From 8f2fa04fd99a0159c902f1d42e6b1633c4811ba1 Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu Date: Wed, 13 Nov 2024 13:41:34 -0800 Subject: [PATCH] Revert "globalprotect-openconnect: remove deprecated 1.x package" This reverts commit b08d6a664f548c86446439a1e24e484b0ee140ea. Signed-off-by: Rahul Rameshbabu --- .../manual/release-notes/rl-2411.section.md | 9 ++- nixos/modules/module-list.nix | 1 + .../services/networking/globalprotect-vpn.nix | 57 +++++++++++++++++++ .../globalprotect-openconnect/default.nix | 32 +++++++++++ pkgs/top-level/all-packages.nix | 2 + 5 files changed, 96 insertions(+), 5 deletions(-) create mode 100644 nixos/modules/services/networking/globalprotect-vpn.nix create mode 100644 pkgs/tools/networking/globalprotect-openconnect/default.nix diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 000df6e978b4..290681d187d8 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -692,11 +692,10 @@ - `isync` has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details. -- Legacy package `globalprotect-openconnect` 1.x and related module - `services.globalprotect` were dropped. Two new packages -- `gpauth` and `gpclient` - from the 2.x version of the GlobalProtect-openconnect project -- are added in its - place. The GUI components related to the project are non-free and not - packaged. +- Two new packages -- `gpauth` and `gpclient` from the 2.x version of the + GlobalProtect-openconnect project -- are added in parallel to + `globalprotect-openconnect`. The GUI components related to the project are + non-free and not packaged. - Compatible string matching for `hardware.deviceTree.overlays` has been changed to a more correct behavior. See [below](#sec-release-24.11-migration-dto-compatible) for details. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index eef106a91229..34118257e572 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1053,6 +1053,7 @@ ./services/networking/gdomap.nix ./services/networking/ghostunnel.nix ./services/networking/git-daemon.nix + ./services/networking/globalprotect-vpn.nix ./services/networking/gns3-server.nix ./services/networking/gnunet.nix ./services/networking/go-autoconfig.nix diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix new file mode 100644 index 000000000000..87ce8a5e142f --- /dev/null +++ b/nixos/modules/services/networking/globalprotect-vpn.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.services.globalprotect; + + execStart = + if cfg.csdWrapper == null then + "${pkgs.globalprotect-openconnect}/bin/gpservice" + else + "${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}"; +in + +{ + options.services.globalprotect = { + enable = lib.mkEnableOption "globalprotect"; + + settings = lib.mkOption { + description = '' + GlobalProtect-openconnect configuration. For more information, visit + . + ''; + default = { }; + example = { + "vpn1.company.com" = { + openconnect-args = "--script=/path/to/vpnc-script"; + }; + }; + type = lib.types.attrs; + }; + + csdWrapper = lib.mkOption { + description = '' + A script that will produce a Host Integrity Protection (HIP) report, + as described at + ''; + default = null; + example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"''; + type = lib.types.nullOr lib.types.path; + }; + }; + + config = lib.mkIf cfg.enable { + services.dbus.packages = [ pkgs.globalprotect-openconnect ]; + + environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings; + + systemd.services.gpservice = { + description = "GlobalProtect openconnect DBus service"; + serviceConfig = { + Type = "dbus"; + BusName = "com.yuezk.qt.GPService"; + ExecStart = execStart; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + }; + }; +} diff --git a/pkgs/tools/networking/globalprotect-openconnect/default.nix b/pkgs/tools/networking/globalprotect-openconnect/default.nix new file mode 100644 index 000000000000..5b00de2fda85 --- /dev/null +++ b/pkgs/tools/networking/globalprotect-openconnect/default.nix @@ -0,0 +1,32 @@ +{ stdenv, lib, fetchurl +, cmake, qtwebsockets, qtwebengine, qtkeychain, wrapQtAppsHook, openconnect +}: + +stdenv.mkDerivation rec { + pname = "globalprotect-openconnect"; + version = "1.4.9"; + + src = fetchurl { + url = "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v${version}/globalprotect-openconnect-${version}.tar.gz"; + hash = "sha256-vhvVKESLbqHx3XumxbIWOXIreDkW3yONDMXMHxhjsvk="; + }; + + nativeBuildInputs = [ cmake wrapQtAppsHook ]; + + buildInputs = [ openconnect qtwebsockets qtwebengine qtkeychain ]; + + patchPhase = '' + substituteInPlace GPService/gpservice.h \ + --replace /usr/local/bin/openconnect ${openconnect}/bin/openconnect; + substituteInPlace GPService/CMakeLists.txt \ + --replace /etc/gpservice $out/etc/gpservice; + ''; + + meta = with lib; { + description = "GlobalProtect VPN client (GUI) for Linux based on OpenConnect that supports SAML auth mode"; + homepage = "https://github.com/yuezk/GlobalProtect-openconnect"; + license = licenses.gpl3Only; + maintainers = [ maintainers.jerith666 ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c54b3abe186d..300e6ab922c7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5656,6 +5656,8 @@ with pkgs; inherit (openconnectPackages) openconnect openconnect_openssl; + globalprotect-openconnect = libsForQt5.callPackage ../tools/networking/globalprotect-openconnect { }; + sssd = callPackage ../os-specific/linux/sssd { inherit (perlPackages) Po4a; # python312Packages.python-ldap is broken