From cce078e0dae2cf77acc12ca4e79e53b11b07fc54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?=
 <hector@molinero.dev>
Date: Tue, 28 Apr 2020 01:44:13 +0200
Subject: [PATCH] Dump variables to /etc/environment

---
 Dockerfile.m4              | 13 ++++++++-----
 scripts/bin/container-init | 11 +++++------
 scripts/bin/export-env     |  9 ---------
 3 files changed, 13 insertions(+), 20 deletions(-)
 delete mode 100755 scripts/bin/export-env

diff --git a/Dockerfile.m4 b/Dockerfile.m4
index ed8d88c..29d6697 100644
--- a/Dockerfile.m4
+++ b/Dockerfile.m4
@@ -396,7 +396,7 @@ ENV UNPRIVILEGED_USER_PASSWORD=password
 ENV UNPRIVILEGED_USER_GROUPS=
 ENV UNPRIVILEGED_USER_SHELL=/bin/bash
 ENV XRDP_TLS_KEY_PATH=/etc/xrdp/key.pem
-ENV XRDP_TLS_CERT_PATH=/etc/xrdp/cert.pem
+ENV XRDP_TLS_CRT_PATH=/etc/xrdp/cert.pem
 ENV ENABLE_XDUMMY=false
 ENV VGL_DISPLAY=:0
 ## Workaround for AMDGPU X_GLXCreatePbuffer issue:
@@ -425,16 +425,19 @@ RUN mkdir /run/dbus/ && chown messagebus:messagebus /run/dbus/
 RUN dbus-uuidgen > /etc/machine-id
 RUN ln -sf /etc/machine-id /var/lib/dbus/machine-id
 
-# Remove default keys and certificates
-RUN rm -f /etc/ssh/ssh_host_*
-RUN rm -f "${XRDP_TLS_KEY_PATH:?}" "${XRDP_TLS_CERT_PATH:?}"
-
 # Create socket directory for X server
 RUN mkdir /tmp/.X11-unix/ && chmod 1777 /tmp/.X11-unix/
 
+# Make sesman read environment variables
+RUN printf '%s\n' 'session required pam_env.so readenv=1' >> /etc/pam.d/xrdp-sesman
+
 # Configure server for use with VirtualGL
 RUN vglserver_config -config +s +f -t
 
+# Remove default keys and certificates
+RUN rm -f /etc/ssh/ssh_host_*
+RUN rm -f "${XRDP_TLS_KEY_PATH:?}" "${XRDP_TLS_CRT_PATH:?}"
+
 # Forward logs to Docker log collector
 RUN ln -sf /dev/stdout /var/log/xdummy.log
 RUN ln -sf /dev/stdout /var/log/xrdp.log
diff --git a/scripts/bin/container-init b/scripts/bin/container-init
index 4e0210d..df05f11 100755
--- a/scripts/bin/container-init
+++ b/scripts/bin/container-init
@@ -43,10 +43,6 @@ if [ -n "${UNPRIVILEGED_USER_PASSWORD?}" ]; then
 else
 	passwd -d "${UNPRIVILEGED_USER_NAME:?}"
 fi
-unset UNPRIVILEGED_USER_PASSWORD
-
-# Dump environment variables
-export-env > /etc/profile.d/env.sh
 
 # Enable xdummy service if ENABLE_XDUMMY is true
 if [ "${ENABLE_XDUMMY:?}" = 'true' ]; then
@@ -68,9 +64,9 @@ if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
 fi
 
 # Generate RDP certificate if it does not exist
-if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CERT_PATH:?}" ]; then
+if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CRT_PATH:?}" ]; then
 	KEY_FILE=${XRDP_TLS_KEY_PATH:?}
-	CRT_FILE=${XRDP_TLS_CERT_PATH:?}
+	CRT_FILE=${XRDP_TLS_CRT_PATH:?}
 	CSR_FILE=$(mktemp -u)
 
 	(umask 077 \
@@ -84,5 +80,8 @@ if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CERT_PATH:?}" ]; then
 	) >/dev/null
 fi
 
+# Dump environment variables
+env | grep -Ev '^(PWD|HOME|USER|USERNAME|SHELL|TERM|SHLVL)=' | sort > /etc/environment
+
 # Start runit
 exec tini -- runsvdir -P /etc/service/
diff --git a/scripts/bin/export-env b/scripts/bin/export-env
deleted file mode 100755
index a20e630..0000000
--- a/scripts/bin/export-env
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/awk -f
-
-BEGIN {for (v in ENVIRON) {
-	if (v !~ /^(_|AWKPATH|AWKLIBPATH|TERM|SHLVL|PWD|HOME|SHELL|HOSTNAME|UID|USER|GID|GROUP)$/) {
-		gsub(/[^0-9A-Za-z_]/, "_", v);
-		gsub(/'/, "'\\''", ENVIRON[v]);
-		print("export "v"='"ENVIRON[v]"'");
-	}
-}}