globalprotect-openconnect_2: init at 2.3.7

NixOS · Oct 25, 2024 · 01df7ea · 01df7ea
1 parent 86e1ad4
commit 01df7ea
Show file tree

Hide file tree

Showing 2 changed files with 190 additions and 0 deletions.
diff --git a/pkgs/by-name/gl/globalprotect-openconnect_2/gui.nix b/pkgs/by-name/gl/globalprotect-openconnect_2/gui.nix
@@ -0,0 +1,88 @@
+{
+  fetchurl,
+  stdenv,
+  system,
+  zstd,
+  webkitgtk,
+  libappindicator,
+  gtk3,
+  cairo,
+  gdk-pixbuf,
+  libsoup,
+  glib,
+  autoPatchelfHook,
+  makeDesktopItem,
+}:
+let
+  desktop = makeDesktopItem {
+    name = "GlobalProtect Openconnect VPN Client";
+    desktopName = "GlobalProtect Openconnect VPN Client";
+    comment = "A GUI for GlobalProtect VPN";
+    genericName = "GlobalProtect VPN Client";
+    exec = "gpclient launch-gui %u";
+    icon = "gpgui";
+    categories = [
+      "Network"
+      "Dialup"
+    ];
+    mimeTypes = [ "x-scheme-handler/globalprotectcallback" ];
+  };
+
+  version = "2.3.7";
+  remoteHashes = {
+    "x86_64-linux" = {
+      sha256 = "sha256-o1jTVfIzKk19uJH+NKFUL+Vjdlo/yZ7c44vCnv+FEfc=";
+      arch-name = "x86_64";
+    };
+    "aarch64-linux" = {
+      sha256 = "sha256-DibtaY8/h11/V78a/A46Nnku8TqMLcZ0OPr0mzV4xkc=";
+      arch-name = "aarch64";
+    };
+  };
+
+  remotes = builtins.mapAttrs (
+    _:
+    { sha256, arch-name }:
+    fetchurl {
+      inherit sha256;
+      url = "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v${version}/globalprotect-openconnect-${version}-1-${arch-name}.pkg.tar.zst";
+    }
+  ) remoteHashes;
+
+in
+stdenv.mkDerivation {
+  name = "gpgui";
+  inherit version;
+  src = remotes.${system};
+  nativeBuildInputs = [
+    zstd
+    webkitgtk
+    autoPatchelfHook
+    libappindicator
+    webkitgtk
+    gtk3
+    cairo
+    gdk-pixbuf
+    libsoup
+    glib
+  ];
+  postUnpack = ''
+    tar xf $src
+  '';
+
+  postPatch = ''
+    sed -i 's/\/usr\/bin\/gpservice/gpservice/' ./share/polkit-1/actions/com.yuezk.gpgui.policy
+  '';
+
+  postInstall = ''
+    mkdir -p $out/bin/
+    install -m 0755 ./bin/gpgui $out/bin/
+    patchelf \
+        --add-needed libappindicator3.so.1 \
+        $out/bin/gpgui
+    mkdir -p $out/share/
+    ln -s ${desktop}/share/applications/ $out/share/applications
+    cp -r share/icons/ $out/share/
+    cp -r share/polkit-1/ $out/share/
+  '';
+}
diff --git a/pkgs/by-name/gl/globalprotect-openconnect_2/package.nix b/pkgs/by-name/gl/globalprotect-openconnect_2/package.nix
@@ -0,0 +1,102 @@
+{
+  perl,
+  jq,
+  fetchFromGitHub,
+  lib,
+  openconnect,
+  libsoup,
+  webkitgtk_4_0,
+  pkg-config,
+  vpnc-scripts,
+  callPackage,
+  rustPlatform,
+  glib,
+  atk,
+  gdk-pixbuf,
+  pango,
+  cairo,
+  harfbuzz,
+  gtk3,
+  zlib,
+}:
+let
+  version = "2.3.7";
+  pname = "globalprotect-openconnect";
+  gpgui = callPackage ./gui.nix { };
+
+in
+rustPlatform.buildRustPackage {
+  inherit version pname;
+
+  src = fetchFromGitHub {
+    owner = "yuezk";
+    repo = "GlobalProtect-openconnect";
+    rev = "v${version}";
+    hash = "sha256-Zr888II65bUjrbStZfD0AYCXKY6VdKVJHQhbKwaY3is=";
+  };
+
+  nativeBuildInputs = [
+    perl
+    jq
+    openconnect
+    libsoup
+    webkitgtk_4_0
+    pkg-config
+  ];
+
+  PKG_CONFIG_PATH = lib.strings.concatMapStringsSep ":" (pkg: "${pkg}/lib/pkgconfig/") [
+    glib.dev
+    libsoup.dev
+    webkitgtk_4_0.dev
+    atk.dev
+    gdk-pixbuf.dev
+    pango.dev
+    cairo.dev
+    harfbuzz.dev
+    gtk3.dev
+    openconnect
+    zlib
+  ];
+
+  NIX_CFLAGS_COMPILE = (map (pkg: "-I${pkg}/include") [ openconnect.dev ]);
+
+  NIX_CFLAGS_LINK = (
+    map (pkg: "-L${lib.getLib pkg}/lib") [
+      openconnect
+      zlib
+    ]
+  );
+
+  cargoHash = "sha256-cdhhBUQASrnfjeJxkwx39vr/KHeQlBh0wMvw+Q7EK98=";
+
+  postPatch = ''
+        substituteInPlace crates/common/src/vpn_utils.rs \
+        --replace-fail /etc/vpnc/vpnc-script ${lib.getExe vpnc-scripts} \
+        --replace-fail /usr/libexec/openconnect/hipreport.sh ${openconnect}/libexec/openconnect/hipreport.sh
+
+    substituteInPlace crates/gpapi/src/lib.rs \
+        --replace-fail /usr/bin/gpclient $out/bin/gpclient \
+        --replace-fail /usr/bin/gpservice $out/bin/gpservice \
+        --replace-fail /usr/bin/gpgui-helper $out/bin/gpgui-helper \
+        --replace-fail /usr/bin/gpgui ${gpgui}/bin/gpgui \
+        --replace-fail /usr/bin/gpauth $out/bin/gpauth
+  '';
+
+  postInstall = ''
+    mkdir -p $out/
+    ln -s ${gpgui}/bin/gpgui $out/bin/
+    ln -s ${gpgui}/share/ $out/share
+  '';
+
+  meta = {
+    mainProgram = "gpclient";
+    description = "A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.";
+    licences = lib.licences.gpl3;
+    homepage = "https://github.com/yuezk/GlobalProtect-openconnect";
+    maintainers = [ lib.maintainers.m1dugh ];
+    platforms = [
+      "aarch64-linux"
+      "x86_64-linux"
+    ];
+  };
+}