about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--maintainers/maintainer-list.nix7
-rw-r--r--nixos/doc/manual/release-notes/rl-2411.section.md6
-rw-r--r--nixos/modules/module-list.nix1
-rw-r--r--nixos/modules/rename.nix1
-rw-r--r--nixos/modules/services/networking/globalprotect-vpn.nix57
-rw-r--r--pkgs/by-name/gp/gpauth/package.nix50
-rw-r--r--pkgs/by-name/gp/gpclient/package.nix41
-rw-r--r--pkgs/tools/networking/globalprotect-openconnect/default.nix32
-rw-r--r--pkgs/top-level/aliases.nix1
-rw-r--r--pkgs/top-level/all-packages.nix2
10 files changed, 106 insertions, 92 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 32517fb31054e..15fa72f89843d 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -2733,6 +2733,13 @@
     githubId = 19915050;
     name = "binarycat";
   };
+  binary-eater = {
+    email = "sergeantsagara@protonmail.com";
+    github = "Binary-Eater";
+    githubId = 10691440;
+    name = "Rahul Rameshbabu";
+    keys = [ { fingerprint = "678A 8DF1 D9F2 B51B 7110  BE53 FF24 7B3E 5411 387B"; } ];
+  };
   binsky = {
     email = "timo@binsky.org";
     github = "binsky08";
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
index 6600679ad168f..12372c0a3a587 100644
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -472,6 +472,12 @@
 
 - The `isync` package has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details.
 
+- Legacy package `globalprotect-openconnect` 1.x and related module
+  `globalprotect-vpn` were dropped. Two new packages `gpauth` and `gpclient`
+  from the 2.x version of the GlobalProtect-openconnect project are added in its
+  place. The GUI components related to the project are non-free and not
+  packaged.
+
 ## Other Notable Changes {#sec-release-24.11-notable-changes}
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 97ea85cfb89ac..a70bee9f60830 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1045,7 +1045,6 @@
   ./services/networking/gdomap.nix
   ./services/networking/ghostunnel.nix
   ./services/networking/git-daemon.nix
-  ./services/networking/globalprotect-vpn.nix
   ./services/networking/gns3-server.nix
   ./services/networking/gnunet.nix
   ./services/networking/go-autoconfig.nix
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 7e37114983839..122ef63913a5f 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -74,6 +74,7 @@ in
     (mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
     (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
     (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
+    (mkRemovedOptionModule [ "services" "globalprotect"] "The corresponding package was removed from nixpkgs.")
     (mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")
     (mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
     (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix
deleted file mode 100644
index 87ce8a5e142f7..0000000000000
--- a/nixos/modules/services/networking/globalprotect-vpn.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.services.globalprotect;
-
-  execStart =
-    if cfg.csdWrapper == null then
-      "${pkgs.globalprotect-openconnect}/bin/gpservice"
-    else
-      "${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
-in
-
-{
-  options.services.globalprotect = {
-    enable = lib.mkEnableOption "globalprotect";
-
-    settings = lib.mkOption {
-      description = ''
-        GlobalProtect-openconnect configuration. For more information, visit
-        <https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>.
-      '';
-      default = { };
-      example = {
-        "vpn1.company.com" = {
-          openconnect-args = "--script=/path/to/vpnc-script";
-        };
-      };
-      type = lib.types.attrs;
-    };
-
-    csdWrapper = lib.mkOption {
-      description = ''
-        A script that will produce a Host Integrity Protection (HIP) report,
-        as described at <https://www.infradead.org/openconnect/hip.html>
-      '';
-      default = null;
-      example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"'';
-      type = lib.types.nullOr lib.types.path;
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.dbus.packages = [ pkgs.globalprotect-openconnect ];
-
-    environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings;
-
-    systemd.services.gpservice = {
-      description = "GlobalProtect openconnect DBus service";
-      serviceConfig = {
-        Type = "dbus";
-        BusName = "com.yuezk.qt.GPService";
-        ExecStart = execStart;
-      };
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-    };
-  };
-}
diff --git a/pkgs/by-name/gp/gpauth/package.nix b/pkgs/by-name/gp/gpauth/package.nix
new file mode 100644
index 0000000000000..e1199c9ed372b
--- /dev/null
+++ b/pkgs/by-name/gp/gpauth/package.nix
@@ -0,0 +1,50 @@
+{
+  rustPlatform,
+  lib,
+  fetchFromGitHub,
+  libsoup,
+  openssl,
+  pkg-config,
+  perl,
+  webkitgtk,
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "gpauth";
+  version = "2.3.7";
+
+  src = fetchFromGitHub {
+    owner = "yuezk";
+    repo = "GlobalProtect-openconnect";
+    rev = "v${version}";
+    hash = "sha256-Zr888II65bUjrbStZfD0AYCXKY6VdKVJHQhbKwaY3is=";
+  };
+
+  buildAndTestSubdir = "apps/gpauth";
+  cargoHash = "sha256-AuYw8CC0bMJzIJJQXhcQajQ4SACz4aKv6rG4HMq7U18=";
+
+  nativeBuildInputs = [
+    perl
+    pkg-config
+  ];
+  buildInputs = [
+    libsoup
+    openssl
+    webkitgtk
+  ];
+
+  meta = with lib; {
+    changelog = "https://github.com/${src.owner}/${src.repo}/blob/${src.rev}/changelog.md";
+    description = "A CLI for GlobalProtect VPN, based on OpenConnect, supports the SSO authentication method";
+    longDescription = ''
+      A CLI for GlobalProtect VPN, based on OpenConnect, supports the SSO
+      authentication method. Inspired by gp-saml-gui.
+
+      The CLI version is always free and open source in this repo. It has almost
+      the same features as the GUI version.
+    '';
+    homepage = "https://github.com/${src.owner}/${src.repo}";
+    license = with licenses; [ gpl3Only ];
+    maintainers = with maintainers; [ binary-eater ];
+  };
+}
diff --git a/pkgs/by-name/gp/gpclient/package.nix b/pkgs/by-name/gp/gpclient/package.nix
new file mode 100644
index 0000000000000..786123e74d443
--- /dev/null
+++ b/pkgs/by-name/gp/gpclient/package.nix
@@ -0,0 +1,41 @@
+{
+  rustPlatform,
+  gpauth,
+  openconnect,
+  openssl,
+  perl,
+  vpnc-scripts,
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "gpclient";
+
+  inherit (gpauth) version src meta;
+
+  buildAndTestSubdir = "apps/gpclient";
+  cargoHash = "sha256-aJYFBvVrj1n2+9WLLBH5WTRRzTle19LsdJ2DielJYik=";
+
+  nativeBuildInputs = [ perl ];
+  buildInputs = [
+    gpauth
+    openconnect
+    openssl
+  ];
+
+  preConfigure = ''
+    substituteInPlace crates/gpapi/src/lib.rs \
+      --replace-fail /usr/bin/gpauth ${gpauth}/bin/gpauth
+    substituteInPlace crates/common/src/vpn_utils.rs \
+      --replace-fail /usr/sbin/vpnc-script ${vpnc-scripts}/bin/vpnc-script
+  '';
+
+  postInstall = ''
+    mkdir -p $out/share/applications
+    cp packaging/files/usr/share/applications/gpgui.desktop $out/share/applications/gpgui.desktop
+  '';
+
+  postFixup = ''
+    substituteInPlace $out/share/applications/gpgui.desktop \
+      --replace-fail /usr/bin/gpclient $out/bin/gpclient
+  '';
+}
diff --git a/pkgs/tools/networking/globalprotect-openconnect/default.nix b/pkgs/tools/networking/globalprotect-openconnect/default.nix
deleted file mode 100644
index 5b00de2fda85f..0000000000000
--- a/pkgs/tools/networking/globalprotect-openconnect/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ stdenv, lib, fetchurl
-, cmake, qtwebsockets, qtwebengine, qtkeychain, wrapQtAppsHook, openconnect
-}:
-
-stdenv.mkDerivation rec {
-  pname = "globalprotect-openconnect";
-  version = "1.4.9";
-
-  src = fetchurl {
-    url = "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v${version}/globalprotect-openconnect-${version}.tar.gz";
-    hash = "sha256-vhvVKESLbqHx3XumxbIWOXIreDkW3yONDMXMHxhjsvk=";
-  };
-
-  nativeBuildInputs = [ cmake wrapQtAppsHook ];
-
-  buildInputs = [ openconnect qtwebsockets qtwebengine qtkeychain ];
-
-  patchPhase = ''
-    substituteInPlace GPService/gpservice.h \
-      --replace /usr/local/bin/openconnect ${openconnect}/bin/openconnect;
-    substituteInPlace GPService/CMakeLists.txt \
-      --replace /etc/gpservice $out/etc/gpservice;
-  '';
-
-  meta = with lib; {
-    description = "GlobalProtect VPN client (GUI) for Linux based on OpenConnect that supports SAML auth mode";
-    homepage = "https://github.com/yuezk/GlobalProtect-openconnect";
-    license = licenses.gpl3Only;
-    maintainers = [ maintainers.jerith666 ];
-    platforms = platforms.linux;
-  };
-}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index d261728a53c24..b00cc4898cc30 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -556,6 +556,7 @@ mapAliases ({
   glide = throw "'glide' has been removed as it is unmaintained, please use Go modules instead"; # Added 2023-12-26
   glfw-wayland = glfw; # Added 2024-04-19
   glfw-wayland-minecraft = glfw3-minecraft; # Added 2024-05-08
+  globalprotect-openconnect = throw "'globalprotect-openconnect' has been renamed to/replaced by 'gpauth' and 'gpclient'"; # Added 2024-09-21
   glxinfo = mesa-demos; # Added 2024-07-04
   gmailieer = lieer; # Added 2020-04-19
   gmic-qt-krita = throw "gmic-qt-krita was removed as it's no longer supported upstream."; # Converted to throw 2023-02-02
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 5d90dcf211191..4b7d7793e6506 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13558,8 +13558,6 @@ with pkgs;
 
   inherit (openconnectPackages) openconnect openconnect_openssl;
 
-  globalprotect-openconnect = libsForQt5.callPackage ../tools/networking/globalprotect-openconnect { };
-
   ding-libs = callPackage ../tools/misc/ding-libs { };
 
   sssd = callPackage ../os-specific/linux/sssd {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-27 01:21:47 +0000