debian: control: Bump neatvnc version dependency

debian/changelog

@@ -0,0 +1,74 @@
+wayvnc (0.8.0-rel-1) bookworm; urgency=medium
+
+  * Upgrade to v0.8.0
+  * The rel bit is there for sake of the new version being greater than the
+    previous one. Remove later.
+
+ -- Andri Yngvason <andri@yngvason.is>  Sun, 25 Feb 2024 13:00:00 +0000
+
+wayvnc (0.8.0-rc0-2) bookworm; urgency=medium
+
+  * Removed IP and added local domain to TLS
+  * Using ECDSA instead of RSA for TLS
+
+ -- Andri Yngvason <andri@yngvason.is>  Tue, 23 Jan 2024 23:00:00 +0000
+
+wayvnc (0.8.0-rc0-1) bookworm; urgency=medium
+
+  * Upgrade to v0.8-rc0
+
+ -- Andri Yngvason <andri@yngvason.is>  Sun, 10 Dec 2023 20:00:00 +0000
+
+wayvnc (0.7.1-1~bpo12+rpt2) bookworm; urgency=medium
+
+  * Add unreleased 0.7.2 changes
+
+ -- Simon Long <simon@raspberrypi.com>  Mon, 06 Nov 2023 09:44:26 +0000
+
+wayvnc (0.7.1-1~bpo12+rpt1) bookworm; urgency=medium
+
+  * Backport from Trixie
+
+ -- Simon Long <simon@raspberrypi.com>  Tue, 31 Oct 2023 07:10:38 +0000
+
+wayvnc (0.7.1-1) unstable; urgency=medium
+
+  * Upload to unstable.
+
+ -- Boyuan Yang <byang@debian.org>  Tue, 24 Oct 2023 12:54:24 -0400
+
+wayvnc (0.7.1-1~exp1) experimental; urgency=medium
+
+  * New upstream release.
+  * debian/copyright: Update Unlicense license.
+
+ -- Boyuan Yang <byang@debian.org>  Sun, 15 Oct 2023 16:10:45 -0400
+
+wayvnc (0.6.2-1) unstable; urgency=medium
+
+  * New upstream version. (Closes: #1041895)
+  * debian/wayvnc.examples: Install example files.
+  * debian/copyright: Update information.
+  * debian/control:
+    + Add new build-dep libjansson-dev.
+    + Further limit version requirement for libaml-dev, libneatvnc-dev.
+    + Add myself into Uploaders list.
+    + Bump Standards-Version to 4.6.2.
+
+ -- Boyuan Yang <byang@debian.org>  Tue, 25 Jul 2023 14:01:01 -0400
+
+wayvnc (0.5.0-1) unstable; urgency=medium
+
+  * New upstream version
+      - Use new NeatVNC buffer submission API (closes: #1015099)
+  * debian/control: add minimum version for libneatvnc-dev (>= 0.5.1)
+  * debian/copyright: murmurhash was moved to neatvnc
+  * debian/copyright: bump year
+
+ -- Johannes Schauer Marin Rodrigues <josch@debian.org>  Sat, 16 Jul 2022 22:50:17 +0200
+
+wayvnc (0.4.1-1) unstable; urgency=medium
+
+  * Initial release. (Closes: #1002590)
+
+ -- Johannes Schauer Marin Rodrigues <josch@debian.org>  Tue, 28 Dec 2021 11:34:53 +0100

debian/control

@@ -0,0 +1,38 @@
+Source: wayvnc
+Priority: optional
+Section: admin
+Maintainer: Andri Yngvason <andri@yngvason.is>
+Uploaders:
+ Boyuan Yang <byang@debian.org>,
+ Johannes Schauer Marin Rodrigues <josch@debian.org>,
+ Simon Long <simon@raspberrypi.com>,
+Standards-Version: 4.6.2
+Build-Depends:
+ debhelper-compat (= 13),
+ meson,
+ pkg-config,
+ scdoc,
+ libpam0g-dev,
+ libpixman-1-dev,
+ libdrm-dev,
+ libxkbcommon-dev,
+ libwayland-dev,
+ libaml-dev (>= 0.3.0),
+ libjansson-dev,
+ libneatvnc-dev (>= 0.8.0),
+ zlib1g-dev,
+ libturbojpeg0-dev,
+ gnutls-dev,
+Rules-Requires-Root: no
+Homepage: https://github.com/any1/wayvnc
+Vcs-Git: https://github.com/any1/wayvnc.git
+Vcs-Browser: https://github.com/any1/wayvnc
+
+Package: wayvnc
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}, python3
+Description: VNC server for wlroots-based Wayland compositors
+ It attaches to a running Wayland session, creates virtual input devices, and
+ exposes a single display via the RFB protocol. The Wayland session may be a
+ headless one, so it is also possible to run wayvnc without a physical display
+ attached.

debian/copyright

@@ -0,0 +1,97 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: wayvnc
+Upstream-Contact: Andri Yngvason <andri@yngvason.is>
+Source: https://github.com/any1/wayvnc
+
+Files: *
+Copyright: 2019-2020, 2023 Andri Yngvason
+           2020 Scott Moreau
+           2020 Nicholas Sica
+           1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
+           2022-2023 Jim Ramsay
+License: ISC
+
+Files: debian/*
+Copyright: 2021-2022 Johannes Schauer Marin Rodrigues <josch@debian.org>
+License: CC0-1.0
+
+Files: test/integration/integration.sh
+Copyright: (None)
+License: Unlicense
+
+Files: protocols/*
+Copyright: 2019 Josef Gajdusek
+           2017 Red Hat Inc.
+           2018 Simon Ser
+           2019 Andri Yngvason
+           2018 Rostislav Pehlivanov
+           2019 Ivan Molodetskikh
+           2011 Kristian Høgsberg
+           2010-2013 Intel Corporation
+           2012-2013 Collabora, Ltd.
+           2018, 2019 Purism SPC
+           2014, 2015 Collabora, Ltd.
+License: Expat
+
+License: Unlicense
+ This is free and unencumbered software released into the public domain.
+ .
+ Anyone is free to copy, modify, publish, use, compile, sell, or
+ distribute this software, either in source code form or as a compiled
+ binary, for any purpose, commercial or non-commercial, and by any
+ means.
+ .
+ In jurisdictions that recognize copyright laws, the author or authors
+ of this software dedicate any and all copyright interest in the
+ software to the public domain. We make this dedication for the benefit
+ of the public at large and to the detriment of our heirs and
+ successors. We intend this dedication to be an overt act of
+ relinquishment in perpetuity of all present and future rights to this
+ software under copyright law.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+ OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ OTHER DEALINGS IN THE SOFTWARE.
+ .
+ For more information, please refer to <http://unlicense.org/>
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the "Software"),
+ to deal in the Software without restriction, including without limitation
+ the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ and/or sell copies of the Software, and to permit persons to whom the
+ Software is furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice (including the next
+ paragraph) shall be included in all copies or substantial portions of the
+ Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE.
+
+License: CC0-1.0
+ On Debian systems, the full text of the CC0 1.0 Universal License
+ can be found in the file `/usr/share/common-licenses/CC0-1.0'.
+
+License: ISC
+ Permission to use, copy, modify, and/or distribute this software for any purpose
+ with or without fee is hereby granted, provided that the above copyright notice
+ and this permission notice appear in all copies.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+ REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+ INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+ OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
+ THIS SOFTWARE.

debian/rules

@@ -0,0 +1,6 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+	dh $@

debian/salsa-ci.yml

@@ -0,0 +1,3 @@
+---
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml

debian/upstream/metadata

@@ -0,0 +1,5 @@
+---
+Repository: https://github.com/any1/wayvnc
+Repository-Browse: https://github.com/any1/wayvnc
+Bug-Submit: https://github.com/any1/wayvnc/issues/new
+Bug-Database: https://github.com/any1/wayvnc/issues

debian/watch

@@ -0,0 +1,3 @@
+version=4
+opts="dversionmangle=auto,filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/wayvnc-$1\.tar\.gz/" \
+ https://github.com/any1/wayvnc/tags .*/v?(\d\S+)\.tar\.gz

debian/wayvnc.examples

@@ -0,0 +1 @@
+examples/*

debian/wayvnc.install

@@ -0,0 +1 @@
+pios-control/* /

debian/wayvnc.postinst

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+configure_wayvnc()
+{
+	systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} vnc.conf
+	systemctl --system daemon-reload >/dev/null || true
+	deb-systemd-invoke enable 'wayvnc-control.service' >/dev/null || true
+
+	# If wayvnc was previously configured using xdg-autostart, we want to
+	# enable it; otherwise, leave it disabled.
+	if [ -e /etc/xdg/autostart/wayvnc.desktop ]; then
+		rm -f /etc/xdg/autostart/wayvnc.desktop
+		deb-systemd-invoke enable 'wayvnc.service' >/dev/null || true
+	fi
+
+	deb-systemd-invoke try-restart 'wayvnc.service' >/dev/null || true
+}
+
+case "$1" in
+	configure)
+		configure_wayvnc
+	;;
+	abort-upgrade|abort-remove|abort-deconfigure)
+	;;
+	*)
+		echo "postinstall called with unknown argument \`$1'" >&2
+		exit 1
+	;;
+esac

debian/wayvnc.postrm

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+	remove)
+		systemctl --system daemon-reload >/dev/null || true
+	;;
+	purge)
+		rm -rf /etc/wayvnc
+	;;
+	*)
+	;;
+esac

meson.build

@@ -1,7 +1,7 @@
 project(
 	'wayvnc',
 	'c',
-	version: '0.8-dev',
+	version: '0.8.0',
 	license: 'ISC',
 	default_options: [
 		'c_std=gnu11',

pios-control/etc/wayvnc/config

@@ -0,0 +1,7 @@
+use_relative_paths=true
+address=::
+enable_auth=true
+enable_pam=true
+private_key_file=tls_key.pem
+certificate_file=tls_cert.pem
+rsa_private_key_file=rsa_key.pem

pios-control/usr/lib/systemd/system/wayvnc-control.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=VNC Control Service
+After=wayvnc.service
+BindsTo=wayvnc.service
+ConditionPathExists=/etc/wayvnc/config
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/wayvnc-control.py
+Restart=always
+
+[Install]
+WantedBy=wayvnc.service

pios-control/usr/lib/systemd/system/wayvnc-generate-keys.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=WayVNC Key Generation
+ConditionPathExists=|!/etc/wayvnc/rsa_key.pem
+ConditionPathExists=|!/etc/wayvnc/tls_key.pem
+ConditionPathExists=|!/etc/wayvnc/tls_cert.pem
+
+[Service]
+ExecStart=/usr/sbin/wayvnc-generate-keys.sh
+Type=oneshot

pios-control/usr/lib/systemd/system/wayvnc.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=VNC Server
+Documentation=man:wayvnc
+After=network.target wayvnc-generate-keys.service
+Requires=wayvnc-generate-keys.service
+ConditionPathExists=/etc/wayvnc/config
+
+[Service]
+ExecStart=/bin/sh /usr/sbin/wayvnc-run.sh
+Type=notify
+NotifyAccess=all
+Restart=always
+User=vnc
+KillSignal=INT
+
+[Install]
+WantedBy=multi-user.target

pios-control/usr/lib/sysusers.d/vnc.conf

@@ -0,0 +1,2 @@
+u vnc - "vnc" /nonexistent
+m vnc shadow

pios-control/usr/sbin/wayvnc-control.py

@@ -0,0 +1,92 @@
+#!/usr/bin/env python
+
+import asyncio
+import json
+import re
+import os
+import glob
+from pathlib import Path
+
+class Program:
+	command_seq = 0
+	reader = None
+	writer = None
+	read_buffer = ""
+	message_queue = asyncio.Queue()
+	reply_queue = asyncio.Queue()
+	decoder = json.JSONDecoder()
+	tasks = []
+
+	async def read_message(self):
+		while True:
+			try:
+				result, index = self.decoder.raw_decode(self.read_buffer)
+				self.read_buffer = self.read_buffer[index:].lstrip()
+				return result
+			except json.JSONDecodeError:
+				data = await self.reader.read(4096)
+				self.read_buffer += data.decode('utf-8')
+
+	async def send_command(self, method, params = None):
+		cmd = {
+			"method": method,
+			"id": self.command_seq,
+		}
+
+		if not params is None:
+			cmd['params'] = params
+
+		self.command_seq += 1
+		self.writer.write(json.dumps(cmd).encode())
+		await self.writer.drain()
+
+		reply = await self.reply_queue.get()
+		self.reply_queue.task_done()
+		return reply['code'] == 0
+
+	async def attach(self, display):
+		# TODO: It would be better to pass the socket on to wayvnc as a file descriptor
+		proc = await asyncio.create_subprocess_shell('setfacl -m "u:vnc:rwx" {} {}'.format(Path(display).parent, display))
+		await proc.wait()
+		return await self.send_command('attach', {'display': display})
+
+	async def attach_any(self):
+		for path in glob.iglob('/run/user/*/wayland-*'):
+			if path.endswith('.lock'):
+				continue
+
+			if await self.attach(path):
+				return True
+
+		return False
+
+	async def attach_any_with_retry(self):
+		while not await self.attach_any():
+			await asyncio.sleep(1.0)
+
+	async def process_message(self, message):
+		method = message['method']
+		if (method == 'detached'):
+			await self.attach_any_with_retry()
+
+	async def message_processor(self):
+		while True:
+			message = await self.read_message()
+			if 'method' in message:
+				await self.message_queue.put(message)
+			elif 'code' in message:
+				await self.reply_queue.put(message)
+
+	async def main(self):
+		self.reader, self.writer = await asyncio.open_unix_connection("/tmp/wayvnc/wayvncctl.sock")
+		self.tasks.append(asyncio.create_task(self.message_processor()))
+
+		await self.attach_any_with_retry()
+		await self.send_command("event-receive")
+
+		while True:
+			message = await self.message_queue.get()
+			await self.process_message(message)
+
+prog = Program()
+asyncio.run(prog.main())

pios-control/usr/sbin/wayvnc-generate-keys.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+WAYVNC_CONFIG_PATH=/etc/wayvnc
+
+generate_rsa_key()
+{
+	echo "Generating RSA key..."
+	KEY_FILE="$WAYVNC_CONFIG_PATH/rsa_key.pem"
+	ssh-keygen -m pem -f "$KEY_FILE" -t rsa -N "" >/dev/null
+	rm -f "$KEY_FILE.pub"
+	chown root:vnc "$KEY_FILE"
+	chmod 640 "$KEY_FILE"
+	echo "Done"
+}
+
+generate_tls_creds()
+{
+	echo "Generating TLS Credentials..."
+	KEY_FILE="$WAYVNC_CONFIG_PATH/tls_key.pem"
+	CERT_FILE="$WAYVNC_CONFIG_PATH/tls_cert.pem"
+	HOSTNAME=$(cat /etc/hostname)
+	openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 \
+		-sha384 -days 3650 -nodes -keyout "$KEY_FILE" \
+		-out "$CERT_FILE" -subj /CN=$HOSTNAME \
+		-addext subjectAltName=DNS:localhost,DNS:$HOSTNAME,DNS:$HOSTNAME.local 2>/dev/null
+	chown root:vnc "$KEY_FILE" "$CERT_FILE"
+	chmod 640 "$KEY_FILE" "$CERT_FILE"
+	echo "Done"
+}
+
+test -e "$WAYVNC_CONFIG_PATH" || mkdir -p "$WAYVNC_CONFIG_PATH"
+test -e "$WAYVNC_CONFIG_PATH/rsa_key.pem" || generate_rsa_key
+test -e "$WAYVNC_CONFIG_PATH/tls_key.pem" -a \
+	-e "$WAYVNC_CONFIG_PATH/tls_cert.pem" || generate_tls_creds

pios-control/usr/sbin/wayvnc-run.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+. /etc/default/keyboard
+
+export XDG_RUNTIME_DIR=/tmp/wayvnc
+mkdir -p "$XDG_RUNTIME_DIR"
+
+export XKB_DEFAULT_MODEL="$XKBMODEL"
+export XKB_DEFAULT_LAYOUT="$XKBLAYOUT"
+
+SELF_PID=$$
+
+{
+	while ! wayvncctl --socket=/tmp/wayvnc/wayvncctl.sock version >/dev/null 2>&1; do
+		sleep 0.1
+	done
+	systemd-notify --ready --pid=$SELF_PID
+} &
+
+wayvnc --render-cursor \
+	--detached \
+	--config /etc/wayvnc/config \
+	--socket /tmp/wayvnc/wayvncctl.sock