Update build.yaml

.editorconfig

@@ -8,5 +8,5 @@ end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
 
-[{Makefile,Makefile.in}]
+[Makefile]
 indent_style = tab

.github/workflows/build.yaml

@@ -9,180 +9,385 @@ on:
     branches:
       - main
       - dev
-      - hotfix/*
-      - feature/*
-      - release/*
     tags:
+      - latest
       - v*.*.*
 jobs:
-  # Include arm64 if ref is a tag
-  setup-matrix:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-    steps:
-      - name: Set up matrix
-        id: set-matrix
-        run: |
-          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
-            echo 'matrix=[{"runner": "ubuntu-latest", "arch": "amd64"}, {"runner": "arm64", "arch": "arm64"}]' >> $GITHUB_OUTPUT
-          else
-            echo 'matrix=[{"runner": "ubuntu-latest", "arch": "amd64"}]' >> $GITHUB_OUTPUT
-          fi
-
   tarball:
     runs-on: ubuntu-latest
-    needs: [setup-matrix]
     steps:
     - uses: pnpm/action-setup@v2
       with:
         version: 8
-    - name: Prepare workspace
-      run: rm -rf source && mkdir source
     - name: Checkout GlobalProtect-openconnect
       uses: actions/checkout@v3
       with:
         token: ${{ secrets.GH_PAT }}
         repository: yuezk/GlobalProtect-openconnect
-        ref: ${{ github.ref }}
+        path: gp
-        path: source/gp
     - name: Create tarball
       run: |
-        cd source/gp
+        cd gp
-        # Generate the SNAPSHOT file for non-tagged commits
-        if [[ "${{ github.ref }}" != "refs/tags/"* ]]; then
-          touch SNAPSHOT
-        fi
         make tarball
     - name: Upload tarball
       uses: actions/upload-artifact@v3
       with:
-        name: artifact-source
+        name: artifact-tarball
-        if-no-files-found: error
         path: |
-          source/gp/.build/tarball/*.tar.gz
+          globalprotect-openconnect-*.tar.gz
-
+  deb:
-  build-gp:
+    runs-on: ubuntu-latest
-    needs:
+    needs: [tarball]
-    - setup-matrix
+    container:
-    - tarball
+      image: yuezk/gpdev:main
-    strategy:
+      credentials:
-      matrix:
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
-        package: [deb, rpm, pkg, binary]
-    runs-on: ${{ matrix.os.runner }}
-    name: build-gp (${{ matrix.package }}, ${{ matrix.os.arch }})
     steps:
-    - name: Prepare workspace
-      run: |
-        rm -rf build-gp-${{ matrix.package }}
-        mkdir -p build-gp-${{ matrix.package }}
     - name: Download tarball
       uses: actions/download-artifact@v3
       with:
-        name: artifact-source
+        name: artifact-tarball
-        path: build-gp-${{ matrix.package }}
+    - name: Build DEB package
-    - name: Docker Login
-      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
-    - name: Build ${{ matrix.package }} package in Docker
       run: |
-        docker run --rm \
+        tar -xzf globalprotect-openconnect-*.tar.gz
-          -v $(pwd)/build-gp-${{ matrix.package }}:/${{ matrix.package }} \
+        cd globalprotect-openconnect-*
-          yuezk/gpdev:${{ matrix.package }}-builder
+        make deb
-    - name: Install ${{ matrix.package }} package in Docker
+    - name: Install DEB package
       run: |
-        docker run --rm \
+        sudo dpkg -i globalprotect-openconnect_*.deb
-          -e GPGUI_INSTALLED=0 \
+
-          -v $(pwd)/build-gp-${{ matrix.package }}:/${{ matrix.package }} \
+        gpclient --version
-          yuezk/gpdev:${{ matrix.package }}-builder \
+        gpservice --version
-          bash install.sh
+        gpauth --version
-    - name: Upload ${{ matrix.package }} package
+        gpgui-helper --version
+    - name: Upload DEB package
       uses: actions/upload-artifact@v3
       with:
-        name: artifact-gp-${{ matrix.package }}-${{ matrix.os.arch }}
+        name: artifact-deb
-        if-no-files-found: error
         path: |
-          build-gp-${{ matrix.package }}/artifacts/*
+          globalprotect-openconnect_*.deb
 
-  build-gpgui:
+  rpm:
-    needs:
-    - setup-matrix
-    strategy:
-      matrix:
-        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
-    runs-on: ${{ matrix.os.runner }}
-    name: build-gpgui (${{ matrix.os.arch }})
-    steps:
-    - uses: pnpm/action-setup@v2
-      with:
-        version: 8
-    - name: Prepare workspace
-      run: rm -rf gpgui-source && mkdir gpgui-source
-    - name: Checkout GlobalProtect-openconnect
-      uses: actions/checkout@v3
-      with:
-        token: ${{ secrets.GH_PAT }}
-        repository: yuezk/GlobalProtect-openconnect
-        ref: ${{ github.ref }}
-        path: gpgui-source/gp
-    - name: Checkout gpgui@${{ github.ref_name }}
-      uses: actions/checkout@v3
-      with:
-        token: ${{ secrets.GH_PAT }}
-        repository: yuezk/gpgui
-        ref: ${{ github.ref_name }}
-        path: gpgui-source/gpgui
-    - name: Tarball
-      run: |
-        cd gpgui-source
-        tar -czf gpgui.tar.gz gpgui gp
-    - name: Docker Login
-      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
-    - name: Build gpgui in Docker
-      run: |
-        docker run --rm -v $(pwd)/gpgui-source:/gpgui yuezk/gpdev:gpgui-builder
-    - name: Install gpgui in Docker
-      run: |
-        cd gpgui-source
-        tar -xJf *.bin.tar.xz
-        docker run --rm -v $(pwd):/gpgui yuezk/gpdev:gpgui-builder \
-          bash -c "cd /gpgui/gpgui_*/ && ./gpgui --version"
-    - name: Upload gpgui
-      uses: actions/upload-artifact@v3
-      with:
-        name: artifact-gpgui-${{ matrix.os.arch }}
-        if-no-files-found: error
-        path: |
-          gpgui-source/*.bin.tar.xz
-          gpgui-source/*.bin.tar.xz.sha256
-
-  gh-release:
-    if: ${{ github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/') }}
     runs-on: ubuntu-latest
-    needs:
+    needs: [tarball]
-      - tarball
+    container:
-      - build-gp
+      image: yuezk/gpdev:rpm-builder
-      - build-gpgui
+      credentials:
-
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
     steps:
-    - name: Prepare workspace
+    - name: Download tarball
-      run: rm -rf gh-release && mkdir gh-release
-    - name: Download all artifacts
       uses: actions/download-artifact@v3
       with:
-        path: gh-release
+        name: artifact-tarball
-    - name: Create GH release
+    - name: Build RPM package
-      env:
-        GH_TOKEN: ${{ secrets.GH_PAT }}
-        RELEASE_TAG: ${{ github.ref == 'refs/heads/dev' && 'snapshot' || github.ref_name }}
-        REPO: ${{ github.repository }}
-        NOTES: ${{ github.ref == 'refs/heads/dev' && '**!!! DO NOT USE THIS RELEASE IN PRODUCTION !!!**' || format('Release {0}', github.ref_name) }}
       run: |
-        gh -R "$REPO" release delete $RELEASE_TAG --yes --cleanup-tag || true
+        tar -xzf globalprotect-openconnect-*.tar.gz
-        gh -R "$REPO" release create $RELEASE_TAG \
+        cd globalprotect-openconnect-*/
-          --title "$RELEASE_TAG" \
+        make rpm
-          --notes "$NOTES" \
+    - name: Install RPM package
-          ${{ github.ref == 'refs/heads/dev' && '--target dev' || '' }} \
+      run: |
-          ${{ github.ref == 'refs/heads/dev' && '--prerelease' || '' }} \
+        cd globalprotect-openconnect-*/
-          gh-release/artifact-source/* \
+        ls -l .rpm
-          gh-release/artifact-gpgui-*/*
+    - name: Upload RPM package
+      uses: actions/upload-artifact@v3
+      with:
+        name: artifact-rpm
+        path: |
+          globalprotect-openconnect-*/.rpm/*.rpm
+
+  # Include arm64 if ref is a tag
+  # setup-matrix:
+  #   runs-on: ubuntu-latest
+  #   outputs:
+  #     matrix: ${{ steps.set-matrix.outputs.matrix }}
+  #   steps:
+  #     - name: Set up matrix
+  #       id: set-matrix
+  #       run: |
+  #         if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
+  #           echo "matrix=[\"amd64\", \"arm64\"]" >> $GITHUB_OUTPUT
+  #         else
+  #           echo "matrix=[\"amd64\"]" >> $GITHUB_OUTPUT
+  #         fi
+
+  # build-fe:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout gpgui repo
+  #       uses: actions/checkout@v3
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         repository: yuezk/gpgui
+
+  #     - name: Install Node.js
+  #       uses: actions/setup-node@v4
+  #       with:
+  #         node-version: 18
+
+  #     - uses: pnpm/action-setup@v2
+  #       with:
+  #         version: 8
+
+  #     - name: Install dependencies
+  #       run: |
+  #         cd app
+  #         pnpm install
+  #     - name: Build
+  #       run: |
+  #         cd app
+  #         pnpm run build
+
+  #     - name: Upload artifacts
+  #       uses: actions/upload-artifact@v3
+  #       with:
+  #         name: gpgui-fe
+  #         path: app/dist
+
+  # build-tauri-amd64:
+  #   needs: [build-fe]
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout gpgui repo
+  #       uses: actions/checkout@v3
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         repository: yuezk/gpgui
+  #         path: gpgui
+
+  #     - name: Checkout gp repo
+  #       uses: actions/checkout@v3
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         repository: yuezk/GlobalProtect-openconnect
+  #         path: gp
+
+  #     - name: Download gpgui-fe artifact
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         name: gpgui-fe
+  #         path: gpgui/app/dist
+
+  #     - name: Login to Docker Hub
+  #       uses: docker/login-action@v3
+  #       with:
+  #         username: ${{ secrets.DOCKER_HUB_USERNAME }}
+  #         password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+  #     - name: Build Tauri in Docker
+  #       run: |
+  #         docker run \
+  #           --rm \
+  #           -v $(pwd):/${{ github.workspace }} \
+  #           -w ${{ github.workspace }} \
+  #           -e CI=true \
+  #           yuezk/gpdev:main \
+  #           "./gpgui/scripts/build.sh"
+
+  #     - name: Upload artifacts
+  #       uses: actions/upload-artifact@v3
+  #       with:
+  #         name: artifact-amd64-tauri
+  #         path: |
+  #           gpgui/.tmp/artifact
+
+  # build-tauri-arm64:
+  #   if: startsWith(github.ref, 'refs/tags/')
+  #   needs: [build-fe]
+  #   runs-on: self-hosted
+  #   steps:
+  #     - name: Checkout gpgui repo
+  #       uses: actions/checkout@v3
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         repository: yuezk/gpgui
+  #         path: gpgui
+
+  #     - name: Checkout gp repo
+  #       uses: actions/checkout@v3
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         repository: yuezk/GlobalProtect-openconnect
+  #         path: gp
+
+  #     - name: Download gpgui-fe artifact
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         name: gpgui-fe
+  #         path: gpgui/app/dist
+  #     - name: Build Tauri
+  #       run: |
+  #         ./gpgui/scripts/build.sh
+
+  #     - name: Upload artifacts
+  #       uses: actions/upload-artifact@v3
+  #       with:
+  #         name: artifact-arm64-tauri
+  #         path: |
+  #           gpgui/.tmp/artifact
+
+  # package-tarball:
+  #   needs: [build-tauri-amd64, build-tauri-arm64]
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout gpgui repo
+  #       uses: actions/checkout@v3
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         repository: yuezk/gpgui
+  #         path: gpgui
+
+  #     - name: Download artifact-amd64-tauri
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         name: artifact-amd64-tauri
+  #         path: gpgui/.tmp/artifact
+
+  #     - name: Download artifact-arm64-tauri
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         name: artifact-arm64-tauri
+  #         path: gpgui/.tmp/artifact
+
+  #     - name: Create tarball
+  #       run: |
+  #         ./gpgui/scripts/build-tarball.sh
+
+  #     - name: Upload tarball
+  #       uses: actions/upload-artifact@v3
+  #       with:
+  #         name: artifact-tarball
+  #         path: |
+  #           gpgui/.tmp/tarball/*.tar.gz
+
+  # package-rpm:
+  #   needs: [setup-matrix, package-tarball]
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     matrix:
+  #       arch: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+  #   steps:
+  #     - name: Checkout gpgui repo
+  #       uses: actions/checkout@v3
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         repository: yuezk/gpgui
+  #         path: gpgui
+
+  #     - name: Download package tarball
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         name: artifact-tarball
+  #         path: gpgui/.tmp/artifact
+
+  #     - name: Set up QEMU
+  #       uses: docker/setup-qemu-action@v3
+  #       with:
+  #         platforms: ${{ matrix.arch }}
+
+  #     - name: Login to Docker Hub
+  #       uses: docker/login-action@v3
+  #       with:
+  #         username: ${{ secrets.DOCKER_HUB_USERNAME }}
+  #         password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+  #     - name: Create RPM package
+  #       run: |
+  #         docker run \
+  #           --rm \
+  #           -v $(pwd):/${{ github.workspace }} \
+  #           -w ${{ github.workspace }} \
+  #           --platform linux/${{ matrix.arch }} \
+  #           yuezk/gpdev:rpm-builder \
+  #           "./gpgui/scripts/build-rpm.sh"
+
+  #     - name: Upload rpm artifacts
+  #       uses: actions/upload-artifact@v3
+  #       with:
+  #         name: artifact-${{ matrix.arch }}-rpm
+  #         path: |
+  #           gpgui/.tmp/artifact/*.rpm
+
+  # package-pkgbuild:
+  #   needs: [setup-matrix, build-tauri-amd64, build-tauri-arm64]
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     matrix:
+  #       arch: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+  #   steps:
+  #     - name: Checkout gpgui repo
+  #       uses: actions/checkout@v3
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         repository: yuezk/gpgui
+  #         path: gpgui
+
+  #     - name: Download artifact-${{ matrix.arch }}
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         name: artifact-${{ matrix.arch }}-tauri
+  #         path: gpgui/.tmp/artifact
+
+  #     - name: Set up QEMU
+  #       uses: docker/setup-qemu-action@v3
+  #       with:
+  #         platforms: ${{ matrix.arch }}
+
+  #     - name: Login to Docker Hub
+  #       uses: docker/login-action@v3
+  #       with:
+  #         username: ${{ secrets.DOCKER_HUB_USERNAME }}
+  #         password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+  #     - name: Generate PKGBUILD
+  #       run: |
+  #         export CI_ARCH=${{ matrix.arch }}
+  #         ./gpgui/scripts/generate-pkgbuild.sh
+
+  #     - name: Build PKGBUILD package
+  #       run: |
+  #         # Build package
+  #         docker run \
+  #           --rm \
+  #           -v $(pwd)/gpgui/.tmp/pkgbuild:/pkgbuild \
+  #           --platform linux/${{ matrix.arch }} \
+  #           yuezk/gpdev:pkgbuild
+
+  #     - name: Upload pkgbuild artifacts
+  #       uses: actions/upload-artifact@v3
+  #       with:
+  #         name: artifact-${{ matrix.arch }}-pkgbuild
+  #         path: |
+  #           gpgui/.tmp/pkgbuild/*.pkg.tar.zst
+
+  # gh-release:
+  #   if: startsWith(github.ref, 'refs/tags/')
+  #   runs-on: ubuntu-latest
+  #   needs:
+  #     - package-rpm
+  #     - package-pkgbuild
+
+  #   steps:
+  #     - name: Download artifact
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         path: artifact
+  #         # pattern: artifact-*
+  #         # merge-multiple: true
+
+  #     # - name: Generate checksum
+  #     #   uses: jmgilman/actions-generate-checksum@v1
+  #     #   with:
+  #     #     output: checksums.txt
+  #     #     patterns: |
+  #     #       artifact/*
+
+  #     - name: Create GH release
+  #       uses: softprops/action-gh-release@v1
+  #       with:
+  #         token: ${{ secrets.GH_PAT }}
+  #         prerelease: ${{ contains(github.ref, 'latest') }}
+  #         fail_on_unmatched_files: true
+  #         files: |
+  #           artifact/artifact-*/*

.github/workflows/publish.yaml

@@ -1,89 +0,0 @@
-name: Publish Packages
-
-on:
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: 'Tag to publish'
-        required: true
-      revision:
-        description: 'Package revision'
-        required: true
-        default: "1"
-      ppa:
-        description: 'Publish to PPA'
-        type: boolean
-        required: true
-        default: true
-      obs:
-        description: 'Publish to OBS'
-        type: boolean
-        required: true
-        default: true
-      aur:
-        description: 'Publish to AUR'
-        type: boolean
-        required: true
-        default: true
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check tag exists
-      uses: mukunku/tag-exists-action@v1.6.0
-      id: check-tag
-      with:
-        tag: ${{ inputs.tag }}
-    - name: Exit if tag does not exist
-      run: |
-        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
-          echo "Tag ${{ inputs.tag }} does not exist"
-          exit 1
-        fi
-
-  publish-ppa:
-    needs: check
-    if: ${{ inputs.ppa }}
-    runs-on: ubuntu-latest
-    steps:
-    - uses: pnpm/action-setup@v2
-      with:
-        version: 8
-    - name: Prepare workspace
-      run: rm -rf publish-ppa && mkdir publish-ppa
-    - name: Download ${{ inputs.tag }} source code
-      uses: robinraju/release-downloader@v1.9
-      with:
-        token: ${{ secrets.GH_PAT }}
-        tag: ${{ inputs.tag }}
-        fileName: globalprotect-openconnect-*.tar.gz
-        tarBall: false
-        zipBall: false
-        out-file-path: publish-ppa
-    - name: Make the offline tarball
-      run: |
-        cd publish-ppa
-        tar -xf globalprotect-openconnect-*.tar.gz
-        cd globalprotect-openconnect-*/
-
-        make tarball OFFLINE=1
-
-        # Prepare the debian directory with custom files
-        mkdir -p .build/debian
-        sed 's/@RUST@/rust-all(>=1.70)/g' packaging/deb/control.in > .build/debian/control
-        sed 's/@OFFLINE@/1/g' packaging/deb/rules.in > .build/debian/rules
-        cp packaging/deb/postrm .build/debian/postrm
-
-    - name: Publish to PPA
-      uses: yuezk/publish-ppa-package@dev
-      with:
-        repository: "yuezk/globalprotect-openconnect"
-        gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
-        gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
-        tarball: publish-ppa/globalprotect-openconnect-*/.build/tarball/*.tar.gz
-        debian_dir: publish-ppa/globalprotect-openconnect-*/.build/debian
-        deb_email: "k3vinyue@gmail.com"
-        deb_fullname: "Kevin Yue"
-        extra_ppa: "liushuyu-011/rust-bpo-1.75"
-        revision: ${{ inputs.revision }}

.github/workflows/release.yaml

@@ -1,153 +0,0 @@
-name: Release Packages
-
-on:
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: 'Tag to release'
-        required: true
-      arch:
-        type: choice
-        description: 'Architecture to build'
-        required: true
-        default: all
-        options:
-          - all
-          - x86_64
-          - arm64
-      release-deb:
-        type: boolean
-        description: 'Build DEB package'
-        required: true
-        default: true
-      release-rpm:
-        type: boolean
-        description: 'Build RPM package'
-        required: true
-        default: true
-      release-pkg:
-        type: boolean
-        description: 'Build PKG package'
-        required: true
-        default: true
-      release-binary:
-        type: boolean
-        description: 'Build binary package'
-        required: true
-        default: true
-      gh-release:
-        type: boolean
-        description: 'Update GitHub release'
-        required: true
-        default: true
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check tag exists
-      uses: mukunku/tag-exists-action@v1.6.0
-      id: check-tag
-      with:
-        tag: ${{ inputs.tag }}
-    - name: Exit if tag does not exist
-      run: |
-        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
-          echo "Tag ${{ inputs.tag }} does not exist"
-          exit 1
-        fi
-
-  setup-matrix:
-    needs:
-    - check
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.result }}
-    steps:
-    - name: Set up matrix
-      id: set-matrix
-      uses: actions/github-script@v7
-      with:
-        result-encoding: string
-        script: |
-          const inputs = ${{ toJson(inputs) }}
-          const { arch } = inputs
-          const osMap = {
-            "all": ["ubuntu-latest", "arm64"],
-            "x86_64": ["ubuntu-latest"],
-            "arm64": ["arm64"]
-          }
-
-          const package = Object.entries(inputs)
-            .filter(([key, value]) => key.startsWith('release-') && value)
-            .map(([key, value]) => key.replace('release-', ''))
-
-          return JSON.stringify({
-            os: osMap[arch],
-            package,
-          })
-
-  build:
-    needs:
-    - setup-matrix
-    strategy:
-      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Prepare workspace
-      run: rm -rf build-${{ matrix.package }} && mkdir -p build-${{ matrix.package }}
-    - name: Download ${{ inputs.tag }} source code
-      uses: robinraju/release-downloader@v1.9
-      with:
-        token: ${{ secrets.GH_PAT }}
-        tag: ${{ inputs.tag }}
-        fileName: globalprotect-openconnect-*.tar.gz
-        tarBall: false
-        zipBall: false
-        out-file-path: build-${{ matrix.package }}
-    - name: Docker Login
-      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
-    - name: Build ${{ matrix.package }} package in Docker
-      run: |
-        docker run --rm \
-          -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} \
-          -e INCLUDE_GUI=1 \
-          yuezk/gpdev:${{ matrix.package }}-builder
-
-    - name: Install ${{ matrix.package }} package in Docker
-      run: |
-        docker run --rm \
-          -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} \
-          yuezk/gpdev:${{ matrix.package }}-builder \
-          bash install.sh
-
-    - name: Upload ${{ matrix.package }} package
-      uses: actions/upload-artifact@v3
-      with:
-        name: artifact-${{ matrix.os }}-${{ matrix.package }}
-        if-no-files-found: error
-        path: |
-          build-${{ matrix.package }}/artifacts/*
-
-  gh-release:
-    needs:
-    - build
-    runs-on: ubuntu-latest
-    if: ${{ inputs.gh-release }}
-    steps:
-    - name: Prepare workspace
-      run: rm -rf gh-release && mkdir gh-release
-    - name: Download artifact
-      uses: actions/download-artifact@v3
-      with:
-        path: gh-release
-    - name: Update release
-      uses: softprops/action-gh-release@v1
-      with:
-        token: ${{ secrets.GH_PAT }}
-        prerelease: ${{ contains(github.ref, 'snapshot') }}
-        fail_on_unmatched_files: true
-        tag_name: ${{ inputs.tag }}
-        files: |
-          gh-release/artifact-*/*
-

.gitignore

@@ -6,5 +6,4 @@
 *.tar.xz
 
 .cargo
-.build
+.rpm
-SNAPSHOT

Cargo.lock

@@ -562,13 +562,6 @@ dependencies = [
  "memchr",
 ]
 
-[[package]]
-name = "common"
-version = "2.1.4"
-dependencies = [
- "is_executable",
-]
-
 [[package]]
 name = "compile-time"
 version = "0.2.0"
@@ -1430,7 +1423,7 @@ dependencies = [
 
 [[package]]
 name = "gpapi"
-version = "2.1.4"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "base64 0.21.5",
@@ -1462,14 +1455,13 @@ dependencies = [
 
 [[package]]
 name = "gpauth"
-version = "2.1.4"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "clap",
  "compile-time",
  "env_logger",
  "gpapi",
- "html-escape",
  "log",
  "regex",
  "serde_json",
@@ -1483,11 +1475,10 @@ dependencies = [
 
 [[package]]
 name = "gpclient"
-version = "2.1.4"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "clap",
- "common",
  "compile-time",
  "directories",
  "env_logger",
@@ -1505,7 +1496,7 @@ dependencies = [
 
 [[package]]
 name = "gpgui-helper"
-version = "2.1.4"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "clap",
@@ -1523,7 +1514,7 @@ dependencies = [
 
 [[package]]
 name = "gpservice"
-version = "2.1.4"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "axum",
@@ -1536,10 +1527,8 @@ dependencies = [
  "openconnect",
  "serde",
  "serde_json",
- "tar",
  "tokio",
  "tokio-util",
- "xz2",
 ]
 
 [[package]]
@@ -1599,9 +1588,9 @@ dependencies = [
 
 [[package]]
 name = "h2"
-version = "0.3.26"
+version = "0.3.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8"
+checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9"
 dependencies = [
  "bytes",
  "fnv",
@@ -1618,9 +1607,9 @@ dependencies = [
 
 [[package]]
 name = "h2"
-version = "0.4.4"
+version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "816ec7294445779408f36fe57bc5b7fc1cf59664059096c65f905c1c61f58069"
+checksum = "31d030e59af851932b72ceebadf4a2b5986dba4c3b99dd2493f8273a0f151943"
 dependencies = [
  "bytes",
  "fnv",
@@ -1674,15 +1663,6 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
-[[package]]
-name = "html-escape"
-version = "0.2.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d1ad449764d627e22bfd7cd5e8868264fc9236e07c752972b4080cd351cb476"
-dependencies = [
- "utf8-width",
-]
-
 [[package]]
 name = "html5ever"
 version = "0.26.0"
@@ -1787,7 +1767,7 @@ dependencies = [
  "futures-channel",
  "futures-core",
  "futures-util",
- "h2 0.3.26",
+ "h2 0.3.24",
  "http 0.2.11",
  "http-body 0.4.6",
  "httparse",
@@ -1810,7 +1790,7 @@ dependencies = [
  "bytes",
  "futures-channel",
  "futures-util",
- "h2 0.4.4",
+ "h2 0.4.2",
  "http 1.0.0",
  "http-body 1.0.0",
  "httparse",
@@ -2218,17 +2198,6 @@ dependencies = [
  "tracing-subscriber",
 ]
 
-[[package]]
-name = "lzma-sys"
-version = "0.1.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fda04ab3764e6cde78b9974eec4f779acaba7c4e84b36eca3cf77c581b85d27"
-dependencies = [
- "cc",
- "libc",
- "pkg-config",
-]
-
 [[package]]
 name = "mac"
 version = "0.1.1"
@@ -2318,9 +2287,9 @@ dependencies = [
 
 [[package]]
 name = "mio"
-version = "0.8.11"
+version = "0.8.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
+checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09"
 dependencies = [
  "libc",
  "log",
@@ -2537,10 +2506,10 @@ dependencies = [
 
 [[package]]
 name = "openconnect"
-version = "2.1.4"
+version = "2.0.0"
 dependencies = [
  "cc",
- "common",
+ "is_executable",
  "log",
 ]
 
@@ -3167,7 +3136,7 @@ dependencies = [
  "encoding_rs",
  "futures-core",
  "futures-util",
- "h2 0.3.26",
+ "h2 0.3.24",
  "http 0.2.11",
  "http-body 0.4.6",
  "hyper 0.14.28",
@@ -4165,9 +4134,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.36.0"
+version = "1.35.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931"
+checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
 dependencies = [
  "backtrace",
  "bytes",
@@ -4494,12 +4463,6 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
 
-[[package]]
-name = "utf8-width"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86bd8d4e895da8537e5315b8254664e6b769c4ff3db18321b297a1e7004392e3"
-
 [[package]]
 name = "utf8parse"
 version = "0.2.1"
@@ -4606,12 +4569,6 @@ version = "0.11.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
-[[package]]
-name = "wasite"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
-
 [[package]]
 name = "wasm-bindgen"
 version = "0.2.89"
@@ -4788,12 +4745,11 @@ dependencies = [
 
 [[package]]
 name = "whoami"
-version = "1.5.1"
+version = "1.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a44ab49fad634e88f55bf8f9bb3abd2f27d7204172a112c7c9987e01c1c94ea9"
+checksum = "22fc3756b8a9133049b26c7f61ab35416c130e8c09b660f5b3958b446f52cc50"
 dependencies = [
- "redox_syscall",
+ "wasm-bindgen",
- "wasite",
  "web-sys",
 ]
 
@@ -5168,15 +5124,6 @@ version = "0.13.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4"
 
-[[package]]
-name = "xz2"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "388c44dc09d76f1536602ead6d325eb532f5c122f17782bd57fb47baeeb767e2"
-dependencies = [
- "lzma-sys",
-]
-
 [[package]]
 name = "zeroize"
 version = "1.7.0"

Cargo.toml

@@ -4,8 +4,7 @@ resolver = "2"
 members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth", "apps/gpgui-helper/src-tauri"]
 
 [workspace.package]
-rust-version = "1.70"
+version = "2.0.0"
-version = "2.1.4"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"

Makefile

@@ -1,8 +1,4 @@
-.SHELLFLAGS += -e
-
 OFFLINE ?= 0
-BUILD_FE ?= 1
-INCLUDE_GUI ?= 0
 CARGO ?= cargo
 
 VERSION = $(shell $(CARGO) metadata --no-deps --format-version 1 | jq -r '.packages[0].version')
@@ -11,17 +7,9 @@ PPA_REVISION ?= 1
 PKG_NAME = globalprotect-openconnect
 PKG = $(PKG_NAME)-$(VERSION)
 SERIES ?= $(shell lsb_release -cs)
-PUBLISH ?= 0
 
 export DEBEMAIL = k3vinyue@gmail.com
 export DEBFULLNAME = Kevin Yue
-export SNAPSHOT = $(shell test -f SNAPSHOT && echo "true" || echo "false")
-
-ifeq ($(SNAPSHOT), true)
-	RELEASE_TAG = snapshot
-else
-	RELEASE_TAG = v$(VERSION)
-endif
 
 CARGO_BUILD_ARGS = --release
 
@@ -34,55 +22,28 @@ default: build
 version:
 	@echo $(VERSION)
 
-clean-tarball:
+# Generate a vendor tarball and a .cargo/config.toml file
-	rm -rf .build/tarball
+cargo-vendor:
-	rm -rf .vendor
+	mkdir -p .cargo
-	rm -rf vendor.tar.xz
-	rm -rf .cargo
 
-# Create a tarball, include the cargo dependencies if OFFLINE is set to 1
+	$(CARGO) vendor .vendor > .cargo/config.toml
-tarball: clean-tarball
+	tar -cJf vendor.tar.xz .vendor
-	if [ $(BUILD_FE) -eq 1 ]; then \
-		echo "Building frontend..."; \
-		cd apps/gpgui-helper && pnpm install && pnpm build; \
-	fi
 
-	# Remove node_modules to reduce the tarball size
+tarball: clean clean-tarball build-fe cargo-vendor
 	rm -rf apps/gpgui-helper/node_modules
 
-	mkdir -p .cargo
+	tar --transform 's,^,${PKG}/,' -czf ../${PKG}.tar.gz * .cargo
-	mkdir -p .build/tarball
 
-	# If OFFLINE is set to 1, vendor all cargo dependencies
+# Extract the vendor tarball to the .vendor directory if it exists
-	if [ $(OFFLINE) -eq 1 ]; then \
+extract-vendor:
-		$(CARGO) vendor .vendor > .cargo/config.toml; \
+	if [ -f vendor.tar.xz ]; then tar -xJf vendor.tar.xz; fi
-		tar -cJf vendor.tar.xz .vendor; \
-	fi
 
-	@echo "Creating tarball..."
+build: extract-vendor build-fe build-rs gpgui-helper
-	tar --exclude .vendor --exclude target --transform 's,^,${PKG}/,' -czf .build/tarball/${PKG}.tar.gz * .cargo
-
-download-gui:
-	rm -rf .build/gpgui
-
-	if [ $(INCLUDE_GUI) -eq 1 ]; then \
-		echo "Downloading GlobalProtect GUI..."; \
-		mkdir -p .build/gpgui; \
-		curl -sSL https://github.com/yuezk/GlobalProtect-openconnect/releases/download/$(RELEASE_TAG)/gpgui_$(shell uname -m).bin.tar.xz \
-			-o .build/gpgui/gpgui_$(shell uname -m).bin.tar.xz; \
-		tar -xJf .build/gpgui/*.tar.xz -C .build/gpgui; \
-	else \
-		echo "Skipping GlobalProtect GUI download (INCLUDE_GUI=0)"; \
-	fi
-
-build: download-gui build-fe build-rs
 
 # Install and build the frontend
 # If OFFLINE is set to 1, skip it
 build-fe:
-	if [ $(OFFLINE) -eq 1 ] || [ $(BUILD_FE) -eq 0 ]; then \
+	if [ $(OFFLINE) -eq 0 ]; then \
-		echo "Skipping frontend build (OFFLINE=1 or BUILD_FE=0)"; \
-	else \
 		cd apps/gpgui-helper && pnpm install && pnpm build; \
 	fi
 
@@ -92,31 +53,26 @@ build-fe:
 	fi
 
 build-rs:
-	if [ $(OFFLINE) -eq 1 ]; then \
+	$(CARGO) build $(CARGO_BUILD_ARGS) -p gpclient -p gpauth -p gpservice
-		tar -xJf vendor.tar.xz; \
-	fi
 
-	$(CARGO) build $(CARGO_BUILD_ARGS) -p gpclient -p gpservice -p gpauth
+gpgui-helper:
 	$(CARGO) build $(CARGO_BUILD_ARGS) -p gpgui-helper --features "tauri/custom-protocol"
 
 clean:
 	$(CARGO) clean
-	rm -rf .build
 	rm -rf .vendor
 	rm -rf apps/gpgui-helper/node_modules
 
-install:
+clean-tarball:
-	@echo "Installing $(PKG_NAME)..."
+	rm -rf vendor.tar.xz
+	rm -rf ../$(PKG).tar.gz
 
+install:
 	install -Dm755 target/release/gpclient $(DESTDIR)/usr/bin/gpclient
 	install -Dm755 target/release/gpauth $(DESTDIR)/usr/bin/gpauth
 	install -Dm755 target/release/gpservice $(DESTDIR)/usr/bin/gpservice
 	install -Dm755 target/release/gpgui-helper $(DESTDIR)/usr/bin/gpgui-helper
 
-	if [ -f .build/gpgui/gpgui_*/gpgui ]; then \
-		install -Dm755 .build/gpgui/gpgui_*/gpgui $(DESTDIR)/usr/bin/gpgui; \
-	fi
-
 	install -Dm644 packaging/files/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
 	install -Dm644 packaging/files/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	install -Dm644 packaging/files/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
@@ -125,13 +81,10 @@ install:
 	install -Dm644 packaging/files/usr/share/polkit-1/actions/com.yuezk.gpgui.policy $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
 
 uninstall:
-	@echo "Uninstalling $(PKG_NAME)..."
-
 	rm -f $(DESTDIR)/usr/bin/gpclient
 	rm -f $(DESTDIR)/usr/bin/gpauth
 	rm -f $(DESTDIR)/usr/bin/gpservice
 	rm -f $(DESTDIR)/usr/bin/gpgui-helper
-	rm -f $(DESTDIR)/usr/bin/gpgui
 
 	rm -f $(DESTDIR)/usr/share/applications/gpgui.desktop
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
@@ -140,124 +93,66 @@ uninstall:
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
 
-clean-debian:
+init-debian:
-	rm -rf .build/deb
+	rm -rf .vendor
+	rm -rf debian
 
-# Generate the debian package structure, without the changelog
+	debmake
-init-debian: clean-debian tarball
-	mkdir -p .build/deb
-	cp .build/tarball/${PKG}.tar.gz .build/deb
 
-	tar -xzf .build/deb/${PKG}.tar.gz -C .build/deb
+	cp -f packaging/deb/control debian/control
-	cd .build/deb/${PKG} && debmake
+	cp -f packaging/deb/rules debian/rules
-
+	rm -f debian/changelog
-	cp -f packaging/deb/control.in .build/deb/$(PKG)/debian/control
-	cp -f packaging/deb/rules.in .build/deb/$(PKG)/debian/rules
-	cp -f packaging/deb/postrm .build/deb/$(PKG)/debian/postrm
-
-	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/deb/$(PKG)/debian/rules
-
-	rm -f .build/deb/$(PKG)/debian/changelog
 
 deb: init-debian
-	# Remove the rust build depdency from the control file
+	dch --create --distribution unstable --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION) "Bugfix and improvements."
-	sed -i "s/@RUST@//g" .build/deb/$(PKG)/debian/control
 
-	cd .build/deb/$(PKG) && dch --create --distribution unstable --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION) "Bugfix and improvements."
+	debuild --preserve-env -e PATH -us -uc -b
-
-	cd .build/deb/$(PKG) && debuild --preserve-env -e PATH -us -uc -b
-
-check-ppa:
-	if [ $(OFFLINE) -eq 0 ]; then \
-		echo "Error: ppa build requires offline mode (OFFLINE=1)"; \
-	fi
-
-# Usage: make ppa SERIES=focal OFFLINE=1 PUBLISH=1
-ppa: check-ppa init-debian
-	sed -i "s/@RUST@/rust-all(>=1.70)/g" .build/deb/$(PKG)/debian/control
 
+# Usage: make ppa SERIES=focal
+ppa: init-debian
 	$(eval SERIES_VER = $(shell distro-info --series $(SERIES) -r | cut -d' ' -f1))
 	@echo "Building for $(SERIES) $(SERIES_VER)"
 
-	rm -rf .build/deb/$(PKG)/debian/changelog
+	dch --create --distribution $(SERIES) --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION)ppa$(PPA_REVISION)~ubuntu$(SERIES_VER) "Bugfix and improvements."
-	cd .build/deb/$(PKG) && dch --create --distribution $(SERIES) --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION)ppa$(PPA_REVISION)~ubuntu$(SERIES_VER) "Bugfix and improvements."
 
-	cd .build/deb/$(PKG) && echo "y" | debuild -e PATH -S -sa -k"$(GPG_KEY_ID)" -p"gpg --batch --passphrase $(GPG_KEY_PASS) --pinentry-mode loopback"
+	echo "y" | debuild -e PATH -S -sa -k"$(GPG_KEY_ID)" -p"gpg --batch --passphrase $(GPG_KEY_PASS) --pinentry-mode loopback"
 
-	if [ $(PUBLISH) -eq 1 ]; then \
+publish-ppa: ppa
-		cd .build/deb/$(PKG) && dput ppa:yuezk/globalprotect-openconnect ../*.changes; \
+	dput ppa:yuezk/globalprotect-openconnect ../*.changes
-	else \
-		echo "Skipping ppa publish (PUBLISH=0)"; \
-	fi
-
-clean-rpm:
-	rm -rf .build/rpm
 
 # Generate RPM sepc file
-init-rpm: clean-rpm
+rpm-spec:
-	mkdir -p .build/rpm
+	rm -rf .rpm
+	mkdir -p .rpm
 
-	cp packaging/rpm/globalprotect-openconnect.spec.in .build/rpm/globalprotect-openconnect.spec
+	cp packaging/rpm/globalprotect-openconnect.spec.in .rpm/globalprotect-openconnect.spec
-	cp packaging/rpm/globalprotect-openconnect.changes.in .build/rpm/globalprotect-openconnect.changes
+	cp packaging/rpm/globalprotect-openconnect.changes.in .rpm/globalprotect-openconnect.changes
 
-	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.spec
+	sed -i "s/@VERSION@/$(VERSION)/g" .rpm/globalprotect-openconnect.spec
-	sed -i "s/@REVISION@/$(REVISION)/g" .build/rpm/globalprotect-openconnect.spec
+	sed -i "s/@REVISION@/$(REVISION)/g" .rpm/globalprotect-openconnect.spec
-	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/rpm/globalprotect-openconnect.spec
+	sed -i "s/@DATE@/$(shell date "+%a %b %d %Y")/g" .rpm/globalprotect-openconnect.spec
-	sed -i "s/@DATE@/$(shell LC_ALL=en.US date "+%a %b %d %Y")/g" .build/rpm/globalprotect-openconnect.spec
 
-	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.changes
+	sed -i "s/@VERSION@/$(VERSION)/g" .rpm/globalprotect-openconnect.changes
-	sed -i "s/@DATE@/$(shell LC_ALL=en.US date -u "+%a %b %e %T %Z %Y")/g" .build/rpm/globalprotect-openconnect.changes
+	sed -i "s/@DATE@/$(shell LC_ALL=en.US date -u "+%a %b %e %T %Z %Y")/g" .rpm/globalprotect-openconnect.changes
+
+# Ensure ../globalprotect-openconnect-*.tar.gz exists.
+rpm: rpm-spec
+	if [ ! -f ../$(PKG).tar.gz ]; then \
+		echo "Missing ../$(PKG).tar.gz"; \
+		exit 1; \
+	fi
 
-rpm: init-rpm tarball
 	rm -rf $(HOME)/rpmbuild
 	rpmdev-setuptree
 
-	cp .build/tarball/${PKG}.tar.gz $(HOME)/rpmbuild/SOURCES/${PKG_NAME}.tar.gz
+	cp ../$(PKG).tar.gz $(HOME)/rpmbuild/SOURCES/$(PKG_NAME).tar.gz
-	rpmbuild -ba .build/rpm/globalprotect-openconnect.spec
 
-	# Copy RPM package from build directory
+	rpmbuild -ba .rpm/globalprotect-openconnect.spec
-	cp $(HOME)/rpmbuild/RPMS/$(shell uname -m)/$(PKG_NAME)*.rpm .build/rpm
+
+	# Copy RPM package
+	cp $(HOME)/rpmbuild/RPMS/$(shell uname -m)/$(PKG_NAME)*.rpm .rpm
 
 	# Copy the SRPM only for x86_64.
 	if [ "$(shell uname -m)" = "x86_64" ]; then \
-		cp $(HOME)/rpmbuild/SRPMS/$(PKG_NAME)*.rpm .build/rpm; \
+		cp $(HOME)/rpmbuild/SRPMS/$(PKG_NAME)*.rpm .rpm \
 	fi
-
-clean-pkgbuild:
-	rm -rf .build/pkgbuild
-
-init-pkgbuild: clean-pkgbuild tarball
-	mkdir -p .build/pkgbuild
-
-	cp .build/tarball/${PKG}.tar.gz .build/pkgbuild
-	cp packaging/pkgbuild/PKGBUILD.in .build/pkgbuild/PKGBUILD
-
-	sed -i "s/@PKG_NAME@/$(PKG_NAME)/g" .build/pkgbuild/PKGBUILD
-	sed -i "s/@VERSION@/$(VERSION)/g" .build/pkgbuild/PKGBUILD
-	sed -i "s/@REVISION@/$(REVISION)/g" .build/pkgbuild/PKGBUILD
-	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/pkgbuild/PKGBUILD
-
-pkgbuild: init-pkgbuild
-	cd .build/pkgbuild && makepkg -s --noconfirm
-
-clean-binary:
-	rm -rf .build/binary
-
-binary: clean-binary tarball
-	mkdir -p .build/binary
-
-	cp .build/tarball/${PKG}.tar.gz .build/binary
-	tar -xzf .build/binary/${PKG}.tar.gz -C .build/binary
-
-	mkdir -p .build/binary/$(PKG_NAME)_$(VERSION)/artifacts
-
-	make -C .build/binary/${PKG} build OFFLINE=$(OFFLINE) BUILD_FE=0 INCLUDE_GUI=$(INCLUDE_GUI)
-	make -C .build/binary/${PKG} install DESTDIR=$(PWD)/.build/binary/$(PKG_NAME)_$(VERSION)/artifacts
-
-	cp packaging/binary/Makefile.in .build/binary/$(PKG_NAME)_$(VERSION)/Makefile
-
-	# Create a tarball for the binary package
-	tar -cJf .build/binary/$(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz -C .build/binary $(PKG_NAME)_$(VERSION)
-
-	# Generate sha256sum
-	cd .build/binary && sha256sum $(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz | cut -d' ' -f1 > $(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz.sha256

README.md

@@ -53,6 +53,15 @@ The GUI version is also available after you installed it. You can launch it from
 
 ## Installation
 
+> [!Note]
+>
+> This instruction is for the 2.x version. The 1.x version is still available on the [1.x](https://github.com/yuezk/GlobalProtect-openconnect/tree/1.x) branch, you can build it from the source code by following the instructions in the `README.md` file.
+
+> [!Warning]
+>
+> The client requires `openconnect >= 8.20, pkexec, and gnome-keyring`, please make sure you have them installed.
+> Installing the client from PPA will automatically install the required version of `openconnect`.
+
 ### Debian/Ubuntu based distributions
 
 #### Install from PPA
@@ -94,7 +103,7 @@ Download the latest package from [releases](https://github.com/yuezk/GlobalProte
 sudo pacman -U globalprotect-openconnect-*.pkg.tar.zst
 ```
 
-### Fedora 38 and later / Fedora Rawhide
+### Fedora/OpenSUSE/CentOS/RHEL
 
 #### Install from COPR
 
@@ -105,47 +114,20 @@ sudo dnf copr enable yuezk/globalprotect-openconnect
 sudo dnf install globalprotect-openconnect
 ```
 
-### openSUSE Leap 15.6 / openSUSE Tumbleweed
+#### Install from OBS (OpenSUSE Build Service)
-
-#### Install from OBS (openSUSE Build Service)
 
 The package is also available on [OBS](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect) for various RPM-based distributions. You can follow the instructions [on this page](https://software.opensuse.org//download.html?project=home%3Ayuezk&package=globalprotect-openconnect) to install it.
 
-### Other RPM-based distributions
-
 #### Install from RPM package
 
 Download the latest RPM package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
 
-```bash
-sudo rpm -i globalprotect-openconnect-*.rpm
-```
-
 ### Other distributions
 
 - Install `openconnect >= 8.20`, `webkit2gtk`, `libsecret`, `libayatana-appindicator` or `libappindicator-gtk3`.
-- Download `globalprotect-openconnect_${version}_${arch}.bin.tar.xz` from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
+- Download `globalprotect-openconnect.tar.gz` from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
-- Extract the tarball with `tar -xJf globalprotect-openconnect_${version}_${arch}.bin.tar.xz`.
+- Extract the tarball and run `make build` to build the client.
-- Run `sudo make install` to install the client.
+- Run `make install` to install the client.
-
-## Build from source
-
-You can also build the client from source, steps are as follows:
-
-### Prerequisites
-
-- [Install Rust](https://www.rust-lang.org/tools/install)
-- Install Tauri dependencies: https://tauri.app/v1/guides/getting-started/prerequisites/#setting-up-linux
-- Install `perl`
-- Install `openconnect >= 8.20` and `libopenconnect-dev` (or `openconnect-devel` on RPM-based distributions)
-- Install `pkexec`, `gnome-keyring` (or `pam_kwallet` on KDE)
-
-### Build
-
-1. Download the source code tarball from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Choose `globalprotect-openconnect-${version}.tar.gz`.
-2. Extract the tarball with `tar -xzf globalprotect-openconnect-${version}.tar.gz`.
-3. Enter the source directory and run `make build BUILD_FE=0` to build the client.
-3. Run `sudo make install` to install the client. (Note, `DESTDIR` is not supported)
 
 ## FAQ
 

apps/gpauth/Cargo.toml

@@ -18,7 +18,6 @@ serde_json.workspace = true
 tokio.workspace = true
 tokio-util.workspace = true
 tempfile.workspace = true
-html-escape = "0.2.13"
 webkit2gtk = "0.18.2"
 tauri = { workspace = true, features = ["http-all"] }
 compile-time.workspace = true

apps/gpauth/src/auth_window.rs

@@ -7,7 +7,6 @@ use std::{
 use anyhow::bail;
 use gpapi::{
   auth::SamlAuthData,
-  error::AuthDataParseError,
   gp_params::GpParams,
   portal::{prelogin, Prelogin},
   utils::{redact::redact_uri, window::WindowExt},
@@ -185,10 +184,6 @@ impl<'a> AuthWindow<'a> {
           }
 
           info!("Loaded uri: {}", redact_uri(&uri));
-          if uri.starts_with("globalprotectcallback:") {
-            return;
-          }
-
           read_auth_data(&main_resource, auth_result_tx_clone.clone());
         }
       });
@@ -207,9 +202,7 @@ impl<'a> AuthWindow<'a> {
 
       wv.connect_load_failed(move |_wv, _event, uri, err| {
         let redacted_uri = redact_uri(uri);
-        if !uri.starts_with("globalprotectcallback:") {
         warn!("Failed to load uri: {} with error: {}", redacted_uri, err);
-        }
         // NOTE: Don't send error here, since load_changed event will be triggered after this
         // send_auth_result(&auth_result_tx, Err(AuthDataError::Invalid));
         // true to stop other handlers from being invoked for the event. false to propagate the event further.
@@ -346,7 +339,7 @@ fn read_auth_data_from_headers(response: &URIResponse) -> AuthResult {
 
 fn read_auth_data_from_body<F>(main_resource: &WebResource, callback: F)
 where
-  F: FnOnce(Result<SamlAuthData, AuthDataParseError>) + Send + 'static,
+  F: FnOnce(AuthResult) + Send + 'static,
 {
   main_resource.data(Cancellable::NONE, |data| match data {
     Ok(data) => {
@@ -355,41 +348,53 @@ where
     }
     Err(err) => {
       info!("Failed to read response body: {}", err);
-      callback(Err(AuthDataParseError::Invalid))
+      callback(Err(AuthDataError::Invalid))
     }
   });
 }
 
-fn read_auth_data_from_html(html: &str) -> Result<SamlAuthData, AuthDataParseError> {
+fn read_auth_data_from_html(html: &str) -> AuthResult {
   if html.contains("Temporarily Unavailable") {
     info!("Found 'Temporarily Unavailable' in HTML, auth failed");
-    return Err(AuthDataParseError::Invalid);
+    return Err(AuthDataError::Invalid);
   }
 
-  SamlAuthData::from_html(html).or_else(|err| {
+  match parse_xml_tag(html, "saml-auth-status") {
-    if let Some(gpcallback) = extract_gpcallback(html) {
+    Some(saml_status) if saml_status == "1" => {
-      info!("Found gpcallback from html...");
+      let username = parse_xml_tag(html, "saml-username");
-      SamlAuthData::from_gpcallback(&gpcallback)
+      let prelogin_cookie = parse_xml_tag(html, "prelogin-cookie");
-    } else {
+      let portal_userauthcookie = parse_xml_tag(html, "portal-userauthcookie");
-      Err(err)
-    }
-  })
-}
 
-fn extract_gpcallback(html: &str) -> Option<String> {
+      if SamlAuthData::check(&username, &prelogin_cookie, &portal_userauthcookie) {
-  let re = Regex::new(r#"globalprotectcallback:[^"]+"#).unwrap();
+        return Ok(SamlAuthData::new(
-  re.captures(html)
+          username.unwrap(),
-    .and_then(|captures| captures.get(0))
+          prelogin_cookie,
-    .map(|m| html_escape::decode_html_entities(m.as_str()).to_string())
+          portal_userauthcookie,
+        ));
+      }
+
+      info!("Found invalid auth data in HTML");
+      Err(AuthDataError::Invalid)
+    }
+    Some(status) => {
+      info!("Found invalid SAML status {} in HTML", status);
+      Err(AuthDataError::Invalid)
+    }
+    None => {
+      info!("No auth data found in HTML");
+      Err(AuthDataError::NotFound)
+    }
+  }
 }
 
 fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSender<AuthResult>) {
-  let Some(response) = main_resource.response() else {
+  if main_resource.response().is_none() {
     info!("No response found in main resource");
     send_auth_result(&auth_result_tx, Err(AuthDataError::Invalid));
     return;
-  };
+  }
 
+  let response = main_resource.response().unwrap();
   info!("Trying to read auth data from response headers...");
 
   match read_auth_data_from_headers(&response) {
@@ -402,27 +407,22 @@ fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSe
       read_auth_data_from_body(main_resource, move |auth_result| {
         // Since we have already found invalid auth data in headers, which means this could be the `/SAML20/SP/ACS` endpoint
         // any error result from body should be considered as invalid, and trigger a retry
-        let auth_result = auth_result.map_err(|err| {
+        let auth_result = auth_result.map_err(|_| AuthDataError::Invalid);
-          info!("Failed to read auth data from body: {}", err);
-          AuthDataError::Invalid
-        });
         send_auth_result(&auth_result_tx, auth_result);
       });
     }
     Err(AuthDataError::NotFound) => {
       info!("No auth data found in headers, trying to read from body...");
-
+      let url = main_resource.uri().unwrap_or("".into());
-      let is_acs_endpoint = main_resource.uri().map_or(false, |uri| uri.contains("/SAML20/SP/ACS"));
+      let is_acs_endpoint = url.contains("/SAML20/SP/ACS");
 
       read_auth_data_from_body(main_resource, move |auth_result| {
         // If the endpoint is `/SAML20/SP/ACS` and no auth data found in body, it should be considered as invalid
         let auth_result = auth_result.map_err(|err| {
-          info!("Failed to read auth data from body: {}", err);
+          if matches!(err, AuthDataError::NotFound) && is_acs_endpoint {
-
-          if !is_acs_endpoint && matches!(err, AuthDataParseError::NotFound) {
-            AuthDataError::NotFound
-          } else {
             AuthDataError::Invalid
+          } else {
+            err
           }
         });
 
@@ -437,6 +437,13 @@ fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSe
   }
 }
 
+fn parse_xml_tag(html: &str, tag: &str) -> Option<String> {
+  let re = Regex::new(&format!("<{}>(.*)</{}>", tag, tag)).unwrap();
+  re.captures(html)
+    .and_then(|captures| captures.get(1))
+    .map(|m| m.as_str().to_string())
+}
+
 pub(crate) async fn clear_webview_cookies(window: &Window) -> anyhow::Result<()> {
   let (tx, rx) = oneshot::channel::<Result<(), String>>();
 
@@ -482,42 +489,3 @@ pub(crate) async fn clear_webview_cookies(window: &Window) -> anyhow::Result<()>
 
   rx.await?.map_err(|err| anyhow::anyhow!(err))
 }
-
-#[cfg(test)]
-mod tests {
-  use super::*;
-
-  #[test]
-  fn extract_gpcallback_some() {
-    let html = r#"
-      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:PGh0bWw+PCEtLSA8c">
-      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:PGh0bWw+PCEtLSA8c">
-    "#;
-
-    assert_eq!(
-      extract_gpcallback(html).as_deref(),
-      Some("globalprotectcallback:PGh0bWw+PCEtLSA8c")
-    );
-  }
-
-  #[test]
-  fn extract_gpcallback_cas() {
-    let html = r#"
-      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:cas-as=1&amp;un=xyz@email.com&amp;token=very_long_string">
-    "#;
-
-    assert_eq!(
-      extract_gpcallback(html).as_deref(),
-      Some("globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string")
-    );
-  }
-
-  #[test]
-  fn extract_gpcallback_none() {
-    let html = r#"
-      <meta http-equiv="refresh" content="0; URL=PGh0bWw+PCEtLSA8c">
-    "#;
-
-    assert_eq!(extract_gpcallback(html), None);
-  }
-}

apps/gpauth/tauri.conf.json

@@ -22,8 +22,8 @@
         "all": true,
         "request": true,
         "scope": [
-          "http://*",
+          "http://**",
-          "https://*"
+          "https://**"
         ]
       }
     },

apps/gpclient/Cargo.toml

@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 
 [dependencies]
-common = { path = "../../crates/common" }
 gpapi = { path = "../../crates/gpapi", features = ["clap"] }
 openconnect = { path = "../../crates/openconnect" }
 anyhow.workspace = true

apps/gpclient/src/connect.rs

@@ -1,14 +1,12 @@
 use std::{fs, sync::Arc};
 
 use clap::Args;
-use common::vpn_utils::find_csd_wrapper;
 use gpapi::{
   clap::args::Os,
   credential::{Credential, PasswordCredential},
-  error::PortalError,
+  gateway::gateway_login,
-  gateway::{gateway_login, GatewayLogin},
   gp_params::{ClientOs, GpParams},
-  portal::{prelogin, retrieve_config, Prelogin},
+  portal::{prelogin, retrieve_config, PortalError, Prelogin},
   process::{
     auth_launcher::SamlAuthLauncher,
     users::{get_non_root_user, get_user_by_name},
@@ -32,14 +30,6 @@ pub(crate) struct ConnectArgs {
   user: Option<String>,
   #[arg(long, short, help = "The VPNC script to use")]
   script: Option<String>,
-  #[arg(long, help = "Connect the server as a gateway, instead of a portal")]
-  as_gateway: bool,
-
-  #[arg(
-    long,
-    help = "Use the default CSD wrapper to generate the HIP report and send it to the server"
-  )]
-  hip: bool,
 
   #[arg(long, help = "Same as the '--csd-user' option in the openconnect command")]
   csd_user: Option<String>,
@@ -97,12 +87,6 @@ impl<'a> ConnectHandler<'a> {
 
   pub(crate) async fn handle(&self) -> anyhow::Result<()> {
     let server = self.args.server.as_str();
-    let as_gateway = self.args.as_gateway;
-
-    if as_gateway {
-      info!("Treating the server as a gateway");
-      return self.connect_gateway_with_prelogin(server).await;
-    }
 
     let Err(err) = self.connect_portal_with_prelogin(server).await else {
       return Ok(());
@@ -111,15 +95,10 @@ impl<'a> ConnectHandler<'a> {
     info!("Failed to connect portal with prelogin: {}", err);
     if err.root_cause().downcast_ref::<PortalError>().is_some() {
       info!("Trying the gateway authentication workflow...");
-      self.connect_gateway_with_prelogin(server).await?;
+      return self.connect_gateway_with_prelogin(server).await;
-
-      eprintln!("\nNOTE: the server may be a gateway, not a portal.");
-      eprintln!("NOTE: try to use the `--as-gateway` option if you were authenticated twice.");
-
-      Ok(())
-    } else {
-      Err(err)
     }
+
+    Err(err)
   }
 
   async fn connect_portal_with_prelogin(&self, portal: &str) -> anyhow::Result<()> {
@@ -133,19 +112,16 @@ impl<'a> ConnectHandler<'a> {
     let selected_gateway = match &self.args.gateway {
       Some(gateway) => portal_config
         .find_gateway(gateway)
-        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway specified: {}", gateway))?,
+        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway {}", gateway))?,
       None => {
         portal_config.sort_gateways(prelogin.region());
         let gateways = portal_config.gateways();
 
         if gateways.len() > 1 {
-          let gateway = Select::new("Which gateway do you want to connect to?", gateways)
+          Select::new("Which gateway do you want to connect to?", gateways)
             .with_vim_mode(true)
-            .prompt()?;
+            .prompt()?
-          info!("Connecting to the selected gateway: {}", gateway);
-          gateway
         } else {
-          info!("Connecting to the only available gateway: {}", gateways[0]);
           gateways[0]
         }
       }
@@ -154,7 +130,7 @@ impl<'a> ConnectHandler<'a> {
     let gateway = selected_gateway.server();
     let cred = portal_config.auth_cookie().into();
 
-    let cookie = match self.login_gateway(gateway, &cred, &gp_params).await {
+    let cookie = match gateway_login(gateway, &cred, &gp_params).await {
       Ok(cookie) => cookie,
       Err(err) => {
         info!("Gateway login failed: {}", err);
@@ -166,54 +142,28 @@ impl<'a> ConnectHandler<'a> {
   }
 
   async fn connect_gateway_with_prelogin(&self, gateway: &str) -> anyhow::Result<()> {
-    info!("Performing the gateway authentication...");
-
     let mut gp_params = self.build_gp_params();
     gp_params.set_is_gateway(true);
 
     let prelogin = prelogin(gateway, &gp_params).await?;
     let cred = self.obtain_credential(&prelogin, gateway).await?;
 
-    let cookie = self.login_gateway(gateway, &cred, &gp_params).await?;
+    let cookie = gateway_login(gateway, &cred, &gp_params).await?;
 
     self.connect_gateway(gateway, &cookie).await
   }
 
-  async fn login_gateway(&self, gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<String> {
-    let mut gp_params = gp_params.clone();
-
-    loop {
-      match gateway_login(gateway, cred, &gp_params).await? {
-        GatewayLogin::Cookie(cookie) => return Ok(cookie),
-        GatewayLogin::Mfa(message, input_str) => {
-          let otp = Text::new(&message).prompt()?;
-          gp_params.set_input_str(&input_str);
-          gp_params.set_otp(&otp);
-
-          info!("Retrying gateway login with MFA...");
-        }
-      }
-    }
-  }
-
   async fn connect_gateway(&self, gateway: &str, cookie: &str) -> anyhow::Result<()> {
-    let mtu = self.args.mtu.unwrap_or(0);
     let csd_uid = get_csd_uid(&self.args.csd_user)?;
-    let csd_wrapper = if self.args.csd_wrapper.is_some() {
+    let mtu = self.args.mtu.unwrap_or(0);
-      self.args.csd_wrapper.clone()
-    } else if self.args.hip {
-      find_csd_wrapper()
-    } else {
-      None
-    };
 
     let vpn = Vpn::builder(gateway, cookie)
-      .script(self.args.script.clone())
       .user_agent(self.args.user_agent.clone())
+      .script(self.args.script.clone())
       .csd_uid(csd_uid)
-      .csd_wrapper(csd_wrapper)
+      .csd_wrapper(self.args.csd_wrapper.clone())
       .mtu(mtu)
-      .build()?;
+      .build();
 
     let vpn = Arc::new(vpn);
     let vpn_clone = vpn.clone();

apps/gpclient/src/launch_gui.rs

@@ -82,7 +82,7 @@ async fn feed_auth_data(auth_data: &str) -> anyhow::Result<()> {
 
   reqwest::Client::default()
     .post(format!("{}/auth-data", service_endpoint))
-    .body(auth_data.to_string())
+    .json(&auth_data)
     .send()
     .await?
     .error_for_status()?;

apps/gpgui-helper/package.json

@@ -18,7 +18,7 @@
     "react-dom": "^18.2.0"
   },
   "devDependencies": {
-    "@tauri-apps/cli": "^1.5.6",
+    "@tauri-apps/cli": "^1.5.0",
     "@types/node": "^20.8.10",
     "@types/react": "^18.2.15",
     "@types/react-dom": "^18.2.7",
@@ -31,6 +31,6 @@
     "eslint-plugin-react-hooks": "^4.6.0",
     "prettier": "3.1.0",
     "typescript": "^5.0.2",
-    "vite": "^4.5.3"
+    "vite": "^4.4.4"
   }
 }

apps/gpgui-helper/pnpm-lock.yaml

@@ -29,8 +29,8 @@ dependencies:
 
 devDependencies:
   '@tauri-apps/cli':
-    specifier: ^1.5.6
+    specifier: ^1.5.0
-    version: 1.5.6
+    version: 1.5.0
   '@types/node':
     specifier: ^20.8.10
     version: 20.8.10
@@ -48,7 +48,7 @@ devDependencies:
     version: 6.12.0(eslint@8.54.0)(typescript@5.0.2)
   '@vitejs/plugin-react':
     specifier: ^4.0.3
-    version: 4.0.3(vite@4.5.3)
+    version: 4.0.3(vite@4.4.4)
   eslint:
     specifier: ^8.54.0
     version: 8.54.0
@@ -68,8 +68,8 @@ devDependencies:
     specifier: ^5.0.2
     version: 5.0.2
   vite:
-    specifier: ^4.5.3
+    specifier: ^4.4.4
-    version: 4.5.3(@types/node@20.8.10)
+    version: 4.4.4(@types/node@20.8.10)
 
 packages:
 
@@ -940,8 +940,8 @@ packages:
     engines: {node: '>= 14.6.0', npm: '>= 6.6.0', yarn: '>= 1.19.1'}
     dev: false
 
-  /@tauri-apps/cli-darwin-arm64@1.5.6:
+  /@tauri-apps/cli-darwin-arm64@1.5.0:
-    resolution: {integrity: sha512-NNvG3XLtciCMsBahbDNUEvq184VZmOveTGOuy0So2R33b/6FDkuWaSgWZsR1mISpOuP034htQYW0VITCLelfqg==}
+    resolution: {integrity: sha512-wvEfcSBjlh1G8uBiylMNFgBtAyk4mXfvDFcGyigf/2ui7Wve6fcAFDJdTVwiHOZ4Wxnw6BD3lIkVMQdDpE+nFg==}
     engines: {node: '>= 10'}
     cpu: [arm64]
     os: [darwin]
@@ -949,8 +949,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-darwin-x64@1.5.6:
+  /@tauri-apps/cli-darwin-x64@1.5.0:
-    resolution: {integrity: sha512-nkiqmtUQw3N1j4WoVjv81q6zWuZFhBLya/RNGUL94oafORloOZoSY0uTZJAoeieb3Y1YK0rCHSDl02MyV2Fi4A==}
+    resolution: {integrity: sha512-pWzLMAMslx3dkLyq1f4PpuEhgUs8mPISM5nQoHfgYYchJk6Ip1YtWupo56h5QjqyRNPUsSYT8DVGIw0Oi8auXQ==}
     engines: {node: '>= 10'}
     cpu: [x64]
     os: [darwin]
@@ -958,8 +958,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-linux-arm-gnueabihf@1.5.6:
+  /@tauri-apps/cli-linux-arm-gnueabihf@1.5.0:
-    resolution: {integrity: sha512-z6SPx+axZexmWXTIVPNs4Tg7FtvdJl9EKxYN6JPjOmDZcqA13iyqWBQal2DA/GMZ1Xqo3vyJf6EoEaKaliymPQ==}
+    resolution: {integrity: sha512-hP3nAd0TjxblIAgriXhdX33sKXwbkY3CKsWBVB3O+5DOGy7XzKosIt0KaqiV8BHI2pbHMVOwTZuvjdK8pPLULQ==}
     engines: {node: '>= 10'}
     cpu: [arm]
     os: [linux]
@@ -967,8 +967,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-linux-arm64-gnu@1.5.6:
+  /@tauri-apps/cli-linux-arm64-gnu@1.5.0:
-    resolution: {integrity: sha512-QuQjMQmpsCbzBrmtQiG4uhnfAbdFx3nzm+9LtqjuZlurc12+Mj5MTgqQ3AOwQedH3f7C+KlvbqD2AdXpwTg7VA==}
+    resolution: {integrity: sha512-/AwGSjUplzeiGWbKP8rAW4gQx5umWiaQJ0ifx6NakA/sIrhRXPYTobwzg4ixw31ALQNXaEosJCkmvXyHUvoUYw==}
     engines: {node: '>= 10'}
     cpu: [arm64]
     os: [linux]
@@ -976,8 +976,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-linux-arm64-musl@1.5.6:
+  /@tauri-apps/cli-linux-arm64-musl@1.5.0:
-    resolution: {integrity: sha512-8j5dH3odweFeom7bRGlfzDApWVOT4jIq8/214Wl+JeiNVehouIBo9lZGeghZBH3XKFRwEvU23i7sRVjuh2s8mg==}
+    resolution: {integrity: sha512-OFzKMkg3bmBjr/BYQ1kx4QOHL+JSkzX+Cw8RcG7CKnq8QoJyg8N0K0UTskgsVwlCN4l7bxeuSLvEveg4SBA2AQ==}
     engines: {node: '>= 10'}
     cpu: [arm64]
     os: [linux]
@@ -985,8 +985,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-linux-x64-gnu@1.5.6:
+  /@tauri-apps/cli-linux-x64-gnu@1.5.0:
-    resolution: {integrity: sha512-gbFHYHfdEGW0ffk8SigDsoXks6USpilF6wR0nqB/JbWzbzFR/sBuLVNQlJl1RKNakyJHu+lsFxGy0fcTdoX8xA==}
+    resolution: {integrity: sha512-V2stfUH3Qrc3cIXAd+cKbJruS1oJqqGd40GTVcKOKlRk9Ef9H3WNUQ5PyWKj1t1rk8AxjcBO/vK+Unkuy1WSCw==}
     engines: {node: '>= 10'}
     cpu: [x64]
     os: [linux]
@@ -994,8 +994,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-linux-x64-musl@1.5.6:
+  /@tauri-apps/cli-linux-x64-musl@1.5.0:
-    resolution: {integrity: sha512-9v688ogoLkeFYQNgqiSErfhTreLUd8B3prIBSYUt+x4+5Kcw91zWvIh+VSxL1n3KCGGsM7cuXhkGPaxwlEh1ug==}
+    resolution: {integrity: sha512-qpcGeesuksxzE7lC3RCnikTY9DCRMnAYwhWa9i8MA7pKDX1IXaEvAaXrse44XCZUohxLLgn2k2o6Pb+65dDijQ==}
     engines: {node: '>= 10'}
     cpu: [x64]
     os: [linux]
@@ -1003,8 +1003,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-win32-arm64-msvc@1.5.6:
+  /@tauri-apps/cli-win32-arm64-msvc@1.5.0:
-    resolution: {integrity: sha512-DRNDXFNZb6y5IZrw+lhTTA9l4wbzO4TNRBAlHAiXUrH+pRFZ/ZJtv5WEuAj9ocVSahVw2NaK5Yaold4NPAxHog==}
+    resolution: {integrity: sha512-Glt/AEWwbFmFnQuoPRbB6vMzCIT9jYSpD59zRP8ljhRSzwDHE59q5nXOrheLKICwMmaXqtAuCIq9ndDBKghwoQ==}
     engines: {node: '>= 10'}
     cpu: [arm64]
     os: [win32]
@@ -1012,8 +1012,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-win32-ia32-msvc@1.5.6:
+  /@tauri-apps/cli-win32-ia32-msvc@1.5.0:
-    resolution: {integrity: sha512-oUYKNR/IZjF4fsOzRpw0xesl2lOjhsQEyWlgbpT25T83EU113Xgck9UjtI7xemNI/OPCv1tPiaM1e7/ABdg5iA==}
+    resolution: {integrity: sha512-k+R2VI8eZJfRjaRS8LwbkjMBKFaKcWtA/byaFnGDDUnb3VM/WFW++3KjC5Ne2wXpxFW9RVaFiBNIpmRcExI0Qw==}
     engines: {node: '>= 10'}
     cpu: [ia32]
     os: [win32]
@@ -1021,8 +1021,8 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli-win32-x64-msvc@1.5.6:
+  /@tauri-apps/cli-win32-x64-msvc@1.5.0:
-    resolution: {integrity: sha512-RmEf1os9C8//uq2hbjXi7Vgz9ne7798ZxqemAZdUwo1pv3oLVZSz1/IvZmUHPdy2e6zSeySqWu1D0Y3QRNN+dg==}
+    resolution: {integrity: sha512-jEwq9UuUldVyDJ/dsYoHFuZfNZIkxbeDYSMELfZXsRvWWEA8xRYeTkH38S++KU1eBl5dTK0LbxhztEB2HjRT1g==}
     engines: {node: '>= 10'}
     cpu: [x64]
     os: [win32]
@@ -1030,21 +1030,21 @@ packages:
     dev: true
     optional: true
 
-  /@tauri-apps/cli@1.5.6:
+  /@tauri-apps/cli@1.5.0:
-    resolution: {integrity: sha512-k4Y19oVCnt7WZb2TnDzLqfs7o98Jq0tUoVMv+JQSzuRDJqaVu2xMBZ8dYplEn+EccdR5SOMyzaLBJWu38TVK1A==}
+    resolution: {integrity: sha512-usY7Ncfkxl2f/ufjWDtp+eJsodlj8ipMKExIt160KR+tx0GtQgLtxRnrKxe1o7wu18Pkqd5JIuWMaOmT3YZeYA==}
     engines: {node: '>= 10'}
     hasBin: true
     optionalDependencies:
-      '@tauri-apps/cli-darwin-arm64': 1.5.6
+      '@tauri-apps/cli-darwin-arm64': 1.5.0
-      '@tauri-apps/cli-darwin-x64': 1.5.6
+      '@tauri-apps/cli-darwin-x64': 1.5.0
-      '@tauri-apps/cli-linux-arm-gnueabihf': 1.5.6
+      '@tauri-apps/cli-linux-arm-gnueabihf': 1.5.0
-      '@tauri-apps/cli-linux-arm64-gnu': 1.5.6
+      '@tauri-apps/cli-linux-arm64-gnu': 1.5.0
-      '@tauri-apps/cli-linux-arm64-musl': 1.5.6
+      '@tauri-apps/cli-linux-arm64-musl': 1.5.0
-      '@tauri-apps/cli-linux-x64-gnu': 1.5.6
+      '@tauri-apps/cli-linux-x64-gnu': 1.5.0
-      '@tauri-apps/cli-linux-x64-musl': 1.5.6
+      '@tauri-apps/cli-linux-x64-musl': 1.5.0
-      '@tauri-apps/cli-win32-arm64-msvc': 1.5.6
+      '@tauri-apps/cli-win32-arm64-msvc': 1.5.0
-      '@tauri-apps/cli-win32-ia32-msvc': 1.5.6
+      '@tauri-apps/cli-win32-ia32-msvc': 1.5.0
-      '@tauri-apps/cli-win32-x64-msvc': 1.5.6
+      '@tauri-apps/cli-win32-x64-msvc': 1.5.0
     dev: true
 
   /@types/json-schema@7.0.14:
@@ -1229,7 +1229,7 @@ packages:
     resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==}
     dev: true
 
-  /@vitejs/plugin-react@4.0.3(vite@4.5.3):
+  /@vitejs/plugin-react@4.0.3(vite@4.4.4):
     resolution: {integrity: sha512-pwXDog5nwwvSIzwrvYYmA2Ljcd/ZNlcsSG2Q9CNDBwnsd55UGAyr2doXtB5j+2uymRCnCfExlznzzSFbBRcoCg==}
     engines: {node: ^14.18.0 || >=16.0.0}
     peerDependencies:
@@ -1239,7 +1239,7 @@ packages:
       '@babel/plugin-transform-react-jsx-self': 7.22.5(@babel/core@7.23.2)
       '@babel/plugin-transform-react-jsx-source': 7.22.5(@babel/core@7.23.2)
       react-refresh: 0.14.0
-      vite: 4.5.3(@types/node@20.8.10)
+      vite: 4.4.4(@types/node@20.8.10)
     transitivePeerDependencies:
       - supports-color
     dev: true
@@ -2979,8 +2979,8 @@ packages:
       punycode: 2.3.1
     dev: true
 
-  /vite@4.5.3(@types/node@20.8.10):
+  /vite@4.4.4(@types/node@20.8.10):
-    resolution: {integrity: sha512-kQL23kMeX92v3ph7IauVkXkikdDRsYMGTVl5KY2E9OY4ONLvkHf04MDTbnfo6NKxZiDLWzVpP5oTa8hQD8U3dg==}
+    resolution: {integrity: sha512-4mvsTxjkveWrKDJI70QmelfVqTm+ihFAb6+xf4sjEU2TmUCTlVX87tmg/QooPEMQb/lM9qGHT99ebqPziEd3wg==}
     engines: {node: ^14.18.0 || >=16.0.0}
     hasBin: true
     peerDependencies:

apps/gpgui-helper/src-tauri/src/updater.rs

@@ -9,12 +9,6 @@ use tauri::{Manager, Window};
 
 use crate::downloader::{ChecksumFetcher, FileDownloader};
 
-#[cfg(not(debug_assertions))]
-const SNAPSHOT: &str = match option_env!("SNAPSHOT") {
-    Some(val) => val,
-    None => "false"
-};
-
 pub struct ProgressNotifier {
   win: Window,
 }
@@ -86,24 +80,12 @@ impl GuiUpdater {
   pub async fn update(&self) {
     info!("Update GUI, version: {}", self.version);
 
-    #[cfg(debug_assertions)]
-    let release_tag = "snapshot";
-    #[cfg(not(debug_assertions))]
-    let release_tag = if SNAPSHOT == "true" {
-      String::from("snapshot")
-    } else {
-      format!("v{}", self.version)
-    };
-
     #[cfg(target_arch = "x86_64")]
-    let arch = "x86_64";
+    let arch = "amd64";
     #[cfg(target_arch = "aarch64")]
-    let arch = "aarch64";
+    let arch = "arm64";
 
-    let file_url = format!(
+    let file_url = format!("https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v{}/gpgui-linux-{}", self.version, arch);
-      "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/{}/gpgui_{}.bin.tar.xz",
-      release_tag, arch
-    );
     let checksum_url = format!("{}.sha256", file_url);
 
     info!("Downloading file: {}", file_url);

apps/gpservice/Cargo.toml

@@ -18,5 +18,3 @@ serde_json.workspace = true
 env_logger.workspace = true
 log.workspace = true
 compile-time.workspace = true
-xz2 = "0.1"
-tar = "0.4"

apps/gpservice/src/handlers.rs

@@ -1,12 +1,4 @@
-use std::{
+use std::{borrow::Cow, fs::Permissions, ops::ControlFlow, os::unix::fs::PermissionsExt, path::PathBuf, sync::Arc};
-  borrow::Cow,
-  fs::{File, Permissions},
-  io::BufReader,
-  ops::ControlFlow,
-  os::unix::fs::PermissionsExt,
-  path::PathBuf,
-  sync::Arc,
-};
 
 use anyhow::bail;
 use axum::{
@@ -25,9 +17,7 @@ use gpapi::{
   GP_GUI_BINARY,
 };
 use log::{info, warn};
-use tar::Archive;
 use tokio::fs;
-use xz2::read::XzDecoder;
 
 use crate::ws_server::WsServerContext;
 
@@ -70,7 +60,6 @@ pub async fn update_gui(State(ctx): State<Arc<WsServerContext>>, body: Bytes) ->
   Ok(())
 }
 
-// Unpack GPGUI archive, gpgui_2.0.0_{arch}.bin.tar.xz and install it
 async fn install_gui(src: &str) -> anyhow::Result<()> {
   let path = PathBuf::from(GP_GUI_BINARY);
   let Some(dir) = path.parent() else {
@@ -79,27 +68,8 @@ async fn install_gui(src: &str) -> anyhow::Result<()> {
 
   fs::create_dir_all(dir).await?;
 
-  // Unpack the archive
+  // Copy the file to the final location and make it executable
-  info!("Unpacking GUI archive");
+  fs::copy(src, GP_GUI_BINARY).await?;
-  let tar = XzDecoder::new(BufReader::new(File::open(src)?));
-  let mut ar = Archive::new(tar);
-
-  for entry in ar.entries()? {
-    let mut entry = entry?;
-    let path = entry.path()?;
-
-    if let Some(name) = path.file_name() {
-      let name = name.to_string_lossy();
-
-      if name == "gpgui" {
-        let mut file = File::create(GP_GUI_BINARY)?;
-        std::io::copy(&mut entry, &mut file)?;
-        break;
-      }
-    }
-  }
-
-  // Make the binary executable
   fs::set_permissions(GP_GUI_BINARY, Permissions::from_mode(0o755)).await?;
 
   Ok(())

apps/gpservice/src/vpn_task.rs

@@ -4,7 +4,7 @@ use gpapi::service::{
   request::{ConnectRequest, WsRequest},
   vpn_state::VpnState,
 };
-use log::{info, warn};
+use log::info;
 use openconnect::Vpn;
 use tokio::sync::{mpsc, oneshot, watch, RwLock};
 use tokio_util::sync::CancellationToken;
@@ -31,29 +31,22 @@ impl VpnTaskContext {
       return;
     }
 
-    let vpn_state_tx = self.vpn_state_tx.clone();
     let info = req.info().clone();
     let vpn_handle = Arc::clone(&self.vpn_handle);
     let args = req.args();
-    let vpn = match Vpn::builder(req.gateway().server(), args.cookie())
+    let vpn = Vpn::builder(req.gateway().server(), args.cookie())
-      .script(args.vpnc_script())
       .user_agent(args.user_agent())
+      .script(args.vpnc_script())
       .csd_uid(args.csd_uid())
       .csd_wrapper(args.csd_wrapper())
       .mtu(args.mtu())
       .os(args.openconnect_os())
-      .build()
+      .build();
-    {
-      Ok(vpn) => vpn,
-      Err(err) => {
-        warn!("Failed to create VPN: {}", err);
-        vpn_state_tx.send(VpnState::Disconnected).ok();
-        return;
-      }
-    };
 
     // Save the VPN handle
     vpn_handle.write().await.replace(vpn);
+
+    let vpn_state_tx = self.vpn_state_tx.clone();
     let connect_info = Box::new(info.clone());
     vpn_state_tx.send(VpnState::Connecting(connect_info)).ok();
 

changelog.md

@@ -1,34 +1,5 @@
 # Changelog
 
-## 2.1.4 - 2024-04-10
-
-- Support MFA authentication (fix [#343](https://github.com/yuezk/GlobalProtect-openconnect/issues/343))
-- Improve the Gateway switcher UI
-
-## 2.1.3 - 2024-04-07
-
-- Support CAS authentication (fix [#339](https://github.com/yuezk/GlobalProtect-openconnect/issues/339))
-- CLI: Add `--as-gateway` option to connect as gateway directly (fix [#318](https://github.com/yuezk/GlobalProtect-openconnect/issues/318))
-- GUI: Support connect the gateway directly (fix [#318](https://github.com/yuezk/GlobalProtect-openconnect/issues/318))
-- GUI: Add an option to use symbolic tray icon (fix [#341](https://github.com/yuezk/GlobalProtect-openconnect/issues/341))
-
-## 2.1.2 - 2024-03-29
-
-- Treat portal as gateway when the gateway login is failed (fix #338)
-
-## 2.1.1 - 2024-03-25
-
-- Add the `--hip` option to enable HIP report
-- Fix not working in OpenSuse 15.5 (fix #336, #322)
-- Treat portal as gateway when the gateway login is failed (fix #338)
-- Improve the error message (fix #327)
-
-## 2.1.0 - 2024-02-27
-
-- Update distribution channel for `gpgui` to complaint with the GPL-3 license.
-- Add `mtu` option.
-- Retry auth if failed to obtain the auth cookie
-
 ## 2.0.0 - 2024-02-05
 
 - Refactor using Tauri

crates/common/Cargo.toml

@@ -1,11 +0,0 @@
-[package]
-name = "common"
-rust-version.workspace = true
-version.workspace = true
-authors.workspace = true
-homepage.workspace = true
-edition.workspace = true
-license.workspace = true
-
-[dependencies]
-is_executable.workspace = true

crates/common/src/lib.rs

@@ -1 +0,0 @@
-pub mod vpn_utils;

crates/common/src/vpn_utils.rs

@@ -1,41 +0,0 @@
-use is_executable::IsExecutable;
-use std::path::Path;
-
-pub use is_executable::is_executable;
-
-const VPNC_SCRIPT_LOCATIONS: [&str; 6] = [
-  "/usr/local/share/vpnc-scripts/vpnc-script",
-  "/usr/local/sbin/vpnc-script",
-  "/usr/share/vpnc-scripts/vpnc-script",
-  "/usr/sbin/vpnc-script",
-  "/etc/vpnc/vpnc-script",
-  "/etc/openconnect/vpnc-script",
-];
-
-const CSD_WRAPPER_LOCATIONS: [&str; 3] = [
-  #[cfg(target_arch = "x86_64")]
-  "/usr/lib/x86_64-linux-gnu/openconnect/hipreport.sh",
-  #[cfg(target_arch = "aarch64")]
-  "/usr/lib/aarch64-linux-gnu/openconnect/hipreport.sh",
-  "/usr/lib/openconnect/hipreport.sh",
-  "/usr/libexec/openconnect/hipreport.sh",
-];
-
-fn find_executable(locations: &[&str]) -> Option<String> {
-  for location in locations.iter() {
-    let path = Path::new(location);
-    if path.is_executable() {
-      return Some(location.to_string());
-    }
-  }
-
-  None
-}
-
-pub fn find_vpnc_script() -> Option<String> {
-  find_executable(&VPNC_SCRIPT_LOCATIONS)
-}
-
-pub fn find_csd_wrapper() -> Option<String> {
-  find_executable(&CSD_WRAPPER_LOCATIONS)
-}

crates/gpapi/src/auth.rs

@@ -1,17 +1,13 @@
-use log::{info, warn};
+use anyhow::bail;
 use regex::Regex;
 use serde::{Deserialize, Serialize};
 
-use crate::{error::AuthDataParseError, utils::base64::decode_to_string};
-
 #[derive(Debug, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct SamlAuthData {
-  #[serde(alias = "un")]
   username: String,
   prelogin_cookie: Option<String>,
   portal_userauthcookie: Option<String>,
-  token: Option<String>,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
@@ -36,11 +32,10 @@ impl SamlAuthData {
       username,
       prelogin_cookie,
       portal_userauthcookie,
-      token: None,
     }
   }
 
-  pub fn from_html(html: &str) -> anyhow::Result<SamlAuthData, AuthDataParseError> {
+  pub fn parse_html(html: &str) -> anyhow::Result<SamlAuthData> {
     match parse_xml_tag(html, "saml-auth-status") {
       Some(saml_status) if saml_status == "1" => {
         let username = parse_xml_tag(html, "saml-username");
@@ -48,42 +43,21 @@ impl SamlAuthData {
         let portal_userauthcookie = parse_xml_tag(html, "portal-userauthcookie");
 
         if SamlAuthData::check(&username, &prelogin_cookie, &portal_userauthcookie) {
-          Ok(SamlAuthData::new(
+          return Ok(SamlAuthData::new(
             username.unwrap(),
             prelogin_cookie,
             portal_userauthcookie,
-          ))
+          ));
-        } else {
-          Err(AuthDataParseError::Invalid)
-        }
-      }
-      Some(_) => Err(AuthDataParseError::Invalid),
-      None => Err(AuthDataParseError::NotFound),
-    }
         }
 
-  pub fn from_gpcallback(data: &str) -> anyhow::Result<SamlAuthData, AuthDataParseError> {
+        bail!("Found invalid auth data in HTML");
-    let auth_data = data.trim_start_matches("globalprotectcallback:");
+      }
-
+      Some(status) => {
-    if auth_data.starts_with("cas-as") {
+        bail!("Found invalid SAML status {} in HTML", status);
-      info!("Got CAS auth data from globalprotectcallback");
+      }
-
+      None => {
-      let auth_data: SamlAuthData = serde_urlencoded::from_str(auth_data).map_err(|e| {
+        bail!("No auth data found in HTML");
-        warn!("Failed to parse token auth data: {}", e);
+      }
-        AuthDataParseError::Invalid
-      })?;
-
-      Ok(auth_data)
-    } else {
-      info!("Parsing SAML auth data...");
-
-      let auth_data = decode_to_string(auth_data).map_err(|e| {
-        warn!("Failed to decode SAML auth data: {}", e);
-        AuthDataParseError::Invalid
-      })?;
-      let auth_data = Self::from_html(&auth_data)?;
-
-      Ok(auth_data)
     }
   }
 
@@ -95,10 +69,6 @@ impl SamlAuthData {
     self.prelogin_cookie.as_deref()
   }
 
-  pub fn token(&self) -> Option<&str> {
-    self.token.as_deref()
-  }
-
   pub fn check(
     username: &Option<String>,
     prelogin_cookie: &Option<String>,
@@ -108,16 +78,7 @@ impl SamlAuthData {
     let prelogin_cookie_valid = prelogin_cookie.as_ref().is_some_and(|val| val.len() > 5);
     let portal_userauthcookie_valid = portal_userauthcookie.as_ref().is_some_and(|val| val.len() > 5);
 
-    let is_valid = username_valid && (prelogin_cookie_valid || portal_userauthcookie_valid);
+    username_valid && (prelogin_cookie_valid || portal_userauthcookie_valid)
-
-    if !is_valid {
-      warn!(
-        "Invalid SAML auth data: username: {:?}, prelogin-cookie: {:?}, portal-userauthcookie: {:?}",
-        username, prelogin_cookie, portal_userauthcookie
-      );
-    }
-
-    is_valid
   }
 }
 
@@ -127,28 +88,3 @@ pub fn parse_xml_tag(html: &str, tag: &str) -> Option<String> {
     .and_then(|captures| captures.get(1))
     .map(|m| m.as_str().to_string())
 }
-
-#[cfg(test)]
-mod tests {
-  use super::*;
-
-  #[test]
-  fn auth_data_from_gpcallback_cas() {
-    let auth_data = "globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string";
-
-    let auth_data = SamlAuthData::from_gpcallback(auth_data).unwrap();
-
-    assert_eq!(auth_data.username(), "xyz@email.com");
-    assert_eq!(auth_data.token(), Some("very_long_string"));
-  }
-
-  #[test]
-  fn auth_data_from_gpcallback_non_cas() {
-    let auth_data = "PGh0bWw+PCEtLSA8c2FtbC1hdXRoLXN0YXR1cz4xPC9zYW1sLWF1dGgtc3RhdHVzPjxwcmVsb2dpbi1jb29raWU+cHJlbG9naW4tY29va2llPC9wcmVsb2dpbi1jb29raWU+PHNhbWwtdXNlcm5hbWU+eHl6QGVtYWlsLmNvbTwvc2FtbC11c2VybmFtZT48c2FtbC1zbG8+bm88L3NhbWwtc2xvPjxzYW1sLVNlc3Npb25Ob3RPbk9yQWZ0ZXI+PC9zYW1sLVNlc3Npb25Ob3RPbk9yQWZ0ZXI+IC0tPjwvaHRtbD4=";
-
-    let auth_data = SamlAuthData::from_gpcallback(auth_data).unwrap();
-
-    assert_eq!(auth_data.username(), "xyz@email.com");
-    assert_eq!(auth_data.prelogin_cookie(), Some("prelogin-cookie"));
-  }
-}

crates/gpapi/src/credential.rs

@@ -3,7 +3,7 @@ use std::collections::HashMap;
 use serde::{Deserialize, Serialize};
 use specta::Type;
 
-use crate::auth::SamlAuthData;
+use crate::{auth::SamlAuthData, utils::base64::decode_to_string};
 
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(rename_all = "camelCase")]
@@ -37,18 +37,16 @@ impl From<&CachedCredential> for PasswordCredential {
 
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(rename_all = "camelCase")]
-pub struct PreloginCredential {
+pub struct PreloginCookieCredential {
   username: String,
-  prelogin_cookie: Option<String>,
+  prelogin_cookie: String,
-  token: Option<String>,
 }
 
-impl PreloginCredential {
+impl PreloginCookieCredential {
-  pub fn new(username: &str, prelogin_cookie: Option<&str>, token: Option<&str>) -> Self {
+  pub fn new(username: &str, prelogin_cookie: &str) -> Self {
     Self {
       username: username.to_string(),
-      prelogin_cookie: prelogin_cookie.map(|s| s.to_string()),
+      prelogin_cookie: prelogin_cookie.to_string(),
-      token: token.map(|s| s.to_string()),
     }
   }
 
@@ -56,22 +54,22 @@ impl PreloginCredential {
     &self.username
   }
 
-  pub fn prelogin_cookie(&self) -> Option<&str> {
+  pub fn prelogin_cookie(&self) -> &str {
-    self.prelogin_cookie.as_deref()
+    &self.prelogin_cookie
-  }
-
-  pub fn token(&self) -> Option<&str> {
-    self.token.as_deref()
   }
 }
 
-impl From<SamlAuthData> for PreloginCredential {
+impl TryFrom<SamlAuthData> for PreloginCookieCredential {
-  fn from(value: SamlAuthData) -> Self {
+  type Error = anyhow::Error;
-    let username = value.username().to_string();
-    let prelogin_cookie = value.prelogin_cookie();
-    let token = value.token();
 
-    Self::new(&username, prelogin_cookie, token)
+  fn try_from(value: SamlAuthData) -> Result<Self, Self::Error> {
+    let username = value.username().to_string();
+    let prelogin_cookie = value
+      .prelogin_cookie()
+      .ok_or_else(|| anyhow::anyhow!("Missing prelogin cookie"))?
+      .to_string();
+
+    Ok(Self::new(&username, &prelogin_cookie))
   }
 }
 
@@ -156,30 +154,34 @@ impl From<PasswordCredential> for CachedCredential {
     )
   }
 }
+
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(tag = "type", rename_all = "camelCase")]
 pub enum Credential {
   Password(PasswordCredential),
-  Prelogin(PreloginCredential),
+  PreloginCookie(PreloginCookieCredential),
   AuthCookie(AuthCookieCredential),
-  Cached(CachedCredential),
+  CachedCredential(CachedCredential),
 }
 
 impl Credential {
-  /// Create a credential from a globalprotectcallback:<base64 encoded string>,
+  /// Create a credential from a globalprotectcallback:<base64 encoded string>
-  /// or globalprotectcallback:cas-as=1&un=user@xyz.com&token=very_long_string
+  pub fn parse_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
-  pub fn from_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
+    // Remove the surrounding quotes
-    let auth_data = SamlAuthData::from_gpcallback(auth_data)?;
+    let auth_data = auth_data.trim_matches('"');
+    let auth_data = auth_data.trim_start_matches("globalprotectcallback:");
+    let auth_data = decode_to_string(auth_data)?;
+    let auth_data = SamlAuthData::parse_html(&auth_data)?;
 
-    Ok(Self::from(auth_data))
+    Self::try_from(auth_data)
   }
 
   pub fn username(&self) -> &str {
     match self {
       Credential::Password(cred) => cred.username(),
-      Credential::Prelogin(cred) => cred.username(),
+      Credential::PreloginCookie(cred) => cred.username(),
       Credential::AuthCookie(cred) => cred.username(),
-      Credential::Cached(cred) => cred.username(),
+      Credential::CachedCredential(cred) => cred.username(),
     }
   }
 
@@ -187,22 +189,20 @@ impl Credential {
     let mut params = HashMap::new();
     params.insert("user", self.username());
 
-    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie, token) = match self {
+    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie) = match self {
-      Credential::Password(cred) => (Some(cred.password()), None, None, None, None),
+      Credential::Password(cred) => (Some(cred.password()), None, None, None),
-      Credential::Prelogin(cred) => (None, cred.prelogin_cookie(), None, None, cred.token()),
+      Credential::PreloginCookie(cred) => (None, Some(cred.prelogin_cookie()), None, None),
       Credential::AuthCookie(cred) => (
         None,
         None,
         Some(cred.user_auth_cookie()),
         Some(cred.prelogon_user_auth_cookie()),
-        None,
       ),
-      Credential::Cached(cred) => (
+      Credential::CachedCredential(cred) => (
         cred.password(),
         None,
         Some(cred.auth_cookie.user_auth_cookie()),
         Some(cred.auth_cookie.prelogon_user_auth_cookie()),
-        None,
       ),
     };
 
@@ -214,19 +214,17 @@ impl Credential {
       portal_prelogonuserauthcookie.unwrap_or_default(),
     );
 
-    if let Some(token) = token {
-      params.insert("token", token);
-    }
-
     params
   }
 }
 
-impl From<SamlAuthData> for Credential {
+impl TryFrom<SamlAuthData> for Credential {
-  fn from(value: SamlAuthData) -> Self {
+  type Error = anyhow::Error;
-    let cred = PreloginCredential::from(value);
 
-    Self::Prelogin(cred)
+  fn try_from(value: SamlAuthData) -> Result<Self, Self::Error> {
+    let prelogin_cookie = PreloginCookieCredential::try_from(value)?;
+
+    Ok(Self::PreloginCookie(prelogin_cookie))
   }
 }
 
@@ -244,6 +242,6 @@ impl From<&AuthCookieCredential> for Credential {
 
 impl From<&CachedCredential> for Credential {
   fn from(value: &CachedCredential) -> Self {
-    Self::Cached(value.clone())
+    Self::CachedCredential(value.clone())
   }
 }

crates/gpapi/src/error.rs

@@ -1,19 +0,0 @@
-use thiserror::Error;
-
-#[derive(Error, Debug)]
-pub enum PortalError {
-  #[error("Portal prelogin error: {0}")]
-  PreloginError(String),
-  #[error("Portal config error: {0}")]
-  ConfigError(String),
-  #[error("Network error: {0}")]
-  NetworkError(String),
-}
-
-#[derive(Error, Debug)]
-pub enum AuthDataParseError {
-  #[error("No auth data found")]
-  NotFound,
-  #[error("Invalid auth data")]
-  Invalid,
-}

crates/gpapi/src/gateway/login.rs

@@ -1,22 +1,16 @@
 use anyhow::bail;
-use log::{info, warn};
+use log::info;
 use reqwest::Client;
 use roxmltree::Document;
 use urlencoding::encode;
 
 use crate::{
   credential::Credential,
-  error::PortalError,
   gp_params::GpParams,
-  utils::{normalize_server, parse_gp_error, remove_url_scheme},
+  utils::{normalize_server, remove_url_scheme},
 };
 
-pub enum GatewayLogin {
+pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<String> {
-  Cookie(String),
-  Mfa(String, String),
-}
-
-pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<GatewayLogin> {
   let url = normalize_server(gateway)?;
   let gateway = remove_url_scheme(&url);
 
@@ -34,42 +28,17 @@ pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParam
 
   info!("Gateway login, user_agent: {}", gp_params.user_agent());
 
-  let res = client
+  let res = client.post(&login_url).form(&params).send().await?;
-    .post(&login_url)
-    .form(&params)
-    .send()
-    .await
-    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
-
   let status = res.status();
 
   if status.is_client_error() || status.is_server_error() {
-    let (reason, res) = parse_gp_error(res).await;
+    bail!("Gateway login error: {}", status)
-
-    warn!(
-      "Gateway login error: reason={}, status={}, response={}",
-      reason, status, res
-    );
-
-    bail!("Gateway login error, reason: {}", reason);
   }
 
-  let res = res.text().await?;
+  let res_xml = res.text().await?;
+  let doc = Document::parse(&res_xml)?;
 
-  // MFA detected
+  build_gateway_token(&doc, gp_params.computer())
-  if res.contains("Challenge") {
-    let Some((message, input_str)) = parse_mfa(&res) else {
-      bail!("Failed to parse MFA challenge: {res}");
-    };
-
-    return Ok(GatewayLogin::Mfa(message, input_str));
-  }
-
-  let doc = Document::parse(&res)?;
-
-  let cookie = build_gateway_token(&doc, gp_params.computer())?;
-
-  Ok(GatewayLogin::Cookie(cookie))
 }
 
 fn build_gateway_token(doc: &Document, computer: &str) -> anyhow::Result<String> {
@@ -103,33 +72,3 @@ fn read_args<'a>(args: &'a [String], index: usize, key: &'a str) -> anyhow::Resu
     .ok_or_else(|| anyhow::anyhow!("Failed to read {key} from args"))
     .map(|s| (key, s.as_ref()))
 }
-
-fn parse_mfa(res: &str) -> Option<(String, String)> {
-  let message = res
-    .lines()
-    .find(|l| l.contains("respMsg"))
-    .and_then(|l| l.split('"').nth(1).map(|s| s.to_string()))?;
-
-  let input_str = res
-    .lines()
-    .find(|l| l.contains("inputStr"))
-    .and_then(|l| l.split('"').nth(1).map(|s| s.to_string()))?;
-
-  Some((message, input_str))
-}
-
-#[cfg(test)]
-mod tests {
-  use super::*;
-
-  #[test]
-  fn mfa() {
-    let res = r#"var respStatus = "Challenge";
-var respMsg = "MFA message";
-thisForm.inputStr.value = "5ef64e83000119ed";"#;
-
-    let (message, input_str) = parse_mfa(res).unwrap();
-    assert_eq!(message, "MFA message");
-    assert_eq!(input_str, "5ef64e83000119ed");
-  }
-}

crates/gpapi/src/gp_params.rs

@@ -42,7 +42,7 @@ impl ClientOs {
   }
 }
 
-#[derive(Debug, Serialize, Deserialize, Type, Default, Clone)]
+#[derive(Debug, Serialize, Deserialize, Type, Default)]
 pub struct GpParams {
   is_gateway: bool,
   user_agent: String,
@@ -51,9 +51,7 @@ pub struct GpParams {
   client_version: Option<String>,
   computer: String,
   ignore_tls_errors: bool,
-  // Used for MFA
+  prefer_default_browser: bool,
-  input_str: Option<String>,
-  otp: Option<String>,
 }
 
 impl GpParams {
@@ -81,6 +79,10 @@ impl GpParams {
     self.ignore_tls_errors
   }
 
+  pub fn prefer_default_browser(&self) -> bool {
+    self.prefer_default_browser
+  }
+
   pub fn client_os(&self) -> &str {
     self.client_os.as_str()
   }
@@ -93,14 +95,6 @@ impl GpParams {
     self.client_version.as_deref()
   }
 
-  pub fn set_input_str(&mut self, input_str: &str) {
-    self.input_str = Some(input_str.to_string());
-  }
-
-  pub fn set_otp(&mut self, otp: &str) {
-    self.otp = Some(otp.to_string());
-  }
-
   pub(crate) fn to_params(&self) -> HashMap<&str, &str> {
     let mut params: HashMap<&str, &str> = HashMap::new();
     let client_os = self.client_os.as_str();
@@ -111,16 +105,11 @@ impl GpParams {
     params.insert("ok", "Login");
     params.insert("direct", "yes");
     params.insert("ipv6-support", "yes");
+    params.insert("inputStr", "");
     params.insert("clientVer", "4100");
     params.insert("clientos", client_os);
     params.insert("computer", &self.computer);
 
-    // MFA
-    params.insert("inputStr", self.input_str.as_deref().unwrap_or_default());
-    if let Some(otp) = &self.otp {
-      params.insert("passwd", otp);
-    }
-
     if let Some(os_version) = &self.os_version {
       params.insert("os-version", os_version);
     }
@@ -142,20 +131,20 @@ pub struct GpParamsBuilder {
   client_version: Option<String>,
   computer: String,
   ignore_tls_errors: bool,
+  prefer_default_browser: bool,
 }
 
 impl GpParamsBuilder {
   pub fn new() -> Self {
-    let computer = whoami::fallible::hostname().unwrap_or_else(|_| String::from("localhost"));
-
     Self {
       is_gateway: false,
       user_agent: GP_USER_AGENT.to_string(),
       client_os: ClientOs::Linux,
       os_version: Default::default(),
       client_version: Default::default(),
-      computer,
+      computer: whoami::hostname(),
       ignore_tls_errors: false,
+      prefer_default_browser: false,
     }
   }
 
@@ -194,6 +183,11 @@ impl GpParamsBuilder {
     self
   }
 
+  pub fn prefer_default_browser(&mut self, prefer_default_browser: bool) -> &mut Self {
+    self.prefer_default_browser = prefer_default_browser;
+    self
+  }
+
   pub fn build(&self) -> GpParams {
     GpParams {
       is_gateway: self.is_gateway,
@@ -203,8 +197,7 @@ impl GpParamsBuilder {
       client_version: self.client_version.clone(),
       computer: self.computer.clone(),
       ignore_tls_errors: self.ignore_tls_errors,
-      input_str: Default::default(),
+      prefer_default_browser: self.prefer_default_browser,
-      otp: Default::default(),
     }
   }
 }

crates/gpapi/src/lib.rs

@@ -1,6 +1,5 @@
 pub mod auth;
 pub mod credential;
-pub mod error;
 pub mod gateway;
 pub mod gp_params;
 pub mod portal;

crates/gpapi/src/portal/config.rs

@@ -1,5 +1,5 @@
 use anyhow::bail;
-use log::{info, warn};
+use log::info;
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
@@ -7,10 +7,10 @@ use specta::Type;
 
 use crate::{
   credential::{AuthCookieCredential, Credential},
-  error::PortalError,
   gateway::{parse_gateways, Gateway},
   gp_params::GpParams,
-  utils::{normalize_server, parse_gp_error, remove_url_scheme, xml},
+  portal::PortalError,
+  utils::{normalize_server, remove_url_scheme, xml},
 };
 
 #[derive(Debug, Serialize, Type)]
@@ -102,12 +102,7 @@ pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpPara
 
   info!("Portal config, user_agent: {}", gp_params.user_agent());
 
-  let res = client
+  let res = client.post(&url).form(&params).send().await?;
-    .post(&url)
-    .form(&params)
-    .send()
-    .await
-    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
   let status = res.status();
 
   if status == StatusCode::NOT_FOUND {
@@ -115,14 +110,7 @@ pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpPara
   }
 
   if status.is_client_error() || status.is_server_error() {
-    let (reason, res) = parse_gp_error(res).await;
+    bail!("Portal config error: {}", status)
-
-    warn!(
-      "Portal config error: reason={}, status={}, response={}",
-      reason, status, res
-    );
-
-    bail!("Portal config error, reason: {}", reason);
   }
 
   let res_xml = res.text().await.map_err(|e| PortalError::ConfigError(e.to_string()))?;

crates/gpapi/src/portal/mod.rs

@@ -3,3 +3,13 @@ mod prelogin;
 
 pub use config::*;
 pub use prelogin::*;
+
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum PortalError {
+  #[error("Portal prelogin error: {0}")]
+  PreloginError(String),
+  #[error("Portal config error: {0}")]
+  ConfigError(String),
+}

crates/gpapi/src/portal/prelogin.rs

@@ -1,14 +1,14 @@
-use anyhow::{anyhow, bail};
+use anyhow::bail;
-use log::{info, warn};
+use log::info;
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
 use specta::Type;
 
 use crate::{
-  error::PortalError,
   gp_params::GpParams,
-  utils::{base64, normalize_server, parse_gp_error, xml},
+  portal::PortalError,
+  utils::{base64, normalize_server, xml},
 };
 
 const REQUIRED_PARAMS: [&str; 8] = [
@@ -107,35 +107,25 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
   let mut params = gp_params.to_params();
 
   params.insert("tmp", "tmp");
+  if gp_params.prefer_default_browser() {
     params.insert("default-browser", "1");
-  params.insert("cas-support", "yes");
+  }
 
   params.retain(|k, _| REQUIRED_PARAMS.iter().any(|required_param| required_param == k));
 
-  info!("Prelogin with params: {:?}", params);
-
   let client = Client::builder()
     .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
     .user_agent(user_agent)
     .build()?;
 
-  let res = client
+  let res = client.post(&prelogin_url).form(&params).send().await?;
-    .post(&prelogin_url)
-    .form(&params)
-    .send()
-    .await
-    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
-
   let status = res.status();
+
   if status == StatusCode::NOT_FOUND {
     bail!(PortalError::PreloginError("Prelogin endpoint not found".to_string()))
   }
 
   if status.is_client_error() || status.is_server_error() {
-    let (reason, res) = parse_gp_error(res).await;
-
-    warn!("Prelogin error: reason={}, status={}, response={}", reason, status, res);
-
     bail!("Prelogin error: {}", status)
   }
 
@@ -197,8 +187,8 @@ fn parse_res_xml(res_xml: String, is_gateway: bool) -> anyhow::Result<Prelogin>
       label_password: label_password.unwrap(),
     };
 
-    Ok(Prelogin::Standard(standard_prelogin))
+    return Ok(Prelogin::Standard(standard_prelogin));
-  } else {
-    Err(anyhow!("Invalid prelogin response"))
   }
+
+  bail!("Invalid prelogin response");
 }

crates/gpapi/src/process/auth_launcher.rs

@@ -135,7 +135,7 @@ impl<'a> SamlAuthLauncher<'a> {
     };
 
     match auth_result {
-      SamlAuthResult::Success(auth_data) => Ok(Credential::from(auth_data)),
+      SamlAuthResult::Success(auth_data) => Credential::try_from(auth_data),
       SamlAuthResult::Failure(msg) => bail!(msg),
     }
   }

crates/gpapi/src/utils/mod.rs

@@ -1,4 +1,4 @@
-use reqwest::{Response, Url};
+use reqwest::Url;
 
 pub(crate) mod xml;
 
@@ -41,18 +41,3 @@ pub fn normalize_server(server: &str) -> anyhow::Result<String> {
 pub fn remove_url_scheme(s: &str) -> String {
   s.replace("http://", "").replace("https://", "")
 }
-
-pub(crate) async fn parse_gp_error(res: Response) -> (String, String) {
-  let reason = res
-    .headers()
-    .get("x-private-pan-globalprotect")
-    .map_or_else(|| "<none>", |v| v.to_str().unwrap_or("<invalid header>"))
-    .to_string();
-
-  let res = res.text().await.map_or_else(
-    |_| "<failed to read response>".to_string(),
-    |v| if v.is_empty() { "<empty>".to_string() } else { v },
-  );
-
-  (reason, res)
-}

crates/openconnect/Cargo.toml

@@ -6,8 +6,8 @@ license.workspace = true
 links = "openconnect"
 
 [dependencies]
-common = { path = "../common" }
 log.workspace = true
+is_executable.workspace = true
 
 [build-dependencies]
 cc = "1"

crates/openconnect/src/lib.rs

@@ -1,4 +1,5 @@
 mod ffi;
 mod vpn;
+mod vpnc_script;
 
 pub use vpn::*;

crates/openconnect/src/vpn.rs

@@ -1,13 +1,11 @@
 use std::{
   ffi::{c_char, CString},
-  fmt,
   sync::{Arc, RwLock},
 };
 
-use common::vpn_utils::{find_vpnc_script, is_executable};
 use log::info;
 
-use crate::ffi;
+use crate::{ffi, vpnc_script::find_default_vpnc_script};
 
 type OnConnectedCallback = Arc<RwLock<Option<Box<dyn FnOnce() + 'static + Send + Sync>>>>;
 
@@ -79,31 +77,11 @@ impl Vpn {
   }
 }
 
-#[derive(Debug)]
-pub struct VpnError<'a> {
-  message: &'a str,
-}
-
-impl<'a> VpnError<'a> {
-  fn new(message: &'a str) -> Self {
-    Self { message }
-  }
-}
-
-impl fmt::Display for VpnError<'_> {
-  fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-    write!(f, "{}", self.message)
-  }
-}
-
-impl std::error::Error for VpnError<'_> {}
-
 pub struct VpnBuilder {
   server: String,
   cookie: String,
-  script: Option<String>,
-
   user_agent: Option<String>,
+  script: Option<String>,
   os: Option<String>,
 
   csd_uid: u32,
@@ -117,25 +95,22 @@ impl VpnBuilder {
     Self {
       server: server.to_string(),
       cookie: cookie.to_string(),
-      script: None,
-
       user_agent: None,
+      script: None,
       os: None,
-
       csd_uid: 0,
       csd_wrapper: None,
-
       mtu: 0,
     }
   }
 
-  pub fn script<T: Into<Option<String>>>(mut self, script: T) -> Self {
+  pub fn user_agent<T: Into<Option<String>>>(mut self, user_agent: T) -> Self {
-    self.script = script.into();
+    self.user_agent = user_agent.into();
     self
   }
 
-  pub fn user_agent<T: Into<Option<String>>>(mut self, user_agent: T) -> Self {
+  pub fn script<T: Into<Option<String>>>(mut self, script: T) -> Self {
-    self.user_agent = user_agent.into();
+    self.script = script.into();
     self
   }
 
@@ -159,27 +134,12 @@ impl VpnBuilder {
     self
   }
 
-  pub fn build(self) -> Result<Vpn, VpnError<'static>> {
+  pub fn build(self) -> Vpn {
-    let script = match self.script {
-      Some(script) => {
-        if !is_executable(&script) {
-          return Err(VpnError::new("vpnc script is not executable"));
-        }
-        script
-      }
-      None => find_vpnc_script().ok_or_else(|| VpnError::new("Failed to find vpnc-script"))?,
-    };
-
-    if let Some(csd_wrapper) = &self.csd_wrapper {
-      if !is_executable(csd_wrapper) {
-        return Err(VpnError::new("CSD wrapper is not executable"));
-      }
-    }
-
     let user_agent = self.user_agent.unwrap_or_default();
+    let script = self.script.or_else(find_default_vpnc_script).unwrap_or_default();
     let os = self.os.unwrap_or("linux".to_string());
 
-    Ok(Vpn {
+    Vpn {
       server: Self::to_cstring(&self.server),
       cookie: Self::to_cstring(&self.cookie),
       user_agent: Self::to_cstring(&user_agent),
@@ -194,7 +154,7 @@ impl VpnBuilder {
       mtu: self.mtu,
 
       callback: Default::default(),
-    })
+    }
   }
 
   fn to_cstring(value: &str) -> CString {

crates/openconnect/src/vpnc_script.rs

@@ -0,0 +1,23 @@
+use is_executable::IsExecutable;
+use std::path::Path;
+
+const VPNC_SCRIPT_LOCATIONS: [&str; 5] = [
+  "/usr/local/share/vpnc-scripts/vpnc-script",
+  "/usr/local/sbin/vpnc-script",
+  "/usr/share/vpnc-scripts/vpnc-script",
+  "/usr/sbin/vpnc-script",
+  "/etc/vpnc/vpnc-script",
+];
+
+pub(crate) fn find_default_vpnc_script() -> Option<String> {
+  for location in VPNC_SCRIPT_LOCATIONS.iter() {
+    let path = Path::new(location);
+    if path.is_executable() {
+      return Some(location.to_string());
+    }
+  }
+
+  log::warn!("vpnc-script not found");
+
+  None
+}

packaging/binary/Makefile.in

@@ -1,34 +0,0 @@
-install:
-	@echo "===> Installing..."
-
-	install -Dm755 artifacts/usr/bin/gpclient $(DESTDIR)/usr/bin/gpclient
-	install -Dm755 artifacts/usr/bin/gpservice $(DESTDIR)/usr/bin/gpservice
-	install -Dm755 artifacts/usr/bin/gpauth $(DESTDIR)/usr/bin/gpauth
-	install -Dm755 artifacts/usr/bin/gpgui-helper $(DESTDIR)/usr/bin/gpgui-helper
-
-	if [ -f artifacts/usr/bin/gpgui ]; then \
-		install -Dm755 artifacts/usr/bin/gpgui $(DESTDIR)/usr/bin/gpgui; \
-	fi
-
-	install -Dm644 artifacts/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
-	install -Dm644 artifacts/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
-	install -Dm644 artifacts/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
-	install -Dm644 artifacts/usr/share/icons/hicolor/128x128/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
-	install -Dm644 artifacts/usr/share/icons/hicolor/256x256@2/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
-	install -Dm644 artifacts/usr/share/polkit-1/actions/com.yuezk.gpgui.policy $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
-
-uninstall:
-	@echo "===> Uninstalling from $(DESTDIR)..."
-
-	rm -f $(DESTDIR)/usr/bin/gpclient
-	rm -f $(DESTDIR)/usr/bin/gpservice
-	rm -f $(DESTDIR)/usr/bin/gpauth
-	rm -f $(DESTDIR)/usr/bin/gpgui-helper
-	rm -f $(DESTDIR)/usr/bin/gpgui
-
-	rm -f $(DESTDIR)/usr/share/applications/gpgui.desktop
-	rm -f $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
-	rm -f $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
-	rm -f $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
-	rm -f $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
-	rm -f $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy

packaging/deb/control

@@ -3,16 +3,7 @@ Section: net
 Priority: optional
 Maintainer: Kevin Yue <k3vinyue@gmail.com>
 Standards-Version: 4.1.4
-Build-Depends: debhelper (>= 9),
+Build-Depends: debhelper (>= 9), make (>= 4), openconnect (>= 8.20), libxml2, libsecret-1-0, libayatana-appindicator3-1, libwebkit2gtk-4.0-37, libgtk-3-0, gnome-keyring
-  pkg-config,
-  jq (>= 1),
-  make (>= 4),
-  libxml2,
-  libsecret-1-0,
-  libayatana-appindicator3-1,
-  gnome-keyring,
-  libwebkit2gtk-4.0-dev,
-  libopenconnect-dev (>= 8.20),@RUST@
 Homepage: https://github.com/yuezk/GlobalProtect-openconnect
 
 Package: globalprotect-openconnect

packaging/deb/postrm

@@ -1,14 +0,0 @@
-#!/bin/sh
-set -e
-
-case "$1" in
-    purge|remove|upgrade)
-        # Remove the gpgui binary downloaded at runtime
-        rm -f /usr/bin/gpgui
-    ;;
-
-    *)
-    ;;
-esac
-
-exit 0

packaging/deb/rules

@@ -0,0 +1,6 @@
+#!/usr/bin/make -f
+
+export OFFLINE = 1
+
+%:
+	dh $@

packaging/deb/rules.in

@@ -1,7 +0,0 @@
-#!/usr/bin/make -f
-
-export OFFLINE = @OFFLINE@
-export BUILD_FE = 0
-
-%:
-	dh $@ --no-parallel

packaging/pkgbuild/PKGBUILD.in

@@ -1,35 +0,0 @@
-# Maintainer: Keinv Yue <k3vinyue@gmail.com>
-
-_pkgname=@PKG_NAME@
-pkgname=${_pkgname}
-pkgver="@VERSION@"
-pkgrel=@REVISION@
-pkgdesc="A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authentication method."
-arch=('x86_64' 'aarch64')
-url="https://github.com/yuezk/GlobalProtect-openconnect"
-license=('GPL3')
-makedepends=('make' 'pkg-config' 'rust' 'cargo' 'jq' 'webkit2gtk' 'curl' 'wget' 'file' 'openssl' 'appmenu-gtk-module' 'gtk3' 'libappindicator-gtk3' 'librsvg' 'libvips' 'libayatana-appindicator' 'openconnect' 'libsecret')
-depends=('openconnect>=8.20' webkit2gtk libappindicator-gtk3 libayatana-appindicator libsecret libxml2)
-optdepends=('wmctrl: for window management')
-
-provides=('globalprotect-openconnect' 'gpclient' 'gpservice' 'gpauth' 'gpgui')
-
-source=("${_pkgname}-${pkgver}.tar.gz")
-sha256sums=('SKIP')
-
-options=('!strip')
-
-build() {
-  cd "$pkgname-$pkgver"
-
-  # Must unset the CFLAGS, otherwise the build fails
-  unset CFLAGS
-
-  make build OFFLINE=@OFFLINE@ BUILD_FE=0
-}
-
-package() {
-  cd "$pkgname-$pkgver"
-
-  make install DESTDIR="$pkgdir"
-}

packaging/rpm/globalprotect-openconnect.spec.in

@@ -1,6 +1,6 @@
 Name:           globalprotect-openconnect
 Version:        @VERSION@
-Release:        @REVISION@
+Release:        @REVISION@%{?dist}
 Summary:        A GlobalProtect VPN client powered by OpenConnect
 Group:          Productivity/Networking/PPP
 
@@ -9,15 +9,11 @@ URL:            https://github.com/yuezk/GlobalProtect-openconnect
 Source:         %{name}.tar.gz
 
 BuildRequires:  make
-BuildRequires:  rust
-BuildRequires:  cargo
-BuildRequires:  jq
-BuildRequires:  pkg-config
 BuildRequires:  openconnect-devel
 BuildRequires:  openssl-devel
+BuildRequires:  curl
 BuildRequires:  wget
 BuildRequires:  file
-BuildRequires:  perl
 
 BuildRequires:  (webkit2gtk4.0-devel or webkit2gtk3-soup2-devel)
 BuildRequires:  (libappindicator-gtk3-devel or libappindicator3-1)
@@ -34,20 +30,18 @@ A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authenticati
 %prep
 %setup
 
-%postun
-rm -f %{_bindir}/gpgui
-
 %build
-# The injected RUSTFLAGS could fail the build
+make build OFFLINE=1
-unset RUSTFLAGS
-make build OFFLINE=@OFFLINE@ BUILD_FE=0
 
 %install
 %make_install
 
 %files
 %defattr(-,root,root)
-%{_bindir}/*
+%{_bindir}/gpclient
+%{_bindir}/gpservice
+%{_bindir}/gpauth
+%{_bindir}/gpgui-helper
 %{_datadir}/applications/gpgui.desktop
 %{_datadir}/icons/hicolor/32x32/apps/gpgui.png
 %{_datadir}/icons/hicolor/128x128/apps/gpgui.png