diff options
-rw-r--r-- | .SRCINFO | 7 | ||||
-rw-r--r-- | PKGBUILD | 25 | ||||
-rwxr-xr-x | cyberghostvpn_wrapper | 4 |
3 files changed, 32 insertions, 4 deletions
@@ -1,21 +1,24 @@ pkgbase = cyberghostvpn pkgdesc = CyberGhost VPN pkgver = 1.4.1 - pkgrel = 5 + pkgrel = 6 url = https://www.cyberghostvpn.com arch = any license = custom:cyberghostvpn makedepends = zip depends = bash + depends = ca-certificates depends = curl depends = openvpn depends = wireguard-tools depends = resolvconf source = https://download.cyberghostvpn.com/linux/cyberghostvpn-ubuntu-20.04-1.4.1.zip + source = http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt source = cyberghostvpn_wrapper source = openvpn_wrapper sha256sums = b80941fd044cd7ac230743e9dc18e3ff636ac209e7c04fdf2619428f8043fc76 - sha256sums = 388e6b86db32e6fb513769257e58efb32392fe5f020cc8bb2f67a506ac59206e + sha256sums = 72a34ac2b424aed3f6b0b04755b88cc027dccc806fddb22b4cd7c47773973ec0 + sha256sums = b9410322648fa3ff40cee9199d9dcadf51117ad633b96e3f99e57b47c75d2b80 sha256sums = f26e37ce43385e625b012afd3d27bad9f9279e3d6cb135cd92c412eada36212e pkgname = cyberghostvpn @@ -4,13 +4,14 @@ pkgname=cyberghostvpn pkgver=1.4.1 -pkgrel=5 +pkgrel=6 pkgdesc="CyberGhost VPN" url="https://www.cyberghostvpn.com" arch=(any) license=(custom:cyberghostvpn) depends=( bash + ca-certificates curl openvpn wireguard-tools @@ -20,20 +21,40 @@ makedepends=(zip) _variant=ubuntu-20.04 source=( "https://download.cyberghostvpn.com/linux/cyberghostvpn-${_variant}-${pkgver}.zip" + "http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt" "cyberghostvpn_wrapper" "openvpn_wrapper") sha256sums=( 'b80941fd044cd7ac230743e9dc18e3ff636ac209e7c04fdf2619428f8043fc76' - '388e6b86db32e6fb513769257e58efb32392fe5f020cc8bb2f67a506ac59206e' + '72a34ac2b424aed3f6b0b04755b88cc027dccc806fddb22b4cd7c47773973ec0' + 'b9410322648fa3ff40cee9199d9dcadf51117ad633b96e3f99e57b47c75d2b80' 'f26e37ce43385e625b012afd3d27bad9f9279e3d6cb135cd92c412eada36212e') _archive="${pkgname}-${_variant}-${pkgver}" +prepare() { + # workaround: build certificate to connect to wireguard servers + # remove as soon as the certificate is provied by the package + _wireguard_certificate_server="washington-s403-i01.cg-dialup.net:1337" + true | openssl s_client -verify 5 -connect ${_wireguard_certificate_server} | openssl x509 > "${srcdir}/cg-dialup-net.pem" + + sha256sum "${srcdir}/cg-dialup-net.pem" + sha256sum --check <( echo "ff0f9f4c75a06dedd1e34cf2a88b95dc879c9ef6173913b40f271355f614744c ${srcdir}/cg-dialup-net.pem" ) + + ( + openssl x509 -in "${srcdir}/cg-dialup-net.pem" + openssl x509 -in "SectigoRSAOrganizationValidationSecureServerCA.crt" + openssl x509 -in "/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem" + ) > "${srcdir}/wireguard_ca.crt" +} + package() { _installdir=usr/local/cyberghost install -Dm 755 openvpn_wrapper "$pkgdir/${_installdir}/wrapper/openvpn_wrapper" install -Dm 755 cyberghostvpn_wrapper "$pkgdir/${_installdir}/wrapper/cyberghostvpn_wrapper" ln -s "/${_installdir}/wrapper/openvpn_wrapper" "$pkgdir/${_installdir}/openvpn" + install -Dm 644 "${srcdir}/wireguard_ca.crt" "$pkgdir/${_installdir}/certs/wireguard/ca.crt" + cd "$_archive" install -Dm 755 cyberghost/cyberghostvpn "$pkgdir/${_installdir}/cyberghostvpn" diff --git a/cyberghostvpn_wrapper b/cyberghostvpn_wrapper index 144c0e892646..03b74f00a85b 100755 --- a/cyberghostvpn_wrapper +++ b/cyberghostvpn_wrapper @@ -4,4 +4,8 @@ # to ensure that cyberghost is calling the openvpn wrapper export PATH=/usr/local/cyberghost:$PATH +# cyberghostvpn expects wireguard certificate to be located at '../certs/wireguard/ca.crt' +# cd into /usr/local/cyberghostvpn/certs so that pinned certificate will be found +cd /usr/local/cyberghost/certs + /usr/local/cyberghost/cyberghostvpn "$@" |