globalprotect-openconnect: Reinstate v1 (#355758) (cedd087b) · Commits · nix / nixpkgs

nixos/doc/manual/release-notes/rl-2411.section.md

+4 −5

Original line number	Diff line number	Diff line
		@@ -709,11 +709,10 @@

		- `isync` has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details.

		- Legacy package `globalprotect-openconnect` 1.x and related module
		`services.globalprotect` were dropped. Two new packages -- `gpauth` and `gpclient`
		from the 2.x version of the GlobalProtect-openconnect project -- are added in its
		place. The GUI components related to the project are non-free and not
		packaged.
		- Two new packages -- `gpauth` and `gpclient` from the 2.x version of the
		GlobalProtect-openconnect project -- are added in parallel to
		`globalprotect-openconnect`. The GUI components related to the project are
		non-free and not packaged.

		- Compatible string matching for `hardware.deviceTree.overlays` has been changed to a more correct behavior. See [below](#sec-release-24.11-migration-dto-compatible) for details.

+1 −0

Original line number	Diff line number	Diff line
		@@ -1056,6 +1056,7 @@
		./services/networking/gdomap.nix
		./services/networking/ghostunnel.nix
		./services/networking/git-daemon.nix
		./services/networking/globalprotect-vpn.nix
		./services/networking/gns3-server.nix
		./services/networking/gnunet.nix
		./services/networking/go-autoconfig.nix

+0 −1

Original line number	Diff line number	Diff line
		@@ -80,7 +80,6 @@ in
		(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
		(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
		(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
		(mkRemovedOptionModule [ "services" "globalprotect"] "The corresponding package was removed from nixpkgs.")
		(mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")
		(mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
		(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")

0 → 100644

+62 −0

Original line number	Diff line number	Diff line
		{
		config,
		lib,
		pkgs,
		...
		}:
		let
		cfg = config.services.globalprotect;

		execStart =
		if cfg.csdWrapper == null then
		"${pkgs.globalprotect-openconnect}/bin/gpservice"
		else
		"${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
		in

		{
		options.services.globalprotect = {
		enable = lib.mkEnableOption "globalprotect";

		settings = lib.mkOption {
		description = ''
		GlobalProtect-openconnect configuration. For more information, visit
		<https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>.
		'';
		default = { };
		example = {
		"vpn1.company.com" = {
		openconnect-args = "--script=/path/to/vpnc-script";
		};
		};
		type = lib.types.attrs;
		};

		csdWrapper = lib.mkOption {
		description = ''
		A script that will produce a Host Integrity Protection (HIP) report,
		as described at <https://www.infradead.org/openconnect/hip.html>
		'';
		default = null;
		example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"'';
		type = lib.types.nullOr lib.types.path;
		};
		};

		config = lib.mkIf cfg.enable {
		services.dbus.packages = [ pkgs.globalprotect-openconnect ];

		environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings;

		systemd.services.gpservice = {
		description = "GlobalProtect openconnect DBus service";
		serviceConfig = {
		Type = "dbus";
		BusName = "com.yuezk.qt.GPService";
		ExecStart = execStart;
		};
		wantedBy = [ "multi-user.target" ];
		after = [ "network.target" ];
		};
		};
		}

0 → 100644

+48 −0

Original line number	Diff line number	Diff line
		{
		stdenv,
		lib,
		fetchurl,
		cmake,
		qtwebsockets,
		qtwebengine,
		qtkeychain,
		wrapQtAppsHook,
		openconnect,
		}:

		stdenv.mkDerivation rec {
		pname = "globalprotect-openconnect";
		version = "1.4.9";

		src = fetchurl {
		url = "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v${version}/globalprotect-openconnect-${version}.tar.gz";
		hash = "sha256-vhvVKESLbqHx3XumxbIWOXIreDkW3yONDMXMHxhjsvk=";
		};

		nativeBuildInputs = [
		cmake
		wrapQtAppsHook
		];

		buildInputs = [
		openconnect
		qtwebsockets
		qtwebengine
		qtkeychain
		];

		patchPhase = ''
		substituteInPlace GPService/gpservice.h \
		--replace /usr/local/bin/openconnect ${openconnect}/bin/openconnect;
		substituteInPlace GPService/CMakeLists.txt \
		--replace /etc/gpservice $out/etc/gpservice;
		'';

		meta = with lib; {
		description = "GlobalProtect VPN client (GUI) for Linux based on OpenConnect that supports SAML auth mode";
		homepage = "https://github.com/yuezk/GlobalProtect-openconnect";
		license = licenses.gpl3Only;
		maintainers = [ maintainers.jerith666 ];
		platforms = platforms.linux;
		};
		}