Skip to content

GUACAMOLE-2264: Set CMAKE_BUILD_TYPE=Release for FreeRDP production builds.#660

Open
escra wants to merge 1 commit intoapache:staging/1.6.1from
ESCRA-GmbH:fix/dockerfile-freerdp-release
Open

GUACAMOLE-2264: Set CMAKE_BUILD_TYPE=Release for FreeRDP production builds.#660
escra wants to merge 1 commit intoapache:staging/1.6.1from
ESCRA-GmbH:fix/dockerfile-freerdp-release

Conversation

@escra
Copy link
Copy Markdown

@escra escra commented Apr 14, 2026

Summary

The official Dockerfile builds FreeRDP without specifying CMAKE_BUILD_TYPE.
CMake defaults to an empty build type, which in FreeRDP's case enables
WINPR_ASSERT runtime assertions (equivalent to WITH_VERBOSE_WINPR_ASSERT=ON).

When FreeRDP encounters any unexpected condition at runtime, WINPR_ASSERT
calls abort(), which sends SIGABRT to the guacd child process. The child
process terminates silently -- no error message is logged by guacd because
the process is killed by the signal before it can log anything.

Observable symptoms

FreeRDP logs this warning at connection startup:
`

This build is using [runtime-check] build options:

  • 'WITH_VERBOSE_WINPR_ASSERT=ON'

[runtime-check] build options might slow down the application

`

Then, under certain conditions (e.g., unexpected server responses, edge cases
in NLA negotiation), the child process disappears:
guacd[1]: INFO: Connection "..." removed. guacd[1]: DEBUG: Unable to request termination of client process: No such process

Impact

  • Random, silent RDP connection failures
  • No error diagnostics -- the crash reason is not logged
  • More likely with FreeRDP 3.x (significantly more assertions than 2.x)
  • Particularly problematic with Windows servers that have non-standard
    configurations (NLA edge cases, unusual certificate setups)

Fix

Add -DCMAKE_BUILD_TYPE=Release to FREERDP_OPTS in the Dockerfile. This:

  • Disables WINPR_ASSERT (assertions become no-ops in Release builds)
  • Enables compiler optimizations (-O2 / -O3)
  • Strips debug symbols (smaller binary)
  • Follows standard practice for production builds

Risk

Very low. CMAKE_BUILD_TYPE=Release is the standard CMake configuration
for production builds. FreeRDP's own CI and all Linux distribution packages use
Release builds. The assertions are developer aids, not production safety nets --
they catch "should never happen" conditions by crashing, which is worse than
graceful error handling in production.

Test plan

  • Build Docker image with the change and verify no [runtime-check] warning
  • Verify RDP connections to Windows servers with NLA are stable
  • Verify no performance regression (Release mode is actually faster)
  • Compare image size (expect slight reduction from stripped debug info)

Set CMAKE_BUILD_TYPE=Release for FreeRDP production builds.
8334bdd 
Without an explicit build type, CMake defaults to an empty configuration
which leaves WINPR_ASSERT runtime assertions enabled. These assertions
call abort() on unexpected conditions, silently killing guacd child
processes without any log output. Setting Release mode disables the
assertions, enables compiler optimizations, and matches how Linux
distributions package FreeRDP.
@escra escra changed the title Set CMAKE_BUILD_TYPE=Release for FreeRDP production builds. GUACAMOLE-2264: Set CMAKE_BUILD_TYPE=Release for FreeRDP production builds. Apr 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@escra