Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

desktop-lite feature: The desktop-lite feature is not enabling VNC password authentication #1168

Open
hiro345g opened this issue Oct 31, 2024 · 1 comment

Comments

@hiro345g
Copy link

I've found that VNC password authentication is not being enforced in the desktop-lite feature. Here's a reproducible scenario:

Directory Structure

dvc-desktop-lite/
├── .devcontainer
│   └── devcontainer.json
└── compose.yaml

devcontainer.json

{
    "name": "dvc-desktop-lite",
    "dockerComposeFile": "../compose.yaml",
    "features": {
        "ghcr.io/devcontainers/features/desktop-lite:1.2.5": {
            "version": "latest",
            "password": "vscode11"
        }
    },
    "service": "dvc-desktop-lite",
    "runServices": [
        "dvc-desktop-lite"
    ],
    "remoteUser": "node",
    "shutdownAction": "stopCompose",
    "workspaceFolder": "/home/node",
    "forwardPorts": [
        6080,
        5901
    ],
    "portsAttributes": {
        "6080": {
            "label": "novnc"
        },
        "5901": {
            "label": "tigervnc"
        }
    }
}

compose.yaml

name: dvc-desktop-lite
services:
  dvc-desktop-lite:
    image: mcr.microsoft.com/devcontainers/typescript-node:22-bookworm
    init: true
    tty: true
    user: node
    working_dir: /home/node

With the above files prepared, start the development container by Dev Containers: open Folder in Container

Then, open http://localhost:6080 in a web browser. The VNC screen will be displayed without authentication.

To enable VNC password authentication, modify the compose.yaml file as follows:

name: dvc-desktop-lite
services:
  dvc-desktop-lite:
    image: mcr.microsoft.com/devcontainers/typescript-node:22-bookworm
    init: true
    tty: true
    user: node
    working_dir: /home/node
    environment:
      VNC_PASSWORD: enable

This is caused by the following process in /usr/local/share/desktop-init.sh, which is generated by install.sh.

if [ -n "${VNC_PASSWORD+x}" ]; then
    startInBackgroundIfNotRunning "Xtigervnc" sudoUserIf "${common_options} -passwd /usr/local/etc/vscode-dev-containers/vnc-passwd"
    # (snip)
fi

By modifying the configuration as shown below, I was able to achieve the desired behavior and enable VNC password authentication. The password used for authentication in this case was "vscode11", which was specified in the devcontainer.json file.

if [ -e "/usr/local/etc/vscode-dev-containers/vnc-passwd" ]; then
    startInBackgroundIfNotRunning "Xtigervnc" sudoUserIf "${common_options} -passwd /usr/local/etc/vscode-dev-containers/vnc-passwd"
    # (snip)
fi

Previously, VNC password authentication was enabled without specifying any environment variables, but now it requires the VNC_PASSWORD environment variable to be set.

If this is the intended behavior, I would appreciate it if you could document this change.

@hoechenberger
Copy link
Contributor

I assume that's a regression introduced via #982

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants