Support CAS authentication

.github/workflows/build.yaml

@@ -13,7 +13,6 @@ on:
       - feature/*
       - release/*
     tags:
-      - latest
       - v*.*.*
 jobs:
   # Include arm64 if ref is a tag
@@ -50,6 +49,10 @@ jobs:
     - name: Create tarball
       run: |
         cd source/gp
+        # Generate the SNAPSHOT file for non-tagged commits
+        if [[ "${{ github.ref }}" != "refs/tags/"* ]]; then
+          touch SNAPSHOT
+        fi
         make tarball
     - name: Upload tarball
       uses: actions/upload-artifact@v3
@@ -152,7 +155,7 @@ jobs:
           gpgui-source/*.bin.tar.xz.sha256
 
   gh-release:
-    if: startsWith(github.ref, 'refs/tags/')
+    if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/dev'
     runs-on: ubuntu-latest
     needs:
       - build-gp
@@ -166,10 +169,15 @@ jobs:
       with:
         path: gh-release
     - name: Create GH release
-      uses: softprops/action-gh-release@v1
-      with:
-        token: ${{ secrets.GH_PAT }}
-        prerelease: ${{ contains(github.ref, 'latest') }}
-        fail_on_unmatched_files: true
-        files: |
-          gh-release/artifact-*/*
+      env:
+        GH_TOKEN: ${{ secrets.GH_PAT }}
+        RELEASE_TAG: ${{ github.ref == 'refs/heads/dev' && 'snapshot' || github.ref_name }}
+      run: |
+        gh release delete $RELEASE_TAG --yes --cleanup-tag || true
+        gh release create $RELEASE_TAG \
+          --title "$RELEASE_TAG" \
+          --notes "Release $RELEASE_TAG" \
+          --target ${{ github.ref}} \
+          ${{ github.ref == 'refs/heads/dev' && '--prerelease' || '' }} \
+          "gh-release/artifact-source/*" \
+          "gh-release/artifact-gpgui-*/*"

.github/workflows/release.yaml

@@ -145,7 +145,7 @@ jobs:
       uses: softprops/action-gh-release@v1
       with:
         token: ${{ secrets.GH_PAT }}
-        prerelease: ${{ contains(github.ref, 'latest') }}
+        prerelease: ${{ contains(github.ref, 'snapshot') }}
         fail_on_unmatched_files: true
         tag_name: ${{ inputs.tag }}
         files: |

.gitignore

@@ -7,3 +7,4 @@
 
 .cargo
 .build
+SNAPSHOT

Makefile

@@ -13,14 +13,15 @@ PKG = $(PKG_NAME)-$(VERSION)
 SERIES ?= $(shell lsb_release -cs)
 PUBLISH ?= 0
 
-# Indicate if it is a Debian packaging
-DEB_PACKAGING ?= 0
-INCLUDE_SYSTEMD ?= $(shell [ -d /run/systemd/system ] && echo 1 || echo 0)
-# Enable the systemd service after installation
-ENABLE_SERVICE ?= 1
-
 export DEBEMAIL = k3vinyue@gmail.com
 export DEBFULLNAME = Kevin Yue
+export SNAPSHOT = $(shell test -f SNAPSHOT && echo "true" || echo "false")
+
+ifeq ($(SNAPSHOT), true)
+	RELEASE_TAG = snapshot
+else
+	RELEASE_TAG = v$(VERSION)
+endif
 
 CARGO_BUILD_ARGS = --release
 
@@ -67,7 +68,8 @@ download-gui:
 	if [ $(INCLUDE_GUI) -eq 1 ]; then \
 		echo "Downloading GlobalProtect GUI..."; \
 		mkdir -p .build/gpgui; \
-		curl -sSL https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v$(VERSION)/gpgui_$(VERSION)_$(shell uname -m).bin.tar.xz -o .build/gpgui/gpgui_$(VERSION)_x$(shell uname -m).bin.tar.xz; \
+		curl -sSL https://github.com/yuezk/GlobalProtect-openconnect/releases/download/$(RELEASE_TAG)/gpgui_$(shell uname -m).bin.tar.xz \
+			-o .build/gpgui/gpgui_$(shell uname -m).bin.tar.xz; \
 		tar -xJf .build/gpgui/*.tar.xz -C .build/gpgui; \
 	else \
 		echo "Skipping GlobalProtect GUI download (INCLUDE_GUI=0)"; \
@@ -122,34 +124,9 @@ install:
 	install -Dm644 packaging/files/usr/share/icons/hicolor/256x256@2/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	install -Dm644 packaging/files/usr/share/polkit-1/actions/com.yuezk.gpgui.policy $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
 
-	# Install the systemd service
-	if [ $(INCLUDE_SYSTEMD) -eq 1 ]; then \
-		if [ $(DEB_PACKAGING) -eq 1 ]; then \
-			install -Dm644 packaging/files/usr/lib/systemd/system/gp-suspend.service $(DESTDIR)/lib/systemd/system/gp-suspend.service; \
-		else \
-			install -Dm644 packaging/files/usr/lib/systemd/system/gp-suspend.service $(DESTDIR)/usr/lib/systemd/system/gp-suspend.service; \
-		fi; \
-		if [ $(ENABLE_SERVICE) -eq 1 ]; then \
-			systemctl --system daemon-reload \
-			systemctl enable gp-suspend.service || true; \
-		fi \
-	else \
-		echo "Skipping systemd service installation"; \
-	fi
-
-	@echo "Installation complete."
-
 uninstall:
 	@echo "Uninstalling $(PKG_NAME)..."
 
-	# Disable the systemd service
-	if [ -d /run/systemd/system ]; then \
-		systemctl disable gp-suspend.service >/dev/null || true; \
-	fi
-
-	rm -f $(DESTDIR)/lib/systemd/system/gp-suspend.service
-	rm -f $(DESTDIR)/usr/lib/systemd/system/gp-suspend.service
-
 	rm -f $(DESTDIR)/usr/bin/gpclient
 	rm -f $(DESTDIR)/usr/bin/gpauth
 	rm -f $(DESTDIR)/usr/bin/gpservice
@@ -254,7 +231,6 @@ init-pkgbuild: clean-pkgbuild tarball
 
 	cp .build/tarball/${PKG}.tar.gz .build/pkgbuild
 	cp packaging/pkgbuild/PKGBUILD.in .build/pkgbuild/PKGBUILD
-	cp packaging/pkgbuild/gp.install .build/pkgbuild
 
 	sed -i "s/@PKG_NAME@/$(PKG_NAME)/g" .build/pkgbuild/PKGBUILD
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/pkgbuild/PKGBUILD
@@ -276,10 +252,7 @@ binary: clean-binary tarball
 	mkdir -p .build/binary/$(PKG_NAME)_$(VERSION)/artifacts
 
 	make -C .build/binary/${PKG} build OFFLINE=$(OFFLINE) BUILD_FE=0 INCLUDE_GUI=$(INCLUDE_GUI)
-	make -C .build/binary/${PKG} install \
-		DESTDIR=$(PWD)/.build/binary/$(PKG_NAME)_$(VERSION)/artifacts \
-		INCLUDE_SYSTEMD=1 \
-		ENABLE_SERVICE=0
+	make -C .build/binary/${PKG} install DESTDIR=$(PWD)/.build/binary/$(PKG_NAME)_$(VERSION)/artifacts
 
 	cp packaging/binary/Makefile.in .build/binary/$(PKG_NAME)_$(VERSION)/Makefile
 

apps/gpclient/src/launch_gui.rs

@@ -82,7 +82,7 @@ async fn feed_auth_data(auth_data: &str) -> anyhow::Result<()> {
 
   reqwest::Client::default()
     .post(format!("{}/auth-data", service_endpoint))
-    .json(&auth_data)
+    .body(auth_data.to_string())
     .send()
     .await?
     .error_for_status()?;

apps/gpgui-helper/src-tauri/src/updater.rs

@@ -9,6 +9,12 @@ use tauri::{Manager, Window};
 
 use crate::downloader::{ChecksumFetcher, FileDownloader};
 
+#[cfg(not(debug_assertions))]
+const SNAPSHOT: &str = match option_env!("SNAPSHOT") {
+    Some(val) => val,
+    None => "false"
+};
+
 pub struct ProgressNotifier {
   win: Window,
 }
@@ -81,9 +87,13 @@ impl GuiUpdater {
     info!("Update GUI, version: {}", self.version);
 
     #[cfg(debug_assertions)]
-    let release_tag = "latest";
+    let release_tag = "snapshot";
     #[cfg(not(debug_assertions))]
-    let release_tag = format!("v{}", self.version);
+    let release_tag = if SNAPSHOT == "true" {
+      String::from("snapshot")
+    } else {
+      format!("v{}", self.version)
+    };
 
     #[cfg(target_arch = "x86_64")]
     let arch = "x86_64";
@@ -91,8 +101,8 @@ impl GuiUpdater {
     let arch = "aarch64";
 
     let file_url = format!(
-      "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/{}/gpgui_{}_{}.bin.tar.xz",
-      release_tag, self.version, arch
+      "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/{}/gpgui_{}.bin.tar.xz",
+      release_tag, arch
     );
     let checksum_url = format!("{}.sha256", file_url);
 

crates/gpapi/src/auth.rs

@@ -1,4 +1,4 @@
-use anyhow::bail;
+use anyhow::anyhow;
 use regex::Regex;
 use serde::{Deserialize, Serialize};
 
@@ -35,7 +35,7 @@ impl SamlAuthData {
     }
   }
 
-  pub fn parse_html(html: &str) -> anyhow::Result<SamlAuthData> {
+  pub fn from_html(html: &str) -> anyhow::Result<SamlAuthData> {
     match parse_xml_tag(html, "saml-auth-status") {
       Some(saml_status) if saml_status == "1" => {
         let username = parse_xml_tag(html, "saml-username");
@@ -43,21 +43,17 @@ impl SamlAuthData {
         let portal_userauthcookie = parse_xml_tag(html, "portal-userauthcookie");
 
         if SamlAuthData::check(&username, &prelogin_cookie, &portal_userauthcookie) {
-          return Ok(SamlAuthData::new(
+          Ok(SamlAuthData::new(
             username.unwrap(),
             prelogin_cookie,
             portal_userauthcookie,
-          ));
+          ))
+        } else {
+          Err(anyhow!("Found invalid auth data in HTML"))
         }
-
-        bail!("Found invalid auth data in HTML");
-      }
-      Some(status) => {
-        bail!("Found invalid SAML status {} in HTML", status);
-      }
-      None => {
-        bail!("No auth data found in HTML");
       }
+      Some(status) => Err(anyhow!("Found invalid SAML status {} in HTML", status)),
+      None => Err(anyhow!("No auth data found in HTML")),
     }
   }
 

crates/gpapi/src/credential.rs

@@ -1,5 +1,6 @@
 use std::collections::HashMap;
 
+use log::info;
 use serde::{Deserialize, Serialize};
 use specta::Type;
 
@@ -155,25 +156,50 @@ impl From<PasswordCredential> for CachedCredential {
   }
 }
 
+#[derive(Debug, Serialize, Deserialize, Type, Clone)]
+pub struct TokenCredential {
+  #[serde(alias = "un")]
+  username: String,
+  token: String,
+}
+
+impl TokenCredential {
+  pub fn username(&self) -> &str {
+    &self.username
+  }
+
+  pub fn token(&self) -> &str {
+    &self.token
+  }
+}
+
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(tag = "type", rename_all = "camelCase")]
 pub enum Credential {
   Password(PasswordCredential),
   PreloginCookie(PreloginCookieCredential),
   AuthCookie(AuthCookieCredential),
+  TokenCredential(TokenCredential),
   CachedCredential(CachedCredential),
 }
 
 impl Credential {
-  /// Create a credential from a globalprotectcallback:<base64 encoded string>
-  pub fn parse_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
-    // Remove the surrounding quotes
-    let auth_data = auth_data.trim_matches('"');
+  /// Create a credential from a globalprotectcallback:<base64 encoded string>,
+  /// or globalprotectcallback:cas-as=1&un=user@xyz.com&token=very_long_string
+  pub fn from_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
     let auth_data = auth_data.trim_start_matches("globalprotectcallback:");
-    let auth_data = decode_to_string(auth_data)?;
-    let auth_data = SamlAuthData::parse_html(&auth_data)?;
 
-    Self::try_from(auth_data)
+    if auth_data.starts_with("cas-as") {
+      info!("Got token auth data: {}", auth_data);
+      let token_cred: TokenCredential = serde_urlencoded::from_str(auth_data)?;
+      Ok(Self::TokenCredential(token_cred))
+    } else {
+      info!("Parsing SAML auth data...");
+      let auth_data = decode_to_string(auth_data)?;
+      let auth_data = SamlAuthData::from_html(&auth_data)?;
+
+      Self::try_from(auth_data)
+    }
   }
 
   pub fn username(&self) -> &str {
@@ -181,6 +207,7 @@ impl Credential {
       Credential::Password(cred) => cred.username(),
       Credential::PreloginCookie(cred) => cred.username(),
       Credential::AuthCookie(cred) => cred.username(),
+      Credential::TokenCredential(cred) => cred.username(),
       Credential::CachedCredential(cred) => cred.username(),
     }
   }
@@ -189,20 +216,23 @@ impl Credential {
     let mut params = HashMap::new();
     params.insert("user", self.username());
 
-    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie) = match self {
-      Credential::Password(cred) => (Some(cred.password()), None, None, None),
-      Credential::PreloginCookie(cred) => (None, Some(cred.prelogin_cookie()), None, None),
+    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie, token) = match self {
+      Credential::Password(cred) => (Some(cred.password()), None, None, None, None),
+      Credential::PreloginCookie(cred) => (None, Some(cred.prelogin_cookie()), None, None, None),
       Credential::AuthCookie(cred) => (
         None,
         None,
         Some(cred.user_auth_cookie()),
         Some(cred.prelogon_user_auth_cookie()),
+        None,
       ),
+      Credential::TokenCredential(cred) => (None, None, None, None, Some(cred.token())),
       Credential::CachedCredential(cred) => (
         cred.password(),
         None,
         Some(cred.auth_cookie.user_auth_cookie()),
         Some(cred.auth_cookie.prelogon_user_auth_cookie()),
+        None,
       ),
     };
 
@@ -214,6 +244,10 @@ impl Credential {
       portal_prelogonuserauthcookie.unwrap_or_default(),
     );
 
+    if let Some(token) = token {
+      params.insert("token", token);
+    }
+
     params
   }
 }
@@ -245,3 +279,38 @@ impl From<&CachedCredential> for Credential {
     Self::CachedCredential(value.clone())
   }
 }
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+
+  #[test]
+  fn cred_from_gpcallback_cas() {
+    let auth_data = "globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string";
+
+    let cred = Credential::from_gpcallback(auth_data).unwrap();
+
+    match cred {
+      Credential::TokenCredential(token_cred) => {
+        assert_eq!(token_cred.username(), "xyz@email.com");
+        assert_eq!(token_cred.token(), "very_long_string");
+      }
+      _ => panic!("Expected TokenCredential"),
+    }
+  }
+
+  #[test]
+  fn cred_from_gpcallback_non_cas() {
+    let auth_data = "PGh0bWw+PCEtLSA8c2FtbC1hdXRoLXN0YXR1cz4xPC9zYW1sLWF1dGgtc3RhdHVzPjxwcmVsb2dpbi1jb29raWU+cHJlbG9naW4tY29va2llPC9wcmVsb2dpbi1jb29raWU+PHNhbWwtdXNlcm5hbWU+eHl6QGVtYWlsLmNvbTwvc2FtbC11c2VybmFtZT48c2FtbC1zbG8+bm88L3NhbWwtc2xvPjxzYW1sLVNlc3Npb25Ob3RPbk9yQWZ0ZXI+PC9zYW1sLVNlc3Npb25Ob3RPbk9yQWZ0ZXI+IC0tPjwvaHRtbD4=";
+
+    let cred = Credential::from_gpcallback(auth_data).unwrap();
+
+    match cred {
+      Credential::PreloginCookie(cred) => {
+        assert_eq!(cred.username(), "xyz@email.com");
+        assert_eq!(cred.prelogin_cookie(), "prelogin-cookie");
+      }
+      _ => panic!("Expected PreloginCookieCredential")
+    }
+  }
+}

crates/gpapi/src/gp_params.rs

@@ -42,7 +42,7 @@ impl ClientOs {
   }
 }
 
-#[derive(Debug, Serialize, Deserialize, Type, Default)]
+#[derive(Debug, Serialize, Deserialize, Type, Default, Clone)]
 pub struct GpParams {
   is_gateway: bool,
   user_agent: String,
@@ -83,6 +83,10 @@ impl GpParams {
     self.prefer_default_browser
   }
 
+  pub fn set_prefer_default_browser(&mut self, prefer_default_browser: bool) {
+    self.prefer_default_browser = prefer_default_browser;
+  }
+
   pub fn client_os(&self) -> &str {
     self.client_os.as_str()
   }

crates/gpapi/src/portal/prelogin.rs

@@ -1,4 +1,4 @@
-use anyhow::bail;
+use anyhow::{anyhow, bail};
 use log::{info, warn};
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
@@ -29,6 +29,7 @@ pub struct SamlPrelogin {
   is_gateway: bool,
   saml_request: String,
   support_default_browser: bool,
+  is_cas: bool,
 }
 
 impl SamlPrelogin {
@@ -43,6 +44,14 @@ impl SamlPrelogin {
   pub fn support_default_browser(&self) -> bool {
     self.support_default_browser
   }
+
+  pub fn is_cas(&self) -> bool {
+    self.is_cas
+  }
+
+  fn set_is_cas(&mut self, is_cas: bool) {
+    self.is_cas = is_cas;
+  }
 }
 
 #[derive(Debug, Serialize, Type, Clone)]
@@ -97,6 +106,29 @@ impl Prelogin {
 }
 
 pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prelogin> {
+  match prelogin_impl(portal, gp_params).await {
+    Ok(prelogin) => Ok(prelogin),
+    Err(e) => {
+      if e.to_string().contains("CAS is not supported by the client") {
+        info!("CAS authentication detected, retrying with default browser");
+        let mut gp_params = gp_params.clone();
+        gp_params.set_prefer_default_browser(true);
+
+        let mut prelogin = prelogin_impl(portal, &gp_params).await?;
+        // Mark the prelogin as CAS
+        if let Prelogin::Saml(saml) = &mut prelogin {
+          saml.set_is_cas(true);
+        }
+
+        Ok(prelogin)
+      } else {
+        Err(e)
+      }
+    }
+  }
+}
+
+pub async fn prelogin_impl(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prelogin> {
   let user_agent = gp_params.user_agent();
   info!("Prelogin with user_agent: {}", user_agent);
 
@@ -107,12 +139,16 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
   let mut params = gp_params.to_params();
 
   params.insert("tmp", "tmp");
+  // CAS support requires external browser
   if gp_params.prefer_default_browser() {
     params.insert("default-browser", "1");
+    params.insert("cas-support", "yes");
   }
 
   params.retain(|k, _| REQUIRED_PARAMS.iter().any(|required_param| required_param == k));
 
+  info!("Prelogin with params: {:?}", params);
+
   let client = Client::builder()
     .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
     .user_agent(user_agent)
@@ -124,8 +160,8 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
     .send()
     .await
     .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
-  let status = res.status();
 
+  let status = res.status();
   if status == StatusCode::NOT_FOUND {
     bail!(PortalError::PreloginError("Prelogin endpoint not found".to_string()))
   }
@@ -177,6 +213,7 @@ fn parse_res_xml(res_xml: String, is_gateway: bool) -> anyhow::Result<Prelogin>
       is_gateway,
       saml_request,
       support_default_browser,
+      is_cas: false,
     };
 
     return Ok(Prelogin::Saml(saml_prelogin));
@@ -196,8 +233,8 @@ fn parse_res_xml(res_xml: String, is_gateway: bool) -> anyhow::Result<Prelogin>
       label_password: label_password.unwrap(),
     };
 
-    return Ok(Prelogin::Standard(standard_prelogin));
+    Ok(Prelogin::Standard(standard_prelogin))
+  } else {
+    Err(anyhow!("Invalid prelogin response"))
   }
-
-  bail!("Invalid prelogin response");
 }

packaging/binary/Makefile.in

@@ -1,7 +1,3 @@
-INCLUDE_SYSTEMD ?= $(shell [ -d /run/systemd/system ] && echo 1 || echo 0)
-# Enable the systemd service after installation
-ENABLE_SERVICE ?= 1
-
 install:
 	@echo "===> Installing..."
 
@@ -21,28 +17,9 @@ install:
 	install -Dm644 artifacts/usr/share/icons/hicolor/256x256@2/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	install -Dm644 artifacts/usr/share/polkit-1/actions/com.yuezk.gpgui.policy $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
 
-	# Install the service
-	if [ $(INCLUDE_SYSTEMD) -eq 1 ]; then \
-		install -Dm644 artifacts/usr/lib/systemd/system/gp-suspend.service $(DESTDIR)/usr/lib/systemd/system/gp-suspend.service; \
-		if [ $(ENABLE_SERVICE) -eq 1 ]; then \
-			systemctl --system daemon-reload; \
-			systemctl enable gp-suspend.service; \
-		fi; \
-	fi
-
-	@echo "===> Done."
-
 uninstall:
 	@echo "===> Uninstalling from $(DESTDIR)..."
 
-	# Disable the systemd service
-	if [ -d /run/systemd/system ]; then \
-		systemctl disable gp-suspend.service >/dev/null || true; \
-	fi
-
-	rm -f $(DESTDIR)/lib/systemd/system/gp-suspend.service
-	rm -f $(DESTDIR)/usr/lib/systemd/system/gp-suspend.service
-
 	rm -f $(DESTDIR)/usr/bin/gpclient
 	rm -f $(DESTDIR)/usr/bin/gpservice
 	rm -f $(DESTDIR)/usr/bin/gpauth
@@ -55,5 +32,3 @@ uninstall:
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
-
-	@echo "===> Done."

packaging/deb/postrm

@@ -11,6 +11,4 @@ case "$1" in
     ;;
 esac
 
-#DEBHELPER#
-
 exit 0

packaging/deb/rules.in

@@ -2,12 +2,6 @@
 
 export OFFLINE = @OFFLINE@
 export BUILD_FE = 0
-export DEB_PACKAGING = 1
-export INCLUDE_SYSTEMD = 1
-export ENABLE_SERVICE = 0
 
 %:
 	dh $@ --no-parallel
-
-override_dh_installsystemd:
-	dh_installsystemd gp-suspend.service --no-start

packaging/files/usr/lib/systemd/system/gp-suspend.service

@@ -1,10 +0,0 @@
-[Unit]
-Description=Disconnect from the VPN when suspending
-Before=sleep.target
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/gpclient disconnect
-
-[Install]
-WantedBy=sleep.target

packaging/pkgbuild/PKGBUILD.in

@@ -14,8 +14,6 @@ optdepends=('wmctrl: for window management')
 
 provides=('globalprotect-openconnect' 'gpclient' 'gpservice' 'gpauth' 'gpgui')
 
-install=gp.install
-
 source=("${_pkgname}-${pkgver}.tar.gz")
 sha256sums=('SKIP')
 
@@ -33,5 +31,5 @@ build() {
 package() {
   cd "$pkgname-$pkgver"
 
-  make install DESTDIR="$pkgdir" INCLUDE_SYSTEMD=1 ENABLE_SERVICE=0
+  make install DESTDIR="$pkgdir"
 }

packaging/pkgbuild/gp.install

@@ -1,12 +0,0 @@
-post_install() {
-    systemctl --system daemon-reload
-    systemctl enable gp-suspend.service
-}
-
-post_upgrade() {
-    post_install
-}
-
-post_remove() {
-    systemctl disable gp-suspend.service
-}

packaging/rpm/globalprotect-openconnect.spec.in

@@ -22,7 +22,6 @@ BuildRequires:  perl
 BuildRequires:  (webkit2gtk4.0-devel or webkit2gtk3-soup2-devel)
 BuildRequires:  (libappindicator-gtk3-devel or libappindicator3-1)
 BuildRequires:  (librsvg2-devel or librsvg-devel)
-BuildRequires:  systemd-rpm-macros
 
 Requires:       openconnect >= 8.20, (libayatana-appindicator or libappindicator-gtk3)
 Conflicts:      globalprotect-openconnect-snapshot
@@ -35,42 +34,16 @@ A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authenticati
 %prep
 %setup
 
-%pre
-%if 0%{?suse_version}
-  %service_add_pre gp-suspend.service
-%endif
-
-%post
-%if 0%{?suse_version}
-  %service_add_post gp-suspend.service
-%else
-  %systemd_post gp-suspend.service
-%endif
-
-%preun
-%if 0%{?suse_version}
-  %service_del_preun gp-suspend.service
-%else
-  %systemd_preun gp-suspend.service
-%endif
-
 %postun
-# Clean up the gpgui downloaded at runtime
 rm -f %{_bindir}/gpgui
 
-%if 0%{?suse_version}
-  %service_del_postun_without_restart gp-suspend.service
-%else
-  %systemd_postun gp-suspend.service
-%endif
-
 %build
 # The injected RUSTFLAGS could fail the build
 unset RUSTFLAGS
 make build OFFLINE=@OFFLINE@ BUILD_FE=0
 
 %install
-%make_install INCLUDE_SYSTEMD=1 ENABLE_SERVICE=0
+%make_install
 
 %files
 %defattr(-,root,root)
@@ -81,7 +54,6 @@ make build OFFLINE=@OFFLINE@ BUILD_FE=0
 %{_datadir}/icons/hicolor/256x256@2/apps/gpgui.png
 %{_datadir}/icons/hicolor/scalable/apps/gpgui.svg
 %{_datadir}/polkit-1/actions/com.yuezk.gpgui.policy
-%{_unitdir}/gp-suspend.service
 
 %dir %{_datadir}/icons/hicolor
 %dir %{_datadir}/icons/hicolor/32x32