Release 2.3.11

.github/workflows/build.yaml

@@ -14,6 +14,11 @@ on:
       - release/*
     tags:
       - v*.*.*
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   # Include arm64 if ref is a tag
   setup-matrix:
@@ -62,6 +67,47 @@ jobs:
         path: |
           source/gp/.build/tarball/*.tar.gz
 
+  tarball-offline:
+    if: ${{ startsWith(github.ref, 'refs/tags/') }}
+    runs-on: ubuntu-latest
+    needs:
+    - tarball
+    steps:
+    - uses: pnpm/action-setup@v2
+      with:
+        version: 8
+
+    - name: Prepare workspace
+      run: rm -rf source-offline && mkdir source-offline
+
+    - name: Download tarball
+      uses: actions/download-artifact@v3
+      with:
+        name: artifact-source
+        path: source-offline
+
+    - name: Create offline tarball
+      run: |
+        cd source-offline
+
+        offline_tarball=$(basename *.tar.gz .tar.gz).offline.tar.gz
+
+        # Extract the tarball
+        tar -xzf *.tar.gz
+
+        cd */
+        make tarball OFFLINE=1
+
+        # Rename the tarball to .offline.tar.gz
+        mv -v .build/tarball/*.tar.gz ../$offline_tarball
+
+    - name: Upload offline tarball
+      uses: actions/upload-artifact@v3
+      with:
+        path: source-offline/*.offline.tar.gz
+        name: artifact-source-offline
+        if-no-files-found: error
+
   build-gp:
     needs:
     - setup-matrix
@@ -162,6 +208,7 @@ jobs:
     runs-on: ubuntu-latest
     needs:
       - tarball
+      - tarball-offline
       - build-gp
       - build-gpgui
 

.github/workflows/publish.yaml

@@ -52,38 +52,43 @@ jobs:
         version: 8
     - name: Prepare workspace
       run: rm -rf publish-ppa && mkdir publish-ppa
-    - name: Download ${{ inputs.tag }} source code
+    - name: Download ${{ inputs.tag }} offline source code
       uses: robinraju/release-downloader@v1.9
       with:
         token: ${{ secrets.GH_PAT }}
         tag: ${{ inputs.tag }}
-        fileName: globalprotect-openconnect-*.tar.gz
+        fileName: globalprotect-openconnect-*.offline.tar.gz
         tarBall: false
         zipBall: false
         out-file-path: publish-ppa
-    - name: Make the offline tarball
+    - name: Patch the source code
       run: |
         cd publish-ppa
-        tar -xf globalprotect-openconnect-*.tar.gz
-        cd globalprotect-openconnect-*/
 
-        make tarball OFFLINE=1
+        # Rename the source tarball without the offline suffix
+        mv *.tar.gz $(basename *.tar.gz .offline.tar.gz).tar.gz
+
+        # Extract the source tarball
+        tar -xzf *.tar.gz
 
         # Prepare the debian directory with custom files
+        cd globalprotect-openconnect-*/
+
         mkdir -p .build/debian
-        sed 's/@RUST@/rust-all(>=1.70)/g' packaging/deb/control.in > .build/debian/control
+        sed 's/@RUST@/rust-all(>=1.71)/g' packaging/deb/control.in > .build/debian/control
         sed 's/@OFFLINE@/1/g' packaging/deb/rules.in > .build/debian/rules
         cp packaging/deb/postrm .build/debian/postrm
 
     - name: Publish to PPA
-      uses: yuezk/publish-ppa-package@v2
+      uses: yuezk/publish-ppa-package@gp_2.3.x
       with:
         repository: "yuezk/globalprotect-openconnect"
         gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
         gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
-        tarball: publish-ppa/globalprotect-openconnect-*/.build/tarball/*.tar.gz
+        tarball: publish-ppa/globalprotect-openconnect-*.tar.gz
         debian_dir: publish-ppa/globalprotect-openconnect-*/.build/debian
         deb_email: "k3vinyue@gmail.com"
         deb_fullname: "Kevin Yue"
         extra_ppa: "yuezk/globalprotect-openconnect liushuyu-011/rust-bpo-1.75"
+        series: "bionic focal"
         revision: ${{ inputs.revision }}

Cargo.toml

@@ -1,11 +1,17 @@
 [workspace]
 resolver = "2"
 
-members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth", "apps/gpgui-helper/src-tauri"]
+members = [
+  "crates/*",
+  "apps/gpclient",
+  "apps/gpservice",
+  "apps/gpauth",
+  "apps/gpgui-helper/src-tauri",
+]
 
 [workspace.package]
-rust-version = "1.70"
-version = "2.3.9"
+rust-version = "1.71.1"
+version = "2.3.11"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"
@@ -13,43 +19,43 @@ license = "GPL-3.0"
 
 [workspace.dependencies]
 anyhow = "1.0"
-base64 = "0.21"
-clap = { version = "4.4.2", features = ["derive"] }
+base64 = "0.22"
+clap = { version = "~4.4.2", features = ["derive"] }
 ctrlc = "3.4"
 directories = "5.0"
 dns-lookup = "2.0.4"
-env_logger = "0.10"
+env_logger = "0.11"
 is_executable = "1.0"
 log = "0.4"
 regex = "1"
 reqwest = { version = "0.11", features = ["native-tls-vendored", "json"] }
 openssl = "0.10"
 pem = "3"
-roxmltree = "0.18"
+roxmltree = "0.20"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
-sysinfo = "0.29"
+sysinfo = "0.30"
 tempfile = "3.8"
-tokio = { version = "1", features = ["full"] }
+tokio = { version = "1" }
 tokio-util = "0.7"
 url = "2.4"
 urlencoding = "2.1.3"
 axum = "0.7"
 futures = "0.3"
 futures-util = "0.3"
-tokio-tungstenite = "0.20.1"
-uzers = "0.11"
+tokio-tungstenite = "0.26.1"
+uzers = "0.12"
 whoami = "1"
-thiserror = "1"
+thiserror = "2"
 redact-engine = "0.1"
 compile-time = "0.2"
 serde_urlencoded = "0.7"
 md5 = "0.7"
 sha256 = "1"
-which="6"
+which = "7"
 
 # Tauri dependencies
-tauri = { version = "1.5" }
+tauri = { version = "1" }
 specta = "=2.0.0-rc.1"
 specta-macros = "=2.0.0-rc.1"
 rspc = { version = "1.0.0-rc.5", features = ["tauri"] }

Makefile

@@ -117,6 +117,10 @@ install:
 		install -Dm755 .build/gpgui/gpgui_*/gpgui $(DESTDIR)/usr/bin/gpgui; \
 	fi
 
+	# Install the disconnect hooks
+	install -Dm755 packaging/files/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
+	install -Dm755 packaging/files/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
+
 	install -Dm644 packaging/files/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
 	install -Dm644 packaging/files/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	install -Dm644 packaging/files/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
@@ -133,6 +137,9 @@ uninstall:
 	rm -f $(DESTDIR)/usr/bin/gpgui-helper
 	rm -f $(DESTDIR)/usr/bin/gpgui
 
+	rm -f $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
+	rm -f $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
+
 	rm -f $(DESTDIR)/usr/share/applications/gpgui.desktop
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png

apps/gpclient/Cargo.toml

@@ -14,7 +14,7 @@ clap.workspace = true
 env_logger.workspace = true
 inquire = "0.6.2"
 log.workspace = true
-tokio.workspace = true
+tokio = { workspace = true, features = ["rt-multi-thread"] }
 sysinfo.workspace = true
 serde_json.workspace = true
 whoami.workspace = true

apps/gpclient/src/cli.rs

@@ -7,7 +7,7 @@ use tempfile::NamedTempFile;
 
 use crate::{
   connect::{ConnectArgs, ConnectHandler},
-  disconnect::DisconnectHandler,
+  disconnect::{DisconnectArgs, DisconnectHandler},
   launch_gui::{LaunchGuiArgs, LaunchGuiHandler},
 };
 
@@ -23,7 +23,7 @@ enum CliCommand {
   #[command(about = "Connect to a portal server")]
   Connect(Box<ConnectArgs>),
   #[command(about = "Disconnect from the server")]
-  Disconnect,
+  Disconnect(DisconnectArgs),
   #[command(about = "Launch the GUI")]
   LaunchGui(LaunchGuiArgs),
 }
@@ -81,7 +81,7 @@ impl Cli {
 
     match &self.command {
       CliCommand::Connect(args) => ConnectHandler::new(args, &shared_args).handle().await,
-      CliCommand::Disconnect => DisconnectHandler::new().handle(),
+      CliCommand::Disconnect(args) => DisconnectHandler::new(args).handle().await,
       CliCommand::LaunchGui(args) => LaunchGuiHandler::new(args).handle().await,
     }
   }

apps/gpclient/src/connect.rs

@@ -84,10 +84,10 @@ pub(crate) struct ConnectArgs {
   #[arg(long, default_value = GP_USER_AGENT, help = "The user agent to use")]
   user_agent: String,
 
-  #[arg(long, default_value = "Linux")]
+  #[arg(long, value_enum, default_value_t = ConnectArgs::default_os())]
   os: Os,
 
-  #[arg(long)]
+  #[arg(long, help = "If not specified, it will be computed based on the --os option")]
   os_version: Option<String>,
 
   #[arg(long, help = "Disable DTLS and ESP")]
@@ -110,9 +110,17 @@ pub(crate) struct ConnectArgs {
 }
 
 impl ConnectArgs {
+  fn default_os() -> Os {
+    if cfg!(target_os = "macos") {
+      Os::Mac
+    } else {
+      Os::Linux
+    }
+  }
+
   fn os_version(&self) -> String {
-    if let Some(os_version) = &self.os_version {
-      return os_version.to_owned();
+    if let Some(os_version) = self.os_version.as_deref() {
+      return os_version.to_string();
     }
 
     match self.os {

apps/gpclient/src/disconnect.rs

@@ -1,31 +1,63 @@
 use crate::GP_CLIENT_LOCK_FILE;
+use clap::Args;
+use gpapi::utils::lock_file::gpservice_lock_info;
 use log::{info, warn};
-use std::fs;
-use sysinfo::{Pid, ProcessExt, Signal, System, SystemExt};
+use std::{fs, str::FromStr, thread, time::Duration};
+use sysinfo::{Pid, Signal, System};
 
-pub(crate) struct DisconnectHandler;
-
-impl DisconnectHandler {
-  pub(crate) fn new() -> Self {
-    Self
+#[derive(Args)]
+pub struct DisconnectArgs {
+  #[arg(
+    long,
+    required = false,
+    help = "The time in seconds to wait for the VPN connection to disconnect"
+  )]
+  wait: Option<u64>,
 }
 
-  pub(crate) fn handle(&self) -> anyhow::Result<()> {
-    if fs::metadata(GP_CLIENT_LOCK_FILE).is_err() {
-      warn!("PID file not found, maybe the client is not running");
-      return Ok(());
+pub struct DisconnectHandler<'a> {
+  args: &'a DisconnectArgs,
 }
 
-    let pid = fs::read_to_string(GP_CLIENT_LOCK_FILE)?;
-    let pid = pid.trim().parse::<usize>()?;
+impl<'a> DisconnectHandler<'a> {
+  pub fn new(args: &'a DisconnectArgs) -> Self {
+    Self { args }
+  }
+
+  pub async fn handle(&self) -> anyhow::Result<()> {
+    // Try to disconnect the CLI client
+    if let Ok(c) = fs::read_to_string(GP_CLIENT_LOCK_FILE) {
+      send_signal(c.trim(), Signal::Interrupt).unwrap_or_else(|err| {
+        warn!("Failed to send signal to client: {}", err);
+      });
+    };
+
+    // Try to disconnect the GUI service
+    if let Ok(c) = gpservice_lock_info().await {
+      send_signal(&c.pid.to_string(), Signal::User1).unwrap_or_else(|err| {
+        warn!("Failed to send signal to service: {}", err);
+      });
+    };
+
+    // sleep, to give the client and service time to disconnect
+    if let Some(wait) = self.args.wait {
+      thread::sleep(Duration::from_secs(wait));
+    }
+
+    Ok(())
+  }
+}
+
+fn send_signal(pid: &str, signal: Signal) -> anyhow::Result<()> {
   let s = System::new_all();
+  let pid = Pid::from_str(pid)?;
 
-    if let Some(process) = s.process(Pid::from(pid)) {
-      info!("Found process {}, killing...", pid);
-      if process.kill_with(Signal::Interrupt).is_none() {
+  if let Some(process) = s.process(pid) {
+    info!("Found process {}, sending signal...", pid);
+
+    if process.kill_with(signal).is_none() {
       warn!("Failed to kill process {}", pid);
     }
   }
   Ok(())
 }
-}

apps/gpservice/Cargo.toml

@@ -9,7 +9,7 @@ gpapi = { path = "../../crates/gpapi" }
 openconnect = { path = "../../crates/openconnect" }
 clap.workspace = true
 anyhow.workspace = true
-tokio.workspace = true
+tokio = { workspace = true, features = ["rt-multi-thread"] }
 tokio-util.workspace = true
 axum = { workspace = true, features = ["ws"] }
 futures.workspace = true

apps/gpservice/src/cli.rs

@@ -30,7 +30,8 @@ struct Cli {
 
 impl Cli {
   async fn run(&mut self, redaction: Arc<Redaction>) -> anyhow::Result<()> {
-    let lock_file = Arc::new(LockFile::new(GP_SERVICE_LOCK_FILE));
+    let pid = std::process::id();
+    let lock_file = Arc::new(LockFile::new(GP_SERVICE_LOCK_FILE, pid));
 
     if lock_file.check_health().await {
       bail!("Another instance of the service is already running");
@@ -48,9 +49,17 @@ impl Cli {
 
     let (shutdown_tx, mut shutdown_rx) = mpsc::channel::<()>(4);
     let shutdown_tx_clone = shutdown_tx.clone();
-    let vpn_task_token = vpn_task.cancel_token();
+    let vpn_task_cancel_token = vpn_task.cancel_token();
     let server_token = ws_server.cancel_token();
 
+    #[cfg(unix)]
+    {
+      let vpn_ctx = vpn_task.context();
+      let ws_ctx = ws_server.context();
+
+      tokio::spawn(async move { signals::handle_signals(vpn_ctx, ws_ctx).await });
+    }
+
     let vpn_task_handle = tokio::spawn(async move { vpn_task.start(server_token).await });
     let ws_server_handle = tokio::spawn(async move { ws_server.start(shutdown_tx_clone).await });
 
@@ -82,7 +91,7 @@ impl Cli {
       }
     }
 
-    vpn_task_token.cancel();
+    vpn_task_cancel_token.cancel();
     let _ = tokio::join!(vpn_task_handle, ws_server_handle);
 
     lock_file.unlock()?;
@@ -125,6 +134,54 @@ fn init_logger() -> Arc<Redaction> {
   redaction
 }
 
+#[cfg(unix)]
+mod signals {
+  use std::sync::Arc;
+
+  use log::{info, warn};
+
+  use crate::vpn_task::VpnTaskContext;
+  use crate::ws_server::WsServerContext;
+
+  const DISCONNECTED_PID_FILE: &str = "/tmp/gpservice_disconnected.pid";
+
+  pub(crate) async fn handle_signals(vpn_ctx: Arc<VpnTaskContext>, ws_ctx: Arc<WsServerContext>) {
+    use gpapi::service::event::WsEvent;
+    use tokio::signal::unix::{signal, Signal, SignalKind};
+
+    let (mut user_sig1, mut user_sig2) = match || -> anyhow::Result<(Signal, Signal)> {
+      let user_sig1 = signal(SignalKind::user_defined1())?;
+      let user_sig2 = signal(SignalKind::user_defined2())?;
+      Ok((user_sig1, user_sig2))
+    }() {
+      Ok(signals) => signals,
+      Err(err) => {
+        warn!("Failed to create signal: {}", err);
+        return;
+      }
+    };
+
+    loop {
+      tokio::select! {
+        _ = user_sig1.recv() => {
+          info!("Received SIGUSR1 signal");
+          if vpn_ctx.disconnect().await {
+            // Write the PID to a dedicated file to indicate that the VPN task is disconnected via SIGUSR1
+            let pid = std::process::id();
+            if let Err(err) = tokio::fs::write(DISCONNECTED_PID_FILE, pid.to_string()).await {
+              warn!("Failed to write PID to file: {}", err);
+            }
+          }
+        }
+        _ = user_sig2.recv() => {
+          info!("Received SIGUSR2 signal");
+          ws_ctx.send_event(WsEvent::ResumeConnection).await;
+        }
+      }
+    }
+  }
+}
+
 async fn launch_gui(envs: Option<HashMap<String, String>>, api_key: Vec<u8>, mut minimized: bool) {
   loop {
     let gui_launcher = GuiLauncher::new(env!("CARGO_PKG_VERSION"), &api_key)

apps/gpservice/src/handlers.rs

@@ -43,7 +43,7 @@ pub(crate) async fn auth_data(State(ctx): State<Arc<WsServerContext>>, body: Str
   ctx.send_event(WsEvent::AuthData(body)).await;
 }
 
-pub async fn update_gui(State(ctx): State<Arc<WsServerContext>>, body: Bytes) -> Result<(), StatusCode> {
+pub(crate) async fn update_gui(State(ctx): State<Arc<WsServerContext>>, body: Bytes) -> Result<(), StatusCode> {
   let payload = match ctx.decrypt::<UpdateGuiRequest>(body.to_vec()) {
     Ok(payload) => payload,
     Err(err) => {

apps/gpservice/src/vpn_task.rs

@@ -87,7 +87,7 @@ impl VpnTaskContext {
     });
   }
 
-  pub async fn disconnect(&self) {
+  pub async fn disconnect(&self) -> bool {
     if let Some(disconnect_rx) = self.disconnect_rx.write().await.take() {
       info!("Disconnecting VPN...");
       if let Some(vpn) = self.vpn_handle.read().await.as_ref() {
@@ -98,9 +98,13 @@ impl VpnTaskContext {
       // Wait for the VPN to be disconnected
       disconnect_rx.await.ok();
       info!("VPN disconnected");
+
+      true
     } else {
       info!("VPN is not connected, skip disconnect");
       self.vpn_state_tx.send(VpnState::Disconnected).ok();
+
+      false
     }
   }
 }
@@ -143,6 +147,10 @@ impl VpnTask {
     server_cancel_token.cancel();
   }
 
+  pub fn context(&self) -> Arc<VpnTaskContext> {
+    return Arc::clone(&self.ctx);
+  }
+
   async fn recv(&mut self) {
     while let Some(req) = self.ws_req_rx.recv().await {
       tokio::spawn(process_ws_req(req, self.ctx.clone()));

apps/gpservice/src/ws_server.rs

@@ -113,6 +113,10 @@ impl WsServer {
     }
   }
 
+  pub fn context(&self) -> Arc<WsServerContext> {
+    Arc::clone(&self.ctx)
+  }
+
   pub fn cancel_token(&self) -> CancellationToken {
     self.cancel_token.clone()
   }
@@ -124,7 +128,7 @@ impl WsServer {
         warn!("Failed to start WS server: {}", err);
         let _ = shutdown_tx.send(()).await;
         return;
-      },
+      }
     };
 
     tokio::select! {
@@ -149,7 +153,7 @@ impl WsServer {
 
     info!("WS server listening on port: {}", port);
 
-    self.lock_file.lock(port.to_string())?;
+    self.lock_file.lock(&port.to_string())?;
 
     Ok(listener)
   }

changelog.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 2.3.11 - 2024-01-21
+
+- Update minimal Rust version to 1.71.1, so that the PPA can be built on Ubuntu 18.04.
+
+## 2.3.10 - 2024-01-20
+
+- Disconnect the VPN when sleep (fix [#166](https://github.com/yuezk/GlobalProtect-openconnect/issues/166), [#267](https://github.com/yuezk/GlobalProtect-openconnect/issues/267))
+
 ## 2.3.9 - 2024-11-02
 
 - Enhance the OpenSSL compatibility mode (fix [#437](https://github.com/yuezk/GlobalProtect-openconnect/issues/437))

crates/gpapi/Cargo.toml

@@ -17,7 +17,7 @@ serde.workspace = true
 specta.workspace = true
 specta-macros.workspace = true
 urlencoding.workspace = true
-tokio.workspace = true
+tokio = { workspace = true, features = ["process", "signal", "macros"] }
 serde_json.workspace = true
 whoami.workspace = true
 tempfile.workspace = true
@@ -32,6 +32,9 @@ md5.workspace = true
 sha256.workspace = true
 which.workspace = true
 
+# Pin the version of home because the latest version requires Rust 1.81
+home = "=0.5.9"
+
 tauri = { workspace = true, optional = true }
 clap = { workspace = true, optional = true }
 open = { version = "5", optional = true }

crates/gpapi/src/service/event.rs

@@ -9,4 +9,5 @@ pub enum WsEvent {
   ActiveGui,
   /// External authentication data
   AuthData(String),
+  ResumeConnection,
 }

crates/gpapi/src/utils/endpoint.rs

@@ -1,10 +1,9 @@
-use tokio::fs;
-
-use crate::GP_SERVICE_LOCK_FILE;
+use super::lock_file::gpservice_lock_info;
 
 async fn read_port() -> anyhow::Result<String> {
-  let port = fs::read_to_string(GP_SERVICE_LOCK_FILE).await?;
-  Ok(port.trim().to_string())
+  let lock_info = gpservice_lock_info().await?;
+
+  Ok(lock_info.port.to_string())
 }
 
 pub async fn http_endpoint() -> anyhow::Result<String> {

crates/gpapi/src/utils/lock_file.rs

@@ -1,19 +1,24 @@
 use std::path::PathBuf;
 
+use thiserror::Error;
+use tokio::fs;
+
 pub struct LockFile {
   path: PathBuf,
+  pid: u32,
 }
 
 impl LockFile {
-  pub fn new<P: Into<PathBuf>>(path: P) -> Self {
-    Self { path: path.into() }
+  pub fn new<P: Into<PathBuf>>(path: P, pid: u32) -> Self {
+    Self { path: path.into(), pid }
   }
 
   pub fn exists(&self) -> bool {
     self.path.exists()
   }
 
-  pub fn lock(&self, content: impl AsRef<[u8]>) -> anyhow::Result<()> {
+  pub fn lock(&self, content: &str) -> anyhow::Result<()> {
+    let content = format!("{}:{}", self.pid, content);
     std::fs::write(&self.path, content)?;
     Ok(())
   }
@@ -37,3 +42,87 @@ impl LockFile {
     }
   }
 }
+
+#[derive(Error, Debug)]
+pub enum LockFileError {
+  #[error("Failed to read lock file: {0}")]
+  IoError(#[from] std::io::Error),
+
+  #[error("Invalid lock file format: expected 'pid:port'")]
+  InvalidFormat,
+
+  #[error("Invalid PID value: {0}")]
+  InvalidPid(std::num::ParseIntError),
+
+  #[error("Invalid port value: {0}")]
+  InvalidPort(std::num::ParseIntError),
+}
+
+pub struct LockInfo {
+  pub pid: u32,
+  pub port: u32,
+}
+
+impl LockInfo {
+  async fn from_file(path: impl AsRef<std::path::Path>) -> Result<Self, LockFileError> {
+    let content = fs::read_to_string(path).await?;
+    Self::parse(&content)
+  }
+
+  fn parse(content: &str) -> Result<Self, LockFileError> {
+    let mut parts = content.trim().split(':');
+
+    let pid = parts
+      .next()
+      .ok_or(LockFileError::InvalidFormat)?
+      .parse()
+      .map_err(LockFileError::InvalidPid)?;
+
+    let port = parts
+      .next()
+      .ok_or(LockFileError::InvalidFormat)?
+      .parse()
+      .map_err(LockFileError::InvalidPort)?;
+
+    // Ensure there are no extra parts after pid:port
+    if parts.next().is_some() {
+      return Err(LockFileError::InvalidFormat);
+    }
+
+    Ok(Self { pid, port })
+  }
+}
+
+pub async fn gpservice_lock_info() -> Result<LockInfo, LockFileError> {
+  LockInfo::from_file(crate::GP_SERVICE_LOCK_FILE).await
+}
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+
+  #[test]
+  fn test_parse_valid_input() {
+    let info = LockInfo::parse("1234:8080").unwrap();
+    assert_eq!(info.pid, 1234);
+    assert_eq!(info.port, 8080);
+  }
+
+  #[test]
+  fn test_parse_invalid_format() {
+    assert!(matches!(
+      LockInfo::parse("123:456:789"),
+      Err(LockFileError::InvalidFormat)
+    ));
+  }
+
+  #[test]
+  fn test_parse_invalid_numbers() {
+    assert!(matches!(LockInfo::parse("abc:8080"), Err(LockFileError::InvalidPid(_))));
+
+    assert!(matches!(
+      LockInfo::parse("1234:abc"),
+      Err(LockFileError::InvalidPort(_))
+    ));
+  }
+}

packaging/binary/Makefile.in

@@ -10,6 +10,10 @@ install:
 		install -Dm755 artifacts/usr/bin/gpgui $(DESTDIR)/usr/bin/gpgui; \
 	fi
 
+	# Install the disconnect hooks
+	install -Dm755 artifacts/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
+	install -Dm755 artifacts/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
+
 	install -Dm644 artifacts/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
 	install -Dm644 artifacts/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	install -Dm644 artifacts/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
@@ -26,6 +30,9 @@ uninstall:
 	rm -f $(DESTDIR)/usr/bin/gpgui-helper
 	rm -f $(DESTDIR)/usr/bin/gpgui
 
+	rm -f $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
+	rm -f $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
+
 	rm -f $(DESTDIR)/usr/share/applications/gpgui.desktop
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png

packaging/files/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# Resume the VPN connection if the network comes back up
+
+set -e
+
+PIDFILE=/tmp/gpservice_disconnected.pid
+
+resume_vpn() {
+  if [ -f $PIDFILE ]; then
+    PID=$(cat $PIDFILE)
+
+    # Always remove the PID file
+    rm $PIDFILE
+
+    # Ensure the PID is a gpservice process
+    if ps -p $PID -o comm= | grep -q gpservice; then
+      # Send a USR2 signal to the gpclient process to resume the VPN connection
+      kill -USR2 $PID
+    fi
+  fi
+}
+
+if [ "$2" = "up" ]; then
+  resume_vpn
+fi

packaging/files/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -e
+
+# Disconnect the VPN connection before the network goes down
+/usr/bin/gpclient disconnect --wait 3

packaging/rpm/globalprotect-openconnect.spec.in

@@ -55,6 +55,13 @@ make build OFFLINE=@OFFLINE@ BUILD_FE=0
 %{_datadir}/icons/hicolor/scalable/apps/gpgui.svg
 %{_datadir}/polkit-1/actions/com.yuezk.gpgui.policy
 
+%dir /usr/lib/NetworkManager
+%dir /usr/lib/NetworkManager/dispatcher.d
+%dir /usr/lib/NetworkManager/dispatcher.d/pre-down.d
+
+/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
+/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
+
 %dir %{_datadir}/icons/hicolor
 %dir %{_datadir}/icons/hicolor/32x32
 %dir %{_datadir}/icons/hicolor/32x32/apps

rust-toolchain.toml

@@ -0,0 +1,2 @@
+[toolchain]
+channel = "1.71.1"

scripts/gh-release.sh

@@ -40,7 +40,7 @@ release_tag() {
   gh -R "$REPO" release create $TAG \
     --title "$TAG" \
     --notes "$RELEASE_NOTES" \
-    "$PROJECT_DIR"/.build/artifacts/artifact-source/* \
+    "$PROJECT_DIR"/.build/artifacts/artifact-source*/* \
     "$PROJECT_DIR"/.build/artifacts/artifact-gpgui-*/*
 }