weston-vnc: disable VNC auth to fix 'auth failed' in browser screen viewer

2026-05-20 16:26:07 +02:00 · 2026-05-20 16:26:07 +02:00 · 47279f110d
commit 47279f110d
parent 939df10a61
1 changed files with 12 additions and 3 deletions
--- a/nix/templates/weston-vnc.nix
+++ b/nix/templates/weston-vnc.nix
@ -104,10 +104,19 @@
          ${pkgs.coreutils}/bin/printf '{"vnc_port":%d,"auth":"none"}\n' \
            "$VNC_PORT" > /etc/hyperhive/gui.json || true

-          # --disable-transport-layer-security: VNC is loopback-only
-          # (relayed by the harness WebSocket proxy); TLS would require
-          # cert generation and adds no real security benefit here.
+          # Write a weston.ini that disables VNC authentication.
+          # Without this, neatvnc offers VNC password auth (type 2) by default
+          # which causes the in-browser RFB client to fail with "auth failed".
+          # auth-method=none makes neatvnc offer security type 1 (None).
+          # --disable-transport-layer-security additionally disables the
+          # VeNCrypt TLS wrapper — VNC is loopback-only via the harness
+          # WebSocket relay so neither TLS nor a password is needed.
+          WESTON_INI=$(${pkgs.coreutils}/bin/mktemp /tmp/weston-XXXXXX.ini)
+          ${pkgs.coreutils}/bin/printf '[core]\nbackend=vnc\n\n[vnc]\nauth-method=none\n' \
+            > "$WESTON_INI"
+
          exec ${pkgs.weston}/bin/weston \
+            --config="$WESTON_INI" \
            --backend=vnc-backend.so \
            --renderer=pixman \
            --port="$VNC_PORT" \