Arch Linux User Repository

If you cannot build because of a missing tar ball or a failed sha256 checksum validation, then the package is most likely outdated and they have removed the old version already. In this case, please click on “Flag package out-of-date”.

Found a fix for "authentication service could not be contacted"

Edit the config file under /home/username/.ICAClient\WFClient.ini and add a new line SSLCiphers=ALL save file and run "killall AuthManagerDaemon ServiceRecord selfservice storebrowse"

Relaunch Citrix and you should be fine

@johnnybash

Citrix Workspace App for Linux: How to trust a CA certificate? Created: 09 Jan 2018 | Modified: 02 May 2023

At work too I see codes existing from years that nobody gives a f. to update, this is not the right approach either to leave it as is because you don’t want to remove the fingers out of the ass, others more clairvoyant will do it.

The rehash tool is linked in documentation anyway. It is your approach messing up the Arch Linux standard and opening your system to scripts of Citrix, I’m sure they are safer than the experiment of linking opt to etc and hope it works.

Citrix is unaware the scripts are modifying a global system certificate folder, YOU are allowing it to do so, your responsibility. Crash a car in the Wall, your responsibility too.

Try to symlink /tmp to /, if it work, is it OK to leave it as it ? Try to symlink /usr/share/applications to `~/.local/share/applications``, if it work, is it OK to leave it as is ?

I think I just gave this reply too much attention...

I don't care whats intended by Citrix.

this workarounds have been working for years. running arbitrary scripts/programs (ctx_rehash) as root to create untracked files you have to manually delete as root afterwards is bad practice and fucks up your system, don't do this and don't tell your users to do this!

the seds are fine, telemetry should be the users choice, alright, but as an opt-in...

@buzo I made the following changes on icaclient-beta 23.7.0.11-2

Up to you to grab what do you like. Testers are welcome :)

• Fix certificates the way they are intended to be used by Citrix
• Fix the fix permissions
• Suppress a possibly deprecated .so removal
• All binaries accessibles in /usr/bin
• The hack is not so dirty they are necessary user configurations
• The sed is questionable, can fail and it is to the user to choose these options
• Better install and uninstall advice
• The old advice is unnecessary, Citrix creates automatically ~/.ICAClient and all the necessary files inside, I haven't tested in a multi user environment but anyway, if the issue persists, the old advice is not the right solution, this is what I call dirty

diff --git a/.SRCINFO b/.SRCINFO
index 366fd11..41e1a34 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = icaclient-beta
  pkgdesc = Citrix Workspace App (a.k.a. ICAClient, Citrix Receiver) [Technology Preview]
  pkgver = 23.7.0.11
- pkgrel = 1
+ pkgrel = 2
  url = https://www.citrix.com/downloads/workspace-app/betas-and-tech-previews/workspace-app-tp-for-linux.html
  install = citrix-client.install
  arch = x86_64
@@ -47,11 +47,11 @@ pkgbase = icaclient-beta
  sha256sums = cdfb3a2ef3bf6b0dd9d17c7a279735db23bc54420f34bfd43606830557a922fe
  sha256sums = fe0b92bb9bfa32010fe304da5427d9ca106e968bad0e62a5a569e3323a57443f
  sha256sums = a3bd74aaf19123cc550cde71b5870d7dacf9883b7e7a85c90e03b508426c16c4
- source_x86_64 = icaclient-x64-23.7.0.11.tar.gz::https://downloads.citrix.com/21974/linuxx64-23.7.0.11.tar.gz?__gda__=exp=1687292023~acl=/*~hmac=19d6e1387a89ecd54fef8e616eed9960b1d0da9a74d4a8edec8f9cc05d770f91
+ source_x86_64 = icaclient-x64-23.7.0.11.tar.gz::https://downloads.citrix.com/21974/linuxx64-23.7.0.11.tar.gz?__gda__=exp=1687398177~acl=/*~hmac=969c7ad79823057164ffc8646ae2d8c35f196844ee329cc677bcb850fbd8260c
  sha256sums_x86_64 = b11b24150a78168dd14e76eb64aef7e7db66ed1b8e29dd866f83840bf17f7327
- source_i686 = icaclient-x86-23.7.0.11.tar.gz::https://downloads.citrix.com/21974/linuxx86-23.7.0.11.tar.gz?__gda__=exp=1687292023~acl=/*~hmac=19d6e1387a89ecd54fef8e616eed9960b1d0da9a74d4a8edec8f9cc05d770f91
+ source_i686 = icaclient-x86-23.7.0.11.tar.gz::https://downloads.citrix.com/21974/linuxx86-23.7.0.11.tar.gz?__gda__=exp=1687398177~acl=/*~hmac=969c7ad79823057164ffc8646ae2d8c35f196844ee329cc677bcb850fbd8260c
  sha256sums_i686 = d2efde7a8bc3fbe870a5cf0da3a562d09063bf875f39c9e6392e6dc25714c6b8
- source_armv7h = icaclient-armhf-23.7.0.11.tar.gz::https://downloads.citrix.com/21974/linuxarmhf-23.7.0.11.tar.gz?__gda__=exp=1687292023~acl=/*~hmac=19d6e1387a89ecd54fef8e616eed9960b1d0da9a74d4a8edec8f9cc05d770f91
+ source_armv7h = icaclient-armhf-23.7.0.11.tar.gz::https://downloads.citrix.com/21974/linuxarmhf-23.7.0.11.tar.gz?__gda__=exp=1687398177~acl=/*~hmac=969c7ad79823057164ffc8646ae2d8c35f196844ee329cc677bcb850fbd8260c
  sha256sums_armv7h = 6ae0157d5ace2a7248dbf8db8fa60ca2f043fd49fbfcab6baee31a5c8c6af163

 pkgname = icaclient-beta
diff --git a/PKGBUILD b/PKGBUILD
index e7f54c6..7acb924 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -9,7 +9,7 @@
 pkgname=icaclient-beta
 artefactid=icaclient
 pkgver=23.7.0.11
-pkgrel=1
+pkgrel=2
 pkgdesc="Citrix Workspace App (a.k.a. ICAClient, Citrix Receiver) [Technology Preview]"
 arch=('x86_64' 'i686' 'armv7h')
 url='https://www.citrix.com/downloads/workspace-app/betas-and-tech-previews/workspace-app-tp-for-linux.html'
@@ -66,7 +66,9 @@ package() {
         PKGINF="Ver.core.linuxarmhf"
     fi

-    mkdir -p "${pkgdir}$ICAROOT"
+    # Creating the package base
+    install -d "${pkgdir}"/{opt,usr/bin}
+    install -d "${pkgdir}$ICAROOT"

     cd "$ICADIR"
     install -m755 -t "${pkgdir}$ICAROOT" \
@@ -74,19 +76,15 @@ package() {
             adapter AuthManagerDaemon icasessionmgr NativeMessagingHost \
             PrimaryAuthManager ServiceRecord selfservice UtilDaemon wfica

+    # TODO To rewrite exclusive not inclusive?
     # copy directories
-    cp -rt "${pkgdir}$ICAROOT" config gtk help icons keyboard keystore lib nls site usb util
-    # fix permissions
-    chmod -R a+r "${pkgdir}$ICAROOT"
-
-    # Is the supress below still necessary ? If so, TO_DOCUMENT
-    rm "${pkgdir}$ICAROOT/lib/UIDialogLibWebKit.so"
+    cp -rt "${pkgdir}$ICAROOT" PKCS#11 aml bcr ceb clsync config desktop gtk help icons keyboard keystore lib nls site usb util

     # Install License
-    install -m644 -D -t "${pkgdir}$ICAROOT" nls/en.UTF-8/eula.txt
+    install -Dm644 -t "${pkgdir}$ICAROOT" nls/en.UTF-8/eula.txt

     # Install Version
-    install -m644 -D "${srcdir}/PkgId" "${pkgdir}$ICAROOT/pkginf/$PKGINF"
+    install -Dm644 "${srcdir}/PkgId" "${pkgdir}$ICAROOT/pkginf/$PKGINF"

     # create /config/.server to enable user customization using ~/.ICACLient/ overrides. Thanks Tomek
     touch "${pkgdir}$ICAROOT/config/.server"
@@ -94,30 +92,32 @@ package() {
     # Install wrapper script
     install -m755 "${srcdir}/wfica.sh" "${pkgdir}$ICAROOT/wfica.sh"

+    # Setting up /usr/bin launchers
     ln -s gst_play1.0 "${pkgdir}/$ICAROOT/util/gst_play"
     ln -s gst_read1.0 "${pkgdir}/$ICAROOT/util/gst_read"
+    ln -s /opt/Citrix/ICAClient/wfica "$pkgdir"/usr/bin/wfica
+    ln -s /opt/Citrix/ICAClient/selfservice "$pkgdir"/usr/bin/selfservice
+    ln -s /opt/Citrix/ICAClient/util/storebrowse "$pkgdir"/usr/bin/storebrowse
+    ln -s /opt/Citrix/ICAClient/util/setlog "$pkgdir"/usr/bin/setlog
+    ln -s /opt/Citrix/ICAClient/util/ctxcwalogd "$pkgdir"/usr/bin/ctxcwalogd
+    ln -s /opt/Citrix/ICAClient/util/ctx_rehash "$pkgdir"/usr/bin/ctx_rehash
+    ln -s /opt/Citrix/ICAClient/util/conncenter "$pkgdir"/usr/bin/conncenter
+    ln -s /opt/Citrix/ICAClient/util/configmgr "$pkgdir"/usr/bin/configmgr
+    ln -s /opt/Citrix/ICAClient/util/gst_play "$pkgdir"/usr/bin/gst_play
+    ln -s /opt/Citrix/ICAClient/util/gst_read "$pkgdir"/usr/bin/gst_read

-    # Dirty Hack
-    # wfica expects {module,wfclient,apssrv}.ini in $ICAROOT/config
-    # sadly these configs differ slightly by locale
+    # User configurations
     lang=${LANG%%_*}
     [[ -d "${pkgdir}/$ICAROOT/nls/$lang" ]] || lang='en'
     cp "${pkgdir}$ICAROOT/nls/$lang/module.ini" "${pkgdir}/$ICAROOT/config/"
     cp "${pkgdir}$ICAROOT/nls/$lang/appsrv.template" "${pkgdir}/$ICAROOT/config/appsrv.ini"
     cp "${pkgdir}$ICAROOT/nls/$lang/wfclient.template" "${pkgdir}/$ICAROOT/config/wfclient.ini"

-    sed -i \
-        -e 's/Ceip=Enable/Ceip=Disable/' \
-        -e 's/DisableHeartBeat=False/DisableHeartBeat=True/' \
-        "${pkgdir}$ICAROOT/config/module.ini"
-    cd "${srcdir}"
     # install freedesktop.org files
+    cd "${srcdir}"
     install -Dm644 -t "$pkgdir"/usr/share/applications citrix-{configmgr,conncenter,workspace,wfica}.desktop
+
     # install scripts
     install -Dm755 -t "${pkgdir}$ICAROOT" wfica.sh wfica_assoc.sh
     chmod +x "${pkgdir}$ICAROOT"/util/{HdxRtcEngine,ctx_app_bind,ctxcwalogd,icalicense.sh,setlog}
-
-    # make certificates available
-    rm -r "${pkgdir}/opt/Citrix/ICAClient/keystore/cacerts"
-    ln -s /etc/ssl/certs "${pkgdir}/opt/Citrix/ICAClient/keystore/cacerts"
 }
diff --git a/citrix-client.install b/citrix-client.install
index 8323e2b..057a5d9 100644
--- a/citrix-client.install
+++ b/citrix-client.install
@@ -1,12 +1,18 @@
-post_install() {
-    instdir="/opt/Citrix/ICAClient"
-    tmpdir="/tmp"
-
-    echo -e "\e[1;31m\nYou have to create '\e[1;33m\$HOME/.ICAClient/cache\e[1;31m' for each user who uses this program and then populate it with the appropriate ini files.  Copy paste the below to do this easily:\n"
-    echo -e "\e[1;39mmkdir -p \$HOME/.ICAClient/cache"
-    echo -e "cp ${instdir}/config/{All_Regions,Trusted_Region,Unknown_Region,canonicalization,regions}.ini \$HOME/.ICAClient/\n"
-    echo -e "\e[0m"
+post_install()
+{
+  echo -e "\n  \e[1;37mRemember to run \e[1;32msudo ctx_rehash"
+  echo -e "  \e[1;37mThis will create links in \e[1;32m/opt/Citrix/ICAClient/keystore/cacerts\e[1;37m pointing to \e[1;32m/etc/ssl/certs\e[1;37m"
+  echo -e "  \e[1;37mThese links are the root dependencies of official/custom certificates existing/dropped in the Citrix folder\n"
+  echo -e "  It isn't a good practice to use \e[1;31m/etc/ssl/certs\e[1;37m\n"
+  echo -e "  On Arch Linux, to trust a system-side certificate run \e[1;32mtrust anchor --store certificate.pem\e[1;37m"
+  echo -e "  The certificate will be written to \e[1;32m/etc/ca-certificates/trust-source/\e[1;37m\n"
+  echo -e "  On Citrix, to trust a certificate, simply drop it in \e[1;32m/opt/Citrix/ICAClient/keystore/cacerts\e[1;37m and run \e[1;32msudo ctx_rehash\e[1;37m\n"
+}

+post_uninstall()
+{
+  echo -e "\n  \e[1;37mTo entirely remove Citrix run \e[1;32msudo rm /opt/Citrix -fr;sudo rm ~/.ICAClient -fr\e[1;37m\n"
 }

 post_upgrade()  { post_install; }
+post_remove() { post_uninstall; }

Icaclient stopped working on manjaro gnome and endeavor gnome, but still working on manjaro xfce.

Hey @buzo

Small suggestion, in my opinion, the package should stop linking /etc/ssl/cacerts to /opt/Citrix/ICAClient/keystore/cacerts, while it looks convenient, it is a possible root cause of multiple problems.

• Citrix expect its folder to be its own, not the global cacerts folder of the system
• If you run ctx_rehash under root privileges, you get a bunch of new cacerts links created in /etc/ssl/cacerts, named such as, 1c8cbeef.0, 73628677.0, etc... These files/links normaly goes in the Citrix folder and not the system folder of cacerts
• It is not a good practice to copy .pem files directly in /etc/ssl/cacerts, it is the trust command responsible of this at the system level. A link hides the fact, you are not copying something in an App folder, but a System folder, this is dangerous.
• It just works fine without this link but a normal folder
• I think the issue Bleser got recently about an expired cert could not happen with a normal folder, I have also seen this error in the logs and this is confusing, its logged has an error, but is probably a warning, but who knows. It is a Turkish root certificate in the Arch repos and expired in mars 2023, very recently.

Normally, if you use a simple folder, Citrix creates links of the Root certificates that are dependencies of your certificate gateway. They are named like that 1c8cbeef.0, 73628677.0 and redirects directly to the cert in /etc, but not a whole folder.

If you shortcut the job of Citrix with your own links at this level this is a risky business there is possibly a recursive problem

Actually all of us who installed this package, have /etc/ssl/cacerts screwed up and I advise you guys to recreate it without all the Citrix generated links to avoid possible cert issue coming from this change. It is not official and I'm pretty sure if yoiu ask the Citrix developers, they would be horrified of this change :D

I'm also unsure why the file UIDialogLibWebKit.so is deleted from the official archive, it is the only step not documented, might be deprecated stuffs, again, it just works without deleting it.

I also have the Problem: Settings schema 'org.gnome.shell.overrides' is not installed wfica

Found a workaround here: - https://bbs.archlinux.org/viewtopic.php?id=285635 (system) - https://unix.stackexchange.com/questions/745262/settings-schema-org-gnome-shell-overrides-is-not-installed (user) Both worked for me.

Seems icaclient needs some gnome settings in "org.gnome.shell...", which moved to "/org/gnome/mutter..." in current Gnome version, to work.

Edit: "pipitone" already postet the 2. Link.

I told you @Bleser this had nothing to do. The certificate expired on March. Months away from your issue. Anyway expired certificates are just fixable by removing the certificate from your system, if you tested that you would realize your issue persisted

I just noticed on the Citrix website that Citrix Workspace is available for ARM 64 bit. Could you please modify the PKGBUILD for the new aarch64 version of Workspace?

buzo: I'm not sure. I'm not very familiar with gnome myself to know why this regression appears now. Perhaps it's worth waiting to see if anyone else is bitten by this or if it's fixed upstream.

pipitone: I didn't run into this problem, but probably because I'm using Cinnamon, not Gnome. Do you think I should add this to the package?