[MIR] gnome-remote-desktop

Status changed to 'Confirmed' because the bug affects multiple users.

So if I understand well, this is a server rather than a client? You should make that clearer when fixing MIRs, so it's absolutely unabiguous whether something is a client program or a server part of the desktop.

Package looks fine, but it does do some basic password handling I'd rather have verified by the Security Team.

- pipewire is a binary depends, but already has its own MIR.
- package is missing a bug subscriber.

Why is there a comment about this not working on Ubuntu in debian/control? If it's not going to work unless mutter is recompiled, make sure there's a blocker bug or do not upload the package / do not request a MIR, or fix mutter, or remove this unnecessary comment if everything has already been addressed.

It's just not useful to users, since they likely won't / can't recompile mutter on their own...

Yes, it's a VNC server.

I'm making sure gnome-remote-desktop will be removed from the release pocket (so it will be in -proposed only). Thanks for the suggestion. LP: #1815065

The package description comment is because I expect some people to try to install things and wonder why they don't work. But we'll remove the comment once the package works.

I think it's reasonable for this MIR to be handled at the same time as pipewire since currently this is the reason we are requesting pipewire be promoted to main.

> Once this MIR is approved, we should be able to demote vino to universe.

Please don't demote vino until the Xorg session is no longer available.

Thanks, I removed that sentence from the description.

I reviewed gnome-remote-desktop 0.1.7-1 as checked into eoan. This shouldn't be considered a full audit but rather a quick gauge of maintainability.

gnome-remote-desktop is a remote desktop daemon for GNOME using VNC with pipewire. It is suppose to work with both X and Wayland.

- No CVEs.
Also Examined the git histories at both
        * https://gitlab.gnome.org/jadahl/gnome-remote-desktop
        * https://salsa.debian.org/gnome-team/gnome-remote-desktop
- Build-Depends: debhelper (>= 11), gnome-pkg-tools, libglib2.0-dev, libnotify-dev, libpipewire-0.2-dev, libsecret-1-dev, libvncserver-dev, meson (>= 0.36.0)
**Note: Uses meson build system
- No Debian pre/post inst/rm scripts. However, there is a meson_post_install.py script that appears to compile gsettings schemas.
- No init scripts.
- There is a systemd service unit file installed in /usr/lib/systemd/user directory. It is used to start the daemon.
- Appears to use glib bindings for dbus. Uses introspection data format and is used for both screen casting and remote desktop. The remote desktop uses dbus to, create, start, and stop remote desktop sessions. Notifications for pointer button motions and whether pressed. Notification if a key identified by a keysym was pressed.
- Remote desktop driven screen casts are started and stopped by the remote desktop session using
dbus. Also uses dbus to record a monitor during the screen cast.
- No setuid/setgid binaries nor in the code.
- Nothing added to PATH.
- No sudo fragments.
- No udev rules.
- No testcases. However, when I looked upstream, a few have been added.
  https://gitlab.gnome.org/jadahl/gnome-remote-desktop/tree/master/tests
- No cron jobs.
- Build logs showed a successful build, but there were following warnings:
   Binary packages built successfully but there was the following warning(s):
   dpkg-gencontrol: warning: package gnome-remote-desktop: substitution variable ${gnome:NextVersion} unused, but is defined
   dpkg-gencontrol: warning: package gnome-remote-desktop: substitution variable ${gnome:Version} unused, but is defined
   dpkg-gencontrol: warning: package gnome-remote-desktop: substitution variable ${gnome:NextVersion} unused, but is defined
   dpkg-gencontrol: warning: package gnome-remote-desktop: substitution variable ${gnome:Version} unused, but is defined

  -Error during source build:
dh clean --with gnome --buildsystem=meson
dh: Sorry, but 10 is the highest compatibility level supported by this debhelper.
debian/rules:7: recipe for target 'clean' failed
make: *** [clean] Error 25
dpkg-buildpackage: error: fakeroot debian/rules clean gave error exit status 2
debuild: fatal error at line 1376:
dpkg-buildpackage -rfakeroot -d -us -uc -S failed
FAIL

- No spawned processes.
- Memory management uses quite a bit of glib memory mgmt calls. They all seen to be used ok.
- No File IO issues.
- Logging uses glib logging and looks ok.
- Environment variable usage looks ok and only one is used to enable debugging.
- No privileged functions.
- This app uses libsecret for password storage and lookup.
  Calls into libsecret to get and store encrypted passwords.
  Uses libvncserver to encrypt keys for storage. Uses 3DES encrypt...

I would like to add an additional condition to the security team ACK. The pipewire MIR must also be ACK'd.

This is a huge functional regression. I can't believe it isn't already fixed. Now it appears maybe it isn't even going to be fixed in 20.04. wtf?

Are you REALLY going to ship your next LTS release without screen sharing in Wayland, when the code for supporting it is 100% implemented and the security team appears to have approved it?

I'm another person who is definitely disappointed that this doesn't seem to be slated for inclusion in 20.04.

My company is planning on replacing Ubuntu-based engineering laptops with desktops and then issuing windows laptops for (potentially misguided) reasons. VNC-based access to these desktops will not be allowed, while the RDP protocol will be.

Not having remote access to the running GUI and the state of running graphical applications will be a bit of a blocker for us getting stuff done from conference rooms, or working from home/offsite (which we are increasingly being encouraged to take advantage of).

@Jonathan

> the security team appears to have approved it?

the security team nacked the pipewire MIR, see bug #1802533.
The Desktop team share the sentiment that it's a new project which hasn't had enough time to stabilize and be tested to be default/replace part of pulseaudio in this LTS

@Aaron

> My company is planning on replacing Ubuntu-based engineering laptops with desktops and then issuing windows laptops

But you company isn't planning to stick the default/recommended session and opt in for wayland instead? Maybe that's a decision that your company should revisit...

Also note that gnome-remote-desktop wouldn't help you much since you need RDP which isn't supported
https://gitlab.gnome.org/jadahl/gnome-remote-desktop/issues/26

We recommend you stick to the default xorg session where rdp can be used without problem

While having desktop sharing enabled in wayland would be nice adding/supporting pipewire at this point of the cycle would have an high cost for little benefit, our metrics telling us that less than 1% of the users opt in for a wayland session. We plan to look again at doing that post LTS though

Hmm, I was under the impression that VNC and RDP were both supported in Gnome... sorry about that.

I've been using the Gnome wayland session since it first became available several releases ago, but I will admit I'm in the minority at my company. Most of the rest of the engineers on Ubuntu just stick with the default X session. I don't believe that the new policies have anything to say about X vs Wayland, although I'll probably be forced into X for GUI remote access going forward when working from home or in a conference room.

Hi,
Can someone confirm that this is still an issue in 20.10 or that vnc/rdp will not work in a wayland sesison ?

Settings back to New which I think is needed for the MIR team to notice is still needs to be reviewed? (pipewire has been accepted now)

The pipewire MIR has been approved now, was that the only item blocking this one? Security team reviewed and gave an ack, is it fine from the MIR team side as well? We would like to switch the desktop default to wayland around now and that's needed to not regress screen sharing

I'll do a quick re-review as the former checks didn't reach a final Ack/Nack

Status changed to 'Confirmed' because the bug affects multiple users.

[Summary]
MIR Team Ack
List of specific binary packages to be promoted to main: gnome-remote-desktop

Required TODOs:
- none

Recommended TODOs:
- d/watch seems broken, mid term fix it so that tools that check if things
  are outdated will work well.

[Duplication]
Well, we have the programs doing the same for just X11 stack, but it was already
mentioned that this will likely be later on demoted. So no conflict for
duplication.

[Dependencies]
OK:
- no other Dependencies to MIR due to this (pipewire is ready for promotion)
- no -dev/-debug/-doc packages that need exclusion

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- history of CVEs does not look concerning
- does not use webkit1,2
- does not use lib*v8 directly
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

Problems:
- does run a daemon as root
- does parse data formats
- does open a port

This would usually indicate a security review, but that was already done.

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- The package has a team bug subscriber
- not a python/go package, no extra constraints to consider int hat regard
- no new python2 dependency

Problems:
- test suite does not fail the build upon error.
- does not have a test suite that runs as autopkgtest

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- Upstream update history is (good/slow/sporadic)
- Debian/Ubuntu update history is (good/slow/sporadic)
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

Problems
- d/watch is present but does not work (this is no blocker)

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- part of the UI for extra checks
  - no desktop file, but it is just integrated differently, so ok

The package got seeded, so

1. subscribed desktop-packages
2. laney@dev> ./change-override -S -c main -s hirsute gnome-remote-desktop
Override component to main
gnome-remote-desktop 0.1.9-4build1 in hirsute: universe/misc -> main
gnome-remote-desktop 0.1.9-4build1 in hirsute amd64: universe/gnome/optional/100% -> main
gnome-remote-desktop 0.1.9-4build1 in hirsute arm64: universe/gnome/optional/100% -> main
gnome-remote-desktop 0.1.9-4build1 in hirsute armhf: universe/gnome/optional/100% -> main
gnome-remote-desktop 0.1.9-4build1 in hirsute ppc64el: universe/gnome/optional/100% -> main
gnome-remote-desktop 0.1.9-4build1 in hirsute riscv64: universe/gnome/optional/100% -> main
gnome-remote-desktop 0.1.9-4build1 in hirsute s390x: universe/gnome/optional/100% -> main
Override [y|N]? y
7 publications overridden.