version.
+ARG FREERDP_LIB_PATH=${PREFIX_DIR}/lib/freerdp${FREERDP_VERSION}
+
 # Record the packages of all runtime library dependencies
 RUN ${BUILD_DIR}/src/guacd-docker/bin/list-dependencies.sh \
         ${PREFIX_DIR}/sbin/guacd               \
         ${PREFIX_DIR}/lib/libguac-client-*.so  \
-        ${PREFIX_DIR}/lib/freerdp2/*guac*.so   \
+        ${FREERDP_LIB_PATH}/*guac*.so   \
         > ${PREFIX_DIR}/DEPENDENCIES
 
 # Use same Alpine version as the base for the runtime image
@@ -199,4 +217,3 @@ EXPOSE 4822
 # PREFIX_DIR build argument.
 #
 CMD /opt/guacamole/sbin/guacd -b 0.0.0.0 -L $GUACD_LOG_LEVEL -f
-
diff --git a/bin/guacctl b/bin/guacctl
@@ -117,7 +117,7 @@ error() {
 ##
 usage() {
     cat >&2 <<END
-guacctl 1.5.5, Apache Guacamole terminal session control utility.
+guacctl 1.6.0, Apache Guacamole terminal session control utility.
 Usage: guacctl [OPTION] [FILE or NAME]...
 
     -d, --download         download each of the files listed.