From 57cdfeaf25ba1d1e8e3aa86e155918b8d2e27ca8 Mon Sep 17 00:00:00 2001 From: Bastien Chanot Date: Tue, 23 Jun 2026 17:55:50 +0200 Subject: [PATCH] =?UTF-8?q?docs(memory):=20add=20BDR-005=20=E2=80=94=20gno?= =?UTF-8?q?me-remote-desktop=20over=20xrdp=20on=20Wayland=20GNOME?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Record the architecture decision (rationale + rejected alternatives) behind replacing xrdp with gnome-remote-desktop system "Remote Login" on Wayland-only GNOME. Cross-refs LRN-004 / BLK-004. Co-Authored-By: Claude Opus 4.8 (1M context) Claude-Session: https://claude.ai/code/session_01JSFhCiEgndbRrMf7s8mmth --- .claude/memory/decisions.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.claude/memory/decisions.md b/.claude/memory/decisions.md index a1bb1df..4ae3c22 100644 --- a/.claude/memory/decisions.md +++ b/.claude/memory/decisions.md @@ -23,3 +23,13 @@ REPO_URL/CLONE_DIR/BRANCH), pulls if exists, ensures git first, then `bash insta Alt rejected: temp-dir + tarball download (no git dep) — kept git path, simpler + repo needs git anyway. Risk noted: curl|bash runs unreviewed remote code (archetype pain point); mitigated by HTTPS + pinned branch + manual fallback in README, not eliminated. Status: done. + +## BDR-005 — Remote desktop via gnome-remote-desktop --system, not xrdp +2026-06-23. Target machine = Wayland-only GNOME (Shell asserts XDG_SESSION_TYPE=wayland). xrdp's +Xorg backend can't satisfy it → session dies instantly on login. Chose gnome-remote-desktop system +"Remote Login" (GNOME-native, Wayland, RDP 3389, TLS, fresh GDM session). Auth 2-layer: shared gate +creds (`set-credentials`) → per-user GDM PAM; gate creds required else mstsc 0x904 (BLK-004). +Implemented install.sh `setup_remote_desktop` + `ensure_rdp_credentials`. Connection confirmed live. +Alts rejected: (a) force Xorg GDM + xrdp — sacrifices Wayland desktop, fragile; (b) VNC (wayvnc) — +RDP preferred (mstsc native on Win client, TLS); (c) g-r-d user "Desktop Sharing" mode — shares +existing local session, wanted independent headless login. See LRN-004, BLK-004. Status: done.