Add rust dep for ppa

Set rust version
Add build dependencies
2025-05-20 07:26:58 -04:00 · 2024-02-25 13:33:53 +08:00 · 2024-02-25 12:42:25 +08:00 · 2024-02-25 11:50:24 +08:00 · 2024-02-25 10:57:02 +08:00 · 2024-02-25 10:37:52 +08:00
64 changed files with 884 additions and 2346 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -8,5 +8,5 @@ end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
-[{Makefile,Makefile.in}]
+[Makefile]
 indent_style = tab
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -9,182 +9,392 @@ on:
    branches:
      - main
      - dev
      - hotfix/*
      - feature/*
      - release/*
    tags:
      - latest
      - v*.*.*
 jobs:
  # Include arm64 if ref is a tag
  setup-matrix:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-matrix.outputs.matrix }}
    steps:
      - name: Set up matrix
        id: set-matrix
        run: |
          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
            echo 'matrix=[{"runner": "ubuntu-latest", "arch": "amd64"}, {"runner": "arm64", "arch": "arm64"}]' >> $GITHUB_OUTPUT
          else
            echo 'matrix=[{"runner": "ubuntu-latest", "arch": "amd64"}]' >> $GITHUB_OUTPUT
          fi
  tarball:
    runs-on: ubuntu-latest
    needs: [setup-matrix]
    steps:
    - uses: pnpm/action-setup@v2
      with:
        version: 8
    - name: Prepare workspace
      run: rm -rf source && mkdir source
    - name: Checkout GlobalProtect-openconnect
      uses: actions/checkout@v3
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/GlobalProtect-openconnect
-        ref: ${{ github.ref }}
+        path: gp
        path: source/gp
    - name: Create tarball
      run: |
-        cd source/gp
+        cd gp
        # Generate the SNAPSHOT file for non-tagged commits
        if [[ "${{ github.ref }}" != "refs/tags/"* ]]; then
          touch SNAPSHOT
        fi
        make tarball
    - name: Upload tarball
      uses: actions/upload-artifact@v3
      with:
-        name: artifact-source
+        name: artifact-tarball
        if-no-files-found: error
        path: |
-          source/gp/.build/tarball/*.tar.gz
+          globalprotect-openconnect-*.tar.gz
-
+  deb:
-  build-gp:
+    runs-on: ubuntu-latest
-    needs:
+    needs: [tarball]
-    - setup-matrix
+    container:
-    - tarball
+      image: yuezk/gpdev:main
-    strategy:
+      credentials:
-      matrix:
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        # Only build gp on amd64, as the arm64 package will be built in release.yaml
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
        os: [{runner: ubuntu-latest, arch: amd64}]
        package: [deb, rpm, pkg, binary]
    runs-on: ${{ matrix.os.runner }}
    name: build-gp (${{ matrix.package }}, ${{ matrix.os.arch }})
    steps:
    - name: Prepare workspace
      run: |
        rm -rf build-gp-${{ matrix.package }}
        mkdir -p build-gp-${{ matrix.package }}
    - name: Download tarball
      uses: actions/download-artifact@v3
      with:
-        name: artifact-source
+        name: artifact-tarball
-        path: build-gp-${{ matrix.package }}
+    - name: Build DEB package
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build ${{ matrix.package }} package in Docker
      run: |
-        docker run --rm \
+        tar -xzf globalprotect-openconnect-*.tar.gz
-          -v $(pwd)/build-gp-${{ matrix.package }}:/${{ matrix.package }} \
+        cd globalprotect-openconnect-*
-          yuezk/gpdev:${{ matrix.package }}-builder
+        make deb
-    - name: Install ${{ matrix.package }} package in Docker
+    - name: Install DEB package
      run: |
-        docker run --rm \
+        sudo dpkg -i globalprotect-openconnect_*.deb
-          -e GPGUI_INSTALLED=0 \
+
-          -v $(pwd)/build-gp-${{ matrix.package }}:/${{ matrix.package }} \
+        gpclient --version
-          yuezk/gpdev:${{ matrix.package }}-builder \
+        gpservice --version
-          bash install.sh
+        gpauth --version
-    - name: Upload ${{ matrix.package }} package
+        gpgui-helper --version
    - name: Upload DEB package
      uses: actions/upload-artifact@v3
      with:
-        name: artifact-gp-${{ matrix.package }}-${{ matrix.os.arch }}
+        name: artifact-deb
        if-no-files-found: error
        path: |
-          build-gp-${{ matrix.package }}/artifacts/*
+          globalprotect-openconnect_*.deb
-  build-gpgui:
+  rpm:
    needs:
    - setup-matrix
    strategy:
      matrix:
        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
    runs-on: ${{ matrix.os.runner }}
    name: build-gpgui (${{ matrix.os.arch }})
    steps:
    - uses: pnpm/action-setup@v2
      with:
        version: 8
    - name: Prepare workspace
      run: rm -rf gpgui-source && mkdir gpgui-source
    - name: Checkout GlobalProtect-openconnect
      uses: actions/checkout@v3
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/GlobalProtect-openconnect
        ref: ${{ github.ref }}
        path: gpgui-source/gp
    - name: Checkout gpgui@${{ github.ref_name }}
      uses: actions/checkout@v3
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/gpgui
        ref: ${{ github.ref_name }}
        path: gpgui-source/gpgui
    - name: Tarball
      run: |
        cd gpgui-source
        tar -czf gpgui.tar.gz gpgui gp
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build gpgui in Docker
      run: |
        docker run --rm -v $(pwd)/gpgui-source:/gpgui yuezk/gpdev:gpgui-builder
    - name: Install gpgui in Docker
      run: |
        cd gpgui-source
        tar -xJf *.bin.tar.xz
        docker run --rm -v $(pwd):/gpgui yuezk/gpdev:gpgui-builder \
          bash -c "cd /gpgui/gpgui_*/ && ./gpgui --version"
    - name: Upload gpgui
      uses: actions/upload-artifact@v3
      with:
        name: artifact-gpgui-${{ matrix.os.arch }}
        if-no-files-found: error
        path: |
          gpgui-source/*.bin.tar.xz
          gpgui-source/*.bin.tar.xz.sha256
  gh-release:
    if: ${{ github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/') }}
    runs-on: ubuntu-latest
-    needs:
+    needs: [tarball]
-      - tarball
+    container:
-      - build-gp
+      image: yuezk/gpdev:rpm-builder
-      - build-gpgui
+      credentials:
-
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
        password: ${{ secrets.DOCKER_HUB_TOKEN }}
    steps:
-    - name: Prepare workspace
+    - name: Download tarball
      run: rm -rf gh-release && mkdir gh-release
    - name: Checkout GlobalProtect-openconnect
      uses: actions/checkout@v3
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/GlobalProtect-openconnect
        ref: ${{ github.ref }}
        path: gh-release/gp
    - name: Download all artifacts
      uses: actions/download-artifact@v3
      with:
-        path: gh-release/gp/.build/artifacts
+        name: artifact-tarball
-
+    - name: Build RPM package
    - name: Create GH release
      env:
        GH_TOKEN: ${{ secrets.GH_PAT }}
        RELEASE_TAG: ${{ github.ref == 'refs/heads/dev' && 'snapshot' || github.ref_name }}
      run: |
-        cd gh-release/gp/scripts && ./gh-release.sh "$RELEASE_TAG"
+        tar -xzf globalprotect-openconnect-*.tar.gz
        cd globalprotect-openconnect-*/
        make rpm
    - name: Install RPM package
      run: |
        cd globalprotect-openconnect-*/
        ls -l .build/rpm
        sudo rpm -i ".build/rpm/globalprotect-openconnect*.$(uname -m).rpm"
        gpclient --version
        gpservice --version
        gpauth --version
        gpgui-helper --version
    - name: Upload RPM package
      uses: actions/upload-artifact@v3
      with:
        name: artifact-rpm
        path: |
          globalprotect-openconnect-*/.build/rpm/*.rpm
  # Include arm64 if ref is a tag
  # setup-matrix:
  #   runs-on: ubuntu-latest
  #   outputs:
  #     matrix: ${{ steps.set-matrix.outputs.matrix }}
  #   steps:
  #     - name: Set up matrix
  #       id: set-matrix
  #       run: |
  #         if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
  #           echo "matrix=[\"amd64\", \"arm64\"]" >> $GITHUB_OUTPUT
  #         else
  #           echo "matrix=[\"amd64\"]" >> $GITHUB_OUTPUT
  #         fi
  # build-fe:
  #   runs-on: ubuntu-latest
  #   steps:
  #     - name: Checkout gpgui repo
  #       uses: actions/checkout@v3
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         repository: yuezk/gpgui
  #     - name: Install Node.js
  #       uses: actions/setup-node@v4
  #       with:
  #         node-version: 18
  #     - uses: pnpm/action-setup@v2
  #       with:
  #         version: 8
  #     - name: Install dependencies
  #       run: |
  #         cd app
  #         pnpm install
  #     - name: Build
  #       run: |
  #         cd app
  #         pnpm run build
  #     - name: Upload artifacts
  #       uses: actions/upload-artifact@v3
  #       with:
  #         name: gpgui-fe
  #         path: app/dist
  # build-tauri-amd64:
  #   needs: [build-fe]
  #   runs-on: ubuntu-latest
  #   steps:
  #     - name: Checkout gpgui repo
  #       uses: actions/checkout@v3
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         repository: yuezk/gpgui
  #         path: gpgui
  #     - name: Checkout gp repo
  #       uses: actions/checkout@v3
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         repository: yuezk/GlobalProtect-openconnect
  #         path: gp
  #     - name: Download gpgui-fe artifact
  #       uses: actions/download-artifact@v3
  #       with:
  #         name: gpgui-fe
  #         path: gpgui/app/dist
  #     - name: Login to Docker Hub
  #       uses: docker/login-action@v3
  #       with:
  #         username: ${{ secrets.DOCKER_HUB_USERNAME }}
  #         password: ${{ secrets.DOCKER_HUB_TOKEN }}
  #     - name: Build Tauri in Docker
  #       run: |
  #         docker run \
  #           --rm \
  #           -v $(pwd):/${{ github.workspace }} \
  #           -w ${{ github.workspace }} \
  #           -e CI=true \
  #           yuezk/gpdev:main \
  #           "./gpgui/scripts/build.sh"
  #     - name: Upload artifacts
  #       uses: actions/upload-artifact@v3
  #       with:
  #         name: artifact-amd64-tauri
  #         path: |
  #           gpgui/.tmp/artifact
  # build-tauri-arm64:
  #   if: startsWith(github.ref, 'refs/tags/')
  #   needs: [build-fe]
  #   runs-on: self-hosted
  #   steps:
  #     - name: Checkout gpgui repo
  #       uses: actions/checkout@v3
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         repository: yuezk/gpgui
  #         path: gpgui
  #     - name: Checkout gp repo
  #       uses: actions/checkout@v3
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         repository: yuezk/GlobalProtect-openconnect
  #         path: gp
  #     - name: Download gpgui-fe artifact
  #       uses: actions/download-artifact@v3
  #       with:
  #         name: gpgui-fe
  #         path: gpgui/app/dist
  #     - name: Build Tauri
  #       run: |
  #         ./gpgui/scripts/build.sh
  #     - name: Upload artifacts
  #       uses: actions/upload-artifact@v3
  #       with:
  #         name: artifact-arm64-tauri
  #         path: |
  #           gpgui/.tmp/artifact
  # package-tarball:
  #   needs: [build-tauri-amd64, build-tauri-arm64]
  #   runs-on: ubuntu-latest
  #   steps:
  #     - name: Checkout gpgui repo
  #       uses: actions/checkout@v3
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         repository: yuezk/gpgui
  #         path: gpgui
  #     - name: Download artifact-amd64-tauri
  #       uses: actions/download-artifact@v3
  #       with:
  #         name: artifact-amd64-tauri
  #         path: gpgui/.tmp/artifact
  #     - name: Download artifact-arm64-tauri
  #       uses: actions/download-artifact@v3
  #       with:
  #         name: artifact-arm64-tauri
  #         path: gpgui/.tmp/artifact
  #     - name: Create tarball
  #       run: |
  #         ./gpgui/scripts/build-tarball.sh
  #     - name: Upload tarball
  #       uses: actions/upload-artifact@v3
  #       with:
  #         name: artifact-tarball
  #         path: |
  #           gpgui/.tmp/tarball/*.tar.gz
  # package-rpm:
  #   needs: [setup-matrix, package-tarball]
  #   runs-on: ubuntu-latest
  #   strategy:
  #     matrix:
  #       arch: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
  #   steps:
  #     - name: Checkout gpgui repo
  #       uses: actions/checkout@v3
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         repository: yuezk/gpgui
  #         path: gpgui
  #     - name: Download package tarball
  #       uses: actions/download-artifact@v3
  #       with:
  #         name: artifact-tarball
  #         path: gpgui/.tmp/artifact
  #     - name: Set up QEMU
  #       uses: docker/setup-qemu-action@v3
  #       with:
  #         platforms: ${{ matrix.arch }}
  #     - name: Login to Docker Hub
  #       uses: docker/login-action@v3
  #       with:
  #         username: ${{ secrets.DOCKER_HUB_USERNAME }}
  #         password: ${{ secrets.DOCKER_HUB_TOKEN }}
  #     - name: Create RPM package
  #       run: |
  #         docker run \
  #           --rm \
  #           -v $(pwd):/${{ github.workspace }} \
  #           -w ${{ github.workspace }} \
  #           --platform linux/${{ matrix.arch }} \
  #           yuezk/gpdev:rpm-builder \
  #           "./gpgui/scripts/build-rpm.sh"
  #     - name: Upload rpm artifacts
  #       uses: actions/upload-artifact@v3
  #       with:
  #         name: artifact-${{ matrix.arch }}-rpm
  #         path: |
  #           gpgui/.tmp/artifact/*.rpm
  # package-pkgbuild:
  #   needs: [setup-matrix, build-tauri-amd64, build-tauri-arm64]
  #   runs-on: ubuntu-latest
  #   strategy:
  #     matrix:
  #       arch: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
  #   steps:
  #     - name: Checkout gpgui repo
  #       uses: actions/checkout@v3
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         repository: yuezk/gpgui
  #         path: gpgui
  #     - name: Download artifact-${{ matrix.arch }}
  #       uses: actions/download-artifact@v3
  #       with:
  #         name: artifact-${{ matrix.arch }}-tauri
  #         path: gpgui/.tmp/artifact
  #     - name: Set up QEMU
  #       uses: docker/setup-qemu-action@v3
  #       with:
  #         platforms: ${{ matrix.arch }}
  #     - name: Login to Docker Hub
  #       uses: docker/login-action@v3
  #       with:
  #         username: ${{ secrets.DOCKER_HUB_USERNAME }}
  #         password: ${{ secrets.DOCKER_HUB_TOKEN }}
  #     - name: Generate PKGBUILD
  #       run: |
  #         export CI_ARCH=${{ matrix.arch }}
  #         ./gpgui/scripts/generate-pkgbuild.sh
  #     - name: Build PKGBUILD package
  #       run: |
  #         # Build package
  #         docker run \
  #           --rm \
  #           -v $(pwd)/gpgui/.tmp/pkgbuild:/pkgbuild \
  #           --platform linux/${{ matrix.arch }} \
  #           yuezk/gpdev:pkgbuild
  #     - name: Upload pkgbuild artifacts
  #       uses: actions/upload-artifact@v3
  #       with:
  #         name: artifact-${{ matrix.arch }}-pkgbuild
  #         path: |
  #           gpgui/.tmp/pkgbuild/*.pkg.tar.zst
  # gh-release:
  #   if: startsWith(github.ref, 'refs/tags/')
  #   runs-on: ubuntu-latest
  #   needs:
  #     - package-rpm
  #     - package-pkgbuild
  #   steps:
  #     - name: Download artifact
  #       uses: actions/download-artifact@v3
  #       with:
  #         path: artifact
  #         # pattern: artifact-*
  #         # merge-multiple: true
  #     # - name: Generate checksum
  #     #   uses: jmgilman/actions-generate-checksum@v1
  #     #   with:
  #     #     output: checksums.txt
  #     #     patterns: |
  #     #       artifact/*
  #     - name: Create GH release
  #       uses: softprops/action-gh-release@v1
  #       with:
  #         token: ${{ secrets.GH_PAT }}
  #         prerelease: ${{ contains(github.ref, 'latest') }}
  #         fail_on_unmatched_files: true
  #         files: |
  #           artifact/artifact-*/*
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -1,89 +0,0 @@
 name: Publish Packages
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to publish'
        required: true
      revision:
        description: 'Package revision'
        required: true
        default: "1"
      ppa:
        description: 'Publish to PPA'
        type: boolean
        required: true
        default: true
      obs:
        description: 'Publish to OBS'
        type: boolean
        required: true
        default: true
      aur:
        description: 'Publish to AUR'
        type: boolean
        required: true
        default: true
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - name: Check tag exists
      uses: mukunku/tag-exists-action@v1.6.0
      id: check-tag
      with:
        tag: ${{ inputs.tag }}
    - name: Exit if tag does not exist
      run: |
        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
          echo "Tag ${{ inputs.tag }} does not exist"
          exit 1
        fi
  publish-ppa:
    needs: check
    if: ${{ inputs.ppa }}
    runs-on: ubuntu-latest
    steps:
    - uses: pnpm/action-setup@v2
      with:
        version: 8
    - name: Prepare workspace
      run: rm -rf publish-ppa && mkdir publish-ppa
    - name: Download ${{ inputs.tag }} source code
      uses: robinraju/release-downloader@v1.9
      with:
        token: ${{ secrets.GH_PAT }}
        tag: ${{ inputs.tag }}
        fileName: globalprotect-openconnect-*.tar.gz
        tarBall: false
        zipBall: false
        out-file-path: publish-ppa
    - name: Make the offline tarball
      run: |
        cd publish-ppa
        tar -xf globalprotect-openconnect-*.tar.gz
        cd globalprotect-openconnect-*/
        make tarball OFFLINE=1
        # Prepare the debian directory with custom files
        mkdir -p .build/debian
        sed 's/@RUST@/rust-all(>=1.70)/g' packaging/deb/control.in > .build/debian/control
        sed 's/@OFFLINE@/1/g' packaging/deb/rules.in > .build/debian/rules
        cp packaging/deb/postrm .build/debian/postrm
    - name: Publish to PPA
      uses: yuezk/publish-ppa-package@dev
      with:
        repository: "yuezk/globalprotect-openconnect"
        gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
        gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
        tarball: publish-ppa/globalprotect-openconnect-*/.build/tarball/*.tar.gz
        debian_dir: publish-ppa/globalprotect-openconnect-*/.build/debian
        deb_email: "k3vinyue@gmail.com"
        deb_fullname: "Kevin Yue"
        extra_ppa: "liushuyu-011/rust-bpo-1.75"
        revision: ${{ inputs.revision }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,153 +0,0 @@
 name: Release Packages
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to release'
        required: true
      arch:
        type: choice
        description: 'Architecture to build'
        required: true
        default: all
        options:
          - all
          - x86_64
          - arm64
      release-deb:
        type: boolean
        description: 'Build DEB package'
        required: true
        default: true
      release-rpm:
        type: boolean
        description: 'Build RPM package'
        required: true
        default: true
      release-pkg:
        type: boolean
        description: 'Build PKG package'
        required: true
        default: true
      release-binary:
        type: boolean
        description: 'Build binary package'
        required: true
        default: true
      gh-release:
        type: boolean
        description: 'Update GitHub release'
        required: true
        default: true
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - name: Check tag exists
      uses: mukunku/tag-exists-action@v1.6.0
      id: check-tag
      with:
        tag: ${{ inputs.tag }}
    - name: Exit if tag does not exist
      run: |
        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
          echo "Tag ${{ inputs.tag }} does not exist"
          exit 1
        fi
  setup-matrix:
    needs:
    - check
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-matrix.outputs.result }}
    steps:
    - name: Set up matrix
      id: set-matrix
      uses: actions/github-script@v7
      with:
        result-encoding: string
        script: |
          const inputs = ${{ toJson(inputs) }}
          const { arch } = inputs
          const osMap = {
            "all": ["ubuntu-latest", "arm64"],
            "x86_64": ["ubuntu-latest"],
            "arm64": ["arm64"]
          }
          const package = Object.entries(inputs)
            .filter(([key, value]) => key.startsWith('release-') && value)
            .map(([key, value]) => key.replace('release-', ''))
          return JSON.stringify({
            os: osMap[arch],
            package,
          })
  build:
    needs:
    - setup-matrix
    strategy:
      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
    runs-on: ${{ matrix.os }}
    steps:
    - name: Prepare workspace
      run: rm -rf build-${{ matrix.package }} && mkdir -p build-${{ matrix.package }}
    - name: Download ${{ inputs.tag }} source code
      uses: robinraju/release-downloader@v1.9
      with:
        token: ${{ secrets.GH_PAT }}
        tag: ${{ inputs.tag }}
        fileName: globalprotect-openconnect-*.tar.gz
        tarBall: false
        zipBall: false
        out-file-path: build-${{ matrix.package }}
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build ${{ matrix.package }} package in Docker
      run: |
        docker run --rm \
          -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} \
          -e INCLUDE_GUI=1 \
          yuezk/gpdev:${{ matrix.package }}-builder
    - name: Install ${{ matrix.package }} package in Docker
      run: |
        docker run --rm \
          -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} \
          yuezk/gpdev:${{ matrix.package }}-builder \
          bash install.sh
    - name: Upload ${{ matrix.package }} package
      uses: actions/upload-artifact@v3
      with:
        name: artifact-${{ matrix.os }}-${{ matrix.package }}
        if-no-files-found: error
        path: |
          build-${{ matrix.package }}/artifacts/*
  gh-release:
    needs:
    - build
    runs-on: ubuntu-latest
    if: ${{ inputs.gh-release }}
    steps:
    - name: Prepare workspace
      run: rm -rf gh-release && mkdir gh-release
    - name: Download artifact
      uses: actions/download-artifact@v3
      with:
        path: gh-release
    - name: Update release
      uses: softprops/action-gh-release@v1
      with:
        token: ${{ secrets.GH_PAT }}
        prerelease: ${{ contains(github.ref, 'snapshot') }}
        fail_on_unmatched_files: true
        tag_name: ${{ inputs.tag }}
        files: |
          gh-release/artifact-*/*
--- a/.gitignore
+++ b/.gitignore
@@ -7,4 +7,3 @@
 .cargo
 .build
 SNAPSHOT
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,7 +1,6 @@
 {
    "cSpell.words": [
        "authcookie",
        "badssl",
        "bincode",
        "chacha",
        "clientos",
@@ -26,9 +25,7 @@
        "LOGNAME",
        "oneshot",
        "openconnect",
        "pkcs",
        "pkexec",
        "pkey",
        "Prelogin",
        "prelogon",
        "prelogonuserauthcookie",
@@ -38,7 +35,6 @@
        "rspc",
        "servercert",
        "specta",
        "sslkey",
        "sysinfo",
        "tanstack",
        "tauri",
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -252,12 +252,6 @@ version = "0.21.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9"
 [[package]]
 name = "base64"
 version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@@ -568,13 +562,6 @@ dependencies = [
 "memchr",
 ]
 [[package]]
 name = "common"
 version = "2.3.3"
 dependencies = [
 "is_executable",
 ]
 [[package]]
 name = "compile-time"
 version = "0.2.0"
@@ -898,6 +885,24 @@ dependencies = [
 "litrs",
 ]
 [[package]]
 name = "dotenvy"
 version = "0.15.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
 [[package]]
 name = "dotenvy_macro"
 version = "0.15.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb0235d912a8c749f4e0c9f18ca253b4c28cfefc1d2518096016d6e3230b6424"
 dependencies = [
 "dotenvy",
 "proc-macro2",
 "quote",
 "syn 1.0.109",
 ]
 [[package]]
 name = "dtoa"
 version = "1.0.9"
@@ -1418,17 +1423,16 @@ dependencies = [
 [[package]]
 name = "gpapi"
-version = "2.3.3"
+version = "2.0.0"
 dependencies = [
 "anyhow",
 "base64 0.21.5",
 "chacha20poly1305",
 "clap",
 "dotenvy_macro",
 "log",
 "md5",
 "open",
 "openssl",
 "pem",
 "redact-engine",
 "regex",
 "reqwest",
@@ -1451,14 +1455,13 @@ dependencies = [
 [[package]]
 name = "gpauth"
-version = "2.3.3"
+version = "2.0.0"
 dependencies = [
 "anyhow",
 "clap",
 "compile-time",
 "env_logger",
 "gpapi",
 "html-escape",
 "log",
 "regex",
 "serde_json",
@@ -1472,11 +1475,10 @@ dependencies = [
 [[package]]
 name = "gpclient"
-version = "2.3.3"
+version = "2.0.0"
 dependencies = [
 "anyhow",
 "clap",
 "common",
 "compile-time",
 "directories",
 "env_logger",
@@ -1494,7 +1496,7 @@ dependencies = [
 [[package]]
 name = "gpgui-helper"
-version = "2.3.3"
+version = "2.0.0"
 dependencies = [
 "anyhow",
 "clap",
@@ -1512,7 +1514,7 @@ dependencies = [
 [[package]]
 name = "gpservice"
-version = "2.3.3"
+version = "2.0.0"
 dependencies = [
 "anyhow",
 "axum",
@@ -1525,10 +1527,8 @@ dependencies = [
 "openconnect",
 "serde",
 "serde_json",
 "tar",
 "tokio",
 "tokio-util",
 "xz2",
 ]
 [[package]]
@@ -1588,9 +1588,9 @@ dependencies = [
 [[package]]
 name = "h2"
-version = "0.3.26"
+version = "0.3.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8"
+checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9"
 dependencies = [
 "bytes",
 "fnv",
@@ -1607,9 +1607,9 @@ dependencies = [
 [[package]]
 name = "h2"
-version = "0.4.4"
+version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "816ec7294445779408f36fe57bc5b7fc1cf59664059096c65f905c1c61f58069"
+checksum = "31d030e59af851932b72ceebadf4a2b5986dba4c3b99dd2493f8273a0f151943"
 dependencies = [
 "bytes",
 "fnv",
@@ -1663,15 +1663,6 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 [[package]]
 name = "html-escape"
 version = "0.2.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6d1ad449764d627e22bfd7cd5e8868264fc9236e07c752972b4080cd351cb476"
 dependencies = [
 "utf8-width",
 ]
 [[package]]
 name = "html5ever"
 version = "0.26.0"
@@ -1776,7 +1767,7 @@ dependencies = [
 "futures-channel",
 "futures-core",
 "futures-util",
- "h2 0.3.26",
+ "h2 0.3.24",
 "http 0.2.11",
 "http-body 0.4.6",
 "httparse",
@@ -1799,7 +1790,7 @@ dependencies = [
 "bytes",
 "futures-channel",
 "futures-util",
- "h2 0.4.4",
+ "h2 0.4.2",
 "http 1.0.0",
 "http-body 1.0.0",
 "httparse",
@@ -2207,17 +2198,6 @@ dependencies = [
 "tracing-subscriber",
 ]
 [[package]]
 name = "lzma-sys"
 version = "0.1.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5fda04ab3764e6cde78b9974eec4f779acaba7c4e84b36eca3cf77c581b85d27"
 dependencies = [
 "cc",
 "libc",
 "pkg-config",
 ]
 [[package]]
 name = "mac"
 version = "0.1.1"
@@ -2307,9 +2287,9 @@ dependencies = [
 [[package]]
 name = "mio"
-version = "0.8.11"
+version = "0.8.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
+checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09"
 dependencies = [
 "libc",
 "log",
@@ -2526,10 +2506,10 @@ dependencies = [
 [[package]]
 name = "openconnect"
-version = "2.3.3"
+version = "2.0.0"
 dependencies = [
 "cc",
- "common",
+ "is_executable",
 "log",
 ]
@@ -2659,16 +2639,6 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8835116a5c179084a830efb3adc117ab007512b535bc1a21c991d3b32a6b44dd"
 [[package]]
 name = "pem"
 version = "3.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e459365e590736a54c3fa561947c84837534b8e9af6fc5bf781307e82658fae"
 dependencies = [
 "base64 0.22.1",
 "serde",
 ]
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@@ -3166,7 +3136,7 @@ dependencies = [
 "encoding_rs",
 "futures-core",
 "futures-util",
- "h2 0.3.26",
+ "h2 0.3.24",
 "http 0.2.11",
 "http-body 0.4.6",
 "hyper 0.14.28",
@@ -4164,9 +4134,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 [[package]]
 name = "tokio"
-version = "1.36.0"
+version = "1.35.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931"
+checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
 dependencies = [
 "backtrace",
 "bytes",
@@ -4493,12 +4463,6 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
 [[package]]
 name = "utf8-width"
 version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "86bd8d4e895da8537e5315b8254664e6b769c4ff3db18321b297a1e7004392e3"
 [[package]]
 name = "utf8parse"
 version = "0.2.1"
@@ -4605,12 +4569,6 @@ version = "0.11.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 [[package]]
 name = "wasite"
 version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
 [[package]]
 name = "wasm-bindgen"
 version = "0.2.89"
@@ -4787,12 +4745,11 @@ dependencies = [
 [[package]]
 name = "whoami"
-version = "1.5.1"
+version = "1.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a44ab49fad634e88f55bf8f9bb3abd2f27d7204172a112c7c9987e01c1c94ea9"
+checksum = "22fc3756b8a9133049b26c7f61ab35416c130e8c09b660f5b3958b446f52cc50"
 dependencies = [
- "redox_syscall",
+ "wasm-bindgen",
 "wasite",
 "web-sys",
 ]
@@ -5167,15 +5124,6 @@ version = "0.13.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4"
 [[package]]
 name = "xz2"
 version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "388c44dc09d76f1536602ead6d325eb532f5c122f17782bd57fb47baeeb767e2"
 dependencies = [
 "lzma-sys",
 ]
 [[package]]
 name = "zeroize"
 version = "1.7.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,7 +5,7 @@ members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth", "apps/g
 [workspace.package]
 rust-version = "1.70"
-version = "2.3.3"
+version = "2.0.0"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"
@@ -22,8 +22,6 @@ is_executable = "1.0"
 log = "0.4"
 regex = "1"
 reqwest = { version = "0.11", features = ["native-tls-vendored", "json"] }
 openssl = "0.10"
 pem = "3"
 roxmltree = "0.18"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
@@ -41,6 +39,7 @@ uzers = "0.11"
 whoami = "1"
 thiserror = "1"
 redact-engine = "0.1"
 dotenvy_macro = "0.15"
 compile-time = "0.2"
 serde_urlencoded = "0.7"
 md5="0.7"
--- a/196
+++ b/196
@@ -1,8 +1,4 @@
 .SHELLFLAGS += -e
 OFFLINE ?= 0
 BUILD_FE ?= 1
 INCLUDE_GUI ?= 0
 CARGO ?= cargo
 VERSION = $(shell $(CARGO) metadata --no-deps --format-version 1 | jq -r '.packages[0].version')
@@ -11,17 +7,9 @@ PPA_REVISION ?= 1
 PKG_NAME = globalprotect-openconnect
 PKG = $(PKG_NAME)-$(VERSION)
 SERIES ?= $(shell lsb_release -cs)
 PUBLISH ?= 0
 export DEBEMAIL = k3vinyue@gmail.com
 export DEBFULLNAME = Kevin Yue
 export SNAPSHOT = $(shell test -f SNAPSHOT && echo "true" || echo "false")
 ifeq ($(SNAPSHOT), true)
 	RELEASE_TAG = snapshot
 else
 	RELEASE_TAG = v$(VERSION)
 endif
 CARGO_BUILD_ARGS = --release
@@ -34,55 +22,28 @@ default: build
 version:
 	@echo $(VERSION)
-clean-tarball:
+# Generate a vendor tarball and a .cargo/config.toml file
-	rm -rf .build/tarball
+cargo-vendor:
-	rm -rf .vendor
+	mkdir -p .cargo
 	rm -rf vendor.tar.xz
 	rm -rf .cargo
-# Create a tarball, include the cargo dependencies if OFFLINE is set to 1
+	$(CARGO) vendor .vendor > .cargo/config.toml
-tarball: clean-tarball
+	tar -cJf vendor.tar.xz .vendor
 	if [ $(BUILD_FE) -eq 1 ]; then \
 		echo "Building frontend..."; \
 		cd apps/gpgui-helper && pnpm install && pnpm build; \
 	fi
-	# Remove node_modules to reduce the tarball size
+tarball: clean clean-tarball build-fe cargo-vendor
 	rm -rf apps/gpgui-helper/node_modules
-	mkdir -p .cargo
+	tar --transform 's,^,${PKG}/,' -czf ../${PKG}.tar.gz * .cargo
 	mkdir -p .build/tarball
-	# If OFFLINE is set to 1, vendor all cargo dependencies
+# Extract the vendor tarball to the .vendor directory if it exists
-	if [ $(OFFLINE) -eq 1 ]; then \
+extract-vendor:
-		$(CARGO) vendor .vendor > .cargo/config.toml; \
+	if [ -f vendor.tar.xz ]; then tar -xJf vendor.tar.xz; fi
 		tar -cJf vendor.tar.xz .vendor; \
 	fi
-	@echo "Creating tarball..."
+build: build-fe build-rs
 	tar --exclude .vendor --exclude target --transform 's,^,${PKG}/,' -czf .build/tarball/${PKG}.tar.gz * .cargo
 download-gui:
 	rm -rf .build/gpgui
 	if [ $(INCLUDE_GUI) -eq 1 ]; then \
 		echo "Downloading GlobalProtect GUI..."; \
 		mkdir -p .build/gpgui; \
 		curl -sSL https://github.com/yuezk/GlobalProtect-openconnect/releases/download/$(RELEASE_TAG)/gpgui_$(shell uname -m).bin.tar.xz \
 			-o .build/gpgui/gpgui_$(shell uname -m).bin.tar.xz; \
 		tar -xJf .build/gpgui/*.tar.xz -C .build/gpgui; \
 	else \
 		echo "Skipping GlobalProtect GUI download (INCLUDE_GUI=0)"; \
 	fi
 build: download-gui build-fe build-rs
 # Install and build the frontend
 # If OFFLINE is set to 1, skip it
 build-fe:
-	if [ $(OFFLINE) -eq 1 ] || [ $(BUILD_FE) -eq 0 ]; then \
+	if [ $(OFFLINE) -eq 0 ]; then \
 		echo "Skipping frontend build (OFFLINE=1 or BUILD_FE=0)"; \
 	else \
 		cd apps/gpgui-helper && pnpm install && pnpm build; \
 	fi
@@ -91,13 +52,9 @@ build-fe:
 		exit 1; \
 	fi
-build-rs:
+build-rs: extract-vendor
-	if [ $(OFFLINE) -eq 1 ]; then \
+	$(CARGO) build $(CARGO_BUILD_ARGS) -p gpauth
-		tar -xJf vendor.tar.xz; \
+	# $(CARGO) build $(CARGO_BUILD_ARGS) -p gpgui-helper --features "tauri/custom-protocol"
 	fi
 	$(CARGO) build $(CARGO_BUILD_ARGS) -p gpclient -p gpservice -p gpauth
 	$(CARGO) build $(CARGO_BUILD_ARGS) -p gpgui-helper --features "tauri/custom-protocol"
 clean:
 	$(CARGO) clean
@@ -105,18 +62,16 @@ clean:
 	rm -rf .vendor
 	rm -rf apps/gpgui-helper/node_modules
-install:
+clean-tarball:
-	@echo "Installing $(PKG_NAME)..."
+	rm -rf vendor.tar.xz
 	rm -rf ../$(PKG).tar.gz
 install:
 	install -Dm755 target/release/gpclient $(DESTDIR)/usr/bin/gpclient
 	install -Dm755 target/release/gpauth $(DESTDIR)/usr/bin/gpauth
 	install -Dm755 target/release/gpservice $(DESTDIR)/usr/bin/gpservice
 	install -Dm755 target/release/gpgui-helper $(DESTDIR)/usr/bin/gpgui-helper
 	if [ -f .build/gpgui/gpgui_*/gpgui ]; then \
 		install -Dm755 .build/gpgui/gpgui_*/gpgui $(DESTDIR)/usr/bin/gpgui; \
 	fi
 	install -Dm644 packaging/files/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
 	install -Dm644 packaging/files/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	install -Dm644 packaging/files/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
@@ -125,13 +80,10 @@ install:
 	install -Dm644 packaging/files/usr/share/polkit-1/actions/com.yuezk.gpgui.policy $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
 uninstall:
 	@echo "Uninstalling $(PKG_NAME)..."
 	rm -f $(DESTDIR)/usr/bin/gpclient
 	rm -f $(DESTDIR)/usr/bin/gpauth
 	rm -f $(DESTDIR)/usr/bin/gpservice
 	rm -f $(DESTDIR)/usr/bin/gpgui-helper
 	rm -f $(DESTDIR)/usr/bin/gpgui
 	rm -f $(DESTDIR)/usr/share/applications/gpgui.desktop
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
@@ -140,61 +92,40 @@ uninstall:
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
-clean-debian:
+init-debian:
-	rm -rf .build/deb
+	rm -rf .vendor
 	rm -rf debian
-# Generate the debian package structure, without the changelog
+	debmake
 init-debian: clean-debian tarball
 	mkdir -p .build/deb
 	cp .build/tarball/${PKG}.tar.gz .build/deb
-	tar -xzf .build/deb/${PKG}.tar.gz -C .build/deb
+	cp -f packaging/deb/control.in debian/control
-	cd .build/deb/${PKG} && debmake
+	cp -f packaging/deb/rules debian/rules
-
+	rm -f debian/changelog
 	cp -f packaging/deb/control.in .build/deb/$(PKG)/debian/control
 	cp -f packaging/deb/rules.in .build/deb/$(PKG)/debian/rules
 	cp -f packaging/deb/postrm .build/deb/$(PKG)/debian/postrm
 	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/deb/$(PKG)/debian/rules
 	rm -f .build/deb/$(PKG)/debian/changelog
 deb: init-debian
-	# Remove the rust build depdency from the control file
+	sed -i "s/@RUST@//g" debian/control
 	sed -i "s/@RUST@//g" .build/deb/$(PKG)/debian/control
-	cd .build/deb/$(PKG) && dch --create --distribution unstable --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION) "Bugfix and improvements."
+	dch --create --distribution unstable --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION) "Bugfix and improvements."
-	cd .build/deb/$(PKG) && debuild --preserve-env -e PATH -us -uc -b
+	debuild --preserve-env -e PATH -us -uc -b
-check-ppa:
+# Usage: make ppa SERIES=focal
-	if [ $(OFFLINE) -eq 0 ]; then \
+ppa: init-debian
-		echo "Error: ppa build requires offline mode (OFFLINE=1)"; \
+	sed -i "s/@RUST@/rust-all(>=1.70)/g" debian/control
 	fi
 # Usage: make ppa SERIES=focal OFFLINE=1 PUBLISH=1
 ppa: check-ppa init-debian
 	sed -i "s/@RUST@/rust-all(>=1.70)/g" .build/deb/$(PKG)/debian/control
 	$(eval SERIES_VER = $(shell distro-info --series $(SERIES) -r | cut -d' ' -f1))
 	@echo "Building for $(SERIES) $(SERIES_VER)"
-	rm -rf .build/deb/$(PKG)/debian/changelog
+	dch --create --distribution $(SERIES) --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION)ppa$(PPA_REVISION)~ubuntu$(SERIES_VER) "Bugfix and improvements."
 	cd .build/deb/$(PKG) && dch --create --distribution $(SERIES) --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION)ppa$(PPA_REVISION)~ubuntu$(SERIES_VER) "Bugfix and improvements."
-	cd .build/deb/$(PKG) && echo "y" | debuild -e PATH -S -sa -k"$(GPG_KEY_ID)" -p"gpg --batch --passphrase $(GPG_KEY_PASS) --pinentry-mode loopback"
+	echo "y" | debuild -e PATH -S -sa -k"$(GPG_KEY_ID)" -p"gpg --batch --passphrase $(GPG_KEY_PASS) --pinentry-mode loopback"
-	if [ $(PUBLISH) -eq 1 ]; then \
+publish-ppa: ppa
-		cd .build/deb/$(PKG) && dput ppa:yuezk/globalprotect-openconnect ../*.changes; \
+	dput ppa:yuezk/globalprotect-openconnect ../*.changes
 	else \
 		echo "Skipping ppa publish (PUBLISH=0)"; \
 	fi
 clean-rpm:
 	rm -rf .build/rpm
 # Generate RPM sepc file
-init-rpm: clean-rpm
+init-rpm:
 	rm -rf .build/rpm
 	mkdir -p .build/rpm
 	cp packaging/rpm/globalprotect-openconnect.spec.in .build/rpm/globalprotect-openconnect.spec
@@ -202,20 +133,26 @@ init-rpm: clean-rpm
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@REVISION@/$(REVISION)/g" .build/rpm/globalprotect-openconnect.spec
-	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/rpm/globalprotect-openconnect.spec
+	sed -i "s/@DATE@/$(shell date "+%a %b %d %Y")/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@DATE@/$(shell LC_ALL=en.US date "+%a %b %d %Y")/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.changes
 	sed -i "s/@DATE@/$(shell LC_ALL=en.US date -u "+%a %b %e %T %Z %Y")/g" .build/rpm/globalprotect-openconnect.changes
-rpm: init-rpm tarball
+# Ensure ../globalprotect-openconnect-*.tar.gz exists.
 rpm: init-rpm
 	if [ ! -f ../$(PKG).tar.gz ]; then \
 		echo "Missing ../$(PKG).tar.gz"; \
 		exit 1; \
 	fi
 	rm -rf $(HOME)/rpmbuild
 	rpmdev-setuptree
-	cp .build/tarball/${PKG}.tar.gz $(HOME)/rpmbuild/SOURCES/${PKG_NAME}.tar.gz
+	cp ../$(PKG).tar.gz $(HOME)/rpmbuild/SOURCES/$(PKG_NAME).tar.gz
 	rpmbuild -ba .build/rpm/globalprotect-openconnect.spec
-	# Copy RPM package from build directory
+	# Copy RPM package
 	cp $(HOME)/rpmbuild/RPMS/$(shell uname -m)/$(PKG_NAME)*.rpm .build/rpm
 	# Copy the SRPM only for x86_64.
@@ -223,41 +160,20 @@ rpm: init-rpm tarball
 		cp $(HOME)/rpmbuild/SRPMS/$(PKG_NAME)*.rpm .build/rpm; \
 	fi
-clean-pkgbuild:
+init-pkgbuild:
 	rm -rf .build/pkgbuild
 init-pkgbuild: clean-pkgbuild tarball
 	mkdir -p .build/pkgbuild
-	cp .build/tarball/${PKG}.tar.gz .build/pkgbuild
+	if [ ! -f ../$(PKG).tar.gz ]; then \
-	cp packaging/pkgbuild/PKGBUILD.in .build/pkgbuild/PKGBUILD
+		echo "Missing ../$(PKG).tar.gz"; \
 		exit 1; \
 	fi
 	cp ../$(PKG).tar.gz .build/pkgbuild
 	cp packaging/pkgbuild/PKGBUILD.in .build/pkgbuild/PKGBUILD
 	sed -i "s/@PKG_NAME@/$(PKG_NAME)/g" .build/pkgbuild/PKGBUILD
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/pkgbuild/PKGBUILD
 	sed -i "s/@REVISION@/$(REVISION)/g" .build/pkgbuild/PKGBUILD
 	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/pkgbuild/PKGBUILD
 pkgbuild: init-pkgbuild
 	cd .build/pkgbuild && makepkg -s --noconfirm
 clean-binary:
 	rm -rf .build/binary
 binary: clean-binary tarball
 	mkdir -p .build/binary
 	cp .build/tarball/${PKG}.tar.gz .build/binary
 	tar -xzf .build/binary/${PKG}.tar.gz -C .build/binary
 	mkdir -p .build/binary/$(PKG_NAME)_$(VERSION)/artifacts
 	make -C .build/binary/${PKG} build OFFLINE=$(OFFLINE) BUILD_FE=0 INCLUDE_GUI=$(INCLUDE_GUI)
 	make -C .build/binary/${PKG} install DESTDIR=$(PWD)/.build/binary/$(PKG_NAME)_$(VERSION)/artifacts
 	cp packaging/binary/Makefile.in .build/binary/$(PKG_NAME)_$(VERSION)/Makefile
 	# Create a tarball for the binary package
 	tar -cJf .build/binary/$(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz -C .build/binary $(PKG_NAME)_$(VERSION)
 	# Generate sha256sum
 	cd .build/binary && sha256sum $(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz | cut -d' ' -f1 > $(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz.sha256
--- a/README.md
+++ b/README.md
@@ -13,7 +13,6 @@ A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authenticati
 - [x] Support both SSO and non-SSO authentication
 - [x] Support the FIDO2 authentication (e.g., YubiKey)
 - [x] Support authentication using default browser
 - [x] Support client certificate authentication
 - [x] Support multiple portals
 - [x] Support gateway selection
 - [x] Support connect gateway directly
@@ -44,12 +43,6 @@ Options:
 See 'gpclient help <command>' for more information on a specific command.
 ```
 To use the default browser for authentication with the CLI version, you need to use the following command:
 ```bash
 sudo -E gpclient connect --default-browser <portal>
 ```
 ### GUI
 The GUI version is also available after you installed it. You can launch it from the application menu or run `gpclient launch-gui` in the terminal.
@@ -60,9 +53,18 @@ The GUI version is also available after you installed it. You can launch it from
 ## Installation
 > [!Note]
 >
 > This instruction is for the 2.x version. The 1.x version is still available on the [1.x](https://github.com/yuezk/GlobalProtect-openconnect/tree/1.x) branch, you can build it from the source code by following the instructions in the `README.md` file.
 > [!Warning]
 >
 > The client requires `openconnect >= 8.20, pkexec, and gnome-keyring`, please make sure you have them installed.
 > Installing the client from PPA will automatically install the required version of `openconnect`.
 ### Debian/Ubuntu based distributions
-#### Install from PPA (Ubuntu 18.04 and later, except 24.04)
+#### Install from PPA
 ```
 sudo apt-get install gir1.2-gtk-3.0 gir1.2-webkit2-4.0
@@ -75,29 +77,12 @@ sudo apt-get install globalprotect-openconnect
 >
 > For Linux Mint, you might need to import the GPG key with: `sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7937C393082992E5D6E4A60453FC26B43838D761` if you encountered an error `gpg: keyserver receive failed: General error`.
 #### **Ubuntu 24.04 and later**
 The `libwebkit2gtk-4.0-37` package was [removed](https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/2061914) from its repo, before [the issue](https://github.com/yuezk/GlobalProtect-openconnect/issues/351) gets resolved, you need to install them manually:
 ```bash
 wget http://launchpadlibrarian.net/704701349/libwebkit2gtk-4.0-37_2.43.3-1_amd64.deb
 wget http://launchpadlibrarian.net/704701345/libjavascriptcoregtk-4.0-18_2.43.3-1_amd64.deb
 sudo dpkg --install *.deb
 ```
 And the latest package is not available in the PPA, you can follow the [Install from deb package](#install-from-deb-package) section to install the latest package.
 #### **Ubuntu 18.04**
 The latest package is not available in the PPA either, but you still needs to add the `ppa:yuezk/globalprotect-openconnect` repo beforehand to use the required `openconnect` package. Then you can follow the [Install from deb package](#install-from-deb-package) section to install the latest package.
 #### Install from deb package
-Download the latest deb package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Then install it with `apt`:
+Download the latest deb package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Then install it with `dpkg`:
 ```bash
-sudo apt install --fix-broken globalprotect-openconnect_*.deb
+sudo dpkg -i globalprotect-openconnect_*.deb
 ```
 ### Arch Linux / Manjaro
@@ -118,7 +103,7 @@ Download the latest package from [releases](https://github.com/yuezk/GlobalProte
 sudo pacman -U globalprotect-openconnect-*.pkg.tar.zst
 ```
-### Fedora 38 and later / Fedora Rawhide
+### Fedora/OpenSUSE/CentOS/RHEL
 #### Install from COPR
@@ -129,78 +114,25 @@ sudo dnf copr enable yuezk/globalprotect-openconnect
 sudo dnf install globalprotect-openconnect
 ```
-### openSUSE Leap 15.6 / openSUSE Tumbleweed
+#### Install from OBS (OpenSUSE Build Service)
 #### Install from OBS (openSUSE Build Service)
 The package is also available on [OBS](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect) for various RPM-based distributions. You can follow the instructions [on this page](https://software.opensuse.org//download.html?project=home%3Ayuezk&package=globalprotect-openconnect) to install it.
 ### Other RPM-based distributions
 #### Install from RPM package
 Download the latest RPM package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
 ```bash
 sudo rpm -i globalprotect-openconnect-*.rpm
 ```
 ### Gentoo
 Install from the ```rios``` or ```slonko``` overlays.  Example using rios:
 #### 1. Enable the overlay
 ```
 sudo eselect repository enable rios
 ```
 #### 2. Sync with the repository
  - If you have eix installed, use it:
 ```
 sudo eix-sync
 ```
  - Otherwise, use:
 ```
 sudo emerge --sync
 ```
 #### 3. Install
 ```sudo emerge globalprotect-openconnect```
 ### Other distributions
 - Install `openconnect >= 8.20`, `webkit2gtk`, `libsecret`, `libayatana-appindicator` or `libappindicator-gtk3`.
- Download `globalprotect-openconnect_${version}_${arch}.bin.tar.xz` from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
+- Download `globalprotect-openconnect.tar.gz` from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
- Extract the tarball with `tar -xJf globalprotect-openconnect_${version}_${arch}.bin.tar.xz`.
+- Extract the tarball and run `make build` to build the client.
- Run `sudo make install` to install the client.
+- Run `make install` to install the client.
 ## Build from source
 You can also build the client from source, steps are as follows:
 ### Prerequisites
 - [Install Rust](https://www.rust-lang.org/tools/install)
 - Install Tauri dependencies: https://tauri.app/v1/guides/getting-started/prerequisites/#setting-up-linux
 - Install `perl`
 - Install `openconnect >= 8.20` and `libopenconnect-dev` (or `openconnect-devel` on RPM-based distributions)
 - Install `pkexec`, `gnome-keyring` (or `pam_kwallet` on KDE)
 ### Build
 1. Download the source code tarball from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Choose `globalprotect-openconnect-${version}.tar.gz`.
 2. Extract the tarball with `tar -xzf globalprotect-openconnect-${version}.tar.gz`.
 3. Enter the source directory and run `make build BUILD_FE=0` to build the client.
 3. Run `sudo make install` to install the client. (Note, `DESTDIR` is not supported)
 ## FAQ
 1. How to deal with error `Secure Storage not ready`
   Try upgrade the client to `2.2.0` or later, which will use a file-based storage as a fallback.
   You need to install the `gnome-keyring` package, and restart the system (See [#321](https://github.com/yuezk/GlobalProtect-openconnect/issues/321), [#316](https://github.com/yuezk/GlobalProtect-openconnect/issues/316)).
 2. How to deal with error `(gpauth:18869): Gtk-WARNING **: 10:33:37.566: cannot open display:`
--- a/apps/gpauth/Cargo.toml
+++ b/apps/gpauth/Cargo.toml
@@ -8,11 +8,7 @@ license.workspace = true
 tauri-build = { version = "1.5", features = [] }
 [dependencies]
-gpapi = { path = "../../crates/gpapi", features = [
+gpapi = { path = "../../crates/gpapi", features = ["tauri", "clap"] }
  "tauri",
  "clap",
  "browser-auth",
 ] }
 anyhow.workspace = true
 clap.workspace = true
 env_logger.workspace = true
@@ -22,7 +18,6 @@ serde_json.workspace = true
 tokio.workspace = true
 tokio-util.workspace = true
 tempfile.workspace = true
 html-escape = "0.2.13"
 webkit2gtk = "0.18.2"
 tauri = { workspace = true, features = ["http-all"] }
 compile-time.workspace = true
--- a/apps/gpauth/src/auth_window.rs
+++ b/apps/gpauth/src/auth_window.rs
@@ -7,7 +7,6 @@ use std::{
 use anyhow::bail;
 use gpapi::{
  auth::SamlAuthData,
  error::AuthDataParseError,
  gp_params::GpParams,
  portal::{prelogin, Prelogin},
  utils::{redact::redact_uri, window::WindowExt},
@@ -185,10 +184,6 @@ impl<'a> AuthWindow<'a> {
          }
          info!("Loaded uri: {}", redact_uri(&uri));
          if uri.starts_with("globalprotectcallback:") {
            return;
          }
          read_auth_data(&main_resource, auth_result_tx_clone.clone());
        }
      });
@@ -207,9 +202,7 @@ impl<'a> AuthWindow<'a> {
      wv.connect_load_failed(move |_wv, _event, uri, err| {
        let redacted_uri = redact_uri(uri);
        if !uri.starts_with("globalprotectcallback:") {
        warn!("Failed to load uri: {} with error: {}", redacted_uri, err);
        }
        // NOTE: Don't send error here, since load_changed event will be triggered after this
        // send_auth_result(&auth_result_tx, Err(AuthDataError::Invalid));
        // true to stop other handlers from being invoked for the event. false to propagate the event further.
@@ -346,7 +339,7 @@ fn read_auth_data_from_headers(response: &URIResponse) -> AuthResult {
 fn read_auth_data_from_body<F>(main_resource: &WebResource, callback: F)
 where
-  F: FnOnce(Result<SamlAuthData, AuthDataParseError>) + Send + 'static,
+  F: FnOnce(AuthResult) + Send + 'static,
 {
  main_resource.data(Cancellable::NONE, |data| match data {
    Ok(data) => {
@@ -355,41 +348,53 @@ where
    }
    Err(err) => {
      info!("Failed to read response body: {}", err);
-      callback(Err(AuthDataParseError::Invalid))
+      callback(Err(AuthDataError::Invalid))
    }
  });
 }
-fn read_auth_data_from_html(html: &str) -> Result<SamlAuthData, AuthDataParseError> {
+fn read_auth_data_from_html(html: &str) -> AuthResult {
  if html.contains("Temporarily Unavailable") {
    info!("Found 'Temporarily Unavailable' in HTML, auth failed");
-    return Err(AuthDataParseError::Invalid);
+    return Err(AuthDataError::Invalid);
  }
-  SamlAuthData::from_html(html).or_else(|err| {
+  match parse_xml_tag(html, "saml-auth-status") {
-    if let Some(gpcallback) = extract_gpcallback(html) {
+    Some(saml_status) if saml_status == "1" => {
-      info!("Found gpcallback from html...");
+      let username = parse_xml_tag(html, "saml-username");
-      SamlAuthData::from_gpcallback(&gpcallback)
+      let prelogin_cookie = parse_xml_tag(html, "prelogin-cookie");
-    } else {
+      let portal_userauthcookie = parse_xml_tag(html, "portal-userauthcookie");
      Err(err)
    }
  })
 }
-fn extract_gpcallback(html: &str) -> Option<String> {
+      if SamlAuthData::check(&username, &prelogin_cookie, &portal_userauthcookie) {
-  let re = Regex::new(r#"globalprotectcallback:[^"]+"#).unwrap();
+        return Ok(SamlAuthData::new(
-  re.captures(html)
+          username.unwrap(),
-    .and_then(|captures| captures.get(0))
+          prelogin_cookie,
-    .map(|m| html_escape::decode_html_entities(m.as_str()).to_string())
+          portal_userauthcookie,
        ));
      }
      info!("Found invalid auth data in HTML");
      Err(AuthDataError::Invalid)
    }
    Some(status) => {
      info!("Found invalid SAML status {} in HTML", status);
      Err(AuthDataError::Invalid)
    }
    None => {
      info!("No auth data found in HTML");
      Err(AuthDataError::NotFound)
    }
  }
 }
 fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSender<AuthResult>) {
-  let Some(response) = main_resource.response() else {
+  if main_resource.response().is_none() {
    info!("No response found in main resource");
    send_auth_result(&auth_result_tx, Err(AuthDataError::Invalid));
    return;
-  };
+  }
  let response = main_resource.response().unwrap();
  info!("Trying to read auth data from response headers...");
  match read_auth_data_from_headers(&response) {
@@ -402,27 +407,22 @@ fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSe
      read_auth_data_from_body(main_resource, move |auth_result| {
        // Since we have already found invalid auth data in headers, which means this could be the `/SAML20/SP/ACS` endpoint
        // any error result from body should be considered as invalid, and trigger a retry
-        let auth_result = auth_result.map_err(|err| {
+        let auth_result = auth_result.map_err(|_| AuthDataError::Invalid);
          info!("Failed to read auth data from body: {}", err);
          AuthDataError::Invalid
        });
        send_auth_result(&auth_result_tx, auth_result);
      });
    }
    Err(AuthDataError::NotFound) => {
      info!("No auth data found in headers, trying to read from body...");
-
+      let url = main_resource.uri().unwrap_or("".into());
-      let is_acs_endpoint = main_resource.uri().map_or(false, |uri| uri.contains("/SAML20/SP/ACS"));
+      let is_acs_endpoint = url.contains("/SAML20/SP/ACS");
      read_auth_data_from_body(main_resource, move |auth_result| {
        // If the endpoint is `/SAML20/SP/ACS` and no auth data found in body, it should be considered as invalid
        let auth_result = auth_result.map_err(|err| {
-          info!("Failed to read auth data from body: {}", err);
+          if matches!(err, AuthDataError::NotFound) && is_acs_endpoint {
          if !is_acs_endpoint && matches!(err, AuthDataParseError::NotFound) {
            AuthDataError::NotFound
          } else {
            AuthDataError::Invalid
          } else {
            err
          }
        });
@@ -437,6 +437,13 @@ fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSe
  }
 }
 fn parse_xml_tag(html: &str, tag: &str) -> Option<String> {
  let re = Regex::new(&format!("<{}>(.*)</{}>", tag, tag)).unwrap();
  re.captures(html)
    .and_then(|captures| captures.get(1))
    .map(|m| m.as_str().to_string())
 }
 pub(crate) async fn clear_webview_cookies(window: &Window) -> anyhow::Result<()> {
  let (tx, rx) = oneshot::channel::<Result<(), String>>();
@@ -482,42 +489,3 @@ pub(crate) async fn clear_webview_cookies(window: &Window) -> anyhow::Result<()>
  rx.await?.map_err(|err| anyhow::anyhow!(err))
 }
 #[cfg(test)]
 mod tests {
  use super::*;
  #[test]
  fn extract_gpcallback_some() {
    let html = r#"
      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:PGh0bWw+PCEtLSA8c">
      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:PGh0bWw+PCEtLSA8c">
    "#;
    assert_eq!(
      extract_gpcallback(html).as_deref(),
      Some("globalprotectcallback:PGh0bWw+PCEtLSA8c")
    );
  }
  #[test]
  fn extract_gpcallback_cas() {
    let html = r#"
      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:cas-as=1&amp;un=xyz@email.com&amp;token=very_long_string">
    "#;
    assert_eq!(
      extract_gpcallback(html).as_deref(),
      Some("globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string")
    );
  }
  #[test]
  fn extract_gpcallback_none() {
    let html = r#"
      <meta http-equiv="refresh" content="0; URL=PGh0bWw+PCEtLSA8c">
    "#;
    assert_eq!(extract_gpcallback(html), None);
  }
 }
--- a/apps/gpauth/src/cli.rs
+++ b/apps/gpauth/src/cli.rs
@@ -3,7 +3,6 @@ use gpapi::{
  auth::{SamlAuthData, SamlAuthResult},
  clap::args::Os,
  gp_params::{ClientOs, GpParams},
  process::browser_authenticator::BrowserAuthenticator,
  utils::{normalize_server, openssl},
  GP_USER_AGENT,
 };
@@ -38,8 +37,6 @@ struct Cli {
  ignore_tls_errors: bool,
  #[arg(long)]
  clean: bool,
  #[arg(long)]
  default_browser: bool,
 }
 impl Cli {
@@ -59,15 +56,6 @@ impl Cli {
      None => portal_prelogin(&self.server, &gp_params).await?,
    };
    if self.default_browser {
      let browser_auth = BrowserAuthenticator::new(&saml_request);
      browser_auth.authenticate()?;
      info!("Please continue the authentication process in the default browser");
      return Ok(());
    }
    self.saml_request.replace(saml_request);
    let app = create_app(self.clone())?;
--- a/apps/gpauth/tauri.conf.json
+++ b/apps/gpauth/tauri.conf.json
@@ -22,8 +22,8 @@
        "all": true,
        "request": true,
        "scope": [
-          "http://*",
+          "http://**",
-          "https://*"
+          "https://**"
        ]
      }
    },
--- a/apps/gpclient/Cargo.toml
+++ b/apps/gpclient/Cargo.toml
@@ -6,7 +6,6 @@ edition.workspace = true
 license.workspace = true
 [dependencies]
 common = { path = "../../crates/common" }
 gpapi = { path = "../../crates/gpapi", features = ["clap"] }
 openconnect = { path = "../../crates/openconnect" }
 anyhow.workspace = true
--- a/apps/gpclient/src/cli.rs
+++ b/apps/gpclient/src/cli.rs
@@ -19,7 +19,7 @@ pub(crate) struct SharedArgs {
 #[derive(Subcommand)]
 enum CliCommand {
  #[command(about = "Connect to a portal server")]
-  Connect(Box<ConnectArgs>),
+  Connect(ConnectArgs),
  #[command(about = "Disconnect from the server")]
  Disconnect,
  #[command(about = "Launch the GUI")]
--- a/apps/gpclient/src/connect.rs
+++ b/apps/gpclient/src/connect.rs
@@ -1,27 +1,24 @@
-use std::{cell::RefCell, fs, sync::Arc};
+use std::{fs, sync::Arc};
 use clap::Args;
 use common::vpn_utils::find_csd_wrapper;
 use gpapi::{
  clap::args::Os,
  credential::{Credential, PasswordCredential},
-  error::PortalError,
+  gateway::gateway_login,
  gateway::{gateway_login, GatewayLogin},
  gp_params::{ClientOs, GpParams},
-  portal::{prelogin, retrieve_config, Prelogin},
+  portal::{prelogin, retrieve_config, PortalError, Prelogin},
  process::{
    auth_launcher::SamlAuthLauncher,
    users::{get_non_root_user, get_user_by_name},
  },
-  utils::{request::RequestIdentityError, shutdown_signal},
+  utils::shutdown_signal,
  GP_USER_AGENT,
 };
 use inquire::{Password, PasswordDisplayMode, Select, Text};
 use log::info;
 use openconnect::Vpn;
 use tokio::{io::AsyncReadExt, net::TcpListener};
-use crate::{cli::SharedArgs, GP_CLIENT_LOCK_FILE, GP_CLIENT_PORT_FILE};
+use crate::{cli::SharedArgs, GP_CLIENT_LOCK_FILE};
 #[derive(Args)]
 pub(crate) struct ConnectArgs {
@@ -33,25 +30,6 @@ pub(crate) struct ConnectArgs {
  user: Option<String>,
  #[arg(long, short, help = "The VPNC script to use")]
  script: Option<String>,
  #[arg(long, help = "Connect the server as a gateway, instead of a portal")]
  as_gateway: bool,
  #[arg(
    long,
    help = "Use the default CSD wrapper to generate the HIP report and send it to the server"
  )]
  hip: bool,
  #[arg(
    short,
    long,
    help = "Use SSL client certificate file in pkcs#8 (.pem) or pkcs#12 (.p12, .pfx) format"
  )]
  certificate: Option<String>,
  #[arg(short = 'k', long, help = "Use SSL private key file in pkcs#8 (.pem) format")]
  sslkey: Option<String>,
  #[arg(short = 'p', long, help = "The key passphrase of the private key")]
  key_password: Option<String>,
  #[arg(long, help = "Same as the '--csd-user' option in the openconnect command")]
  csd_user: Option<String>,
@@ -59,12 +37,8 @@ pub(crate) struct ConnectArgs {
  #[arg(long, help = "Same as the '--csd-wrapper' option in the openconnect command")]
  csd_wrapper: Option<String>,
  #[arg(long, default_value = "300", help = "Reconnection retry timeout in seconds")]
  reconnect_timeout: u32,
  #[arg(short, long, help = "Request MTU from server (legacy servers only)")]
  mtu: Option<u32>,
  #[arg(long, help = "Do not ask for IPv6 connectivity")]
  disable_ipv6: bool,
  #[arg(long, default_value = GP_USER_AGENT, help = "The user agent to use")]
  user_agent: String,
@@ -76,8 +50,6 @@ pub(crate) struct ConnectArgs {
  hidpi: bool,
  #[arg(long, help = "Do not reuse the remembered authentication cookie")]
  clean: bool,
  #[arg(long, help = "Use the default browser to authenticate")]
  default_browser: bool,
 }
 impl ConnectArgs {
@@ -97,16 +69,11 @@ impl ConnectArgs {
 pub(crate) struct ConnectHandler<'a> {
  args: &'a ConnectArgs,
  shared_args: &'a SharedArgs,
  latest_key_password: RefCell<Option<String>>,
 }
 impl<'a> ConnectHandler<'a> {
  pub(crate) fn new(args: &'a ConnectArgs, shared_args: &'a SharedArgs) -> Self {
-    Self {
+    Self { args, shared_args }
      args,
      shared_args,
      latest_key_password: Default::default(),
    }
  }
  fn build_gp_params(&self) -> GpParams {
@@ -115,52 +82,11 @@ impl<'a> ConnectHandler<'a> {
      .client_os(ClientOs::from(&self.args.os))
      .os_version(self.args.os_version())
      .ignore_tls_errors(self.shared_args.ignore_tls_errors)
      .certificate(self.args.certificate.clone())
      .sslkey(self.args.sslkey.clone())
      .key_password(self.latest_key_password.borrow().clone())
      .build()
  }
  pub(crate) async fn handle(&self) -> anyhow::Result<()> {
    self.latest_key_password.replace(self.args.key_password.clone());
    loop {
      let Err(err) = self.handle_impl().await else {
        return Ok(());
      };
      let Some(root_cause) = err.root_cause().downcast_ref::<RequestIdentityError>() else {
        return Err(err);
      };
      match root_cause {
        RequestIdentityError::NoKey => {
          eprintln!("ERROR: No private key found in the certificate file");
          eprintln!("ERROR: Please provide the private key file using the `-k` option");
          return Ok(());
        }
        RequestIdentityError::NoPassphrase(cert_type) | RequestIdentityError::DecryptError(cert_type) => {
          // Decrypt the private key error, ask for the key password
          let message = format!("Enter the {} passphrase:", cert_type);
          let password = Password::new(&message)
            .without_confirmation()
            .with_display_mode(PasswordDisplayMode::Masked)
            .prompt()?;
          self.latest_key_password.replace(Some(password));
        }
      }
    }
  }
  pub(crate) async fn handle_impl(&self) -> anyhow::Result<()> {
    let server = self.args.server.as_str();
    let as_gateway = self.args.as_gateway;
    if as_gateway {
      info!("Treating the server as a gateway");
      return self.connect_gateway_with_prelogin(server).await;
    }
    let Err(err) = self.connect_portal_with_prelogin(server).await else {
      return Ok(());
@@ -169,15 +95,10 @@ impl<'a> ConnectHandler<'a> {
    info!("Failed to connect portal with prelogin: {}", err);
    if err.root_cause().downcast_ref::<PortalError>().is_some() {
      info!("Trying the gateway authentication workflow...");
-      self.connect_gateway_with_prelogin(server).await?;
+      return self.connect_gateway_with_prelogin(server).await;
      eprintln!("\nNOTE: the server may be a gateway, not a portal.");
      eprintln!("NOTE: try to use the `--as-gateway` option if you were authenticated twice.");
      Ok(())
    } else {
      Err(err)
    }
    Err(err)
  }
  async fn connect_portal_with_prelogin(&self, portal: &str) -> anyhow::Result<()> {
@@ -191,19 +112,16 @@ impl<'a> ConnectHandler<'a> {
    let selected_gateway = match &self.args.gateway {
      Some(gateway) => portal_config
        .find_gateway(gateway)
-        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway specified: {}", gateway))?,
+        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway {}", gateway))?,
      None => {
        portal_config.sort_gateways(prelogin.region());
        let gateways = portal_config.gateways();
        if gateways.len() > 1 {
-          let gateway = Select::new("Which gateway do you want to connect to?", gateways)
+          Select::new("Which gateway do you want to connect to?", gateways)
            .with_vim_mode(true)
-            .prompt()?;
+            .prompt()?
          info!("Connecting to the selected gateway: {}", gateway);
          gateway
        } else {
          info!("Connecting to the only available gateway: {}", gateways[0]);
          gateways[0]
        }
      }
@@ -212,7 +130,7 @@ impl<'a> ConnectHandler<'a> {
    let gateway = selected_gateway.server();
    let cred = portal_config.auth_cookie().into();
-    let cookie = match self.login_gateway(gateway, &cred, &gp_params).await {
+    let cookie = match gateway_login(gateway, &cred, &gp_params).await {
      Ok(cookie) => cookie,
      Err(err) => {
        info!("Gateway login failed: {}", err);
@@ -224,59 +142,28 @@ impl<'a> ConnectHandler<'a> {
  }
  async fn connect_gateway_with_prelogin(&self, gateway: &str) -> anyhow::Result<()> {
    info!("Performing the gateway authentication...");
    let mut gp_params = self.build_gp_params();
    gp_params.set_is_gateway(true);
    let prelogin = prelogin(gateway, &gp_params).await?;
    let cred = self.obtain_credential(&prelogin, gateway).await?;
-    let cookie = self.login_gateway(gateway, &cred, &gp_params).await?;
+    let cookie = gateway_login(gateway, &cred, &gp_params).await?;
    self.connect_gateway(gateway, &cookie).await
  }
  async fn login_gateway(&self, gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<String> {
    let mut gp_params = gp_params.clone();
    loop {
      match gateway_login(gateway, cred, &gp_params).await? {
        GatewayLogin::Cookie(cookie) => return Ok(cookie),
        GatewayLogin::Mfa(message, input_str) => {
          let otp = Text::new(&message).prompt()?;
          gp_params.set_input_str(&input_str);
          gp_params.set_otp(&otp);
          info!("Retrying gateway login with MFA...");
        }
      }
    }
  }
  async fn connect_gateway(&self, gateway: &str, cookie: &str) -> anyhow::Result<()> {
    let mtu = self.args.mtu.unwrap_or(0);
    let csd_uid = get_csd_uid(&self.args.csd_user)?;
-    let csd_wrapper = if self.args.csd_wrapper.is_some() {
+    let mtu = self.args.mtu.unwrap_or(0);
      self.args.csd_wrapper.clone()
    } else if self.args.hip {
      find_csd_wrapper()
    } else {
      None
    };
    let vpn = Vpn::builder(gateway, cookie)
      .script(self.args.script.clone())
      .user_agent(self.args.user_agent.clone())
-      .certificate(self.args.certificate.clone())
+      .script(self.args.script.clone())
      .sslkey(self.args.sslkey.clone())
      .key_password(self.latest_key_password.borrow().clone())
      .csd_uid(csd_uid)
-      .csd_wrapper(csd_wrapper)
+      .csd_wrapper(self.args.csd_wrapper.clone())
      .reconnect_timeout(self.args.reconnect_timeout)
      .mtu(mtu)
-      .disable_ipv6(self.args.disable_ipv6)
+      .build();
      .build()?;
    let vpn = Arc::new(vpn);
    let vpn_clone = vpn.clone();
@@ -303,9 +190,7 @@ impl<'a> ConnectHandler<'a> {
    match prelogin {
      Prelogin::Saml(prelogin) => {
-        let use_default_browser = prelogin.support_default_browser() && self.args.default_browser;
+        SamlAuthLauncher::new(&self.args.server)
        let cred = SamlAuthLauncher::new(&self.args.server)
          .gateway(is_gateway)
          .saml_request(prelogin.saml_request())
          .user_agent(&self.args.user_agent)
@@ -315,21 +200,8 @@ impl<'a> ConnectHandler<'a> {
          .fix_openssl(self.shared_args.fix_openssl)
          .ignore_tls_errors(self.shared_args.ignore_tls_errors)
          .clean(self.args.clean)
          .default_browser(use_default_browser)
          .launch()
-          .await?;
+          .await
        if let Some(cred) = cred {
          return Ok(cred);
        }
        if !use_default_browser {
          // This should never happen
          unreachable!("SAML authentication failed without using the default browser");
        }
        info!("Waiting for the browser authentication to complete...");
        wait_credentials().await
      }
      Prelogin::Standard(prelogin) => {
        let prefix = if is_gateway { "Gateway" } else { "Portal" };
@@ -352,27 +224,6 @@ impl<'a> ConnectHandler<'a> {
  }
 }
 async fn wait_credentials() -> anyhow::Result<Credential> {
  // Start a local server to receive the browser authentication data
  let listener = TcpListener::bind("127.0.0.1:0").await?;
  let port = listener.local_addr()?.port();
  // Write the port to a file
  fs::write(GP_CLIENT_PORT_FILE, port.to_string())?;
  info!("Listening authentication data on port {}", port);
  let (mut socket, _) = listener.accept().await?;
  info!("Received the browser authentication data from the socket");
  let mut data = String::new();
  socket.read_to_string(&mut data).await?;
  // Remove the port file
  fs::remove_file(GP_CLIENT_PORT_FILE)?;
  Credential::from_gpcallback(&data)
 }
 fn write_pid_file() {
  let pid = std::process::id();
--- a/apps/gpclient/src/launch_gui.rs
+++ b/apps/gpclient/src/launch_gui.rs
@@ -1,4 +1,4 @@
-use std::{collections::HashMap, env::temp_dir, fs, path::PathBuf};
+use std::{collections::HashMap, fs, path::PathBuf};
 use clap::Args;
 use directories::ProjectDirs;
@@ -7,9 +7,6 @@ use gpapi::{
  utils::{endpoint::http_endpoint, env_file, shutdown_signal},
 };
 use log::info;
 use tokio::io::AsyncWriteExt;
 use crate::GP_CLIENT_PORT_FILE;
 #[derive(Args)]
 pub(crate) struct LaunchGuiArgs {
@@ -81,21 +78,11 @@ impl<'a> LaunchGuiHandler<'a> {
 }
 async fn feed_auth_data(auth_data: &str) -> anyhow::Result<()> {
  let _ = tokio::join!(feed_auth_data_gui(auth_data), feed_auth_data_cli(auth_data));
  // Cleanup the temporary file
  let html_file = temp_dir().join("gpauth.html");
  let _ = std::fs::remove_file(html_file);
  Ok(())
 }
 async fn feed_auth_data_gui(auth_data: &str) -> anyhow::Result<()> {
  let service_endpoint = http_endpoint().await?;
  reqwest::Client::default()
    .post(format!("{}/auth-data", service_endpoint))
-    .body(auth_data.to_string())
+    .json(&auth_data)
    .send()
    .await?
    .error_for_status()?;
@@ -103,15 +90,6 @@ async fn feed_auth_data_gui(auth_data: &str) -> anyhow::Result<()> {
  Ok(())
 }
 async fn feed_auth_data_cli(auth_data: &str) -> anyhow::Result<()> {
  let port = tokio::fs::read_to_string(GP_CLIENT_PORT_FILE).await?;
  let mut stream = tokio::net::TcpStream::connect(format!("127.0.0.1:{}", port.trim())).await?;
  stream.write_all(auth_data.as_bytes()).await?;
  Ok(())
 }
 async fn try_active_gui() -> anyhow::Result<()> {
  let service_endpoint = http_endpoint().await?;
--- a/apps/gpclient/src/main.rs
+++ b/apps/gpclient/src/main.rs
@@ -4,7 +4,6 @@ mod disconnect;
 mod launch_gui;
 pub(crate) const GP_CLIENT_LOCK_FILE: &str = "/var/run/gpclient.lock";
 pub(crate) const GP_CLIENT_PORT_FILE: &str = "/var/run/gpclient.port";
 #[tokio::main]
 async fn main() {
--- a/apps/gpgui-helper/package.json
+++ b/apps/gpgui-helper/package.json
@@ -18,7 +18,7 @@
    "react-dom": "^18.2.0"
  },
  "devDependencies": {
-    "@tauri-apps/cli": "^1.5.6",
+    "@tauri-apps/cli": "^1.5.0",
    "@types/node": "^20.8.10",
    "@types/react": "^18.2.15",
    "@types/react-dom": "^18.2.7",
@@ -31,6 +31,6 @@
    "eslint-plugin-react-hooks": "^4.6.0",
    "prettier": "3.1.0",
    "typescript": "^5.0.2",
-    "vite": "^4.5.3"
+    "vite": "^4.4.4"
  }
 }
--- a/apps/gpgui-helper/pnpm-lock.yaml
+++ b/apps/gpgui-helper/pnpm-lock.yaml
@@ -29,8 +29,8 @@ dependencies:
 devDependencies:
  '@tauri-apps/cli':
-    specifier: ^1.5.6
+    specifier: ^1.5.0
-    version: 1.5.6
+    version: 1.5.0
  '@types/node':
    specifier: ^20.8.10
    version: 20.8.10
@@ -48,7 +48,7 @@ devDependencies:
    version: 6.12.0(eslint@8.54.0)(typescript@5.0.2)
  '@vitejs/plugin-react':
    specifier: ^4.0.3
-    version: 4.0.3(vite@4.5.3)
+    version: 4.0.3(vite@4.4.4)
  eslint:
    specifier: ^8.54.0
    version: 8.54.0
@@ -68,8 +68,8 @@ devDependencies:
    specifier: ^5.0.2
    version: 5.0.2
  vite:
-    specifier: ^4.5.3
+    specifier: ^4.4.4
-    version: 4.5.3(@types/node@20.8.10)
+    version: 4.4.4(@types/node@20.8.10)
 packages:
@@ -940,8 +940,8 @@ packages:
    engines: {node: '>= 14.6.0', npm: '>= 6.6.0', yarn: '>= 1.19.1'}
    dev: false
-  /@tauri-apps/cli-darwin-arm64@1.5.6:
+  /@tauri-apps/cli-darwin-arm64@1.5.0:
-    resolution: {integrity: sha512-NNvG3XLtciCMsBahbDNUEvq184VZmOveTGOuy0So2R33b/6FDkuWaSgWZsR1mISpOuP034htQYW0VITCLelfqg==}
+    resolution: {integrity: sha512-wvEfcSBjlh1G8uBiylMNFgBtAyk4mXfvDFcGyigf/2ui7Wve6fcAFDJdTVwiHOZ4Wxnw6BD3lIkVMQdDpE+nFg==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [darwin]
@@ -949,8 +949,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-darwin-x64@1.5.6:
+  /@tauri-apps/cli-darwin-x64@1.5.0:
-    resolution: {integrity: sha512-nkiqmtUQw3N1j4WoVjv81q6zWuZFhBLya/RNGUL94oafORloOZoSY0uTZJAoeieb3Y1YK0rCHSDl02MyV2Fi4A==}
+    resolution: {integrity: sha512-pWzLMAMslx3dkLyq1f4PpuEhgUs8mPISM5nQoHfgYYchJk6Ip1YtWupo56h5QjqyRNPUsSYT8DVGIw0Oi8auXQ==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [darwin]
@@ -958,8 +958,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-arm-gnueabihf@1.5.6:
+  /@tauri-apps/cli-linux-arm-gnueabihf@1.5.0:
-    resolution: {integrity: sha512-z6SPx+axZexmWXTIVPNs4Tg7FtvdJl9EKxYN6JPjOmDZcqA13iyqWBQal2DA/GMZ1Xqo3vyJf6EoEaKaliymPQ==}
+    resolution: {integrity: sha512-hP3nAd0TjxblIAgriXhdX33sKXwbkY3CKsWBVB3O+5DOGy7XzKosIt0KaqiV8BHI2pbHMVOwTZuvjdK8pPLULQ==}
    engines: {node: '>= 10'}
    cpu: [arm]
    os: [linux]
@@ -967,8 +967,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-arm64-gnu@1.5.6:
+  /@tauri-apps/cli-linux-arm64-gnu@1.5.0:
-    resolution: {integrity: sha512-QuQjMQmpsCbzBrmtQiG4uhnfAbdFx3nzm+9LtqjuZlurc12+Mj5MTgqQ3AOwQedH3f7C+KlvbqD2AdXpwTg7VA==}
+    resolution: {integrity: sha512-/AwGSjUplzeiGWbKP8rAW4gQx5umWiaQJ0ifx6NakA/sIrhRXPYTobwzg4ixw31ALQNXaEosJCkmvXyHUvoUYw==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [linux]
@@ -976,8 +976,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-arm64-musl@1.5.6:
+  /@tauri-apps/cli-linux-arm64-musl@1.5.0:
-    resolution: {integrity: sha512-8j5dH3odweFeom7bRGlfzDApWVOT4jIq8/214Wl+JeiNVehouIBo9lZGeghZBH3XKFRwEvU23i7sRVjuh2s8mg==}
+    resolution: {integrity: sha512-OFzKMkg3bmBjr/BYQ1kx4QOHL+JSkzX+Cw8RcG7CKnq8QoJyg8N0K0UTskgsVwlCN4l7bxeuSLvEveg4SBA2AQ==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [linux]
@@ -985,8 +985,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-x64-gnu@1.5.6:
+  /@tauri-apps/cli-linux-x64-gnu@1.5.0:
-    resolution: {integrity: sha512-gbFHYHfdEGW0ffk8SigDsoXks6USpilF6wR0nqB/JbWzbzFR/sBuLVNQlJl1RKNakyJHu+lsFxGy0fcTdoX8xA==}
+    resolution: {integrity: sha512-V2stfUH3Qrc3cIXAd+cKbJruS1oJqqGd40GTVcKOKlRk9Ef9H3WNUQ5PyWKj1t1rk8AxjcBO/vK+Unkuy1WSCw==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [linux]
@@ -994,8 +994,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-x64-musl@1.5.6:
+  /@tauri-apps/cli-linux-x64-musl@1.5.0:
-    resolution: {integrity: sha512-9v688ogoLkeFYQNgqiSErfhTreLUd8B3prIBSYUt+x4+5Kcw91zWvIh+VSxL1n3KCGGsM7cuXhkGPaxwlEh1ug==}
+    resolution: {integrity: sha512-qpcGeesuksxzE7lC3RCnikTY9DCRMnAYwhWa9i8MA7pKDX1IXaEvAaXrse44XCZUohxLLgn2k2o6Pb+65dDijQ==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [linux]
@@ -1003,8 +1003,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-win32-arm64-msvc@1.5.6:
+  /@tauri-apps/cli-win32-arm64-msvc@1.5.0:
-    resolution: {integrity: sha512-DRNDXFNZb6y5IZrw+lhTTA9l4wbzO4TNRBAlHAiXUrH+pRFZ/ZJtv5WEuAj9ocVSahVw2NaK5Yaold4NPAxHog==}
+    resolution: {integrity: sha512-Glt/AEWwbFmFnQuoPRbB6vMzCIT9jYSpD59zRP8ljhRSzwDHE59q5nXOrheLKICwMmaXqtAuCIq9ndDBKghwoQ==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [win32]
@@ -1012,8 +1012,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-win32-ia32-msvc@1.5.6:
+  /@tauri-apps/cli-win32-ia32-msvc@1.5.0:
-    resolution: {integrity: sha512-oUYKNR/IZjF4fsOzRpw0xesl2lOjhsQEyWlgbpT25T83EU113Xgck9UjtI7xemNI/OPCv1tPiaM1e7/ABdg5iA==}
+    resolution: {integrity: sha512-k+R2VI8eZJfRjaRS8LwbkjMBKFaKcWtA/byaFnGDDUnb3VM/WFW++3KjC5Ne2wXpxFW9RVaFiBNIpmRcExI0Qw==}
    engines: {node: '>= 10'}
    cpu: [ia32]
    os: [win32]
@@ -1021,8 +1021,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-win32-x64-msvc@1.5.6:
+  /@tauri-apps/cli-win32-x64-msvc@1.5.0:
-    resolution: {integrity: sha512-RmEf1os9C8//uq2hbjXi7Vgz9ne7798ZxqemAZdUwo1pv3oLVZSz1/IvZmUHPdy2e6zSeySqWu1D0Y3QRNN+dg==}
+    resolution: {integrity: sha512-jEwq9UuUldVyDJ/dsYoHFuZfNZIkxbeDYSMELfZXsRvWWEA8xRYeTkH38S++KU1eBl5dTK0LbxhztEB2HjRT1g==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [win32]
@@ -1030,21 +1030,21 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli@1.5.6:
+  /@tauri-apps/cli@1.5.0:
-    resolution: {integrity: sha512-k4Y19oVCnt7WZb2TnDzLqfs7o98Jq0tUoVMv+JQSzuRDJqaVu2xMBZ8dYplEn+EccdR5SOMyzaLBJWu38TVK1A==}
+    resolution: {integrity: sha512-usY7Ncfkxl2f/ufjWDtp+eJsodlj8ipMKExIt160KR+tx0GtQgLtxRnrKxe1o7wu18Pkqd5JIuWMaOmT3YZeYA==}
    engines: {node: '>= 10'}
    hasBin: true
    optionalDependencies:
-      '@tauri-apps/cli-darwin-arm64': 1.5.6
+      '@tauri-apps/cli-darwin-arm64': 1.5.0
-      '@tauri-apps/cli-darwin-x64': 1.5.6
+      '@tauri-apps/cli-darwin-x64': 1.5.0
-      '@tauri-apps/cli-linux-arm-gnueabihf': 1.5.6
+      '@tauri-apps/cli-linux-arm-gnueabihf': 1.5.0
-      '@tauri-apps/cli-linux-arm64-gnu': 1.5.6
+      '@tauri-apps/cli-linux-arm64-gnu': 1.5.0
-      '@tauri-apps/cli-linux-arm64-musl': 1.5.6
+      '@tauri-apps/cli-linux-arm64-musl': 1.5.0
-      '@tauri-apps/cli-linux-x64-gnu': 1.5.6
+      '@tauri-apps/cli-linux-x64-gnu': 1.5.0
-      '@tauri-apps/cli-linux-x64-musl': 1.5.6
+      '@tauri-apps/cli-linux-x64-musl': 1.5.0
-      '@tauri-apps/cli-win32-arm64-msvc': 1.5.6
+      '@tauri-apps/cli-win32-arm64-msvc': 1.5.0
-      '@tauri-apps/cli-win32-ia32-msvc': 1.5.6
+      '@tauri-apps/cli-win32-ia32-msvc': 1.5.0
-      '@tauri-apps/cli-win32-x64-msvc': 1.5.6
+      '@tauri-apps/cli-win32-x64-msvc': 1.5.0
    dev: true
  /@types/json-schema@7.0.14:
@@ -1229,7 +1229,7 @@ packages:
    resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==}
    dev: true
-  /@vitejs/plugin-react@4.0.3(vite@4.5.3):
+  /@vitejs/plugin-react@4.0.3(vite@4.4.4):
    resolution: {integrity: sha512-pwXDog5nwwvSIzwrvYYmA2Ljcd/ZNlcsSG2Q9CNDBwnsd55UGAyr2doXtB5j+2uymRCnCfExlznzzSFbBRcoCg==}
    engines: {node: ^14.18.0 || >=16.0.0}
    peerDependencies:
@@ -1239,7 +1239,7 @@ packages:
      '@babel/plugin-transform-react-jsx-self': 7.22.5(@babel/core@7.23.2)
      '@babel/plugin-transform-react-jsx-source': 7.22.5(@babel/core@7.23.2)
      react-refresh: 0.14.0
-      vite: 4.5.3(@types/node@20.8.10)
+      vite: 4.4.4(@types/node@20.8.10)
    transitivePeerDependencies:
      - supports-color
    dev: true
@@ -2979,8 +2979,8 @@ packages:
      punycode: 2.3.1
    dev: true
-  /vite@4.5.3(@types/node@20.8.10):
+  /vite@4.4.4(@types/node@20.8.10):
-    resolution: {integrity: sha512-kQL23kMeX92v3ph7IauVkXkikdDRsYMGTVl5KY2E9OY4ONLvkHf04MDTbnfo6NKxZiDLWzVpP5oTa8hQD8U3dg==}
+    resolution: {integrity: sha512-4mvsTxjkveWrKDJI70QmelfVqTm+ihFAb6+xf4sjEU2TmUCTlVX87tmg/QooPEMQb/lM9qGHT99ebqPziEd3wg==}
    engines: {node: ^14.18.0 || >=16.0.0}
    hasBin: true
    peerDependencies:
--- a/apps/gpgui-helper/src-tauri/src/updater.rs
+++ b/apps/gpgui-helper/src-tauri/src/updater.rs
@@ -9,12 +9,6 @@ use tauri::{Manager, Window};
 use crate::downloader::{ChecksumFetcher, FileDownloader};
 #[cfg(not(debug_assertions))]
 const SNAPSHOT: &str = match option_env!("SNAPSHOT") {
    Some(val) => val,
    None => "false"
 };
 pub struct ProgressNotifier {
  win: Window,
 }
@@ -86,24 +80,12 @@ impl GuiUpdater {
  pub async fn update(&self) {
    info!("Update GUI, version: {}", self.version);
    #[cfg(debug_assertions)]
    let release_tag = "snapshot";
    #[cfg(not(debug_assertions))]
    let release_tag = if SNAPSHOT == "true" {
      String::from("snapshot")
    } else {
      format!("v{}", self.version)
    };
    #[cfg(target_arch = "x86_64")]
-    let arch = "x86_64";
+    let arch = "amd64";
    #[cfg(target_arch = "aarch64")]
-    let arch = "aarch64";
+    let arch = "arm64";
-    let file_url = format!(
+    let file_url = format!("https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v{}/gpgui-linux-{}", self.version, arch);
      "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/{}/gpgui_{}.bin.tar.xz",
      release_tag, arch
    );
    let checksum_url = format!("{}.sha256", file_url);
    info!("Downloading file: {}", file_url);
--- a/apps/gpservice/Cargo.toml
+++ b/apps/gpservice/Cargo.toml
@@ -18,5 +18,3 @@ serde_json.workspace = true
 env_logger.workspace = true
 log.workspace = true
 compile-time.workspace = true
 xz2 = "0.1"
 tar = "0.4"
--- a/apps/gpservice/src/handlers.rs
+++ b/apps/gpservice/src/handlers.rs
@@ -1,12 +1,4 @@
-use std::{
+use std::{borrow::Cow, fs::Permissions, ops::ControlFlow, os::unix::fs::PermissionsExt, path::PathBuf, sync::Arc};
  borrow::Cow,
  fs::{File, Permissions},
  io::BufReader,
  ops::ControlFlow,
  os::unix::fs::PermissionsExt,
  path::PathBuf,
  sync::Arc,
 };
 use anyhow::bail;
 use axum::{
@@ -25,9 +17,7 @@ use gpapi::{
  GP_GUI_BINARY,
 };
 use log::{info, warn};
 use tar::Archive;
 use tokio::fs;
 use xz2::read::XzDecoder;
 use crate::ws_server::WsServerContext;
@@ -70,7 +60,6 @@ pub async fn update_gui(State(ctx): State<Arc<WsServerContext>>, body: Bytes) ->
  Ok(())
 }
 // Unpack GPGUI archive, gpgui_2.0.0_{arch}.bin.tar.xz and install it
 async fn install_gui(src: &str) -> anyhow::Result<()> {
  let path = PathBuf::from(GP_GUI_BINARY);
  let Some(dir) = path.parent() else {
@@ -79,27 +68,8 @@ async fn install_gui(src: &str) -> anyhow::Result<()> {
  fs::create_dir_all(dir).await?;
-  // Unpack the archive
+  // Copy the file to the final location and make it executable
-  info!("Unpacking GUI archive");
+  fs::copy(src, GP_GUI_BINARY).await?;
  let tar = XzDecoder::new(BufReader::new(File::open(src)?));
  let mut ar = Archive::new(tar);
  for entry in ar.entries()? {
    let mut entry = entry?;
    let path = entry.path()?;
    if let Some(name) = path.file_name() {
      let name = name.to_string_lossy();
      if name == "gpgui" {
        let mut file = File::create(GP_GUI_BINARY)?;
        std::io::copy(&mut entry, &mut file)?;
        break;
      }
    }
  }
  // Make the binary executable
  fs::set_permissions(GP_GUI_BINARY, Permissions::from_mode(0o755)).await?;
  Ok(())
--- a/apps/gpservice/src/vpn_task.rs
+++ b/apps/gpservice/src/vpn_task.rs
@@ -4,7 +4,7 @@ use gpapi::service::{
  request::{ConnectRequest, WsRequest},
  vpn_state::VpnState,
 };
-use log::{info, warn};
+use log::info;
 use openconnect::Vpn;
 use tokio::sync::{mpsc, oneshot, watch, RwLock};
 use tokio_util::sync::CancellationToken;
@@ -31,34 +31,22 @@ impl VpnTaskContext {
      return;
    }
    let vpn_state_tx = self.vpn_state_tx.clone();
    let info = req.info().clone();
    let vpn_handle = Arc::clone(&self.vpn_handle);
    let args = req.args();
-    let vpn = match Vpn::builder(req.gateway().server(), args.cookie())
+    let vpn = Vpn::builder(req.gateway().server(), args.cookie())
      .script(args.vpnc_script())
      .user_agent(args.user_agent())
-      .os(args.openconnect_os())
+      .script(args.vpnc_script())
      .certificate(args.certificate())
      .sslkey(args.sslkey())
      .key_password(args.key_password())
      .csd_uid(args.csd_uid())
      .csd_wrapper(args.csd_wrapper())
      .reconnect_timeout(args.reconnect_timeout())
      .mtu(args.mtu())
-      .disable_ipv6(args.disable_ipv6())
+      .os(args.openconnect_os())
-      .build()
+      .build();
    {
      Ok(vpn) => vpn,
      Err(err) => {
        warn!("Failed to create VPN: {}", err);
        vpn_state_tx.send(VpnState::Disconnected).ok();
        return;
      }
    };
    // Save the VPN handle
    vpn_handle.write().await.replace(vpn);
    let vpn_state_tx = self.vpn_state_tx.clone();
    let connect_info = Box::new(info.clone());
    vpn_state_tx.send(VpnState::Connecting(connect_info)).ok();
--- a/apps/gpservice/src/ws_server.rs
+++ b/apps/gpservice/src/ws_server.rs
@@ -118,14 +118,12 @@ impl WsServer {
  }
  pub async fn start(&self, shutdown_tx: mpsc::Sender<()>) {
-    let listener = match self.start_tcp_server().await {
+    if let Ok(listener) = TcpListener::bind("127.0.0.1:0").await {
-      Ok(listener) => listener,
+      let local_addr = listener.local_addr().unwrap();
-      Err(err) => {
+
-        warn!("Failed to start WS server: {}", err);
+      self.lock_file.lock(local_addr.port().to_string()).unwrap();
-        let _ = shutdown_tx.send(()).await;
+
-        return;
+      info!("WS server listening on port: {}", local_addr.port());
      },
    };
      tokio::select! {
        _ = watch_vpn_state(self.ctx.vpn_state_rx(), Arc::clone(&self.ctx)) => {
@@ -138,20 +136,9 @@ impl WsServer {
          info!("WS server cancelled");
        }
      }
    let _ = shutdown_tx.send(()).await;
    }
-  async fn start_tcp_server(&self) -> anyhow::Result<TcpListener> {
+    let _ = shutdown_tx.send(()).await;
    let listener = TcpListener::bind("127.0.0.1:0").await?;
    let local_addr = listener.local_addr()?;
    let port = local_addr.port();
    info!("WS server listening on port: {}", port);
    self.lock_file.lock(port.to_string())?;
    Ok(listener)
  }
 }
--- a/changelog.md
+++ b/changelog.md
@@ -1,65 +1,5 @@
 # Changelog
 ## 2.3.3 - 2024-06-23
 - GUI: add the remark field for the license activation
 - GUI: check the saved secret key length
 ## 2.3.2 - 2024-06-17
 - Fix the CAS callback parsing issue (fix [#372](https://github.com/yuezk/GlobalProtect-openconnect/issues/372))
 - CLI: fix the `/tmp/gpauth.html` deletion issue (fix [#366](https://github.com/yuezk/GlobalProtect-openconnect/issues/366))
 - GUI: fix the license not working after reboot (fix [#376](https://github.com/yuezk/GlobalProtect-openconnect/issues/376))
 - GUI: add the license activation management link
 ## 2.3.1 - 2024-05-21
 - Fix the `--sslkey` option not working
 ## 2.3.0 - 2024-05-20
 - Support client certificate authentication (fix [#363](https://github.com/yuezk/GlobalProtect-openconnect/issues/363))
 - Support `--disable-ipv6`, `--reconnect-timeout` parameters (related: [#364](https://github.com/yuezk/GlobalProtect-openconnect/issues/364))
 - Use default labels if label fields are missing in prelogin response (fix [#357](https://github.com/yuezk/GlobalProtect-openconnect/issues/357))
 ## 2.2.1 - 2024-05-07
 - GUI: Restore the default browser auth implementation (fix [#360](https://github.com/yuezk/GlobalProtect-openconnect/issues/360))
 ## 2.2.0 - 2024-04-30
 - CLI: support authentication with external browser (fix [#298](https://github.com/yuezk/GlobalProtect-openconnect/issues/298))
 - GUI: support using file-based storage when the system keyring is not available.
 ## 2.1.4 - 2024-04-10
 - Support MFA authentication (fix [#343](https://github.com/yuezk/GlobalProtect-openconnect/issues/343))
 - Improve the Gateway switcher UI
 ## 2.1.3 - 2024-04-07
 - Support CAS authentication (fix [#339](https://github.com/yuezk/GlobalProtect-openconnect/issues/339))
 - CLI: Add `--as-gateway` option to connect as gateway directly (fix [#318](https://github.com/yuezk/GlobalProtect-openconnect/issues/318))
 - GUI: Support connect the gateway directly (fix [#318](https://github.com/yuezk/GlobalProtect-openconnect/issues/318))
 - GUI: Add an option to use symbolic tray icon (fix [#341](https://github.com/yuezk/GlobalProtect-openconnect/issues/341))
 ## 2.1.2 - 2024-03-29
 - Treat portal as gateway when the gateway login is failed (fix #338)
 ## 2.1.1 - 2024-03-25
 - Add the `--hip` option to enable HIP report
 - Fix not working in OpenSuse 15.5 (fix #336, #322)
 - Treat portal as gateway when the gateway login is failed (fix #338)
 - Improve the error message (fix #327)
 ## 2.1.0 - 2024-02-27
 - Update distribution channel for `gpgui` to complaint with the GPL-3 license.
 - Add `mtu` option.
 - Retry auth if failed to obtain the auth cookie
 ## 2.0.0 - 2024-02-05
 - Refactor using Tauri
--- a/crates/common/Cargo.toml
+++ b/crates/common/Cargo.toml
@@ -1,11 +0,0 @@
 [package]
 name = "common"
 rust-version.workspace = true
 version.workspace = true
 authors.workspace = true
 homepage.workspace = true
 edition.workspace = true
 license.workspace = true
 [dependencies]
 is_executable.workspace = true
--- a/crates/common/src/lib.rs
+++ b/crates/common/src/lib.rs
@@ -1 +0,0 @@
 pub mod vpn_utils;
--- a/crates/common/src/vpn_utils.rs
+++ b/crates/common/src/vpn_utils.rs
@@ -1,54 +0,0 @@
 use std::{io, path::Path};
 use is_executable::IsExecutable;
 const VPNC_SCRIPT_LOCATIONS: [&str; 6] = [
  "/usr/local/share/vpnc-scripts/vpnc-script",
  "/usr/local/sbin/vpnc-script",
  "/usr/share/vpnc-scripts/vpnc-script",
  "/usr/sbin/vpnc-script",
  "/etc/vpnc/vpnc-script",
  "/etc/openconnect/vpnc-script",
 ];
 const CSD_WRAPPER_LOCATIONS: [&str; 3] = [
  #[cfg(target_arch = "x86_64")]
  "/usr/lib/x86_64-linux-gnu/openconnect/hipreport.sh",
  #[cfg(target_arch = "aarch64")]
  "/usr/lib/aarch64-linux-gnu/openconnect/hipreport.sh",
  "/usr/lib/openconnect/hipreport.sh",
  "/usr/libexec/openconnect/hipreport.sh",
 ];
 fn find_executable(locations: &[&str]) -> Option<String> {
  for location in locations.iter() {
    let path = Path::new(location);
    if path.is_executable() {
      return Some(location.to_string());
    }
  }
  None
 }
 pub fn find_vpnc_script() -> Option<String> {
  find_executable(&VPNC_SCRIPT_LOCATIONS)
 }
 pub fn find_csd_wrapper() -> Option<String> {
  find_executable(&CSD_WRAPPER_LOCATIONS)
 }
 /// If file exists, check if it is executable
 pub fn check_executable(file: &str) -> Result<(), io::Error> {
  let path = Path::new(file);
  if path.exists() && !path.is_executable() {
    return Err(io::Error::new(
      io::ErrorKind::PermissionDenied,
      format!("{} is not executable", file),
    ));
  }
  Ok(())
 }
--- a/crates/gpapi/Cargo.toml
+++ b/crates/gpapi/Cargo.toml
@@ -9,8 +9,6 @@ anyhow.workspace = true
 base64.workspace = true
 log.workspace = true
 reqwest.workspace = true
 openssl.workspace = true
 pem.workspace = true
 roxmltree.workspace = true
 serde.workspace = true
 specta.workspace = true
@@ -25,6 +23,7 @@ chacha20poly1305 = { version = "0.10", features = ["std"] }
 redact-engine.workspace = true
 url.workspace = true
 regex.workspace = true
 dotenvy_macro.workspace = true
 uzers.workspace = true
 serde_urlencoded.workspace = true
 md5.workspace = true
--- a/crates/gpapi/build.rs
+++ b/crates/gpapi/build.rs
@@ -1,19 +0,0 @@
 use std::path::Path;
 fn main() {
  let manifest_dir = env!("CARGO_MANIFEST_DIR");
  let workspace_dir = Path::new(manifest_dir).ancestors().nth(2).unwrap();
  let gpgui_dir = workspace_dir.parent().unwrap().join("gpgui");
  let gp_service_binary = workspace_dir.join("target/debug/gpservice");
  let gp_client_binary = workspace_dir.join("target/debug/gpclient");
  let gp_auth_binary = workspace_dir.join("target/debug/gpauth");
  let gp_gui_helper_binary = workspace_dir.join("target/debug/gpgui-helper");
  let gp_gui_binary = gpgui_dir.join("target/debug/gpgui");
  println!("cargo:rustc-env=GP_SERVICE_BINARY={}", gp_service_binary.display());
  println!("cargo:rustc-env=GP_CLIENT_BINARY={}", gp_client_binary.display());
  println!("cargo:rustc-env=GP_AUTH_BINARY={}", gp_auth_binary.display());
  println!("cargo:rustc-env=GP_GUI_HELPER_BINARY={}", gp_gui_helper_binary.display());
  println!("cargo:rustc-env=GP_GUI_BINARY={}", gp_gui_binary.display());
 }
--- a/crates/gpapi/src/auth.rs
+++ b/crates/gpapi/src/auth.rs
@@ -1,19 +1,13 @@
-use std::borrow::{Borrow, Cow};
+use anyhow::bail;
 use log::{info, warn};
 use regex::Regex;
 use serde::{Deserialize, Serialize};
 use crate::{error::AuthDataParseError, utils::base64::decode_to_string};
 #[derive(Debug, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct SamlAuthData {
  #[serde(alias = "un")]
  username: String,
  prelogin_cookie: Option<String>,
  portal_userauthcookie: Option<String>,
  token: Option<String>,
 }
 #[derive(Debug, Serialize, Deserialize)]
@@ -38,11 +32,10 @@ impl SamlAuthData {
      username,
      prelogin_cookie,
      portal_userauthcookie,
      token: None,
    }
  }
-  pub fn from_html(html: &str) -> anyhow::Result<SamlAuthData, AuthDataParseError> {
+  pub fn parse_html(html: &str) -> anyhow::Result<SamlAuthData> {
    match parse_xml_tag(html, "saml-auth-status") {
      Some(saml_status) if saml_status == "1" => {
        let username = parse_xml_tag(html, "saml-username");
@@ -50,49 +43,22 @@ impl SamlAuthData {
        let portal_userauthcookie = parse_xml_tag(html, "portal-userauthcookie");
        if SamlAuthData::check(&username, &prelogin_cookie, &portal_userauthcookie) {
-          Ok(SamlAuthData::new(
+          return Ok(SamlAuthData::new(
            username.unwrap(),
            prelogin_cookie,
            portal_userauthcookie,
-          ))
+          ));
        } else {
          Err(AuthDataParseError::Invalid)
        }
      }
      Some(_) => Err(AuthDataParseError::Invalid),
      None => Err(AuthDataParseError::NotFound),
    }
        }
-  pub fn from_gpcallback(data: &str) -> anyhow::Result<SamlAuthData, AuthDataParseError> {
+        bail!("Found invalid auth data in HTML");
-    let auth_data = data.trim_start_matches("globalprotectcallback:");
+      }
-
+      Some(status) => {
-    if auth_data.starts_with("cas-as") {
+        bail!("Found invalid SAML status {} in HTML", status);
-      info!("Got CAS auth data from globalprotectcallback");
+      }
-
+      None => {
-      // Decode the auth data and use the original value if decoding fails
+        bail!("No auth data found in HTML");
-      let auth_data = urlencoding::decode(auth_data).unwrap_or_else(|err| {
+      }
        warn!("Failed to decode token auth data: {}", err);
        Cow::Borrowed(auth_data)
      });
      let auth_data: SamlAuthData = serde_urlencoded::from_str(auth_data.borrow()).map_err(|e| {
        warn!("Failed to parse token auth data: {}", e);
        warn!("Auth data: {}", auth_data);
        AuthDataParseError::Invalid
      })?;
      return Ok(auth_data);
    }
    info!("Parsing SAML auth data...");
    let auth_data = decode_to_string(auth_data).map_err(|e| {
      warn!("Failed to decode SAML auth data: {}", e);
      AuthDataParseError::Invalid
    })?;
    let auth_data = Self::from_html(&auth_data)?;
    Ok(auth_data)
  }
  pub fn username(&self) -> &str {
@@ -103,10 +69,6 @@ impl SamlAuthData {
    self.prelogin_cookie.as_deref()
  }
  pub fn token(&self) -> Option<&str> {
    self.token.as_deref()
  }
  pub fn check(
    username: &Option<String>,
    prelogin_cookie: &Option<String>,
@@ -116,16 +78,7 @@ impl SamlAuthData {
    let prelogin_cookie_valid = prelogin_cookie.as_ref().is_some_and(|val| val.len() > 5);
    let portal_userauthcookie_valid = portal_userauthcookie.as_ref().is_some_and(|val| val.len() > 5);
-    let is_valid = username_valid && (prelogin_cookie_valid || portal_userauthcookie_valid);
+    username_valid && (prelogin_cookie_valid || portal_userauthcookie_valid)
    if !is_valid {
      warn!(
        "Invalid SAML auth data: username: {:?}, prelogin-cookie: {:?}, portal-userauthcookie: {:?}",
        username, prelogin_cookie, portal_userauthcookie
      );
    }
    is_valid
  }
 }
@@ -135,38 +88,3 @@ pub fn parse_xml_tag(html: &str, tag: &str) -> Option<String> {
    .and_then(|captures| captures.get(1))
    .map(|m| m.as_str().to_string())
 }
 #[cfg(test)]
 mod tests {
  use super::*;
  #[test]
  fn auth_data_from_gpcallback_cas() {
    let auth_data = "globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string";
    let auth_data = SamlAuthData::from_gpcallback(auth_data).unwrap();
    assert_eq!(auth_data.username(), "xyz@email.com");
    assert_eq!(auth_data.token(), Some("very_long_string"));
  }
  #[test]
  fn auth_data_from_gpcallback_cas_urlencoded() {
    let auth_data = "globalprotectcallback:cas-as%3D1%26un%3Dxyz%40email.com%26token%3Dvery_long_string";
    let auth_data = SamlAuthData::from_gpcallback(auth_data).unwrap();
    assert_eq!(auth_data.username(), "xyz@email.com");
    assert_eq!(auth_data.token(), Some("very_long_string"));
  }
  #[test]
  fn auth_data_from_gpcallback_non_cas() {
    let auth_data = "PGh0bWw+PCEtLSA8c2FtbC1hdXRoLXN0YXR1cz4xPC9zYW1sLWF1dGgtc3RhdHVzPjxwcmVsb2dpbi1jb29raWU+cHJlbG9naW4tY29va2llPC9wcmVsb2dpbi1jb29raWU+PHNhbWwtdXNlcm5hbWU+eHl6QGVtYWlsLmNvbTwvc2FtbC11c2VybmFtZT48c2FtbC1zbG8+bm88L3NhbWwtc2xvPjxzYW1sLVNlc3Npb25Ob3RPbk9yQWZ0ZXI+PC9zYW1sLVNlc3Npb25Ob3RPbk9yQWZ0ZXI+IC0tPjwvaHRtbD4=";
    let auth_data = SamlAuthData::from_gpcallback(auth_data).unwrap();
    assert_eq!(auth_data.username(), "xyz@email.com");
    assert_eq!(auth_data.prelogin_cookie(), Some("prelogin-cookie"));
  }
 }
--- a/crates/gpapi/src/credential.rs
+++ b/crates/gpapi/src/credential.rs
@@ -3,7 +3,7 @@ use std::collections::HashMap;
 use serde::{Deserialize, Serialize};
 use specta::Type;
-use crate::auth::SamlAuthData;
+use crate::{auth::SamlAuthData, utils::base64::decode_to_string};
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(rename_all = "camelCase")]
@@ -37,18 +37,16 @@ impl From<&CachedCredential> for PasswordCredential {
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(rename_all = "camelCase")]
-pub struct PreloginCredential {
+pub struct PreloginCookieCredential {
  username: String,
-  prelogin_cookie: Option<String>,
+  prelogin_cookie: String,
  token: Option<String>,
 }
-impl PreloginCredential {
+impl PreloginCookieCredential {
-  pub fn new(username: &str, prelogin_cookie: Option<&str>, token: Option<&str>) -> Self {
+  pub fn new(username: &str, prelogin_cookie: &str) -> Self {
    Self {
      username: username.to_string(),
-      prelogin_cookie: prelogin_cookie.map(|s| s.to_string()),
+      prelogin_cookie: prelogin_cookie.to_string(),
      token: token.map(|s| s.to_string()),
    }
  }
@@ -56,22 +54,22 @@ impl PreloginCredential {
    &self.username
  }
-  pub fn prelogin_cookie(&self) -> Option<&str> {
+  pub fn prelogin_cookie(&self) -> &str {
-    self.prelogin_cookie.as_deref()
+    &self.prelogin_cookie
  }
  pub fn token(&self) -> Option<&str> {
    self.token.as_deref()
  }
 }
-impl From<SamlAuthData> for PreloginCredential {
+impl TryFrom<SamlAuthData> for PreloginCookieCredential {
-  fn from(value: SamlAuthData) -> Self {
+  type Error = anyhow::Error;
    let username = value.username().to_string();
    let prelogin_cookie = value.prelogin_cookie();
    let token = value.token();
-    Self::new(&username, prelogin_cookie, token)
+  fn try_from(value: SamlAuthData) -> Result<Self, Self::Error> {
    let username = value.username().to_string();
    let prelogin_cookie = value
      .prelogin_cookie()
      .ok_or_else(|| anyhow::anyhow!("Missing prelogin cookie"))?
      .to_string();
    Ok(Self::new(&username, &prelogin_cookie))
  }
 }
@@ -156,30 +154,34 @@ impl From<PasswordCredential> for CachedCredential {
    )
  }
 }
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(tag = "type", rename_all = "camelCase")]
 pub enum Credential {
  Password(PasswordCredential),
-  Prelogin(PreloginCredential),
+  PreloginCookie(PreloginCookieCredential),
  AuthCookie(AuthCookieCredential),
-  Cached(CachedCredential),
+  CachedCredential(CachedCredential),
 }
 impl Credential {
-  /// Create a credential from a globalprotectcallback:<base64 encoded string>,
+  /// Create a credential from a globalprotectcallback:<base64 encoded string>
-  /// or globalprotectcallback:cas-as=1&un=user@xyz.com&token=very_long_string
+  pub fn parse_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
-  pub fn from_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
+    // Remove the surrounding quotes
-    let auth_data = SamlAuthData::from_gpcallback(auth_data)?;
+    let auth_data = auth_data.trim_matches('"');
    let auth_data = auth_data.trim_start_matches("globalprotectcallback:");
    let auth_data = decode_to_string(auth_data)?;
    let auth_data = SamlAuthData::parse_html(&auth_data)?;
-    Ok(Self::from(auth_data))
+    Self::try_from(auth_data)
  }
  pub fn username(&self) -> &str {
    match self {
      Credential::Password(cred) => cred.username(),
-      Credential::Prelogin(cred) => cred.username(),
+      Credential::PreloginCookie(cred) => cred.username(),
      Credential::AuthCookie(cred) => cred.username(),
-      Credential::Cached(cred) => cred.username(),
+      Credential::CachedCredential(cred) => cred.username(),
    }
  }
@@ -187,22 +189,20 @@ impl Credential {
    let mut params = HashMap::new();
    params.insert("user", self.username());
-    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie, token) = match self {
+    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie) = match self {
-      Credential::Password(cred) => (Some(cred.password()), None, None, None, None),
+      Credential::Password(cred) => (Some(cred.password()), None, None, None),
-      Credential::Prelogin(cred) => (None, cred.prelogin_cookie(), None, None, cred.token()),
+      Credential::PreloginCookie(cred) => (None, Some(cred.prelogin_cookie()), None, None),
      Credential::AuthCookie(cred) => (
        None,
        None,
        Some(cred.user_auth_cookie()),
        Some(cred.prelogon_user_auth_cookie()),
        None,
      ),
-      Credential::Cached(cred) => (
+      Credential::CachedCredential(cred) => (
        cred.password(),
        None,
        Some(cred.auth_cookie.user_auth_cookie()),
        Some(cred.auth_cookie.prelogon_user_auth_cookie()),
        None,
      ),
    };
@@ -214,19 +214,17 @@ impl Credential {
      portal_prelogonuserauthcookie.unwrap_or_default(),
    );
    if let Some(token) = token {
      params.insert("token", token);
    }
    params
  }
 }
-impl From<SamlAuthData> for Credential {
+impl TryFrom<SamlAuthData> for Credential {
-  fn from(value: SamlAuthData) -> Self {
+  type Error = anyhow::Error;
    let cred = PreloginCredential::from(value);
-    Self::Prelogin(cred)
+  fn try_from(value: SamlAuthData) -> Result<Self, Self::Error> {
    let prelogin_cookie = PreloginCookieCredential::try_from(value)?;
    Ok(Self::PreloginCookie(prelogin_cookie))
  }
 }
@@ -244,6 +242,6 @@ impl From<&AuthCookieCredential> for Credential {
 impl From<&CachedCredential> for Credential {
  fn from(value: &CachedCredential) -> Self {
-    Self::Cached(value.clone())
+    Self::CachedCredential(value.clone())
  }
 }
--- a/crates/gpapi/src/error.rs
+++ b/crates/gpapi/src/error.rs
@@ -1,19 +0,0 @@
 use thiserror::Error;
 #[derive(Error, Debug)]
 pub enum PortalError {
  #[error("Prelogin error: {0}")]
  PreloginError(String),
  #[error("Portal config error: {0}")]
  ConfigError(String),
  #[error("Network error: {0}")]
  NetworkError(String),
 }
 #[derive(Error, Debug)]
 pub enum AuthDataParseError {
  #[error("No auth data found")]
  NotFound,
  #[error("Invalid auth data")]
  Invalid,
 }
--- a/crates/gpapi/src/gateway/hip.rs
+++ b/crates/gpapi/src/gateway/hip.rs
@@ -156,7 +156,11 @@ fn build_csd_token(cookie: &str) -> anyhow::Result<String> {
 }
 pub async fn hip_report(gateway: &str, cookie: &str, csd_wrapper: &str, gp_params: &GpParams) -> anyhow::Result<()> {
-  let client = Client::try_from(gp_params)?;
+  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
    .user_agent(gp_params.user_agent())
    .build()?;
  let md5 = build_csd_token(cookie)?;
  info!("Submit HIP report md5: {}", md5);
--- a/crates/gpapi/src/gateway/login.rs
+++ b/crates/gpapi/src/gateway/login.rs
@@ -1,27 +1,24 @@
 use anyhow::bail;
-use log::{info, warn};
+use log::info;
 use reqwest::Client;
 use roxmltree::Document;
 use urlencoding::encode;
 use crate::{
  credential::Credential,
  error::PortalError,
  gp_params::GpParams,
-  utils::{normalize_server, parse_gp_response, remove_url_scheme},
+  utils::{normalize_server, remove_url_scheme},
 };
-pub enum GatewayLogin {
+pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<String> {
  Cookie(String),
  Mfa(String, String),
 }
 pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<GatewayLogin> {
  let url = normalize_server(gateway)?;
  let gateway = remove_url_scheme(&url);
  let login_url = format!("{}/ssl-vpn/login.esp", url);
-  let client = Client::try_from(gp_params)?;
+  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
    .user_agent(gp_params.user_agent())
    .build()?;
  let mut params = cred.to_params();
  let extra_params = gp_params.to_params();
@@ -31,32 +28,17 @@ pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParam
  info!("Gateway login, user_agent: {}", gp_params.user_agent());
-  let res = client
+  let res = client.post(&login_url).form(&params).send().await?;
-    .post(&login_url)
+  let status = res.status();
    .form(&params)
    .send()
    .await
    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
-  let res = parse_gp_response(res).await.map_err(|err| {
+  if status.is_client_error() || status.is_server_error() {
-    warn!("{err}");
+    bail!("Gateway login error: {}", status)
    anyhow::anyhow!("Gateway login error: {}", err.reason)
  })?;
  // MFA detected
  if res.contains("Challenge") {
    let Some((message, input_str)) = parse_mfa(&res) else {
      bail!("Failed to parse MFA challenge: {res}");
    };
    return Ok(GatewayLogin::Mfa(message, input_str));
  }
-  let doc = Document::parse(&res)?;
+  let res_xml = res.text().await?;
  let doc = Document::parse(&res_xml)?;
-  let cookie = build_gateway_token(&doc, gp_params.computer())?;
+  build_gateway_token(&doc, gp_params.computer())
  Ok(GatewayLogin::Cookie(cookie))
 }
 fn build_gateway_token(doc: &Document, computer: &str) -> anyhow::Result<String> {
@@ -90,33 +72,3 @@ fn read_args<'a>(args: &'a [String], index: usize, key: &'a str) -> anyhow::Resu
    .ok_or_else(|| anyhow::anyhow!("Failed to read {key} from args"))
    .map(|s| (key, s.as_ref()))
 }
 fn parse_mfa(res: &str) -> Option<(String, String)> {
  let message = res
    .lines()
    .find(|l| l.contains("respMsg"))
    .and_then(|l| l.split('"').nth(1).map(|s| s.to_string()))?;
  let input_str = res
    .lines()
    .find(|l| l.contains("inputStr"))
    .and_then(|l| l.split('"').nth(1).map(|s| s.to_string()))?;
  Some((message, input_str))
 }
 #[cfg(test)]
 mod tests {
  use super::*;
  #[test]
  fn mfa() {
    let res = r#"var respStatus = "Challenge";
 var respMsg = "MFA message";
 thisForm.inputStr.value = "5ef64e83000119ed";"#;
    let (message, input_str) = parse_mfa(res).unwrap();
    assert_eq!(message, "MFA message");
    assert_eq!(input_str, "5ef64e83000119ed");
  }
 }
--- a/crates/gpapi/src/gp_params.rs
+++ b/crates/gpapi/src/gp_params.rs
@@ -1,11 +1,9 @@
 use std::collections::HashMap;
 use log::info;
 use reqwest::Client;
 use serde::{Deserialize, Serialize};
 use specta::Type;
-use crate::{utils::request::create_identity, GP_USER_AGENT};
+use crate::GP_USER_AGENT;
 #[derive(Debug, Serialize, Deserialize, Clone, Type, Default)]
 pub enum ClientOs {
@@ -44,7 +42,7 @@ impl ClientOs {
  }
 }
-#[derive(Debug, Serialize, Deserialize, Type, Default, Clone)]
+#[derive(Debug, Serialize, Deserialize, Type, Default)]
 pub struct GpParams {
  is_gateway: bool,
  user_agent: String,
@@ -53,12 +51,7 @@ pub struct GpParams {
  client_version: Option<String>,
  computer: String,
  ignore_tls_errors: bool,
-  certificate: Option<String>,
+  prefer_default_browser: bool,
  sslkey: Option<String>,
  key_password: Option<String>,
  // Used for MFA
  input_str: Option<String>,
  otp: Option<String>,
 }
 impl GpParams {
@@ -86,6 +79,10 @@ impl GpParams {
    self.ignore_tls_errors
  }
  pub fn prefer_default_browser(&self) -> bool {
    self.prefer_default_browser
  }
  pub fn client_os(&self) -> &str {
    self.client_os.as_str()
  }
@@ -98,14 +95,6 @@ impl GpParams {
    self.client_version.as_deref()
  }
  pub fn set_input_str(&mut self, input_str: &str) {
    self.input_str = Some(input_str.to_string());
  }
  pub fn set_otp(&mut self, otp: &str) {
    self.otp = Some(otp.to_string());
  }
  pub(crate) fn to_params(&self) -> HashMap<&str, &str> {
    let mut params: HashMap<&str, &str> = HashMap::new();
    let client_os = self.client_os.as_str();
@@ -116,16 +105,11 @@ impl GpParams {
    params.insert("ok", "Login");
    params.insert("direct", "yes");
    params.insert("ipv6-support", "yes");
    params.insert("inputStr", "");
    params.insert("clientVer", "4100");
    params.insert("clientos", client_os);
    params.insert("computer", &self.computer);
    // MFA
    params.insert("inputStr", self.input_str.as_deref().unwrap_or_default());
    if let Some(otp) = &self.otp {
      params.insert("passwd", otp);
    }
    if let Some(os_version) = &self.os_version {
      params.insert("os-version", os_version);
    }
@@ -147,26 +131,20 @@ pub struct GpParamsBuilder {
  client_version: Option<String>,
  computer: String,
  ignore_tls_errors: bool,
-  certificate: Option<String>,
+  prefer_default_browser: bool,
  sslkey: Option<String>,
  key_password: Option<String>,
 }
 impl GpParamsBuilder {
  pub fn new() -> Self {
    let computer = whoami::fallible::hostname().unwrap_or_else(|_| String::from("localhost"));
    Self {
      is_gateway: false,
      user_agent: GP_USER_AGENT.to_string(),
      client_os: ClientOs::Linux,
      os_version: Default::default(),
      client_version: Default::default(),
-      computer,
+      computer: whoami::hostname(),
      ignore_tls_errors: false,
-      certificate: Default::default(),
+      prefer_default_browser: false,
      sslkey: Default::default(),
      key_password: Default::default(),
    }
  }
@@ -205,18 +183,8 @@ impl GpParamsBuilder {
    self
  }
-  pub fn certificate<T: Into<Option<String>>>(&mut self, certificate: T) -> &mut Self {
+  pub fn prefer_default_browser(&mut self, prefer_default_browser: bool) -> &mut Self {
-    self.certificate = certificate.into();
+    self.prefer_default_browser = prefer_default_browser;
    self
  }
  pub fn sslkey<T: Into<Option<String>>>(&mut self, sslkey: T) -> &mut Self {
    self.sslkey = sslkey.into();
    self
  }
  pub fn key_password<T: Into<Option<String>>>(&mut self, password: T) -> &mut Self {
    self.key_password = password.into();
    self
  }
@@ -229,11 +197,7 @@ impl GpParamsBuilder {
      client_version: self.client_version.clone(),
      computer: self.computer.clone(),
      ignore_tls_errors: self.ignore_tls_errors,
-      certificate: self.certificate.clone(),
+      prefer_default_browser: self.prefer_default_browser,
      sslkey: self.sslkey.clone(),
      key_password: self.key_password.clone(),
      input_str: Default::default(),
      otp: Default::default(),
    }
  }
 }
@@ -243,22 +207,3 @@ impl Default for GpParamsBuilder {
    Self::new()
  }
 }
 impl TryFrom<&GpParams> for Client {
  type Error = anyhow::Error;
  fn try_from(value: &GpParams) -> Result<Self, Self::Error> {
    let mut builder = Client::builder()
      .danger_accept_invalid_certs(value.ignore_tls_errors)
      .user_agent(&value.user_agent);
    if let Some(cert) = value.certificate.as_deref() {
      info!("Using client certificate authentication...");
      let identity = create_identity(cert, value.sslkey.as_deref(), value.key_password.as_deref())?;
      builder = builder.identity(identity);
    }
    let client = builder.build()?;
    Ok(client)
  }
 }
--- a/crates/gpapi/src/lib.rs
+++ b/crates/gpapi/src/lib.rs
@@ -1,6 +1,5 @@
 pub mod auth;
 pub mod credential;
 pub mod error;
 pub mod gateway;
 pub mod gp_params;
 pub mod portal;
@@ -29,12 +28,12 @@ pub const GP_GUI_HELPER_BINARY: &str = "/usr/bin/gpgui-helper";
 pub(crate) const GP_AUTH_BINARY: &str = "/usr/bin/gpauth";
 #[cfg(debug_assertions)]
-pub const GP_CLIENT_BINARY: &str = env!("GP_CLIENT_BINARY");
+pub const GP_CLIENT_BINARY: &str = dotenvy_macro::dotenv!("GP_CLIENT_BINARY");
 #[cfg(debug_assertions)]
-pub const GP_SERVICE_BINARY: &str = env!("GP_SERVICE_BINARY");
+pub const GP_SERVICE_BINARY: &str = dotenvy_macro::dotenv!("GP_SERVICE_BINARY");
 #[cfg(debug_assertions)]
-pub const GP_GUI_BINARY: &str = env!("GP_GUI_BINARY");
+pub const GP_GUI_BINARY: &str = dotenvy_macro::dotenv!("GP_GUI_BINARY");
 #[cfg(debug_assertions)]
-pub const GP_GUI_HELPER_BINARY: &str = env!("GP_GUI_HELPER_BINARY");
+pub const GP_GUI_HELPER_BINARY: &str = dotenvy_macro::dotenv!("GP_GUI_HELPER_BINARY");
 #[cfg(debug_assertions)]
-pub(crate) const GP_AUTH_BINARY: &str = env!("GP_AUTH_BINARY");
+pub(crate) const GP_AUTH_BINARY: &str = dotenvy_macro::dotenv!("GP_AUTH_BINARY");
--- a/crates/gpapi/src/portal/config.rs
+++ b/crates/gpapi/src/portal/config.rs
@@ -1,5 +1,5 @@
 use anyhow::bail;
-use log::{info, warn};
+use log::info;
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
@@ -7,10 +7,10 @@ use specta::Type;
 use crate::{
  credential::{AuthCookieCredential, Credential},
  error::PortalError,
  gateway::{parse_gateways, Gateway},
  gp_params::GpParams,
-  utils::{normalize_server, parse_gp_response, remove_url_scheme, xml},
+  portal::PortalError,
  utils::{normalize_server, remove_url_scheme, xml},
 };
 #[derive(Debug, Serialize, Type)]
@@ -88,7 +88,10 @@ pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpPara
  let server = remove_url_scheme(&portal);
  let url = format!("{}/global-protect/getconfig.esp", portal);
-  let client = Client::try_from(gp_params)?;
+  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
    .user_agent(gp_params.user_agent())
    .build()?;
  let mut params = cred.to_params();
  let extra_params = gp_params.to_params();
@@ -99,25 +102,18 @@ pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpPara
  info!("Portal config, user_agent: {}", gp_params.user_agent());
-  let res = client
+  let res = client.post(&url).form(&params).send().await?;
-    .post(&url)
+  let status = res.status();
    .form(&params)
    .send()
    .await
    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
-  let res_xml = parse_gp_response(res).await.or_else(|err| {
+  if status == StatusCode::NOT_FOUND {
-    if err.status == StatusCode::NOT_FOUND {
+    bail!(PortalError::ConfigError("Config endpoint not found".to_string()))
      bail!(PortalError::ConfigError("Config endpoint not found".to_string()));
  }
-    if err.is_status_error() {
+  if status.is_client_error() || status.is_server_error() {
-      warn!("{err}");
+    bail!("Portal config error: {}", status)
      bail!("Portal config error: {}", err.reason);
  }
-    Err(anyhow::anyhow!(PortalError::ConfigError(err.reason)))
+  let res_xml = res.text().await.map_err(|e| PortalError::ConfigError(e.to_string()))?;
  })?;
  if res_xml.is_empty() {
    bail!(PortalError::ConfigError("Empty portal config response".to_string()))
--- a/crates/gpapi/src/portal/mod.rs
+++ b/crates/gpapi/src/portal/mod.rs
@@ -3,3 +3,13 @@ mod prelogin;
 pub use config::*;
 pub use prelogin::*;
 use thiserror::Error;
 #[derive(Error, Debug)]
 pub enum PortalError {
  #[error("Portal prelogin error: {0}")]
  PreloginError(String),
  #[error("Portal config error: {0}")]
  ConfigError(String),
 }
--- a/crates/gpapi/src/portal/prelogin.rs
+++ b/crates/gpapi/src/portal/prelogin.rs
@@ -1,14 +1,14 @@
-use anyhow::{anyhow, bail};
+use anyhow::bail;
-use log::{info, warn};
+use log::info;
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
 use specta::Type;
 use crate::{
  error::PortalError,
  gp_params::GpParams,
-  utils::{base64, normalize_server, parse_gp_response, xml},
+  portal::PortalError,
  utils::{base64, normalize_server, xml},
 };
 const REQUIRED_PARAMS: [&str; 8] = [
@@ -98,61 +98,56 @@ impl Prelogin {
 pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prelogin> {
  let user_agent = gp_params.user_agent();
-  let is_gateway = gp_params.is_gateway();
+  info!("Prelogin with user_agent: {}", user_agent);
  let prelogin_type = if is_gateway { "Gateway" } else { "Portal" };
  info!("{} prelogin with user_agent: {}", prelogin_type, user_agent);
  let portal = normalize_server(portal)?;
  let is_gateway = gp_params.is_gateway();
  let path = if is_gateway { "ssl-vpn" } else { "global-protect" };
  let prelogin_url = format!("{portal}/{}/prelogin.esp", path);
  let mut params = gp_params.to_params();
  params.insert("tmp", "tmp");
  if gp_params.prefer_default_browser() {
    params.insert("default-browser", "1");
-  params.insert("cas-support", "yes");
+  }
  params.retain(|k, _| REQUIRED_PARAMS.iter().any(|required_param| required_param == k));
-  let client = Client::try_from(gp_params)?;
+  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
    .user_agent(user_agent)
    .build()?;
-  let res = client
+  let res = client.post(&prelogin_url).form(&params).send().await?;
-    .post(&prelogin_url)
+  let status = res.status();
    .form(&params)
    .send()
    .await
    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
-  let res_xml = parse_gp_response(res).await.or_else(|err| {
+  if status == StatusCode::NOT_FOUND {
    if err.status == StatusCode::NOT_FOUND {
    bail!(PortalError::PreloginError("Prelogin endpoint not found".to_string()))
  }
-    if err.is_status_error() {
+  if status.is_client_error() || status.is_server_error() {
-      warn!("{err}");
+    bail!("Prelogin error: {}", status)
      bail!("Prelogin error: {}", err.reason)
  }
-    Err(anyhow!(PortalError::PreloginError(err.reason)))
+  let res_xml = res
-  })?;
+    .text()
    .await
    .map_err(|e| PortalError::PreloginError(e.to_string()))?;
-  let prelogin = parse_res_xml(&res_xml, is_gateway).map_err(|err| {
+  let prelogin = parse_res_xml(res_xml, is_gateway).map_err(|e| PortalError::PreloginError(e.to_string()))?;
    warn!("Parse response error, response: {}", res_xml);
    PortalError::PreloginError(err.to_string())
  })?;
  Ok(prelogin)
 }
-fn parse_res_xml(res_xml: &str, is_gateway: bool) -> anyhow::Result<Prelogin> {
+fn parse_res_xml(res_xml: String, is_gateway: bool) -> anyhow::Result<Prelogin> {
-  let doc = Document::parse(res_xml)?;
+  let doc = Document::parse(&res_xml)?;
  let status = xml::get_child_text(&doc, "status")
    .ok_or_else(|| anyhow::anyhow!("Prelogin response does not contain status element"))?;
  // Check the status of the prelogin response
  if status.to_uppercase() != "SUCCESS" {
    let msg = xml::get_child_text(&doc, "msg").unwrap_or(String::from("Unknown error"));
-    bail!("{}", msg)
+    bail!("Prelogin failed: {}", msg)
  }
  let region = xml::get_child_text(&doc, "region").unwrap_or_else(|| {
@@ -178,24 +173,22 @@ fn parse_res_xml(res_xml: &str, is_gateway: bool) -> anyhow::Result<Prelogin> {
    return Ok(Prelogin::Saml(saml_prelogin));
  }
-  let label_username = xml::get_child_text(&doc, "username-label").unwrap_or_else(|| {
+  let label_username = xml::get_child_text(&doc, "username-label");
-    info!("Username label has no value, using default");
+  let label_password = xml::get_child_text(&doc, "password-label");
-    String::from("Username")
+  // Check if the prelogin response is standard login
-  });
+  if label_username.is_some() && label_password.is_some() {
  let label_password = xml::get_child_text(&doc, "password-label").unwrap_or_else(|| {
    info!("Password label has no value, using default");
    String::from("Password")
  });
    let auth_message =
      xml::get_child_text(&doc, "authentication-message").unwrap_or(String::from("Please enter the login credentials"));
    let standard_prelogin = StandardPrelogin {
      region,
      is_gateway,
      auth_message,
-    label_username,
+      label_username: label_username.unwrap(),
-    label_password,
+      label_password: label_password.unwrap(),
    };
-  Ok(Prelogin::Standard(standard_prelogin))
+    return Ok(Prelogin::Standard(standard_prelogin));
  }
  bail!("Invalid prelogin response");
 }
--- a/crates/gpapi/src/process/auth_launcher.rs
+++ b/crates/gpapi/src/process/auth_launcher.rs
@@ -18,7 +18,6 @@ pub struct SamlAuthLauncher<'a> {
  fix_openssl: bool,
  ignore_tls_errors: bool,
  clean: bool,
  default_browser: bool,
 }
 impl<'a> SamlAuthLauncher<'a> {
@@ -34,7 +33,6 @@ impl<'a> SamlAuthLauncher<'a> {
      fix_openssl: false,
      ignore_tls_errors: false,
      clean: false,
      default_browser: false,
    }
  }
@@ -83,13 +81,8 @@ impl<'a> SamlAuthLauncher<'a> {
    self
  }
  pub fn default_browser(mut self, default_browser: bool) -> Self {
    self.default_browser = default_browser;
    self
  }
  /// Launch the authenticator binary as the current user or SUDO_USER if available.
-  pub async fn launch(self) -> anyhow::Result<Option<Credential>> {
+  pub async fn launch(self) -> anyhow::Result<Credential> {
    let mut auth_cmd = Command::new(GP_AUTH_BINARY);
    auth_cmd.arg(self.server);
@@ -129,10 +122,6 @@ impl<'a> SamlAuthLauncher<'a> {
      auth_cmd.arg("--clean");
    }
    if self.default_browser {
      auth_cmd.arg("--default-browser");
    }
    let mut non_root_cmd = auth_cmd.into_non_root()?;
    let output = non_root_cmd
      .kill_on_drop(true)
@@ -141,16 +130,12 @@ impl<'a> SamlAuthLauncher<'a> {
      .wait_with_output()
      .await?;
    if self.default_browser {
      return Ok(None);
    }
    let Ok(auth_result) = serde_json::from_slice::<SamlAuthResult>(&output.stdout) else {
      bail!("Failed to parse auth data")
    };
    match auth_result {
-      SamlAuthResult::Success(auth_data) => Ok(Some(Credential::from(auth_data))),
+      SamlAuthResult::Success(auth_data) => Credential::try_from(auth_data),
      SamlAuthResult::Failure(msg) => bail!(msg),
    }
  }
--- a/crates/gpapi/src/process/browser_authenticator.rs
+++ b/crates/gpapi/src/process/browser_authenticator.rs
@@ -1,7 +1,4 @@
-use std::{env::temp_dir, fs, io::Write, os::unix::fs::PermissionsExt};
+use std::{env::temp_dir, io::Write};
 use anyhow::bail;
 use log::warn;
 pub struct BrowserAuthenticator<'a> {
  auth_request: &'a str,
@@ -17,18 +14,8 @@ impl BrowserAuthenticator<'_> {
      open::that_detached(self.auth_request)?;
    } else {
      let html_file = temp_dir().join("gpauth.html");
      let mut file = std::fs::File::create(&html_file)?;
      // Remove the file and error if permission denied
      if let Err(err) = fs::remove_file(&html_file) {
        if err.kind() != std::io::ErrorKind::NotFound {
          warn!("Failed to remove the temporary file: {}", err);
          bail!("Please remove the file manually: {:?}", html_file);
        }
      }
      let mut file = fs::File::create(&html_file)?;
      file.set_permissions(fs::Permissions::from_mode(0o600))?;
      file.write_all(self.auth_request.as_bytes())?;
      open::that_detached(html_file)?;
@@ -37,3 +24,11 @@ impl BrowserAuthenticator<'_> {
    Ok(())
  }
 }
 impl Drop for BrowserAuthenticator<'_> {
  fn drop(&mut self) {
    // Cleanup the temporary file
    let html_file = temp_dir().join("gpauth.html");
    let _ = std::fs::remove_file(html_file);
  }
 }
--- a/crates/gpapi/src/service/request.rs
+++ b/crates/gpapi/src/service/request.rs
@@ -32,15 +32,10 @@ pub struct ConnectArgs {
  cookie: String,
  vpnc_script: Option<String>,
  user_agent: Option<String>,
  os: Option<ClientOs>,
  certificate: Option<String>,
  sslkey: Option<String>,
  key_password: Option<String>,
  csd_uid: u32,
  csd_wrapper: Option<String>,
  reconnect_timeout: u32,
  mtu: u32,
-  disable_ipv6: bool,
+  os: Option<ClientOs>,
 }
 impl ConnectArgs {
@@ -50,14 +45,9 @@ impl ConnectArgs {
      vpnc_script: None,
      user_agent: None,
      os: None,
      certificate: None,
      sslkey: None,
      key_password: None,
      csd_uid: 0,
      csd_wrapper: None,
      reconnect_timeout: 300,
      mtu: 0,
      disable_ipv6: false,
    }
  }
@@ -77,18 +67,6 @@ impl ConnectArgs {
    self.os.as_ref().map(|os| os.to_openconnect_os().to_string())
  }
  pub fn certificate(&self) -> Option<String> {
    self.certificate.clone()
  }
  pub fn sslkey(&self) -> Option<String> {
    self.sslkey.clone()
  }
  pub fn key_password(&self) -> Option<String> {
    self.key_password.clone()
  }
  pub fn csd_uid(&self) -> u32 {
    self.csd_uid
  }
@@ -97,17 +75,9 @@ impl ConnectArgs {
    self.csd_wrapper.clone()
  }
  pub fn reconnect_timeout(&self) -> u32 {
    self.reconnect_timeout
  }
  pub fn mtu(&self) -> u32 {
    self.mtu
  }
  pub fn disable_ipv6(&self) -> bool {
    self.disable_ipv6
  }
 }
 #[derive(Debug, Deserialize, Serialize, Type)]
@@ -139,6 +109,11 @@ impl ConnectRequest {
    self
  }
  pub fn with_mtu(mut self, mtu: u32) -> Self {
    self.args.mtu = mtu;
    self
  }
  pub fn with_user_agent<T: Into<Option<String>>>(mut self, user_agent: T) -> Self {
    self.args.user_agent = user_agent.into();
    self
@@ -149,36 +124,6 @@ impl ConnectRequest {
    self
  }
  pub fn with_certificate<T: Into<Option<String>>>(mut self, certificate: T) -> Self {
    self.args.certificate = certificate.into();
    self
  }
  pub fn with_sslkey<T: Into<Option<String>>>(mut self, sslkey: T) -> Self {
    self.args.sslkey = sslkey.into();
    self
  }
  pub fn with_key_password<T: Into<Option<String>>>(mut self, key_password: T) -> Self {
    self.args.key_password = key_password.into();
    self
  }
  pub fn with_reconnect_timeout(mut self, reconnect_timeout: u32) -> Self {
    self.args.reconnect_timeout = reconnect_timeout;
    self
  }
  pub fn with_mtu(mut self, mtu: u32) -> Self {
    self.args.mtu = mtu;
    self
  }
  pub fn with_disable_ipv6(mut self, disable_ipv6: bool) -> Self {
    self.args.disable_ipv6 = disable_ipv6;
    self
  }
  pub fn gateway(&self) -> &Gateway {
    self.info.gateway()
  }
--- a/crates/gpapi/src/utils/mod.rs
+++ b/crates/gpapi/src/utils/mod.rs
@@ -1,3 +1,5 @@
 use reqwest::Url;
 pub(crate) mod xml;
 pub mod base64;
@@ -8,18 +10,13 @@ pub mod env_file;
 pub mod lock_file;
 pub mod openssl;
 pub mod redact;
 pub mod request;
 #[cfg(feature = "tauri")]
 pub mod window;
 mod shutdown_signal;
 use log::warn;
 pub use shutdown_signal::shutdown_signal;
 use reqwest::{Response, StatusCode, Url};
 use thiserror::Error;
 /// Normalize the server URL to the format `https://<host>:<port>`
 pub fn normalize_server(server: &str) -> anyhow::Result<String> {
  let server = if server.starts_with("https://") || server.starts_with("http://") {
@@ -44,52 +41,3 @@ pub fn normalize_server(server: &str) -> anyhow::Result<String> {
 pub fn remove_url_scheme(s: &str) -> String {
  s.replace("http://", "").replace("https://", "")
 }
 #[derive(Error, Debug)]
 #[error("GP response error: reason={reason}, status={status}, body={body}")]
 pub(crate) struct GpError {
  pub status: StatusCode,
  pub reason: String,
  body: String,
 }
 impl GpError {
  pub fn is_status_error(&self) -> bool {
    self.status.is_client_error() || self.status.is_server_error()
  }
 }
 pub(crate) async fn parse_gp_response(res: Response) -> anyhow::Result<String, GpError> {
  let status = res.status();
  if status.is_client_error() || status.is_server_error() {
    let (reason, body) = parse_gp_error(res).await;
    return Err(GpError { status, reason, body });
  }
  res.text().await.map_err(|err| {
    warn!("Failed to read response: {}", err);
    GpError {
      status,
      reason: "failed to read response".to_string(),
      body: "<failed to read response>".to_string(),
    }
  })
 }
 async fn parse_gp_error(res: Response) -> (String, String) {
  let reason = res
    .headers()
    .get("x-private-pan-globalprotect")
    .map_or_else(|| "<none>", |v| v.to_str().unwrap_or("<invalid header>"))
    .to_string();
  let res = res.text().await.map_or_else(
    |_| "<failed to read response>".to_string(),
    |v| if v.is_empty() { "<empty>".to_string() } else { v },
  );
  (reason, res)
 }
--- a/crates/gpapi/src/utils/request.rs
+++ b/crates/gpapi/src/utils/request.rs
@@ -1,140 +0,0 @@
 use std::{borrow::Cow, fs};
 use anyhow::bail;
 use log::warn;
 use openssl::pkey::PKey;
 use pem::parse_many;
 use reqwest::Identity;
 #[derive(Debug, thiserror::Error)]
 pub enum RequestIdentityError {
  #[error("Failed to find the private key")]
  NoKey,
  #[error("No passphrase provided")]
  NoPassphrase(&'static str),
  #[error("Failed to decrypt private key")]
  DecryptError(&'static str),
 }
 /// Create an identity object from a certificate and key
 /// The file is expected to be the PKCS#8 PEM or PKCS#12 format
 /// When using a PKCS#12 file, the key is NOT required, but a passphrase is required
 pub fn create_identity(cert: &str, key: Option<&str>, passphrase: Option<&str>) -> anyhow::Result<Identity> {
  if cert.ends_with(".p12") || cert.ends_with(".pfx") {
    create_identity_from_pkcs12(cert, passphrase)
  } else {
    create_identity_from_pem(cert, key, passphrase)
  }
 }
 fn create_identity_from_pem(cert: &str, key: Option<&str>, passphrase: Option<&str>) -> anyhow::Result<Identity> {
  let cert_pem = fs::read(cert).map_err(|err| anyhow::anyhow!("Failed to read certificate file: {}", err))?;
  // Use the certificate as the key if no key is provided
  let key_pem_file = match key {
    Some(key) => Cow::Owned(fs::read(key).map_err(|err| anyhow::anyhow!("Failed to read key file: {}", err))?),
    None => Cow::Borrowed(&cert_pem),
  };
  // Find the private key in the pem file
  let key_pem = parse_many(key_pem_file.as_ref())?
    .into_iter()
    .find(|pem| pem.tag().ends_with("PRIVATE KEY"))
    .ok_or(RequestIdentityError::NoKey)?;
  // The key pem could be encrypted, so we need to decrypt it
  let decrypted_key_pem = if key_pem.tag().ends_with("ENCRYPTED PRIVATE KEY") {
    let passphrase = passphrase.ok_or_else(|| {
      warn!("Key is encrypted but no passphrase provided");
      RequestIdentityError::NoPassphrase("PEM")
    })?;
    let pem_content = pem::encode(&key_pem);
    let key = PKey::private_key_from_pem_passphrase(pem_content.as_bytes(), passphrase.as_bytes()).map_err(|err| {
      warn!("Failed to decrypt key: {}", err);
      RequestIdentityError::DecryptError("PEM")
    })?;
    key.private_key_to_pem_pkcs8()?
  } else {
    pem::encode(&key_pem).into()
  };
  let identity = Identity::from_pkcs8_pem(&cert_pem, &decrypted_key_pem)?;
  Ok(identity)
 }
 fn create_identity_from_pkcs12(pkcs12: &str, passphrase: Option<&str>) -> anyhow::Result<Identity> {
  let pkcs12 = fs::read(pkcs12)?;
  let Some(passphrase) = passphrase else {
    bail!(RequestIdentityError::NoPassphrase("PKCS#12"));
  };
  let identity = Identity::from_pkcs12_der(&pkcs12, passphrase)?;
  Ok(identity)
 }
 #[cfg(test)]
 mod tests {
  use super::*;
  #[test]
  fn create_identity_from_pem_requires_passphrase() {
    let cert = "tests/files/badssl.com-client.pem";
    let identity = create_identity_from_pem(cert, None, None);
    assert!(identity.is_err());
    assert!(identity.unwrap_err().to_string().contains("No passphrase provided"));
  }
  #[test]
  fn create_identity_from_pem_with_passphrase() {
    let cert = "tests/files/badssl.com-client.pem";
    let passphrase = "badssl.com";
    let identity = create_identity_from_pem(cert, None, Some(passphrase));
    assert!(identity.is_ok());
  }
  #[test]
  fn create_identity_from_pem_unencrypted_key() {
    let cert = "tests/files/badssl.com-client-unencrypted.pem";
    let identity = create_identity_from_pem(cert, None, None);
    println!("{:?}", identity);
    assert!(identity.is_ok());
  }
  #[test]
  fn create_identity_from_pem_cert_and_encrypted_key() {
    let cert = "tests/files/badssl.com-client.pem";
    let key = "tests/files/badssl.com-client.pem";
    let passphrase = "badssl.com";
    let identity = create_identity_from_pem(cert, Some(key), Some(passphrase));
    assert!(identity.is_ok());
  }
  #[test]
  fn create_identity_from_pem_cert_and_encrypted_key_no_passphrase() {
    let cert = "tests/files/badssl.com-client.pem";
    let key = "tests/files/badssl.com-client.pem";
    let identity = create_identity_from_pem(cert, Some(key), None);
    assert!(identity.is_err());
    assert!(identity.unwrap_err().to_string().contains("No passphrase provided"));
  }
  #[test]
  fn create_identity_from_pem_cert_and_unencrypted_key() {
    let cert = "tests/files/badssl.com-client.pem";
    let key = "tests/files/badssl.com-client-unencrypted.pem";
    let identity = create_identity_from_pem(cert, Some(key), None);
    assert!(identity.is_ok());
  }
 }
--- a/crates/gpapi/tests/files/badssl.com-client-unencrypted.pem
+++ b/crates/gpapi/tests/files/badssl.com-client-unencrypted.pem
@@ -1,62 +0,0 @@
 Bag Attributes
    localKeyID: AE DC 75 2E 97 28 71 D8 1E 9A 7F 1E 5A AA F4 2E D3 6D 2C 8B
 subject=/C=US/ST=California/L=San Francisco/O=BadSSL/CN=BadSSL Client Certificate
 issuer=/C=US/ST=California/L=San Francisco/O=BadSSL/CN=BadSSL Client Root Certificate Authority
 -----BEGIN CERTIFICATE-----
 MIIEnTCCAoWgAwIBAgIJAPfJjkenM2ooMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
 c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMTAvBgNVBAMMKEJhZFNTTCBDbGllbnQgUm9v
 dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjQwNTE3MTc1OTMyWhcNMjYwNTE3
 MTc1OTMyWjBvMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
 A1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGQmFkU1NMMSIwIAYDVQQDDBlC
 YWRTU0wgQ2xpZW50IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 MIIBCgKCAQEAxzdfEeseTs/rukjly6MSLHM+Rh0enA3Ai4Mj2sdl31x3SbPoen08
 utVhjPmlxIUdkiMG4+ffe7N+JtDLG75CaxZp9CxytX7kywooRBJsRnQhmQPca8MR
 WAJBIz+w/L+3AFkTIqWBfyT+1VO8TVKPkEpGdLDovZOmzZAASi9/sj+j6gM7AaCi
 DeZTf2ES66abA5pOp60Q6OEdwg/vCUJfarhKDpi9tj3P6qToy9Y4DiBUhOct4MG8
 w5XwmKAC+Vfm8tb7tMiUoU0yvKKOcL6YXBXxB2kPcOYxYNobXavfVBEdwSrjQ7i/
 s3o6hkGQlm9F7JPEuVgbl/Jdwa64OYIqjQIDAQABoy0wKzAJBgNVHRMEAjAAMBEG
 CWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIB
 AE6iDW5Lv5I0bJY6TGxJUoB4rcsbbtEP4O4MT14GP7j7I48V09VBG9yjskYze0Ls
 Xb9mQpEpPyQLTDJIWu/ic/y5SMnelCjUxmfl37cfNLJajQZxc4FDEUSemrPKpEkB
 UzHNkxw9LSzqsyxnQmMIGoN+ZNCFoV7s5pekzPfgZj5+s7a+oiF/AzhOWZzF7vaM
 aclX7KCeENQV+q0giDjsGIHI6BevUHYkglocEqff+rIDHjjLxHLPooflV50M+ifc
 4uJdHgG8hwKxd1uf3LImUsquiBrW5CO6KCgwLrtQNe11pQHpY0urZxK/tnAj7QtD
 v/O1ryd/3+b0Gx14TyulMtcaLHsE94ppwjcxpYGNcyH+M39OMihuR2aqmkrqcZd/
 VWop1cNwZgPtCNVvfivRpX52NLI5I0eMfs6jeTMr719hdAby3akoiNLN3YNKrdrp
 pyRz/sUFGO8AHHECXA15KTeMBNfZnO32ZAZ4jHyyDBO1A5f9iDbErhXfIpeRCrCO
 gM9MLuO4YEMG1Skp+qaw7SIaG+oi2t4lbVRr3LOv0Hfkjjb7bVjfWSwLBPH/gv0E
 ZL6G0p7PjeoCh4obS3Y1yxfNlPR6RQwWl1wve+Nkmf5sDCmgr3P0512ZuvqkbKkB
 /syiAWDsYzFuq2Ntv2ljTYPEPwXEIQcpsagDRL6WzoLR
 -----END CERTIFICATE-----
 Bag Attributes
    localKeyID: AE DC 75 2E 97 28 71 D8 1E 9A 7F 1E 5A AA F4 2E D3 6D 2C 8B
 Key Attributes: <No Attributes>
 -----BEGIN PRIVATE KEY-----
 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHN18R6x5Oz+u6
 SOXLoxIscz5GHR6cDcCLgyPax2XfXHdJs+h6fTy61WGM+aXEhR2SIwbj5997s34m
 0MsbvkJrFmn0LHK1fuTLCihEEmxGdCGZA9xrwxFYAkEjP7D8v7cAWRMipYF/JP7V
 U7xNUo+QSkZ0sOi9k6bNkABKL3+yP6PqAzsBoKIN5lN/YRLrppsDmk6nrRDo4R3C
 D+8JQl9quEoOmL22Pc/qpOjL1jgOIFSE5y3gwbzDlfCYoAL5V+by1vu0yJShTTK8
 oo5wvphcFfEHaQ9w5jFg2htdq99UER3BKuNDuL+zejqGQZCWb0Xsk8S5WBuX8l3B
 rrg5giqNAgMBAAECggEAVRB/t9b9igmeTlzyQpHPIMvUu3uTpm742JmWpcSe61FA
 XmhDzInNdLnIfbnb3p44kj4Coy5PbzKlm01sbNxA4BkiBPE1yen1J/2eU/LJ6QuN
 jRjo9drFfR75UWPQ3xu9uJhQY2rocLILXmvy69FlG+ebThh8SPbTMtNaTFMb47An
 pk2FrW9+rzPswbklOxls/SDt78usRvfAjslm73IdBTOrbceF+GmYs3/SXz1gu05p
 LxY2rhC8piBlqnD/QbXBahZbhjb9SkDFn2typMFZKkJIIKDJaOI2E9tIlZ97/0nZ
 txqchMty8IuU9YYAfLXCmj2IEfnvLtL7thLfKLuWAQKBgQDyXBpEgKFzfy2a1AI0
 +1qL/u5UN14l7S6/wmyDTgVMXwoxhwPRXWD5PutQ8D6tMfC/y4AYt3OXg1blCvLD
 XysNj5SK+dpmQR0SyeWjd9zwxJAXvx0McJefCYd86YGcGhJsuX5bkHIeQlEc6df7
 yoqr1480VQx/+Fk1i6Zr0EIUFQKBgQDSbalUOfXZh2EVRQEgf3VoPlxAiwGGQcVT
 i+pbjMG3pOwmkVyJZusGtN5HN4Oi7n1oiyfMYGsszKQ5j4TDBGS70pNUzhTv3Vn8
 0Vsfz0arJRqJxviiv4FfDmsYXwObNKwOjR+LEn1NUPkOYOLdz1lDuWOu11LE90Dy
 Q6hg8WwCmQKBgQDTy5lI9AAjpqh7/XpQQrhGT2qHPjuQeU25Vnbt6GjI7OVDkvHL
 LQdpyYprGQgs4s+5TGWNNARYC/cMAh1Ujv5Yw3jUWrR5V73IhZeg20bBQYWKuwDv
 thVKblFw377cZAxl51R9QCX6O4oW8mRFLiMxORd0bD6YNrf/CyNMZJraYQKBgAE7
 o0JbFJWxtV/qh5cpKAb0VpYKOngO6pkSuMzQhlINJVUUhPZJJBdl9+dy69KIkzOJ
 nTIVXotkp5GuxZhe7jgrg7F7g6PkKCLTFzWYgVF/ZihoggxyEs/7xaTe6aZ/KILt
 UMH/2bwaPVtYNfwWuu8qpurfWBzPVhIVU2c+AuQBAoGAXMbw10vyiznlhyMFw5kx
 SzlBMqJBLJkzQBtpvXuT0lqqxTSNC3N4WxgVOLCHa6HqXiB0790YL8/RWunsXTk2
 c7ugThP6iMPNVAycWkIF4vvHTwZ9RCSmEQabRaqGGLz/bhLL3fi3lPGCR+iW2Dxq
 GTH3fhaM/pZZGdIC75x/69Y=
 -----END PRIVATE KEY-----
--- a/crates/gpapi/tests/files/badssl.com-client.pem
+++ b/crates/gpapi/tests/files/badssl.com-client.pem
@@ -1,64 +0,0 @@
 Bag Attributes
    localKeyID: AE DC 75 2E 97 28 71 D8 1E 9A 7F 1E 5A AA F4 2E D3 6D 2C 8B 
 subject=/C=US/ST=California/L=San Francisco/O=BadSSL/CN=BadSSL Client Certificate
 issuer=/C=US/ST=California/L=San Francisco/O=BadSSL/CN=BadSSL Client Root Certificate Authority
 -----BEGIN CERTIFICATE-----
 MIIEnTCCAoWgAwIBAgIJAPfJjkenM2ooMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
 c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMTAvBgNVBAMMKEJhZFNTTCBDbGllbnQgUm9v
 dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjQwNTE3MTc1OTMyWhcNMjYwNTE3
 MTc1OTMyWjBvMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
 A1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGQmFkU1NMMSIwIAYDVQQDDBlC
 YWRTU0wgQ2xpZW50IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 MIIBCgKCAQEAxzdfEeseTs/rukjly6MSLHM+Rh0enA3Ai4Mj2sdl31x3SbPoen08
 utVhjPmlxIUdkiMG4+ffe7N+JtDLG75CaxZp9CxytX7kywooRBJsRnQhmQPca8MR
 WAJBIz+w/L+3AFkTIqWBfyT+1VO8TVKPkEpGdLDovZOmzZAASi9/sj+j6gM7AaCi
 DeZTf2ES66abA5pOp60Q6OEdwg/vCUJfarhKDpi9tj3P6qToy9Y4DiBUhOct4MG8
 w5XwmKAC+Vfm8tb7tMiUoU0yvKKOcL6YXBXxB2kPcOYxYNobXavfVBEdwSrjQ7i/
 s3o6hkGQlm9F7JPEuVgbl/Jdwa64OYIqjQIDAQABoy0wKzAJBgNVHRMEAjAAMBEG
 CWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIB
 AE6iDW5Lv5I0bJY6TGxJUoB4rcsbbtEP4O4MT14GP7j7I48V09VBG9yjskYze0Ls
 Xb9mQpEpPyQLTDJIWu/ic/y5SMnelCjUxmfl37cfNLJajQZxc4FDEUSemrPKpEkB
 UzHNkxw9LSzqsyxnQmMIGoN+ZNCFoV7s5pekzPfgZj5+s7a+oiF/AzhOWZzF7vaM
 aclX7KCeENQV+q0giDjsGIHI6BevUHYkglocEqff+rIDHjjLxHLPooflV50M+ifc
 4uJdHgG8hwKxd1uf3LImUsquiBrW5CO6KCgwLrtQNe11pQHpY0urZxK/tnAj7QtD
 v/O1ryd/3+b0Gx14TyulMtcaLHsE94ppwjcxpYGNcyH+M39OMihuR2aqmkrqcZd/
 VWop1cNwZgPtCNVvfivRpX52NLI5I0eMfs6jeTMr719hdAby3akoiNLN3YNKrdrp
 pyRz/sUFGO8AHHECXA15KTeMBNfZnO32ZAZ4jHyyDBO1A5f9iDbErhXfIpeRCrCO
 gM9MLuO4YEMG1Skp+qaw7SIaG+oi2t4lbVRr3LOv0Hfkjjb7bVjfWSwLBPH/gv0E
 ZL6G0p7PjeoCh4obS3Y1yxfNlPR6RQwWl1wve+Nkmf5sDCmgr3P0512ZuvqkbKkB
 /syiAWDsYzFuq2Ntv2ljTYPEPwXEIQcpsagDRL6WzoLR
 -----END CERTIFICATE-----
 Bag Attributes
    localKeyID: AE DC 75 2E 97 28 71 D8 1E 9A 7F 1E 5A AA F4 2E D3 6D 2C 8B 
 Key Attributes: <No Attributes>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIET6L0Ht/lYgCAggA
 MBQGCCqGSIb3DQMHBAi1Xo+JdQ6XvwSCBMgX20Fk3/GzptJ0zjl7ZqX2G3J4LIkM
 E5qJ4yv2WUkCCOWqz5DjlSrRz4kdCYHqnM1/qyrLa1UWWJlNQ9lBHTE+yp0vtAC/
 ajQfKt3RFyGxblp6nEKJI7kvhmQHDbITilmVEpcZPbci3gi7asQI3bRSLaHwGtbH
 DY+8hJ8lZQMRjYGDyGb99qEdYnMMRMW+b44lIRASe6W3EUfrvJlp+OUqRA7hJzn2
 yha9Zo8KWo9fA9UZDFFKNlXakg76+1HymB+uqvZl14xHHfwhlKPaqzmCb8MUtt7e
 YJDB9I3y8aHKExXPbRk04bbY5G9o6WdWslDUY4axOZuhUXyn0h6cTZn//qmsjcBH
 499+j55vW6W7vkMfurt/pmLIBWC9kDWPZVLizbfXxWiWvRmQvKPfzO5TU8oObYyJ
 qUVjb3Vpa/WPrF5APUVd/DDofurgzdOkmDGomONPvSHxahHSyEZsxpnl52GD6uU/
 i3oa5qLE9uA1QjyX6wyN9SU5wE2FZKTJwwRJwW4+s4T/2eJjhuJez5q1xhSCes4A
 A2pufAAY/ctQSmCCKCTW+EkrXtcezx66fkgPpNK/m6bz5KGJkA4QXjl8A05PDAFE
 Z68VOX/T0IGfXc2BbPgP0u+WpCvvO2cW/pU4sjcwOMxFuT1Bn3TwmDLTZ+zba1rE
 zFRMMCz/8SKq3I+VkzQ66ureEz0RLwk07JVzE9AJUEm+zCFUdoIaz09OMGVqtf4a
 V+UgupH0QlffmRNJKQtXPuj6Wjfa43GLaCnN/cpXXq8+2o81dLTsCbEsYu+8DRjC
 B0iyjzdqgjBBYurIEwEc4iGtPt4Y+4rgAJcpEUgwvWii37xyutOC9V7ansvd6zg3
 WXiX5Ktj/qS0EzM33WtZfx7jygJIf1MvxrJU+D+HgGii1mHaZ6bHxMX3QGpRsEvh
 IzBx16XvoHcXARZJG91bC+K1sJ6e05L1PevS7gj4heJTEhtmvABUrn9O1n5fZWPj
 Q81zRDgplMO7r8aBW/pE+sj4VSTMg0Xu0nlqqvQoWxr9YFcJm0+I9fHQPxewnRus
 sBZoiTqnWqbTr+uRATRUAp+hU03S4jGZwbzH4ylL2hr/TshGVJk/olBsULAfIiHa
 dA5H258IEwAoFO6zgI9AvqmTFo3Mnpqb/AS/HuDmmS/3Ud1EF8hFsMLPcV0JdSTY
 Dl4xgZ6j6jOUlTN5Yt6To2Zg3Q9Bm6qytFaffEP66Jl5aWhksI31Fz/ihzn5wfx9
 xh91U8+kGVNrpYHlo5y3FR/ywSXynLkJffCbfUciEaTDv9i0JppoIVXyFqcMofHe
 GUsWTCozAW3O8MwpLaJxcNcfRq0DWziIdiDgbF2tPoCqnNxXtLYSPpdt3jNDcPcx
 U0Z6ep6FnAXiujtQRSRSP3Ssq23098BxDSM9+eashFOmSbSClAEEn/THRxTp/gMh
 zmD8kpX1zN1Cm/lerTGjrGjnkXcQ7LY76/+C1uT+tQbw5LjmCfFEYTFtnFyYFlF1
 GiXFokh9SdLaCzW4vmZok85Fe+7VZ7BAchBTfTIMKlXKmeouf3YVYJ8glPsinrjb
 cB2pKv3tVrdQwo3moYDwSsDgkd7BNKKHDVdY2O6NgX4/Fyd6pZt7ZAphyC1giEqg
 pPo=
 -----END ENCRYPTED PRIVATE KEY-----
--- a/crates/openconnect/Cargo.toml
+++ b/crates/openconnect/Cargo.toml
@@ -6,8 +6,8 @@ license.workspace = true
 links = "openconnect"
 [dependencies]
 common = { path = "../common" }
 log.workspace = true
 is_executable.workspace = true
 [build-dependencies]
 cc = "1"
--- a/crates/openconnect/src/ffi/mod.rs
+++ b/crates/openconnect/src/ffi/mod.rs
@@ -14,16 +14,12 @@ pub(crate) struct ConnectOptions {
  pub script: *const c_char,
  pub os: *const c_char,
  pub certificate: *const c_char,
  pub sslkey: *const c_char,
  pub key_password: *const c_char,
  pub servercert: *const c_char,
  pub csd_uid: u32,
  pub csd_wrapper: *const c_char,
  pub reconnect_timeout: u32,
  pub mtu: u32,
  pub disable_ipv6: u32,
 }
 #[link(name = "vpn")]
--- a/crates/openconnect/src/ffi/vpn.c
+++ b/crates/openconnect/src/ffi/vpn.c
@@ -16,7 +16,7 @@ static vpn_connected_callback on_vpn_connected;
 /* Validate the peer certificate */
 static int validate_peer_cert(__attribute__((unused)) void *_vpninfo, const char *reason)
 {
-    INFO("Accepting the server certificate though %s", reason);
+    INFO("Validating peer cert: %s", reason);
    return 0;
 }
@@ -28,9 +28,12 @@ static void print_progress(__attribute__((unused)) void *_vpninfo, int level, co
    char *message = format_message(format, args);
    va_end(args);
-    if (message == NULL) {
+    if (message == NULL)
    {
        ERROR("Failed to format log message");
-    } else {
+    }
    else
    {
        LOG(level, message);
        free(message);
    }
@@ -60,13 +63,12 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
    INFO("OS: %s", options->os);
    INFO("CSD_USER: %d", options->csd_uid);
    INFO("CSD_WRAPPER: %s", options->csd_wrapper);
    INFO("RECONNECT_TIMEOUT: %d", options->reconnect_timeout);
    INFO("MTU: %d", options->mtu);
    INFO("DISABLE_IPV6: %d", options->disable_ipv6);
    vpninfo = openconnect_vpninfo_new(options->user_agent, validate_peer_cert, NULL, NULL, print_progress, NULL);
-    if (!vpninfo) {
+    if (!vpninfo)
    {
        ERROR("openconnect_vpninfo_new failed");
        return 1;
    }
@@ -81,13 +83,15 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
        openconnect_set_reported_os(vpninfo, options->os);
    }
-    if (options->certificate) {
+    if (options->certificate)
    {
        INFO("Setting client certificate: %s", options->certificate);
-        openconnect_set_client_cert(vpninfo, options->certificate, options->sslkey);
+        openconnect_set_client_cert(vpninfo, options->certificate, NULL);
    }
-    if (options->key_password) {
+    if (options->servercert) {
-        openconnect_set_key_password(vpninfo, options->key_password);
+        INFO("Setting server certificate: %s", options->servercert);
        openconnect_set_system_trust(vpninfo, 0);
    }
    if (options->csd_wrapper) {
@@ -99,37 +103,39 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
        openconnect_set_reqmtu(vpninfo, mtu);
    }
    if (options->disable_ipv6) {
        openconnect_disable_ipv6(vpninfo);
    }
    g_cmd_pipe_fd = openconnect_setup_cmd_pipe(vpninfo);
-    if (g_cmd_pipe_fd < 0) {
+    if (g_cmd_pipe_fd < 0)
    {
        ERROR("openconnect_setup_cmd_pipe failed");
        return 1;
    }
-    if (!uname(&utsbuf)) {
+    if (!uname(&utsbuf))
    {
        openconnect_set_localname(vpninfo, utsbuf.nodename);
    }
    // Essential step
-    if (openconnect_make_cstp_connection(vpninfo) != 0) {
+    if (openconnect_make_cstp_connection(vpninfo) != 0)
    {
        ERROR("openconnect_make_cstp_connection failed");
        return 1;
    }
-    if (openconnect_setup_dtls(vpninfo, 60) != 0) {
+    if (openconnect_setup_dtls(vpninfo, 60) != 0)
    {
        openconnect_disable_dtls(vpninfo);
    }
    // Essential step
    openconnect_set_setup_tun_handler(vpninfo, setup_tun_handler);
-    while (1) {
+    while (1)
-        int ret = openconnect_mainloop(vpninfo, options->reconnect_timeout, 10);
+    {
        int ret = openconnect_mainloop(vpninfo, 300, 10);
-        if (ret) {
+        if (ret)
        {
            INFO("openconnect_mainloop returned %d, exiting", ret);
            openconnect_vpninfo_free(vpninfo);
            return ret;
@@ -146,7 +152,8 @@ void vpn_disconnect()
    INFO("Stopping VPN connection: %d", g_cmd_pipe_fd);
-    if (write(g_cmd_pipe_fd, &cmd, 1) < 0) {
+    if (write(g_cmd_pipe_fd, &cmd, 1) < 0)
    {
        ERROR("Failed to write to command pipe, VPN connection may not be stopped");
    }
 }
--- a/crates/openconnect/src/ffi/vpn.h
+++ b/crates/openconnect/src/ffi/vpn.h
@@ -15,16 +15,12 @@ typedef struct vpn_options
    const char *script;
    const char *os;
    const char *certificate;
    const char *sslkey;
    const char *key_password;
    const char *servercert;
    const uid_t csd_uid;
    const char *csd_wrapper;
    const int reconnect_timeout;
    const int mtu;
    const int disable_ipv6;
 } vpn_options;
 int vpn_connect(const vpn_options *options, vpn_connected_callback callback);
@@ -39,7 +35,7 @@ static char *format_message(const char *format, va_list args)
    int len = vsnprintf(NULL, 0, format, args_copy);
    va_end(args_copy);
-    char *buffer = (char*)malloc(len + 1);
+    char *buffer = malloc(len + 1);
    if (buffer == NULL)
    {
        return NULL;
--- a/crates/openconnect/src/lib.rs
+++ b/crates/openconnect/src/lib.rs
@@ -1,4 +1,5 @@
 mod ffi;
 mod vpn;
 mod vpnc_script;
 pub use vpn::*;
--- a/crates/openconnect/src/vpn.rs
+++ b/crates/openconnect/src/vpn.rs
@@ -1,13 +1,11 @@
 use std::{
  ffi::{c_char, CString},
  fmt,
  sync::{Arc, RwLock},
 };
 use common::vpn_utils::{check_executable, find_vpnc_script};
 use log::info;
-use crate::ffi;
+use crate::{ffi, vpnc_script::find_default_vpnc_script};
 type OnConnectedCallback = Arc<RwLock<Option<Box<dyn FnOnce() + 'static + Send + Sync>>>>;
@@ -18,16 +16,12 @@ pub struct Vpn {
  script: CString,
  os: CString,
  certificate: Option<CString>,
  sslkey: Option<CString>,
  key_password: Option<CString>,
  servercert: Option<CString>,
  csd_uid: u32,
  csd_wrapper: Option<CString>,
  reconnect_timeout: u32,
  mtu: u32,
  disable_ipv6: bool,
  callback: OnConnectedCallback,
 }
@@ -65,18 +59,13 @@ impl Vpn {
      user_agent: self.user_agent.as_ptr(),
      script: self.script.as_ptr(),
      os: self.os.as_ptr(),
      certificate: Self::option_to_ptr(&self.certificate),
      sslkey: Self::option_to_ptr(&self.sslkey),
      key_password: Self::option_to_ptr(&self.key_password),
      servercert: Self::option_to_ptr(&self.servercert),
      csd_uid: self.csd_uid,
      csd_wrapper: Self::option_to_ptr(&self.csd_wrapper),
      reconnect_timeout: self.reconnect_timeout,
      mtu: self.mtu,
      disable_ipv6: self.disable_ipv6 as u32,
    }
  }
@@ -88,43 +77,17 @@ impl Vpn {
  }
 }
 #[derive(Debug)]
 pub struct VpnError {
  message: String,
 }
 impl VpnError {
  fn new(message: String) -> Self {
    Self { message }
  }
 }
 impl fmt::Display for VpnError {
  fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
    write!(f, "{}", self.message)
  }
 }
 impl std::error::Error for VpnError {}
 pub struct VpnBuilder {
  server: String,
  cookie: String,
  script: Option<String>,
  user_agent: Option<String>,
  script: Option<String>,
  os: Option<String>,
  certificate: Option<String>,
  sslkey: Option<String>,
  key_password: Option<String>,
  csd_uid: u32,
  csd_wrapper: Option<String>,
  reconnect_timeout: u32,
  mtu: u32,
  disable_ipv6: bool,
 }
 impl VpnBuilder {
@@ -132,54 +95,30 @@ impl VpnBuilder {
    Self {
      server: server.to_string(),
      cookie: cookie.to_string(),
      script: None,
      user_agent: None,
      script: None,
      os: None,
      certificate: None,
      sslkey: None,
      key_password: None,
      csd_uid: 0,
      csd_wrapper: None,
      reconnect_timeout: 300,
      mtu: 0,
      disable_ipv6: false,
    }
  }
  pub fn script<T: Into<Option<String>>>(mut self, script: T) -> Self {
    self.script = script.into();
    self
  }
  pub fn user_agent<T: Into<Option<String>>>(mut self, user_agent: T) -> Self {
    self.user_agent = user_agent.into();
    self
  }
  pub fn script<T: Into<Option<String>>>(mut self, script: T) -> Self {
    self.script = script.into();
    self
  }
  pub fn os<T: Into<Option<String>>>(mut self, os: T) -> Self {
    self.os = os.into();
    self
  }
  pub fn certificate<T: Into<Option<String>>>(mut self, certificate: T) -> Self {
    self.certificate = certificate.into();
    self
  }
  pub fn sslkey<T: Into<Option<String>>>(mut self, sslkey: T) -> Self {
    self.sslkey = sslkey.into();
    self
  }
  pub fn key_password<T: Into<Option<String>>>(mut self, key_password: T) -> Self {
    self.key_password = key_password.into();
    self
  }
  pub fn csd_uid(mut self, csd_uid: u32) -> Self {
    self.csd_uid = csd_uid;
    self
@@ -190,58 +129,32 @@ impl VpnBuilder {
    self
  }
  pub fn reconnect_timeout(mut self, reconnect_timeout: u32) -> Self {
    self.reconnect_timeout = reconnect_timeout;
    self
  }
  pub fn mtu(mut self, mtu: u32) -> Self {
    self.mtu = mtu;
    self
  }
-  pub fn disable_ipv6(mut self, disable_ipv6: bool) -> Self {
+  pub fn build(self) -> Vpn {
    self.disable_ipv6 = disable_ipv6;
    self
  }
  pub fn build(self) -> Result<Vpn, VpnError> {
    let script = match self.script {
      Some(script) => {
        check_executable(&script).map_err(|e| VpnError::new(e.to_string()))?;
        script
      }
      None => find_vpnc_script().ok_or_else(|| VpnError::new(String::from("Failed to find vpnc-script")))?,
    };
    if let Some(csd_wrapper) = &self.csd_wrapper {
      check_executable(csd_wrapper).map_err(|e| VpnError::new(e.to_string()))?;
    }
    let user_agent = self.user_agent.unwrap_or_default();
    let script = self.script.or_else(find_default_vpnc_script).unwrap_or_default();
    let os = self.os.unwrap_or("linux".to_string());
-    Ok(Vpn {
+    Vpn {
      server: Self::to_cstring(&self.server),
      cookie: Self::to_cstring(&self.cookie),
      user_agent: Self::to_cstring(&user_agent),
      script: Self::to_cstring(&script),
      os: Self::to_cstring(&os),
-
+      certificate: None,
      certificate: self.certificate.as_deref().map(Self::to_cstring),
      sslkey: self.sslkey.as_deref().map(Self::to_cstring),
      key_password: self.key_password.as_deref().map(Self::to_cstring),
      servercert: None,
      csd_uid: self.csd_uid,
      csd_wrapper: self.csd_wrapper.as_deref().map(Self::to_cstring),
      reconnect_timeout: self.reconnect_timeout,
      mtu: self.mtu,
      disable_ipv6: self.disable_ipv6,
      callback: Default::default(),
-    })
+    }
  }
  fn to_cstring(value: &str) -> CString {
--- a/crates/openconnect/src/vpnc_script.rs
+++ b/crates/openconnect/src/vpnc_script.rs
@@ -0,0 +1,23 @@
 use is_executable::IsExecutable;
 use std::path::Path;
 const VPNC_SCRIPT_LOCATIONS: [&str; 5] = [
  "/usr/local/share/vpnc-scripts/vpnc-script",
  "/usr/local/sbin/vpnc-script",
  "/usr/share/vpnc-scripts/vpnc-script",
  "/usr/sbin/vpnc-script",
  "/etc/vpnc/vpnc-script",
 ];
 pub(crate) fn find_default_vpnc_script() -> Option<String> {
  for location in VPNC_SCRIPT_LOCATIONS.iter() {
    let path = Path::new(location);
    if path.is_executable() {
      return Some(location.to_string());
    }
  }
  log::warn!("vpnc-script not found");
  None
 }
--- a/packaging/binary/Makefile.in
+++ b/packaging/binary/Makefile.in
@@ -1,34 +0,0 @@
 install:
 	@echo "===> Installing..."
 	install -Dm755 artifacts/usr/bin/gpclient $(DESTDIR)/usr/bin/gpclient
 	install -Dm755 artifacts/usr/bin/gpservice $(DESTDIR)/usr/bin/gpservice
 	install -Dm755 artifacts/usr/bin/gpauth $(DESTDIR)/usr/bin/gpauth
 	install -Dm755 artifacts/usr/bin/gpgui-helper $(DESTDIR)/usr/bin/gpgui-helper
 	if [ -f artifacts/usr/bin/gpgui ]; then \
 		install -Dm755 artifacts/usr/bin/gpgui $(DESTDIR)/usr/bin/gpgui; \
 	fi
 	install -Dm644 artifacts/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
 	install -Dm644 artifacts/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	install -Dm644 artifacts/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
 	install -Dm644 artifacts/usr/share/icons/hicolor/128x128/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
 	install -Dm644 artifacts/usr/share/icons/hicolor/256x256@2/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	install -Dm644 artifacts/usr/share/polkit-1/actions/com.yuezk.gpgui.policy $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
 uninstall:
 	@echo "===> Uninstalling from $(DESTDIR)..."
 	rm -f $(DESTDIR)/usr/bin/gpclient
 	rm -f $(DESTDIR)/usr/bin/gpservice
 	rm -f $(DESTDIR)/usr/bin/gpauth
 	rm -f $(DESTDIR)/usr/bin/gpgui-helper
 	rm -f $(DESTDIR)/usr/bin/gpgui
 	rm -f $(DESTDIR)/usr/share/applications/gpgui.desktop
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
--- a/packaging/deb/control.in
+++ b/packaging/deb/control.in
@@ -3,16 +3,7 @@ Section: net
 Priority: optional
 Maintainer: Kevin Yue <k3vinyue@gmail.com>
 Standards-Version: 4.1.4
-Build-Depends: debhelper (>= 9),
+Build-Depends: debhelper (>= 9), pkg-config, jq (>= 1), make (>= 4), openconnect (>= 8.20), libxml2, libsecret-1-0, libayatana-appindicator3-1, libwebkit2gtk-4.0-37, libgtk-3-0, gnome-keyring, @RUST@
  pkg-config,
  jq (>= 1),
  make (>= 4),
  libxml2,
  libsecret-1-0,
  libayatana-appindicator3-1,
  gnome-keyring,
  libwebkit2gtk-4.0-dev,
  libopenconnect-dev (>= 8.20),@RUST@
 Homepage: https://github.com/yuezk/GlobalProtect-openconnect
 Package: globalprotect-openconnect
--- a/packaging/deb/postrm
+++ b/packaging/deb/postrm
@@ -1,14 +0,0 @@
 #!/bin/sh
 set -e
 case "$1" in
    purge|remove|upgrade)
        # Remove the gpgui binary downloaded at runtime
        rm -f /usr/bin/gpgui
    ;;
    *)
    ;;
 esac
 exit 0
--- a/packaging/deb/rules
+++ b/packaging/deb/rules
@@ -0,0 +1,6 @@
 #!/usr/bin/make -f
 export OFFLINE = 1
 %:
 	dh $@
--- a/packaging/deb/rules.in
+++ b/packaging/deb/rules.in
@@ -1,7 +0,0 @@
 #!/usr/bin/make -f
 export OFFLINE = @OFFLINE@
 export BUILD_FE = 0
 %:
 	dh $@ --no-parallel
--- a/packaging/pkgbuild/PKGBUILD.in
+++ b/packaging/pkgbuild/PKGBUILD.in
@@ -21,15 +21,10 @@ options=('!strip')
 build() {
  cd "$pkgname-$pkgver"
-
+  make build OFFLINE=1
  # Must unset the CFLAGS, otherwise the build fails
  unset CFLAGS
  make build OFFLINE=@OFFLINE@ BUILD_FE=0
 }
 package() {
  cd "$pkgname-$pkgver"
  make install DESTDIR="$pkgdir"
 }
--- a/packaging/rpm/globalprotect-openconnect.spec.in
+++ b/packaging/rpm/globalprotect-openconnect.spec.in
@@ -15,9 +15,9 @@ BuildRequires:  jq
 BuildRequires:  pkg-config
 BuildRequires:  openconnect-devel
 BuildRequires:  openssl-devel
 BuildRequires:  curl
 BuildRequires:  wget
 BuildRequires:  file
 BuildRequires:  perl
 BuildRequires:  (webkit2gtk4.0-devel or webkit2gtk3-soup2-devel)
 BuildRequires:  (libappindicator-gtk3-devel or libappindicator3-1)
@@ -34,20 +34,18 @@ A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authenticati
 %prep
 %setup
 %postun
 rm -f %{_bindir}/gpgui
 %build
-# The injected RUSTFLAGS could fail the build
+make build OFFLINE=1
 unset RUSTFLAGS
 make build OFFLINE=@OFFLINE@ BUILD_FE=0
 %install
 %make_install
 %files
 %defattr(-,root,root)
-%{_bindir}/*
+%{_bindir}/gpclient
 %{_bindir}/gpservice
 %{_bindir}/gpauth
 %{_bindir}/gpgui-helper
 %{_datadir}/applications/gpgui.desktop
 %{_datadir}/icons/hicolor/32x32/apps/gpgui.png
 %{_datadir}/icons/hicolor/128x128/apps/gpgui.png
--- a/scripts/gh-release.sh
+++ b/scripts/gh-release.sh
@@ -1,51 +0,0 @@
 #!/bin/bash
 # Usage: ./scripts/gh-release.sh <tag>
 set -e
 REPO="yuezk/GlobalProtect-openconnect"
 TAG=$1
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
 RELEASE_NOTES="Release $TAG"
 if [ -z "$TAG" ]; then
  echo "Usage: ./scripts/gh-release.sh <tag>"
  exit 1
 fi
 # For snapshot release, we don't create a release, just clear the existing assets and upload new ones.
 # This is to avoid notification spam.
 release_snapshot() {
  RELEASE_NOTES='**!!! DO NOT USE THIS RELEASE IN PRODUCTION !!!**'
  # Get the existing assets
  gh -R "$REPO" release view "$TAG" --json assets --jq '.assets[].name' \
    | xargs -I {} gh -R "$REPO" release delete-asset "$TAG" {} --yes
  echo "Uploading new assets..."
  gh -R "$REPO" release upload "$TAG" \
    "$PROJECT_DIR"/.build/artifacts/artifact-source/* \
    "$PROJECT_DIR"/.build/artifacts/artifact-gpgui-*/*
 }
 release_tag() {
  echo "Removing existing release..."
  gh -R "$REPO" release delete $TAG --yes --cleanup-tag || true
  echo "Creating release..."
  gh -R "$REPO" release create $TAG \
    --title "$TAG" \
    --notes "$RELEASE_NOTES" \
    "$PROJECT_DIR"/.build/artifacts/artifact-source/* \
    "$PROJECT_DIR"/.build/artifacts/artifact-gpgui-*/*
 }
 if [[ $TAG == *"snapshot" ]]; then
  release_snapshot
 else
  release_tag
 fi
Author	SHA1	Message	Date
Kevin Yue	3daad748ae	Add rust dep for ppa	2024-02-25 13:33:53 +08:00
Kevin Yue	5bca84c9cf	Set rust version	2024-02-25 12:42:25 +08:00
Kevin Yue	3a6eca2ed2	Add build dependencies	2024-02-25 11:50:24 +08:00
Kevin Yue	141d66cbde	Fix rpm install	2024-02-25 10:57:02 +08:00
Kevin Yue	f44cd85971	Use .build folder	2024-02-25 10:37:52 +08:00
Kevin Yue	55b119d0f2	Install rpm	2024-02-25 10:32:47 +08:00
Kevin Yue	df1bcd6571	Install rpm	2024-02-25 09:59:21 +08:00
Kevin Yue	a19789f1e3	Update rpm packaging	2024-02-25 09:55:52 +08:00
Kevin Yue	a0891e9f04	Update build.yaml	2024-02-24 22:51:27 +08:00
Kevin Yue	5586daf9e5	Add rpm target	2024-02-24 22:32:58 +08:00
Kevin Yue	d2d45910cb	Fix CI	2024-02-23 21:59:47 +08:00
Kevin Yue	df4bbe0059	Preserve env for debuild	2024-02-23 21:12:12 +08:00
Kevin Yue	aa0f6bf5bb	CI build deb	2024-02-23 06:07:16 -05:00
Kevin Yue	48e22f4f78	Add make ppa	2024-02-23 06:06:59 -05:00
Kevin Yue	480229b69f	Fix archive name	2024-02-22 08:29:42 -05:00
Kevin Yue	c446763a05	Improve makefile	2024-02-22 08:20:52 -05:00
Kevin Yue	cfdba00a01	Make tarball	2024-02-21 22:19:34 +08:00
Kevin Yue	5404386972	Add packaging	2024-02-21 07:36:17 -05:00
Kevin Yue	4be877bf8c	Add gpgui-helper (#326 )	2024-02-21 20:34:14 +08:00