Comment 1 Florian Best 2015-01-14 17:00:02 CET

See also Bug #36531 comment #5.

Comment 2 Florian Best 2015-03-18 10:33:12 CET

Firefox does not support sandboxing. We should run firefox in a kiosk mode plus under a different user than root, if possible. We have to make sure that flash is disabled, also other add-ons should be disabled. It must be impossible to install add-ons and to use the dialogues for settings, printing, saving and opening (e.g. file:///-URIs) functionality.
Kiosk mode add-on: https://addons.mozilla.org/en-US/firefox/addon/mkiosk/

Comment 3 Erik Damrose 2015-03-18 10:40:21 CET

We could also use a simple curses interface which greets the user. This would be a lightweight option which avoids having the x-server and firefox installed on each UCS server.

Example:
A simple start screen
http://www.sysadmintutorials.com/images/st/vmware/esxi/install/11-esxi-install.png

Configuration options
https://vdestination.files.wordpress.com/2010/09/restartesximgmt.jpg

Comment 4 Stefan Gohmann 2015-03-23 08:32:01 CET

(In reply to Florian Best from comment #2)
> Firefox does not support sandboxing. We should run firefox in a kiosk mode
> plus under a different user than root, if possible. We have to make sure
> that flash is disabled, also other add-ons should be disabled. It must be
> impossible to install add-ons and to use the dialogues for settings,
> printing, saving and opening (e.g. file:///-URIs) functionality.
> Kiosk mode add-on: https://addons.mozilla.org/en-US/firefox/addon/mkiosk/

Maybe it is an alternative to show only a framebuffer image?
 http://raspberrypi.stackexchange.com/questions/8922/how-do-i-display-images-without-starting-x11

The image can explain to press ALT-F2 for the console login and ALT-F7 for the graphical login. At least if KDE is installed.

Comment 5 Alexander Kläser 2015-03-23 13:54:41 CET

(In reply to Erik Damrose from comment #3)
> We could also use a simple curses interface which greets the user. This
> would be a lightweight option which avoids having the x-server and firefox
> installed on each UCS server.
> 
> Example:
> A simple start screen
> http://www.sysadmintutorials.com/images/st/vmware/esxi/install/11-esxi-
> install.png
> 
> Configuration options
> https://vdestination.files.wordpress.com/2010/09/restartesximgmt.jpg

X-Server and FF is already installed, anyway (→ setup wizard). I think a visual screen is a must as it really gives a nice, welcoming and smooth impression to the tester.

(In reply to Stefan Gohmann from comment #4)
> (In reply to Florian Best from comment #2)
> > Firefox does not support sandboxing. We should run firefox in a kiosk mode
> > plus under a different user than root, if possible. We have to make sure
> > that flash is disabled, also other add-ons should be disabled. It must be
> > impossible to install add-ons and to use the dialogues for settings,
> > printing, saving and opening (e.g. file:///-URIs) functionality.
> > Kiosk mode add-on: https://addons.mozilla.org/en-US/firefox/addon/mkiosk/
> 
> Maybe it is an alternative to show only a framebuffer image?
>  http://raspberrypi.stackexchange.com/questions/8922/how-do-i-display-images-
> without-starting-x11
> 
> The image can explain to press ALT-F2 for the console login and ALT-F7 for
> the graphical login. At least if KDE is installed.

I would opt for a local "dummy" user (why not __systemsetup__) running a FF session. Is there anybody who sees practical security issues with that scenario?

Comment 6 Alexander Kläser 2015-03-23 14:33:55 CET

Created attachment 6777 [details]
Draft of welcome screen

I had something similar to the attached screen on my mind... just a little draft trying to express how it could look like.

Comment 7 Florian Best 2015-03-30 18:10:16 CEST

Created attachment 6792 [details]
changes

So far the changes... The binary added files are located in /home/fbest/public_html/37537/.

Comment 8 Florian Best 2015-04-10 11:59:12 CEST

I commited the current state into base/univention-welcome-screen (svn r59687).
The new debian package ships a init script which starts firefox in the current running Xserver instance or starts one if none exists. So the welcome screen is layered over KDM. Pressing Alt+F4 will result in going back to either KDM or CLI.
The firefox process runs as user nobody.
Package not build yet. Design fine tunings still need to be done as well as translation.

Comment 9 Florian Best 2015-05-19 16:16:22 CEST

Btw. ClearOS does things similar: https://github.com/clearos/app-graphical-console

Comment 10 Florian Best 2015-05-27 18:36:13 CEST

svn r60887 added the following things:
* Translate all messages
* Add UCS-Service "univention-welcome-screen"
* Add autostart UCR variable welcome-screen/autostart
* Implement links/help to get to the CLI or the desktop/KDM (if installed)
* The links describe how the functionality is working (e.g. Ctrl-Alt-F1) but are also clickable.

Let's discuss these changes. Please have a look by installing univention-welcome-screen.
The package has been built:
Package: univention-welcome-screen
Version: 0.0.0-1.1.201505271830
Branch: ucs_4.0-0
Scope: errata4.0-2

No YAML added, yet.

Comment 11 Florian Best 2015-06-09 15:06:14 CEST

Is the following patch OK? If yes, I can set this bug to fixed.

diff --git a/ucs-4.0-2/base/univention-system-setup/usr/lib/univention-system-setup/scripts/50_software/10software b/ucs-4.0-2/base/univention-system-setup/usr/lib/univention-system-setup/scripts/50_software/10software
index f8b39f1..cfb0409 100644
--- a/ucs-4.0-2/base/univention-system-setup/usr/lib/univention-system-setup/scripts/50_software/10software
+++ b/ucs-4.0-2/base/univention-system-setup/usr/lib/univention-system-setup/scripts/50_software/10software
@@ -44,6 +44,7 @@ class SoftwareScript(AptScript):
                # get this scripts configuration options
                self.packages_remove = self.profile.get_list('packages_remove')
                self.packages_install = self.profile.get_list('packages_install')
+               self.packages_install.append('univention-welcome-screen')
 
        def inner_run(self):
                if self.current_server_role == 'basesystem':

Comment 12 Alexander Kläser 2015-06-10 15:57:57 CEST

(In reply to Florian Best from comment #11)
> Is the following patch OK? If yes, I can set this bug to fixed.
> [...]

I think that this patch is not ok. As discussed, I would opt for an additional hook script in /usr/lib/univention-system-setup/appliance-hooks.d/ .

Comment 13 Florian Best 2015-06-10 18:18:07 CEST

(In reply to Alexander Kläser from comment #12)
> (In reply to Florian Best from comment #11)
> > Is the following patch OK? If yes, I can set this bug to fixed.
> > [...]
> 
> I think that this patch is not ok. As discussed, I would opt for an
> additional hook script in
> /usr/lib/univention-system-setup/appliance-hooks.d/ .
Yes, implemented this way: svn r61166.

Currently broken due to Bug #38016.

Comment 14 Florian Best 2015-06-11 12:18:09 CEST

The first start currently fails:

"Server is already active for display 0"
→ but there is no X server running...
After another reboot it works. I currently don't know what's going on there.

Comment 15 Florian Best 2015-06-29 17:04:02 CEST

(In reply to Florian Best from comment #14)
> The first start currently fails:
> 
> "Server is already active for display 0"
> → but there is no X server running...
> After another reboot it works. I currently don't know what's going on there.
Fixed, the X server of the system-setup-boot was already running. The initscript is not started on package installation. It is started in an explicit cleanup script.

Fixed also "export DISPLAY=:0" in case KDM already runs, so that the overlay works.

Do we need this YAML?:
2015-06-29-univention-welcome-screen.yaml

Comment 16 Florian Best 2015-06-30 12:39:35 CEST

I added also univention-welcome-screen to the list of packages which are downloaded in the postinst of univention system setup / ec2 vm images.

2015-06-29-univention-welcome-screen.yaml:
r61551 | YAML Bug #37537

2015-06-02-univention-system-setup.yaml:
r61168 | YAML Bug #37537

univention-welcome-screen (0.0.0-6):
r61550 | Bug #37537: export DISPLAY=:0 for xwininfo detection
r61549 | Bug #37537: Fix initscript priority
r61548 | Bug #37537: Add system-setup cleanup script for initial start
r61544 | Bug #37537: Change initscript priority
r60904 | Bug #37537: use random port
r60887 | Bug #37537: Initial Release

univention-system-setup (8.1.69-6):
r61569 | Bug #37537: Add univention-welcome-screen to the default downloaded packages
r61166 | Bug #37537: add appliance hook which installs univention-welcome-screen

ucs-ec2-tools (1.0.12-15):
r61570 | Bug #37537: Add univention-welcome-screen to the default downloaded packages

Comment 17 Philipp Hahn 2015-07-01 11:18:20 CEST

Jenkins Regression:

<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-2/job/Autotest%20MultiEnv/51/SambaVersion=s4,Systemrolle=slave/testReport/01_base/99check_log_files/test/>

01_base.99check_log_files.test

[2015-06-30 18:43:02.513220]Errors found in '/var/log/univention/updater.log':
[2015-06-30 18:43:02.513307] E: updater.log:2294, /usr/sbin/grub-probe: error: cannot find a GRUB drive for /dev/vda.  Check your device.map.
[2015-06-30 18:43:02.513354] E: updater.log:2504, E: Unable to locate package univention-welcome-screen
[2015-06-30 18:43:02.513397] E: updater.log:2506, E: Handler silently failed
[2015-06-30 18:43:02.513442] E: updater.log:2507, Failed to download required packages for univention-welcome-screen

Either fix the underlying error or those lines need to be white-listed in test/ucs-test/tests/01_base/check_log_files_definitions.py

Comment 18 Alexander Kläser 2015-07-01 17:51:57 CEST

Looks nice :) .

A few minor things to start with:
* The link color should be green
* The link to the CLI could have more margin to the top + should be aligned with 
  the paragraph "Navigate with your browser..."
* The paragraph "Navigate with your browser..." should have more margin to its 
  bottom
* The alternative addresses do not look aligned... could they displayed in an
  input field similar to the first one?

... more later.

Comment 19 Florian Best 2015-07-02 14:31:18 CEST

All things addressed so far in univention-welcome-screen 0.0.0-8.8.201507021427.

Comment 20 Alexander Kläser 2015-07-02 17:44:00 CEST

(In reply to Florian Best from comment #19)
> All things addressed so far in univention-welcome-screen
> 0.0.0-8.8.201507021427.

The latest changes are good :) .

The UCR variable umc/web/appliance/logo is not evaluated, i.e., the logo is not shown on the website.

Comment 21 Alexander Kläser 2015-07-02 18:08:17 CEST

I installed univention-kde afterwards (on the CLI), after a reboot, the KDM login screen is shown.

Comment 22 Alexander Kläser 2015-07-02 19:00:08 CEST

As far as I can tell, the welcome screen works fine, I like it :) .
→ VERIFIED

I adjusted the YAML file to be more informative, though.

2015-06-29-univention-welcome-screen.yaml:
r61685 | Bug #37537: adjusted YAML file entry

ps: For the future, it would be good to see how to bundle UMC CSS theme (and JS library) code (see Bug 38824).

Comment 23 Stefan Gohmann 2015-07-03 07:03:23 CEST

r61691: univention-dvd
* Add univention-system-activation and univention-welcome-screen to
  maintained (Bug #38547 and Bug #37537)

Comment 24 Janek Walkenhorst 2015-07-03 14:07:23 CEST

<http://errata.univention.de/ucs/4.0/227.html>

Comment 25 Janek Walkenhorst 2015-07-03 14:11:27 CEST

<http://errata.univention.de/ucs/4.0/220.html>