Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: nix & python packages upgrade, csd verify file #181

Closed
wants to merge 13 commits into from
Closed

fix: nix & python packages upgrade, csd verify file #181

wants to merge 13 commits into from

Conversation

adminy
Copy link

@adminy adminy commented Jul 3, 2024
edited
Loading

adds -k / --skip-ssl-verification and -f / --scan-file flags.
Tested with and without ssl verification.

Usage in case using newer openssl:

export OCF="openssl_conf = openssl_init\n[openssl_init]\nssl_conf = ssl_sect\n[ssl_sect]\nsystem_default = system_default_sect\n[system_default_sect]\nOptions = UnsafeLegacyRenegotiation"

echo -e $OCF | OPENSSL_CONF=/dev/stdin openconnect-sso -s vpn.comapny-name.com -f host-scan

Example host-scan file:

endpoint.device.protection_version="4.10.04071";

Fjxes:

Usage in nix:

flake.nix:

inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/master";
    systems.url = "github:nix-systems/x86_64-linux";
    flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; };
    openconnect-sso = {
      url = github:adminy/openconnect-sso/newer-versions;
      inputs.flake-utils.follows = "flake-utils";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.systems.follows = "systems";
    };
};

configuration.nix:

environment.systemPackages = [
  inputs.openconnect-sso.packages.${config.nixpkgs.localSystem.system}.default
];

@ThinkChaos
fix(build): update nix flake to work with current NixOS unstable
8f438d8 
Niv appears to work too, but I haven't tested that as much.

Changes (sorry single big commit, but this was hard enough as is):
- don't use the overlay for nixpkgs since it's not used ATM
- when using a flake, respect the given inputs instead of using Niv ones
- update dependencies to Qt6 to match `pyproject.toml`
- fix coredump on Wayland because of missing runtime dependency
- fix build-system to use the newer `poetry-core`
- update poetry.lock
- make flake inputs and Niv sources poetry2nix versions match
@ThinkChaos
squash! fix QT_STYLE_OVERRIDE warning at startup
d205ec9 
Example:
"QApplication: invalid style override 'kvantum' passed, ignoring it."
@ThinkChaos
squash! fix duplicate flake inputs
f6670c7
@ThinkChaos
squash!: fix extraneous inputs.follows
9ccbc3b
@ThinkChaos
squash!: fix flake indent
37409da
@ThinkChaos
fix(build): don't override poetry2nix in overlay
20c0015 
`prev.callPackage` auto-detects the given closure's args and sets them
to `prev.${arg}`. So `poetry2nix` was getting overriden with
`prev.poetry2nix` giving us the "poetry2nix is now maintained out-of-tree"
error.
This was referenced Jul 3, 2024
Open
Open
Open
Open
@Cadair
Copy link

Cadair commented Jul 22, 2024

Hi @adminy thanks for this work, it fixed my build. I wondered if you had any clue as to why I am getting the following error:

[error    ] Required attributes not found in response ("no such child: host-scan", does this endpoint do SSO?), exiting [openconnect_sso.app]

Any pointers would be super helpful thanks!

@adminy
Copy link
Author

adminy commented Jul 22, 2024

My PR makes an assumtion that there is always a host-scan file passed for CPD verification. I can update that to make this optional, sounds like a bug.

@adminy
Copy link
Author

adminy commented Jul 23, 2024

hopefully I haven't left anything out. Should be fixed now.

@Cadair
Copy link

Cadair commented Jul 30, 2024
edited
Loading

Hi @adminy I have just tried your latest commit and I am getting the same error.

@ThinkChaos
chore: allow building with lxml 5.x
94f1ddf 
And make Nix package use the lxml from nixpkgs, to allow building with
a more recent version.
@ThinkChaos
Copy link

Hey, it's been a while since I posted in my PR (#152) reposting here for visibility:

please rebase your PR on mine [to include my commit in the history], because using my work without attribution is not cool

@adminy
Copy link
Author

adminy commented Sep 13, 2024

hey @ThinkChaos, I kind of no longer use this VPN client, but I rebased your changes like you asked. Seems like a dead project anyways since our PRs aren't being merged in.

@adminy adminy closed this by deleting the head repository Sep 13, 2024
@ThinkChaos
Copy link

Thanks appreciate it!

Out of curiosity what are you using instead?

@adminy
Copy link
Author

adminy commented Sep 14, 2024

I was using this client for work, but my workplace did not appreciate me working on linux. So Now I'm somewhere else and occasionally I use openvpn cli client to connect to AWS's vpn client serverless solution. Personally though, to go through my devices I use rathole. Its the simplest in design and much much faster.

@ThinkChaos
Copy link

So Now I'm somewhere else

👏

Thanks for the info :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adminy @Cadair @ThinkChaos