diff options
| author | Douglas Iuri Medeiros Cabral | 2022-12-18 16:08:21 -0300 |
|---|---|---|
| committer | Douglas Iuri Medeiros Cabral | 2022-12-18 16:08:21 -0300 |
| commit | 1b45ff5349520bba8a111efc9ab6d18f9b7845f8 (patch) | |
| tree | 299e487e7073be5a9f2bc15ee5f1186154130c72 | |
| parent | dd5b0cd77de33574ca9f4078ac384016cc27f660 (diff) | |
| download | aur-1b45ff5349520bba8a111efc9ab6d18f9b7845f8.tar.gz | |
First attempt to update to version 7.0.7.0246
| -rw-r--r-- | .SRCINFO | 9 | ||||
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | PKGBUILD | 12 | ||||
| -rw-r--r-- | forticlient-vpn.install | 141 |
4 files changed, 107 insertions, 59 deletions
@@ -1,7 +1,7 @@ pkgbase = forticlient-vpn pkgdesc = Build through the official package of FortiClient VPN only - pkgver = 7.0.0.0018 - pkgrel = 2 + pkgver = 7.0.7.0246 + pkgrel = 1 url = https://www.fortinet.com/support/product-downloads install = forticlient-vpn.install arch = x86_64 @@ -15,6 +15,7 @@ pkgbase = forticlient-vpn depends = libnotify depends = org.freedesktop.secrets depends = libappindicator-gtk2 + depends = gzip optdepends = mate-polkit: for polkit authentication for the MATE optdepends = polkit-gnome: for polkit authentication for the GNOME optdepends = polkit-kde-agent: for polkit authentication for the KDE @@ -23,7 +24,7 @@ pkgbase = forticlient-vpn optdepends = lxqt-policykit: for polkit authentication for the LXQt provides = fortivpn provides = FortiClient - source = https://filestore.fortinet.com/forticlient/downloads/forticlient_vpn_7.0.0.0018_amd64.deb - sha256sums = 82e5817048a60ff95d2e88b4a95512f9f0035fa37240ce57580c203b5a8a79c9 + source = https://filestore.fortinet.com/forticlient/forticlient_vpn_7.0.7.0246_amd64.deb + sha256sums = 482f245df302417ab19b6501525acae6c62a022eec80baf5ad285a0fb1f5323e pkgname = forticlient-vpn diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..562c178fdf51 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +pkg/ +src/ +*.deb +*pkg.tar.zst @@ -1,12 +1,12 @@ # Maintainer: Douglas Iuri Medeiros Cabral <douglasimcabral at zohomail dot com> pkgname=forticlient-vpn -pkgver=7.0.0.0018 -pkgrel=2 +pkgver=7.0.7.0246 +pkgrel=1 pkgdesc="Build through the official package of FortiClient VPN only" arch=("x86_64") url="https://www.fortinet.com/support/product-downloads" license=('custom:fortinet') -depends=('systemd' 'nss' 'gtk3' 'libxss' 'polkit' 'openssl' 'libnotify' 'org.freedesktop.secrets' 'libappindicator-gtk2') +depends=('systemd' 'nss' 'gtk3' 'libxss' 'polkit' 'openssl' 'libnotify' 'org.freedesktop.secrets' 'libappindicator-gtk2' 'gzip') optdepends=( 'mate-polkit: for polkit authentication for the MATE' 'polkit-gnome: for polkit authentication for the GNOME' @@ -17,15 +17,15 @@ optdepends=( ) provides=('fortivpn' 'FortiClient') install='forticlient-vpn.install' -source=("https://filestore.fortinet.com/forticlient/downloads/forticlient_vpn_${pkgver}_amd64.deb") -sha256sums=('82e5817048a60ff95d2e88b4a95512f9f0035fa37240ce57580c203b5a8a79c9') +source=("https://filestore.fortinet.com/forticlient/forticlient_vpn_${pkgver}_amd64.deb") +sha256sums=('482f245df302417ab19b6501525acae6c62a022eec80baf5ad285a0fb1f5323e') package() { bsdtar -xf data.tar.xz -C "$pkgdir/" - install -Dm644 "${pkgdir}/lib/systemd/system/forticlient-scheduler.service" "${pkgdir}/usr/lib/systemd/system/forticlient-scheduler.service" + install -Dm644 "${pkgdir}/lib/systemd/system/forticlient.service" "${pkgdir}/usr/lib/systemd/system/forticlient.service" rm -rf "${pkgdir}/lib" diff --git a/forticlient-vpn.install b/forticlient-vpn.install index 20b7504c58d6..8652af2e696a 100644 --- a/forticlient-vpn.install +++ b/forticlient-vpn.install @@ -1,36 +1,34 @@ pre_install () { BACKUP_DIR=/etc/forticlient/.old - FCT_CONFIG_DB=/etc/forticlient/config.db FCT_CONFIG=/etc/forticlient/config.xml EC_CONFIG=/opt/forticlient/XMLs/ecdata.xml # Backup old XML configurations if they exist so they can # be imported on start up if upgrading from an older FCT version - if [ -f $FCT_CONFIG_DB ] || [ -f $FCT_CONFIG ] || [ -f $EC_CONFIG ]; then - mkdir $BACKUP_DIR && chmod 0600 $BACKUP_DIR + if [ -f $FCT_CONFIG ] || [ -f $EC_CONFIG ]; then + mkdir $BACKUP_DIR && chmod 0600 $BACKUP_DIR else - exit 0 + exit 0 fi - if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG_DB ]; then - cp $FCT_CONFIG_DB $BACKUP_DIR - fi - if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG ]; then - cp $FCT_CONFIG $BACKUP_DIR + cp $FCT_CONFIG $BACKUP_DIR fi if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $EC_CONFIG ]; then - cp $EC_CONFIG $BACKUP_DIR + cp $EC_CONFIG $BACKUP_DIR fi + exit 0 } pre_upgrade () { # Check if forticlient is registered to EMS if it's an uninstall - if [ -f /opt/forticlient/.fct_ec_registered ]; then - echo "Error: Unable to uninstall forticlient while connected to EMS" - exit 1 + if [ -f /opt/forticlient/.fct_ec_registered ] && [ "$action" != "upgrade" ]; then + echo "=============================================================" + echo "Error: Unable to uninstall forticlient while connected to EMS" + echo "=============================================================" + exit 1 fi # Remove old symlink when upgrading from older versions @@ -38,6 +36,14 @@ pre_upgrade () { pkill -f /usr/bin/FortiClient rm -rf /usr/bin/FortiClient fi + + # Remove old symlink to FortiClient scheduler + if [ -f /lib/systemd/system/forticlient-scheduler.service ]; then + rm -rf /lib/systemd/system/forticlient-scheduler.service || true + fi + if [ -f /usr/lib/systemd/system/forticlient-scheduler.service ]; then + rm -rf /usr/lib/systemd/system/forticlient-scheduler.service || true + fi } post_install() { @@ -81,41 +87,66 @@ post_install() { chmod 600 /etc/forticlient/servers.conf fi - # Create GUI symlink to launch from terminal - if [ -f /opt/forticlient/gui/FortiClient-linux-x64/FortiClient ]; then - ln -sf /opt/forticlient/gui/FortiClient-linux-x64/FortiClient /usr/bin/forticlient + # Keep old database when upgrading from older versions + if [ ! -d /var/lib/forticlient ] || [ ! -O /var/lib/forticlient ]; then + rm -rf /var/lib/forticlient + mkdir -m 755 /var/lib/forticlient + fi + + if [ -f /etc/forticlient/config.db ]; then + if [ -O /etc/forticlient/config.db ]; then + mv /etc/forticlient/config.db /var/lib/forticlient/config.db + else + # Old database cannot be trusted and should be replaced + # So ems connection info is lost and fct has to register to ems again + rm -f /etc/forticlient/config.db /opt/forticlient/.fct_ec_registered + fi + fi + + if [ ! -f /var/lib/forticlient/config.db ]; then + cp /opt/forticlient/.config.db.init /var/lib/forticlient/config.db + fi + + chmod 600 /var/lib/forticlient/config.db + + # Create CLI symlink to launch from terminal + if [ -f /opt/forticlient/forticlient-cli ]; then + ln -sf /opt/forticlient/forticlient-cli /usr/bin/forticlient fi # Launch fortitray if [ -f /opt/forticlient/fortitraylauncher ]; then if [ ! -z "$(logname 2>/dev/null)" ]; then - user="$(logname 2>/dev/null)" + user="$(logname 2>/dev/null)" elif [ ! -z "$SUDO_USER" ]; then - user="$SUDO_USER" + user="$SUDO_USER" else - user=$(users 2>/dev/null | cut -d ' ' -f1) + user=$(users 2>/dev/null | cut -d ' ' -f1) fi - # Need to find the user DBUS address, otherwise Fortitray icon won't show - DBUS_SESSION_BUS_ADDRESS=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DBUS_SESSION_BUS_ADDRESS=') - DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS#*=} + GUI_ENV= + + # Attempt to get the GUI environment variables so fortitray will actually display correctly + for p in $(pgrep -u "$user" dbus-daemon); do + if [ -z "$(xargs -0 -L1 -a /proc/$p/cmdline | grep '^--config-file=')" ]; then + continue + fi - # XAUTHORITY and DISPLAY needed by Fortitray to run - XAUTHORITY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XAUTHORITY=') - XAUTHORITY=${XAUTHORITY#*=} + OIFS="$IFS" + IFS=$'\n' + for e in $(xargs -0 -L1 -a /proc/$p/environ); do + IFS== read -r left right <<< "$e" + GUI_ENV="$GUI_ENV $left=\"$right\"" + done + IFS="$OIFS" - DISPLAY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DISPLAY=') - DISPLAY=${DISPLAY#*=} + break + done - XDG_RUNTIME_DIR=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XDG_RUNTIME_DIR=') - XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR#*=} + FORTITRAY_CMD="env -i $GUI_ENV setsid /opt/forticlient/fortitraylauncher &>/dev/null &" # Start fortitraylauncher while forwarding environment variables needed by Fortitray - su ${user} -c "env XAUTHORITY=$XAUTHORITY \ - DISPLAY=$DISPLAY \ - DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS \ - XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \ - setsid /opt/forticlient/fortitraylauncher &>/dev/null &" + su $user -c "$FORTITRAY_CMD" fi # Update icons cache so icon will show correctly @@ -137,7 +168,7 @@ post_install() { post_upgrade() { cat << EOF -==> After upgrade, to restore your config, copy old file from /etc/forticlient/.old/ to /etc/forticlient/ +==> After upgrade, to restore your configuration, copy /etc/forticlient/.old/* to /etc/forticlient/ EOF } @@ -145,23 +176,38 @@ EOF pre_remove() { # Stop fortitray if [ -f /tmp/.forticlient/fortitraylauncher ]; then - echo "terminate" > /tmp/.forticlient/fortitraylauncher || true + echo "terminate" > /tmp/.forticlient/fortitraylauncher || true fi # Remove ZTNA browser certificates if [ -f /usr/bin/certutil ]; then - find /home /root -regextype posix-extended \ - -regex '(/home/[^/]*|/root)/(.pki/nssdb|.mozilla/firefox/[^/]*default(-release)?)' \ - -maxdepth 5 -print0 2>/dev/null | - while IFS= read -r -d $'\0' p; do - /usr/bin/certutil -F -n FCT_ZTNA -d sql:"$p" 2>/dev/null || true; - /usr/bin/certutil -D -n FCT_ZTNA_CA -d sql:"$p" 2>/dev/null || true; - done + find /home /root -regextype posix-extended \ + -regex '(/home/[^/]*|/root)/(.pki/nssdb|.mozilla/firefox/[^/]*default(-release)?)' \ + -maxdepth 5 -print0 2>/dev/null | + while IFS= read -r -d $'\0' p; do + RUN_USER=$(stat -c '%U' "$p") + + if [ $? -ne 0 ]; then + continue + fi + + su - "$RUN_USER" -c '/usr/bin/certutil -D -n "FortiClient ZTNA" -d sql:'"$p"' 2>/dev/null || true' + su - "$RUN_USER" -c '/usr/bin/modutil -delete "FortiClient ZTNA" -dbdir sql:'"$p"' -force 2>/dev/null || true' + done + fi + + # Remove token from tpm2 database + if [ -f /opt/forticlient/tpm2/tpm2_ptool/exe.linux-x86_64-3.7/tpm2_ptool ] && \ + [ -d /opt/forticlient/tpm2/bin/ ]; then + PATH="/opt/forticlient/tpm2/bin:$PATH" \ + /opt/forticlient/tpm2/tpm2_ptool/exe.linux-x86_64-3.7/tpm2_ptool rmtoken \ + --label fct-ztna-token --path /opt/forticlient/ fi + # Stop forticlient service if [ -d /run/systemd/system ]; then - systemctl stop forticlient-scheduler.service + systemctl stop forticlient.service fi pkill -f /opt/forticlient @@ -183,17 +229,14 @@ post_remove() { # Remove fortitraylauncher fifo rm -rf /tmp/.forticlient/fortitraylauncher || true - # Remove VPN autostart launcher symlink - rm -rf /etc/xdg/autostart/Fortivpn.desktop || true - # Remove GUI symlink rm -rf /usr/bin/forticlient || true # Remove fortivpn symlink rm -rf /usr/bin/forticlient || true - # Remove FortiClient scheduler - rm -rf /lib/systemd/system/forticlient-scheduler.service || true + # Remove FortiClient service + rm -rf /lib/systemd/system/forticlient.service || true # Remove FortiClient binaries rm -rf /opt/forticlient || true |