diff options
author | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2024-09-22 12:07:33 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-09-22 12:07:33 +0200 |
commit | 84cd38f77826dfed3273b37397eb3bb16f3898d5 (patch) | |
tree | fd61ff2b8af5452744d2a8a0c037b49c05b5cfe0 | |
parent | aae6a077a9b72a1b3d12d986a5db43917c198ffe (diff) | |
parent | 2b0ff836a9e36fa16b192fcbad250fb699708d19 (diff) |
globalprotect-openconnect: add core logic and packages for 2.x releases (#316526)
-rw-r--r-- | maintainers/maintainer-list.nix | 7 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2411.section.md | 6 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/globalprotect-vpn.nix | 57 | ||||
-rw-r--r-- | pkgs/by-name/gp/gpauth/package.nix | 50 | ||||
-rw-r--r-- | pkgs/by-name/gp/gpclient/package.nix | 41 | ||||
-rw-r--r-- | pkgs/tools/networking/globalprotect-openconnect/default.nix | 32 | ||||
-rw-r--r-- | pkgs/top-level/aliases.nix | 1 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
10 files changed, 106 insertions, 92 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 32517fb31054e..15fa72f89843d 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -2733,6 +2733,13 @@ githubId = 19915050; name = "binarycat"; }; + binary-eater = { + email = "sergeantsagara@protonmail.com"; + github = "Binary-Eater"; + githubId = 10691440; + name = "Rahul Rameshbabu"; + keys = [ { fingerprint = "678A 8DF1 D9F2 B51B 7110 BE53 FF24 7B3E 5411 387B"; } ]; + }; binsky = { email = "timo@binsky.org"; github = "binsky08"; diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 6600679ad168f..12372c0a3a587 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -472,6 +472,12 @@ - The `isync` package has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details. +- Legacy package `globalprotect-openconnect` 1.x and related module + `globalprotect-vpn` were dropped. Two new packages `gpauth` and `gpclient` + from the 2.x version of the GlobalProtect-openconnect project are added in its + place. The GUI components related to the project are non-free and not + packaged. + ## Other Notable Changes {#sec-release-24.11-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 97ea85cfb89ac..a70bee9f60830 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1045,7 +1045,6 @@ ./services/networking/gdomap.nix ./services/networking/ghostunnel.nix ./services/networking/git-daemon.nix - ./services/networking/globalprotect-vpn.nix ./services/networking/gns3-server.nix ./services/networking/gnunet.nix ./services/networking/go-autoconfig.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 7e37114983839..122ef63913a5f 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -74,6 +74,7 @@ in (mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed") (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed") + (mkRemovedOptionModule [ "services" "globalprotect"] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.") (mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.") (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer") diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix deleted file mode 100644 index 87ce8a5e142f7..0000000000000 --- a/nixos/modules/services/networking/globalprotect-vpn.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.services.globalprotect; - - execStart = - if cfg.csdWrapper == null then - "${pkgs.globalprotect-openconnect}/bin/gpservice" - else - "${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}"; -in - -{ - options.services.globalprotect = { - enable = lib.mkEnableOption "globalprotect"; - - settings = lib.mkOption { - description = '' - GlobalProtect-openconnect configuration. For more information, visit - <https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>. - ''; - default = { }; - example = { - "vpn1.company.com" = { - openconnect-args = "--script=/path/to/vpnc-script"; - }; - }; - type = lib.types.attrs; - }; - - csdWrapper = lib.mkOption { - description = '' - A script that will produce a Host Integrity Protection (HIP) report, - as described at <https://www.infradead.org/openconnect/hip.html> - ''; - default = null; - example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"''; - type = lib.types.nullOr lib.types.path; - }; - }; - - config = lib.mkIf cfg.enable { - services.dbus.packages = [ pkgs.globalprotect-openconnect ]; - - environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings; - - systemd.services.gpservice = { - description = "GlobalProtect openconnect DBus service"; - serviceConfig = { - Type = "dbus"; - BusName = "com.yuezk.qt.GPService"; - ExecStart = execStart; - }; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - }; - }; -} diff --git a/pkgs/by-name/gp/gpauth/package.nix b/pkgs/by-name/gp/gpauth/package.nix new file mode 100644 index 0000000000000..e1199c9ed372b --- /dev/null +++ b/pkgs/by-name/gp/gpauth/package.nix @@ -0,0 +1,50 @@ +{ + rustPlatform, + lib, + fetchFromGitHub, + libsoup, + openssl, + pkg-config, + perl, + webkitgtk, +}: + +rustPlatform.buildRustPackage rec { + pname = "gpauth"; + version = "2.3.7"; + + src = fetchFromGitHub { + owner = "yuezk"; + repo = "GlobalProtect-openconnect"; + rev = "v${version}"; + hash = "sha256-Zr888II65bUjrbStZfD0AYCXKY6VdKVJHQhbKwaY3is="; + }; + + buildAndTestSubdir = "apps/gpauth"; + cargoHash = "sha256-AuYw8CC0bMJzIJJQXhcQajQ4SACz4aKv6rG4HMq7U18="; + + nativeBuildInputs = [ + perl + pkg-config + ]; + buildInputs = [ + libsoup + openssl + webkitgtk + ]; + + meta = with lib; { + changelog = "https://github.com/${src.owner}/${src.repo}/blob/${src.rev}/changelog.md"; + description = "A CLI for GlobalProtect VPN, based on OpenConnect, supports the SSO authentication method"; + longDescription = '' + A CLI for GlobalProtect VPN, based on OpenConnect, supports the SSO + authentication method. Inspired by gp-saml-gui. + + The CLI version is always free and open source in this repo. It has almost + the same features as the GUI version. + ''; + homepage = "https://github.com/${src.owner}/${src.repo}"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ binary-eater ]; + }; +} diff --git a/pkgs/by-name/gp/gpclient/package.nix b/pkgs/by-name/gp/gpclient/package.nix new file mode 100644 index 0000000000000..786123e74d443 --- /dev/null +++ b/pkgs/by-name/gp/gpclient/package.nix @@ -0,0 +1,41 @@ +{ + rustPlatform, + gpauth, + openconnect, + openssl, + perl, + vpnc-scripts, +}: + +rustPlatform.buildRustPackage rec { + pname = "gpclient"; + + inherit (gpauth) version src meta; + + buildAndTestSubdir = "apps/gpclient"; + cargoHash = "sha256-aJYFBvVrj1n2+9WLLBH5WTRRzTle19LsdJ2DielJYik="; + + nativeBuildInputs = [ perl ]; + buildInputs = [ + gpauth + openconnect + openssl + ]; + + preConfigure = '' + substituteInPlace crates/gpapi/src/lib.rs \ + --replace-fail /usr/bin/gpauth ${gpauth}/bin/gpauth + substituteInPlace crates/common/src/vpn_utils.rs \ + --replace-fail /usr/sbin/vpnc-script ${vpnc-scripts}/bin/vpnc-script + ''; + + postInstall = '' + mkdir -p $out/share/applications + cp packaging/files/usr/share/applications/gpgui.desktop $out/share/applications/gpgui.desktop + ''; + + postFixup = '' + substituteInPlace $out/share/applications/gpgui.desktop \ + --replace-fail /usr/bin/gpclient $out/bin/gpclient + ''; +} diff --git a/pkgs/tools/networking/globalprotect-openconnect/default.nix b/pkgs/tools/networking/globalprotect-openconnect/default.nix deleted file mode 100644 index 5b00de2fda85f..0000000000000 --- a/pkgs/tools/networking/globalprotect-openconnect/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ stdenv, lib, fetchurl -, cmake, qtwebsockets, qtwebengine, qtkeychain, wrapQtAppsHook, openconnect -}: - -stdenv.mkDerivation rec { - pname = "globalprotect-openconnect"; - version = "1.4.9"; - - src = fetchurl { - url = "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v${version}/globalprotect-openconnect-${version}.tar.gz"; - hash = "sha256-vhvVKESLbqHx3XumxbIWOXIreDkW3yONDMXMHxhjsvk="; - }; - - nativeBuildInputs = [ cmake wrapQtAppsHook ]; - - buildInputs = [ openconnect qtwebsockets qtwebengine qtkeychain ]; - - patchPhase = '' - substituteInPlace GPService/gpservice.h \ - --replace /usr/local/bin/openconnect ${openconnect}/bin/openconnect; - substituteInPlace GPService/CMakeLists.txt \ - --replace /etc/gpservice $out/etc/gpservice; - ''; - - meta = with lib; { - description = "GlobalProtect VPN client (GUI) for Linux based on OpenConnect that supports SAML auth mode"; - homepage = "https://github.com/yuezk/GlobalProtect-openconnect"; - license = licenses.gpl3Only; - maintainers = [ maintainers.jerith666 ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index d261728a53c24..b00cc4898cc30 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -556,6 +556,7 @@ mapAliases ({ glide = throw "'glide' has been removed as it is unmaintained, please use Go modules instead"; # Added 2023-12-26 glfw-wayland = glfw; # Added 2024-04-19 glfw-wayland-minecraft = glfw3-minecraft; # Added 2024-05-08 + globalprotect-openconnect = throw "'globalprotect-openconnect' has been renamed to/replaced by 'gpauth' and 'gpclient'"; # Added 2024-09-21 glxinfo = mesa-demos; # Added 2024-07-04 gmailieer = lieer; # Added 2020-04-19 gmic-qt-krita = throw "gmic-qt-krita was removed as it's no longer supported upstream."; # Converted to throw 2023-02-02 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5d90dcf211191..4b7d7793e6506 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13558,8 +13558,6 @@ with pkgs; inherit (openconnectPackages) openconnect openconnect_openssl; - globalprotect-openconnect = libsForQt5.callPackage ../tools/networking/globalprotect-openconnect { }; - ding-libs = callPackage ../tools/misc/ding-libs { }; sssd = callPackage ../os-specific/linux/sssd { |