fix: disconnect VPN when sleep

2025-05-20 07:26:58 -04:00 · 2025-01-20 11:59:40 +08:00
29 changed files with 77 additions and 364 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -44,8 +44,7 @@ jobs:
      with:
        version: 9
    - name: Prepare workspace
-      run: rm -rf source && mkdir -p source/artifacts
+      run: rm -rf source && mkdir source
    - name: Checkout GlobalProtect-openconnect
      uses: actions/checkout@v4
      with:
@@ -53,7 +52,6 @@ jobs:
        repository: yuezk/GlobalProtect-openconnect
        ref: ${{ github.ref }}
        path: source/gp
    - name: Create tarball
      run: |
        cd source/gp
@@ -62,69 +60,13 @@ jobs:
          touch SNAPSHOT
        fi
        make tarball
        mv -v .build/tarball/*.tar.gz ../artifacts/
    - name: Generate RPM spec file
      env:
        RELEASE_TAG: ${{ github.ref == 'refs/heads/dev' && 'snapshot' || github.ref_name }}
      run: |
        cd source/gp
        make init-rpm \
          REVISION='1%{?dist}' \
          RPM_SOURCE=https://github.com/yuezk/GlobalProtect-openconnect/releases/download/${RELEASE_TAG}/%{name}-%{version}.tar.gz
        mv -v .build/rpm/*.spec ../artifacts/
    - name: Upload tarball
      uses: actions/upload-artifact@v4
      with:
        name: artifact-source
        if-no-files-found: error
        path: |
-          source/artifacts/*
+          source/gp/.build/tarball/*.tar.gz
  tarball-offline:
    if: ${{ github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/') }}
    runs-on: ubuntu-latest
    needs:
    - tarball
    steps:
    - uses: pnpm/action-setup@v4
      with:
        version: 9
    - name: Prepare workspace
      run: rm -rf source-offline && mkdir source-offline
    - name: Download tarball
      uses: actions/download-artifact@v4
      with:
        name: artifact-source
        path: source-offline
    - name: Create offline tarball
      run: |
        cd source-offline
        offline_tarball=$(basename *.tar.gz .tar.gz).offline.tar.gz
        # Extract the tarball
        tar -xzf *.tar.gz
        cd */
        make tarball OFFLINE=1
        # Rename the tarball to .offline.tar.gz
        mv -v .build/tarball/*.tar.gz ../$offline_tarball
    - name: Upload offline tarball
      uses: actions/upload-artifact@v4
      with:
        path: source-offline/*.offline.tar.gz
        name: artifact-source-offline
        if-no-files-found: error
  build-gp:
    needs:
@@ -226,7 +168,6 @@ jobs:
    runs-on: ubuntu-latest
    needs:
      - tarball
      - tarball-offline
      - build-gp
      - build-gpgui
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -52,27 +52,23 @@ jobs:
        version: 9
    - name: Prepare workspace
      run: rm -rf publish-ppa && mkdir publish-ppa
-    - name: Download ${{ inputs.tag }} offline source code
+    - name: Download ${{ inputs.tag }} source code
-      env:
+      uses: robinraju/release-downloader@v1.9
-        GH_TOKEN: ${{ secrets.GH_PAT }}
+      with:
-      run: |
+        token: ${{ secrets.GH_PAT }}
-        gh -R yuezk/GlobalProtect-openconnect \
+        tag: ${{ inputs.tag }}
-          release download ${{ inputs.tag }} \
+        fileName: globalprotect-openconnect-*.tar.gz
-          --pattern '*.offline.tar.gz' \
+        tarBall: false
-          --dir publish-ppa
+        zipBall: false
-    - name: Patch the source code
+        out-file-path: publish-ppa
    - name: Make the offline tarball
      run: |
        cd publish-ppa
-
+        tar -xf globalprotect-openconnect-*.tar.gz
        # Rename the source tarball without the offline suffix
        mv -v *.tar.gz $(basename *.tar.gz .offline.tar.gz).tar.gz
        # Extract the source tarball
        tar -xzf *.tar.gz
        # Prepare the debian directory with custom files
        cd globalprotect-openconnect-*/
        make tarball OFFLINE=1
        # Prepare the debian directory with custom files
        mkdir -p .build/debian
@@ -82,6 +78,7 @@ jobs:
        cp -v packaging/deb/postrm .build/debian/postrm
        sed -i "s/@RUST@/cargo-1.80/g" .build/debian/control
        sed -i "s/@OFFLINE@/1/g" .build/debian/rules
        sed -i "s/@BUILD_GUI@/1/g" .build/debian/rules
        sed -i "s/@RUST_VERSION@/1.80/g" .build/debian/rules
@@ -92,7 +89,7 @@ jobs:
        repository: "yuezk/globalprotect-openconnect"
        gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
        gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
-        tarball: publish-ppa/globalprotect-openconnect-*.tar.gz
+        tarball: publish-ppa/globalprotect-openconnect-*/.build/tarball/*.tar.gz
        debian_dir: publish-ppa/globalprotect-openconnect-*/.build/debian
        deb_email: "k3vinyue@gmail.com"
        deb_fullname: "Kevin Yue"
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -96,16 +96,15 @@ jobs:
    steps:
    - name: Prepare workspace
      run: rm -rf build-${{ matrix.package }} && mkdir -p build-${{ matrix.package }}
    - name: Download ${{ inputs.tag }} source code
-      env:
+      uses: robinraju/release-downloader@v1.9
-        GH_TOKEN: ${{ secrets.GH_PAT }}
+      with:
-      run: |
+        token: ${{ secrets.GH_PAT }}
-        gh -R yuezk/GlobalProtect-openconnect \
+        tag: ${{ inputs.tag }}
-          release download ${{ inputs.tag }} \
+        fileName: globalprotect-openconnect-*.tar.gz
-          --pattern '*[^offline].tar.gz' \
+        tarBall: false
-          --dir build-${{ matrix.package }}
+        zipBall: false
-
+        out-file-path: build-${{ matrix.package }}
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build ${{ matrix.package }} package in Docker
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -176,7 +176,7 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 [[package]]
 name = "auth"
-version = "2.4.3"
+version = "2.4.1"
 dependencies = [
 "anyhow",
 "block2",
@@ -188,7 +188,6 @@ dependencies = [
 "objc2-web-kit",
 "open",
 "regex",
 "serde_json",
 "tauri",
 "tiny_http",
 "tokio",
@@ -196,10 +195,7 @@ dependencies = [
 "uuid",
 "webbrowser",
 "webkit2gtk",
 "webview2-com",
 "which",
 "windows 0.58.0",
 "windows-core 0.58.0",
 ]
 [[package]]
@@ -646,7 +642,7 @@ dependencies = [
 [[package]]
 name = "common"
-version = "2.4.3"
+version = "2.4.1"
 dependencies = [
 "is_executable",
 ]
@@ -1594,7 +1590,7 @@ dependencies = [
 [[package]]
 name = "gpapi"
-version = "2.4.3"
+version = "2.4.1"
 dependencies = [
 "anyhow",
 "base64 0.22.1",
@@ -1630,7 +1626,7 @@ dependencies = [
 [[package]]
 name = "gpauth"
-version = "2.4.3"
+version = "2.4.1"
 dependencies = [
 "anyhow",
 "auth",
@@ -1649,7 +1645,7 @@ dependencies = [
 [[package]]
 name = "gpclient"
-version = "2.4.3"
+version = "2.4.1"
 dependencies = [
 "anyhow",
 "clap",
@@ -1671,7 +1667,7 @@ dependencies = [
 [[package]]
 name = "gpgui-helper"
-version = "2.4.3"
+version = "2.4.1"
 dependencies = [
 "anyhow",
 "clap",
@@ -1689,7 +1685,7 @@ dependencies = [
 [[package]]
 name = "gpservice"
-version = "2.4.3"
+version = "2.4.1"
 dependencies = [
 "anyhow",
 "axum",
@@ -2955,7 +2951,7 @@ dependencies = [
 [[package]]
 name = "openconnect"
-version = "2.4.3"
+version = "2.4.1"
 dependencies = [
 "cc",
 "common",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,7 +11,7 @@ members = [
 [workspace.package]
 rust-version = "1.80"
-version = "2.4.3"
+version = "2.4.1"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"
--- a/3
+++ b/3
@@ -8,8 +8,6 @@ RUST_VERSION = 1.80
 VERSION = $(shell $(CARGO) metadata --no-deps --format-version 1 | jq -r '.packages[0].version')
 REVISION ?= 1
 RPM_SOURCE ?= %{name}.tar.gz
 PPA_REVISION ?= 1
 PKG_NAME = globalprotect-openconnect
 PKG = $(PKG_NAME)-$(VERSION)
@@ -236,7 +234,6 @@ init-rpm: clean-rpm
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@REVISION@/$(REVISION)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s|@SOURCE@|$(RPM_SOURCE)|g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@DATE@/$(shell LC_ALL=en.US date "+%a %b %d %Y")/g" .build/rpm/globalprotect-openconnect.spec
--- a/README.md
+++ b/README.md
@@ -70,7 +70,7 @@ The GUI version is also available after you installed it. You can launch it from
 ### Debian/Ubuntu based distributions
-#### Install from PPA
+#### Install from PPA (Ubuntu > 18.04)
 ```
 sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
@@ -81,6 +81,10 @@ sudo apt-get install globalprotect-openconnect
 >
 > For Linux Mint, you might need to import the GPG key with: `sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7937C393082992E5D6E4A60453FC26B43838D761` if you encountered an error `gpg: keyserver receive failed: General error`.
 #### **Ubuntu 18.04**
 The latest package is not available in the PPA, but you still needs to add the `ppa:yuezk/globalprotect-openconnect` repo beforehand to use the required `openconnect` package. Then you can follow the [Install from deb package](#install-from-deb-package) section to install the latest package.
 #### Install from deb package
 Download the latest deb package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Then install it with `apt`:
--- a/apps/gpclient/Cargo.toml
+++ b/apps/gpclient/Cargo.toml
@@ -22,7 +22,7 @@ serde_json.workspace = true
 whoami.workspace = true
 tempfile.workspace = true
 reqwest.workspace = true
-directories.workspace = true
+directories = "5.0"
 compile-time.workspace = true
 [features]
--- a/apps/gpclient/src/cli.rs
+++ b/apps/gpclient/src/cli.rs
@@ -1,21 +1,17 @@
-use std::{env::temp_dir, fs::File, str::FromStr};
+use std::{env::temp_dir, fs::File};
 use anyhow::bail;
 use clap::{Parser, Subcommand};
 use gpapi::{
  clap::{handle_error, Args, InfoLevelVerbosity},
  utils::openssl,
 };
 use log::info;
 use sysinfo::{Pid, System};
 use tempfile::NamedTempFile;
 use tokio::fs;
 use crate::{
  connect::{ConnectArgs, ConnectHandler},
  disconnect::{DisconnectArgs, DisconnectHandler},
  launch_gui::{LaunchGuiArgs, LaunchGuiHandler},
  GP_CLIENT_LOCK_FILE,
 };
 const VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), " (", compile_time::date_str!(), ")");
@@ -81,25 +77,6 @@ impl Args for Cli {
 }
 impl Cli {
  async fn is_running(&self) -> bool {
    let Ok(c) = fs::read_to_string(GP_CLIENT_LOCK_FILE).await else {
      return false;
    };
    let Ok(pid) = Pid::from_str(c.trim()) else {
      return false;
    };
    let s = System::new_all();
    let Some(p) = s.process(pid) else {
      return false;
    };
    p.exe()
      .map(|exe| exe.to_string_lossy().contains("gpclient"))
      .unwrap_or(false)
  }
  fn fix_openssl(&self) -> anyhow::Result<Option<NamedTempFile>> {
    if self.fix_openssl {
      let file = openssl::fix_openssl_env()?;
@@ -110,11 +87,6 @@ impl Cli {
  }
  async fn run(&self) -> anyhow::Result<()> {
    // check if an instance is running
    if self.is_running().await {
      bail!("Another instance of the client is already running");
    }
    // The temp file will be dropped automatically when the file handle is dropped
    // So, declare it here to ensure it's not dropped
    let _file = self.fix_openssl()?;
--- a/apps/gpclient/src/connect.rs
+++ b/apps/gpclient/src/connect.rs
@@ -87,8 +87,8 @@ pub(crate) struct ConnectArgs {
  #[arg(long, value_enum, default_value_t = ConnectArgs::default_os())]
  os: Os,
-  #[arg(long, help = "If not specified, it will be computed based on the --os option")]
+  #[arg(long, default_value_t = ConnectArgs::default_os_version())]
-  os_version: Option<String>,
+  os_version: String,
  #[arg(long, help = "Disable DTLS and ESP")]
  no_dtls: bool,
@@ -121,12 +121,8 @@ impl ConnectArgs {
    }
  }
-  fn os_version(&self) -> String {
+  fn default_os_version() -> String {
-    if let Some(os_version) = self.os_version.as_deref() {
+    match ConnectArgs::default_os() {
      return os_version.to_string();
    }
    match self.os {
      Os::Linux => format!("Linux {}", whoami::distro()),
      Os::Windows => String::from("Microsoft Windows 11 Pro , 64-bit"),
      Os::Mac => String::from("Apple Mac OS X 13.4.0"),
@@ -153,7 +149,7 @@ impl<'a> ConnectHandler<'a> {
    GpParams::builder()
      .user_agent(&self.args.user_agent)
      .client_os(ClientOs::from(&self.args.os))
-      .os_version(self.args.os_version())
+      .os_version(self.args.os_version.clone())
      .ignore_tls_errors(self.shared_args.ignore_tls_errors)
      .certificate(self.args.certificate.clone())
      .sslkey(self.args.sslkey.clone())
@@ -363,7 +359,7 @@ impl<'a> ConnectHandler<'a> {
          None
        };
-        let os_version = self.args.os_version();
+        let os_version = self.args.os_version.clone();
        let verbose = self.shared_args.verbose.to_verbose_arg();
        let auth_launcher = SamlAuthLauncher::new(&self.args.server)
          .gateway(is_gateway)
--- a/apps/gpservice/src/cli.rs
+++ b/apps/gpservice/src/cli.rs
@@ -177,12 +177,11 @@ mod signals {
      tokio::select! {
        _ = user_sig1.recv() => {
          info!("Received SIGUSR1 signal");
-          if vpn_ctx.disconnect().await {
+          vpn_ctx.disconnect().await;
-            // Write the PID to a dedicated file to indicate that the VPN task is disconnected via SIGUSR1
+          // Write the PID to a dedicated file to indicate that the VPN task is disconnected via SIGUSR1
-            let pid = std::process::id();
+          let pid = std::process::id();
-            if let Err(err) = tokio::fs::write(DISCONNECTED_PID_FILE, pid.to_string()).await {
+          if let Err(err) = tokio::fs::write(DISCONNECTED_PID_FILE, pid.to_string()).await {
-              warn!("Failed to write PID to file: {}", err);
+            warn!("Failed to write PID to file: {}", err);
            }
          }
        }
        _ = user_sig2.recv() => {
--- a/apps/gpservice/src/vpn_task.rs
+++ b/apps/gpservice/src/vpn_task.rs
@@ -90,7 +90,7 @@ impl VpnTaskContext {
    });
  }
-  pub async fn disconnect(&self) -> bool {
+  pub async fn disconnect(&self) {
    if let Some(disconnect_rx) = self.disconnect_rx.write().await.take() {
      info!("Disconnecting VPN...");
      if let Some(vpn) = self.vpn_handle.read().await.as_ref() {
@@ -101,13 +101,9 @@ impl VpnTaskContext {
      // Wait for the VPN to be disconnected
      disconnect_rx.await.ok();
      info!("VPN disconnected");
      true
    } else {
      info!("VPN is not connected, skip disconnect");
      self.vpn_state_tx.send(VpnState::Disconnected).ok();
      false
    }
  }
 }
--- a/changelog.md
+++ b/changelog.md
@@ -1,13 +1,5 @@
 # Changelog
 ## 2.4.3 - 2025-01-21
 - Do not use static default value for `--os-version` option.
 ## 2.4.2 - 2025-01-20
 - Disconnect the VPN when sleep (fix [#166](https://github.com/yuezk/GlobalProtect-openconnect/issues/166), [#267](https://github.com/yuezk/GlobalProtect-openconnect/issues/267))
 ## 2.4.1 - 2025-01-09
 - Fix the network issue with OpenSSL < 3.0.4
--- a/crates/auth/Cargo.toml
+++ b/crates/auth/Cargo.toml
@@ -28,21 +28,15 @@ regex = { workspace = true, optional = true }
 tokio-util = { workspace = true, optional = true }
 html-escape = { version = "0.2.13", optional = true }
-[target.'cfg(not(any(target_os="macos", target_os="windows")))'.dependencies]
+[target.'cfg(not(target_os = "macos"))'.dependencies]
 webkit2gtk = { version = "2", optional = true }
-[target.'cfg(target_os="macos")'.dependencies]
+[target.'cfg(target_os = "macos")'.dependencies]
 block2 = { version = "0.5", optional = true }
 objc2 = { version = "0.5", optional = true }
 objc2-foundation = { version = "0.2", optional = true }
 objc2-web-kit = { version = "0.2", optional = true }
 [target.'cfg(target_os="windows")'.dependencies]
 webview2-com = { version = "0.34", optional = true }
 windows-core = { version = "0.58", optional = true }
 windows = { version = "0.58", optional = true }
 serde_json = { workspace = true, optional = true }
 [features]
 browser-auth = [
  "dep:webbrowser",
@@ -62,8 +56,4 @@ webview-auth = [
  "dep:objc2",
  "dep:objc2-foundation",
  "dep:objc2-web-kit",
  "dep:webview2-com",
  "dep:windows-core",
  "dep:windows",
  "dep:serde_json",
 ]
--- a/crates/auth/src/browser/browser_auth.rs
+++ b/crates/auth/src/browser/browser_auth.rs
@@ -1,4 +1,4 @@
-use std::{env::temp_dir, fs};
+use std::{env::temp_dir, fs, os::unix::fs::PermissionsExt};
 use gpapi::{auth::SamlAuthData, GP_CALLBACK_PORT_FILENAME};
 use log::info;
@@ -96,11 +96,7 @@ async fn wait_auth_data() -> anyhow::Result<SamlAuthData> {
  // Write the port to a file
  fs::write(&port_file, port.to_string())?;
-  #[cfg(unix)]
+  fs::set_permissions(&port_file, fs::Permissions::from_mode(0o600))?;
  {
    use os::unix::fs::PermissionsExt;
    fs::set_permissions(&port_file, fs::Permissions::from_mode(0o600))?;
  }
  // Remove the previous log file
  let callback_log = temp_dir().join("gpcallback.log");
--- a/crates/auth/src/webview.rs
+++ b/crates/auth/src/webview.rs
@@ -1,9 +1,8 @@
 mod auth_messenger;
 mod webview_auth;
-#[cfg_attr(not(any(target_os = "macos", target_os = "windows")), path = "webview/unix.rs")]
+#[cfg_attr(not(target_os = "macos"), path = "webview/unix.rs")]
 #[cfg_attr(target_os = "macos", path = "webview/macos.rs")]
 #[cfg_attr(windows, path = "webview/windows.rs")]
 mod platform_impl;
 pub use webview_auth::WebviewAuthenticator;
--- a/crates/auth/src/webview/auth_messenger.rs
+++ b/crates/auth/src/webview/auth_messenger.rs
@@ -15,7 +15,7 @@ pub(crate) enum AuthDataLocation {
 #[derive(Debug)]
 pub(crate) enum AuthError {
  /// Failed to load page due to TLS error
-  #[cfg(not(any(target_os = "macos", target_os = "windows")))]
+  #[cfg(not(target_os = "macos"))]
  TlsError,
  /// 1. Found auth data in headers/body but it's invalid
  /// 2. Loaded an empty page, failed to load page. etc.
--- a/crates/auth/src/webview/webview_auth.rs
+++ b/crates/auth/src/webview/webview_auth.rs
@@ -115,7 +115,7 @@ impl<'a> WebviewAuthenticator<'a> {
      match auth_messenger.subscribe().await? {
        AuthEvent::Close => bail!("Authentication cancelled"),
        AuthEvent::RaiseWindow => self.raise_window(&auth_window),
-        #[cfg(not(any(target_os = "macos", target_os = "windows")))]
+        #[cfg(not(target_os = "macos"))]
        AuthEvent::Error(AuthError::TlsError) => bail!(gpapi::error::PortalError::TlsError),
        AuthEvent::Error(AuthError::NotFound(location)) => {
          info!(
@@ -261,10 +261,10 @@ impl<'a> WebviewAuthenticator<'a> {
    info!("Raising auth window...");
-    #[cfg(any(target_os = "macos", target_os = "windows"))]
+    #[cfg(target_os = "macos")]
    let result = auth_window.show();
-    #[cfg(not(any(target_os = "macos", target_os = "windows")))]
+    #[cfg(not(target_os = "macos"))]
    let result = {
      use gpapi::utils::window::WindowExt;
      auth_window.raise()
--- a/crates/auth/src/webview/windows.rs
+++ b/crates/auth/src/webview/windows.rs
@@ -1,142 +0,0 @@
 use log::warn;
 use tauri::webview::PlatformWebview;
 use webview2_com::{
  pwstr_from_str, take_pwstr, ExecuteScriptCompletedHandler,
  Microsoft::Web::WebView2::Win32::{
    ICoreWebView2WebResourceResponseView, ICoreWebView2_14, ICoreWebView2_2,
    COREWEBVIEW2_SERVER_CERTIFICATE_ERROR_ACTION_ALWAYS_ALLOW,
  },
  ServerCertificateErrorDetectedEventHandler, WebResourceResponseReceivedEventHandler,
 };
 use windows_core::{Interface, PWSTR};
 use super::{
  auth_messenger::AuthError,
  webview_auth::{GetHeader, PlatformWebviewExt},
 };
 impl PlatformWebviewExt for PlatformWebview {
  fn ignore_tls_errors(&self) -> anyhow::Result<()> {
    unsafe {
      let wv = self.controller().CoreWebView2()?.cast::<ICoreWebView2_14>()?;
      let handler = ServerCertificateErrorDetectedEventHandler::create(Box::new(|_, e| {
        if let Some(e) = e {
          let _ = e.SetAction(COREWEBVIEW2_SERVER_CERTIFICATE_ERROR_ACTION_ALWAYS_ALLOW);
        }
        Ok(())
      }));
      wv.add_ServerCertificateErrorDetected(&handler, &mut Default::default())?;
    }
    Ok(())
  }
  fn load_url(&self, url: &str) -> anyhow::Result<()> {
    let url = pwstr_from_str(url);
    unsafe { self.controller().CoreWebView2()?.Navigate(url)? }
    Ok(())
  }
  fn load_html(&self, html: &str) -> anyhow::Result<()> {
    let html = pwstr_from_str(html);
    unsafe { self.controller().CoreWebView2()?.NavigateToString(html)? }
    Ok(())
  }
  fn get_html(&self, callback: Box<dyn Fn(anyhow::Result<String>) + 'static>) {
    unsafe {
      match self.controller().CoreWebView2() {
        Ok(wv) => {
          let js = "document.documentElement.outerHTML";
          let js = pwstr_from_str(js);
          let handler = ExecuteScriptCompletedHandler::create(Box::new(move |err, html| {
            if let Err(err) = err {
              callback(Err(anyhow::anyhow!(err)));
              return Ok(());
            }
            // The returned HTML is JSON.stringify'd string, so we need to parse it
            let res = match serde_json::from_str(&html) {
              Ok(Some(html)) => Ok(html),
              Ok(None) => Err(anyhow::anyhow!("No HTML returned")),
              Err(err) => Err(anyhow::anyhow!(err)),
            };
            callback(res);
            Ok(())
          }));
          if let Err(err) = wv.ExecuteScript(js, &handler) {
            warn!("Failed to execute script: {}", err);
          }
        }
        Err(err) => callback(Err(anyhow::anyhow!(err))),
      }
    }
  }
 }
 impl GetHeader for ICoreWebView2WebResourceResponseView {
  fn get_header(&self, key: &str) -> Option<String> {
    unsafe {
      let headers = self.Headers().ok()?;
      let key = pwstr_from_str(key);
      let mut contains = Default::default();
      headers.Contains(key, &mut contains).ok()?;
      if contains.as_bool() {
        let mut value = PWSTR::null();
        headers.GetHeader(key, &mut value).ok()?;
        let value = take_pwstr(value);
        Some(value)
      } else {
        None
      }
    }
  }
 }
 pub trait PlatformWebviewOnResponse {
  fn on_response(
    &self,
    callback: Box<dyn Fn(anyhow::Result<ICoreWebView2WebResourceResponseView, AuthError>) + 'static>,
  );
 }
 impl PlatformWebviewOnResponse for PlatformWebview {
  fn on_response(
    &self,
    callback: Box<dyn Fn(anyhow::Result<ICoreWebView2WebResourceResponseView, AuthError>) + 'static>,
  ) {
    unsafe {
      let _ = self
        .controller()
        .CoreWebView2()
        .and_then(|wv| wv.cast::<ICoreWebView2_2>())
        .map(|wv| {
          let handler = WebResourceResponseReceivedEventHandler::create(Box::new(move |_, e| {
            let Some(e) = e else {
              return Ok(());
            };
            match e.Response() {
              Ok(res) => callback(Ok(res)),
              Err(err) => warn!("Failed to get response: {}", err),
            }
            Ok(())
          }));
          let _ = wv.add_WebResourceResponseReceived(&handler, &mut Default::default());
        });
    }
  }
 }
--- a/crates/gpapi/Cargo.toml
+++ b/crates/gpapi/Cargo.toml
@@ -27,7 +27,7 @@ chacha20poly1305 = { version = "0.10", features = ["std"] }
 redact-engine.workspace = true
 url.workspace = true
 regex.workspace = true
-
+uzers.workspace = true
 serde_urlencoded.workspace = true
 md5.workspace = true
 sha256.workspace = true
@@ -39,9 +39,6 @@ clap-verbosity-flag = { workspace = true, optional = true }
 env_logger = { workspace = true, optional = true }
 log-reload = { version = "0.1", optional = true }
 [target.'cfg(target_family="unix")'.dependencies]
 uzers.workspace = true
 [features]
 tauri = ["dep:tauri"]
 clap = ["dep:clap", "dep:clap-verbosity-flag"]
--- a/crates/gpapi/src/auth.rs
+++ b/crates/gpapi/src/auth.rs
@@ -104,7 +104,7 @@ impl SamlAuthData {
    }
    let auth_data = decode_to_string(auth_data).map_err(|e| {
-      warn!("Failed to decode SAML auth data: {}", auth_data);
+      warn!("Failed to decode SAML auth data: {}", e);
      AuthDataParseError::Invalid(anyhow::anyhow!(e))
    })?;
    let auth_data = Self::from_html(&auth_data)?;
--- a/crates/gpapi/src/gateway/mod.rs
+++ b/crates/gpapi/src/gateway/mod.rs
@@ -1,7 +1,5 @@
 mod login;
 mod parse_gateways;
 #[cfg(unix)]
 pub mod hip;
 pub use login::*;
--- a/crates/gpapi/src/lib.rs
+++ b/crates/gpapi/src/lib.rs
@@ -4,10 +4,7 @@ pub mod error;
 pub mod gateway;
 pub mod gp_params;
 pub mod portal;
 #[cfg(unix)]
 pub mod process;
 pub mod service;
 pub mod utils;
--- a/crates/gpapi/src/process/mod.rs
+++ b/crates/gpapi/src/process/mod.rs
@@ -1,11 +1,8 @@
 pub(crate) mod command_traits;
 pub(crate) mod gui_helper_launcher;
 pub mod auth_launcher;
 pub mod gui_launcher;
 pub mod hip_launcher;
 pub mod service_launcher;
 #[cfg(unix)]
 pub mod users;
--- a/crates/gpapi/src/utils/mod.rs
+++ b/crates/gpapi/src/utils/mod.rs
@@ -9,7 +9,7 @@ pub mod lock_file;
 pub mod openssl;
 pub mod redact;
 pub mod request;
-#[cfg(all(feature = "tauri", not(any(target_os = "macos", target_os = "windows"))))]
+#[cfg(feature = "tauri")]
 pub mod window;
 mod shutdown_signal;
--- a/crates/gpapi/src/utils/shutdown_signal.rs
+++ b/crates/gpapi/src/utils/shutdown_signal.rs
@@ -6,21 +6,15 @@ pub async fn shutdown_signal() {
  };
  #[cfg(unix)]
-  {
+  let terminate = async {
-    let terminate = async {
+    signal::unix::signal(signal::unix::SignalKind::terminate())
-      signal::unix::signal(signal::unix::SignalKind::terminate())
+      .expect("failed to install signal handler")
-        .expect("failed to install signal handler")
+      .recv()
-        .recv()
+      .await;
-        .await;
+  };
    };
    tokio::select! {
        _ = ctrl_c => {},
        _ = terminate => {},
    }
  }
-  #[cfg(not(unix))]
+  tokio::select! {
-  {
+      _ = ctrl_c => {},
-    ctrl_c.await;
+      _ = terminate => {},
  }
 }
--- a/packaging/rpm/globalprotect-openconnect.spec.in
+++ b/packaging/rpm/globalprotect-openconnect.spec.in
@@ -6,7 +6,7 @@ Group:          Productivity/Networking/PPP
 License:        GPL-3.0
 URL:            https://github.com/yuezk/GlobalProtect-openconnect
-Source:         @SOURCE@
+Source:         %{name}.tar.gz
 BuildRequires:  make
 BuildRequires:  rust
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -1,2 +0,0 @@
 [toolchain]
 channel = "1.80.1"
--- a/scripts/gh-release.sh
+++ b/scripts/gh-release.sh
@@ -28,7 +28,7 @@ release_snapshot() {
  echo "Uploading new assets..."
  gh -R "$REPO" release upload "$TAG" \
-    "$PROJECT_DIR"/.build/artifacts/artifact-source*/* \
+    "$PROJECT_DIR"/.build/artifacts/artifact-source/* \
    "$PROJECT_DIR"/.build/artifacts/artifact-gpgui-*/*
 }
@@ -40,7 +40,7 @@ release_tag() {
  gh -R "$REPO" release create $TAG \
    --title "$TAG" \
    --notes "$RELEASE_NOTES" \
-    "$PROJECT_DIR"/.build/artifacts/artifact-source*/* \
+    "$PROJECT_DIR"/.build/artifacts/artifact-source/* \
    "$PROJECT_DIR"/.build/artifacts/artifact-gpgui-*/*
 }