Spice-GTK provides SPICE-specific command line options. This man page describes these options as well as the format of SPICE URIs. --- Makefile.am | 2 +- man/spice-client.pod | 180 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 man/spice-client.pod diff --git a/Makefile.am b/Makefile.am index 8add19f..5029497 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ ACLOCAL_AMFLAGS = -I m4 NULL = -SUBDIRS = spice-common gtk po doc data +SUBDIRS = spice-common gtk man po doc data if BUILD_TESTS SUBDIRS += tests diff --git a/man/spice-client.pod b/man/spice-client.pod new file mode 100644 index 0000000..1ad11e7 --- /dev/null +++ b/man/spice-client.pod @@ -0,0 +1,180 @@ +=head1 NAME + +Spice-GTK - a client-side library to access remote SPICE displays + +=head1 DESCRIPTION + +Spice-GTK is a library allowing to accesss remote displays. At the +moment It's mainly used to access remote virtual machines over the +SPICE protocol. + +The Spice-GTK library provides a set of command line options which +can be used to tweak how some SPICE-specific option. + +=head1 URI + +The most basic SPICE URI which can be used is in the form + spice://hostname.example.com:5900 + +This will try to initiate a SPICE connection to hostname.example.com +to port 5900. This connection will be unencrypted. This URI is +equivalent to + spice://hostname.example.com?port=5900 + +In order to start a TLS connection, one would use + spice://hostname.example.com?tls-port=5900 + +Other valid URI parameters are 'username' and 'password'. Be careful that +passing a password through a SPICE URI might cause the password to be +visible by any local user through 'ps'. + +Several parameters can be specified at once if they are separated +by & or ; + spice://hostname.example.com?port=5900;tls-port=5901 + +When using 'tls-port', it's recommended to not specify any non-TLS port. +If you give both 'port' and 'tls-port', make sure you use the +--spice-secure-channels options to indicate which channels must be secure. +Otherwise, Spice-GTK first attempts a connection to the non-TLS port, and +then try to use the TLS port. This means a man-in-the-middle could force +the whole SPICE session to go in clear text regardless of the TLS settings +of the SPICE server. + +=head1 OPTIONS + +The following options are accepted when running a SPICE client which +makes use of the default Spice-GTK options: + +=over 4 + +=item --spice-secure-channels=<main,display,inputs,...,all> + +Force the specified channels to be secured + +This instructs the SPICE client that it must use a TLS connection for these +channels. If the server only offers non-TLS connections for these channels, +the client will not use these. If the special value "all" is used, this +indicates that all SPICE channels must be encrypted. + +=item --spice-disable-effects=<wallpaper,font-smooth,animation,all> + +Disable guest display effects + +This tells the SPICE client that it should attempt to disable some guest +features in order to lower bandwidth usage. This requires guest support, +usually through a SPICE agent. This is currently only supported on Windows +guests. + +"wallpaper" will disable the guest wallpaper, "font-smooth" will disable +font antialiasing, "animation" will try to disable some of the desktop +environment animations. "all" will attempt to disable everything which +can be disabled. + +=item --spice-color-depth=<16,32> + +Guest display color depth + +This tells the SPICE client that it should attempt to force the guest OS +color depth. A lower color depth should lower bandwith usage. This requires +guest support, usually through a SPICE agent. This is currently only +supported on Windows guests. + +=item --spice-ca-file=<file> + +Truststore file for secure connections + +This option is used to specify a .crt file containing the CA certificate with which +the SPICE server TLS certificates are signed. This is useful when using self-signed +TLS certificates rather than certificates signed by an official CA. + + +=item --spice-host-subject=<host-subject> + +Subject of the host certificate (field=value pairs separated by commas) + +When using self-signed certificates, or when the guest is migrated between +different hosts, the subject/altSubject of the TLS certificate the SPICE +server will provide will not necessarily match the hostname we are connecting to. +This option makes it possible to override the expected subject of the TLS certificate. + +The subject must correspond to the "Subject:" line returned by: + openssl x509 -noout -text -in server-cert.pem + +=item --spice-debug + +Enable Spice-GTK debugging. This can also be toggled on with the +SPICE_DEBUG environment variable, or using G_MESSAGES_DEBUG=all + +=item --spice-disable-audio + +Disable audio support + +=item --spice-disable-usbredir + +Disable USB redirection support + +=item --spice-usbredir-auto-redirect-filter=<filter-string> + +Filter selecting USB devices to be auto-redirected when plugged in + +=item --spice-usbredir-redirect-on-connect=<filter-string> + +Filter selecting USB devices to redirect on connect + +=item --spice-gtk-version + +Display Spice-GTK version information + +=item --spice-smartcard + +Enable smartcard support + +=item --spice-smartcard-db=<certificate-db> + +Path to the local certificate database to use for software smartcard certificates + +This option is only useful for testing purpose. Instead of having a hardware +smartcard reader, and a physical smartcard, you can specify a file containing 3 +certificates which will be used to emulate a smartcard in software. See +C<http://www.spice-space.org/page/SmartcardUsage#Using_a_software_smartcard> +for more details about how to generate these certificates. + +=item --spice-smartcard-certificates=<certificates> + +Certificates to use for software smartcards (field=values separated by commas) + +This option is only useful for testing purpose. This allows to specify which +certificates from the certificate database specified with --spice-smartcard-db +should be used for smartcard emulation. + +=item --spice-cache-size=<bytes> + +Image cache size + +This option should only be used for testing/debugging. + +=item --spice-glz-window-size=<bytes> + +Glz compression history size + +This option should only be used for testing/debugging. + +=back + +=head1 BUGS + +Report bugs to the mailing list C<http://lists.freedesktop.org/mailman/listinfo/spice-devel> + +=head1 COPYRIGHT + +Copyright (C) 2011, 2014 Red Hat, Inc., and various contributors. +This is free software. You may redistribute copies of it under the terms of +the GNU Lesser General Public License +C<https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html>. +There is NO WARRANTY, to the extent permitted by law. + +=head1 SEE ALSO + +C<virt-viewer(1)>, the project website C<http://spice-space.org> + +=cut -- 1.9.0 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel