Package Details: pulse-secure 22.8r1_b31437-1

Git Clone URL: https://aur.archlinux.org/pulse-secure.git (read-only, click to copy)
Package Base: pulse-secure
Description: Ivanti Secure Access Client
Upstream URL: https://www.pulsesecure.net/
Licenses: custom
Conflicts: pulse-connect-secure
Submitter: yan12125
Maintainer: chiwanpark
Last Packager: chiwanpark
Votes: 37
Popularity: 1.37
First Submitted: 2017-09-02 07:40 (UTC)
Last Updated: 2025-02-18 11:56 (UTC)

Pinned Comments

chiwanpark commented on 2021-02-24 10:21 (UTC)

If you want to use old pulse-secure client 9.1r9, please download the following package.

https://drive.google.com/file/d/1_8tRA-T9vV08n_TpHqdcG5IvalxBuZ7_/view?usp=sharing

The rewritten pulse-secure client requires a service called 'pulsesecure'. Please enable and start the service before running the client.

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 Next › Last »

denisse commented on 2021-03-12 01:49 (UTC)

Hello everyone,

Apparently pulse-secure requires NetworkManager to work properly. Once I installed NetworkManager and started the NetworkManager daemon the Failed to setup virtual adapter. went away for me.

The VPN is working good now, thanks for maintaining this package and thanks @thecrow for your support!

<deleted-account> commented on 2021-03-11 18:40 (UTC)

thecrow is definetly the man ... great support!

denisse commented on 2021-03-10 17:21 (UTC) (edited on 2021-03-10 17:23 (UTC) by denisse)

Thanks @thecrow, that worked.

I'm getting this message:

Connection Error
Failed to setup virtual adapter. (Error:1205)   
Restart your system and try again. If the problem persists, contact your network administrator.

Another thing I've noticed is that for some reason the VPN stays in some kind of a loop where it keeps iterating over the following messages:

Connecting
Checking Compliance
Securing Connection
Connected

Do any of you know how to fix it?

thecrow commented on 2021-03-10 13:20 (UTC)

@adrea.denisse The symbolic link you created is not correct, you must create:
sudo ln -s /etc/ca-certificates/extracted/ca-bundle.trust.crt /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

denisse commented on 2021-03-09 17:33 (UTC)

Hi, I'm having a lot of troubles with CA Certificates.

I ran the following steps as recommended by other users:

  1. sudo mkdir -p /var/lib/pulsesecure/pulse
  2. trust extract-compat
  3. sudo ln -s /etc/ca-certificates/extracted/ca-bundle.trust.crt /etc/ca-certificates/extracted/openssl/ca-bundle.trust.crt
  4. systemctl start pulsesecure.service

But I'm still getting the "You are about to aunthenticate to an untrusted server" error. Do any of you have an idea of what I could be doing wrong?

tomek2102 commented on 2021-03-08 08:57 (UTC)

After system restart it has started working :)

tomek2102 commented on 2021-03-04 05:51 (UTC)

@chiwanpark Yes, I have started it.

chiwanpark commented on 2021-03-04 05:48 (UTC)

@tomek2102 did you start the service named 'pulsesecure'? 9.1R11 requires the service. you need to start the service before running the client.

tomek2102 commented on 2021-03-04 05:29 (UTC)

Hi, I'm trying to get it working too but I have following problem:

DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files

The UI sometimes starts but I cannot create connection and connect. I have created dir and symlink but without any change. What can be wrong? The client version between last November and December was working OK.

wwinfrey commented on 2021-03-02 22:44 (UTC)

After reading thecrow's comments I created the missing /var/lib/pulsesecure/pulse directory:

$ sudo mkdir -p /var/lib/pulsesecure/pulse

and created a symlink:

$ sudo ln -s /etc/ca-certificates/extracted/ca-bundle.trust.crt /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

and now I am able to connect, so some might attempt these steps before reverting.

I also did not need to restart the pulsesecure service, pulselauncher worked after the symlink and directory were created.

I extracted the RPM spec file from pulsesecure-9.1-R11.x86_64.rpm using rpmrebuild and found that:

$ mkdir -p /var/lib/pulsesecure/pulse

was in the %post section of the extracted SPEC but is not in the PKGFILE. The symlink needs to be created because this is where redhat/centos/etc distros store CA bundles, and thus where the pulse package expects it to be, as evidenced by running strings on the pulselauncher binary and grepping for .crt:

$  strings /opt/pulsesecure/bin/pulselauncher | grep "[.]crt"
/etc/ssl/certs/ca-certificates.crt
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

<deleted-account> commented on 2021-02-26 08:27 (UTC)

@thecrow:

THAT was really really helpful, thanks a lot. Now, my pulse client works like a charm ...

thecrow commented on 2021-02-26 07:24 (UTC) (edited on 2021-02-26 07:26 (UTC) by thecrow)

@abyss02

To resolve the certificate warning, pulsesecure will look for the certificate authorities in the path /etc/pki/ca-trust/extracted/openssl, add the symbolic link:

/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt -> /etc/ca-certificates/extracted/ca-bundle.trust.crt

The connections are saved in /var/lib/pulsesecure/pulse, you have to create the directory so that pulsesecure can save them and they are not lost when restarting the service.

<deleted-account> commented on 2021-02-25 17:17 (UTC)

Ok, installed the new 9.1R11 and ran systemctl enable pulsesecure && systemctl start pulsesecure - afterwards restarted arch:

So,

  1. pulseUI works
  2. adding a connection works
  3. connecting works

but ...

  1. i always get a cert warning, although i imported the needed ca with trust anchor an so on ... (but this is probably my problem)

BUT ...

  1. if the pulsesecure.service is restarted, the gui looses all the connections ... that is weird.

Any ideas?

Regards, A.

je-vv commented on 2021-02-25 05:38 (UTC)

@chiwanpark thanks for keeping the old package available at least through drive. I can't use new versions if they keep depending on systemd. I notice the service just calls another script, and I tried:

sudo /opt/pulsesecure/bin/startup.sh start

To then execute:

/opt/pulsesecure/bin/pulseUI

But even by doing so, I can't add new connections, neither connect...

If someone finds a way to make pulse-secure work without systemd, please let me know. It might require several calls, as I was trying, no problem... Not sure if I'd need to call some dbus stuff, which I'm not familiar with...

For now I need to keep using the old 9.1.r9 version with the curl-pulse-secure package...

chiwanpark commented on 2021-02-24 10:22 (UTC) (edited on 2021-02-24 10:23 (UTC) by chiwanpark)

@abyss02 I've updated the package to new version 9.1r11. It seems that the curl problem disappears. However, the host checker still does not work properly.

chiwanpark commented on 2021-02-24 10:21 (UTC)

If you want to use old pulse-secure client 9.1r9, please download the following package.

https://drive.google.com/file/d/1_8tRA-T9vV08n_TpHqdcG5IvalxBuZ7_/view?usp=sharing

The rewritten pulse-secure client requires a service called 'pulsesecure'. Please enable and start the service before running the client.

mattonthehill commented on 2021-02-23 08:19 (UTC)

@je-vv, you could probably make it work without systemd. The systemd control file makes a call to a simple shell script with "do_start" and "do_stop" functions to run/kill a binary, so I expect it could be made compatible with non-systemd systems.

<deleted-account> commented on 2021-02-22 18:21 (UTC)

Hey there, there is a new version 9.1R11 with this changelog:

https://www-prev.pulsesecure.net/download/techpubs/current/2267/pulse-client/pulse-secure-client-desktop/9.1Rx/ps-pulse-9.1r11.0-releasenotes.pdf?download=true

It can be downloaded here: https://www.rz.uni-osnabrueck.de/fileadmin/user_upload/VPN/Software/ps-pulse-linux-9.1r11.0-b6725-64-bit-installer.rpm

Seems that they had some issues with host checker.

Will you give it another try? Or could you please provide the PKGBUILD of your 9.1R10-Package?

Regards, A.

thecrow commented on 2021-02-22 12:30 (UTC) (edited on 2021-02-22 12:45 (UTC) by thecrow)

I downloaded the latest version 9.1R11, after manually copying the files over version 9.1R10, the VPN is established, it already works with curl 7.75.

je-vv commented on 2021-02-17 20:46 (UTC)

@treizeku, you moved way back, to 9.1r8.0_b165 actually, while current version is 9.1r9.0_b255. Those old versions don't require any service, you just call the pulsesvc for command line or you just call the pulseUI binary for the gui... That was the old model... However not sure why 9.1r9.0_b255 is not working for you. I'd guess the really new one, on the GDrive provided by @chiwanpark is the one having some future, and it's pending solving some issues prior to releasing, but not so bright at least for me, since it depends on loading a systemd service it seems...

treizeku commented on 2021-02-17 12:25 (UTC)

Ran into the same problem as most people. The package stopped working after the latest upgrade. I tried a lot of different things, including the experimental package of the latest version by @chiwanpark, but I also couldn't get it to work. The main problem was that it was not able to create the virtual interface for some reason.

I did however got my VPN to work again by downgrading back to an older package, even though it didn't work at first. I think a reboot fixed it. So for people who really need to get it to work:

After that maybe reboot to be sure but that version works again for me. Not sure if the curl-pulse-secure libraries are still necessary with this. I don't need to start any service or anything.

thecrow commented on 2021-02-12 11:08 (UTC) (edited on 2021-02-12 12:22 (UTC) by thecrow)

After installing the 9.1R10 version package, I had to install the following packages libbsd, gtkmm3 and webkit2gtk to work that I did not have in my installation.

When adding my connection I have seen the following errors in the log.

root /opt/pulsesecure/bin/pulsesecure ConnectionStore p0226 tE2 ConnectionStoreDocSet.cpp: 562 - 'ConnectionStoreService' SaveDocument: /var/lib/pulsesecure/pulse/connstore.dat
root /opt/pulsesecure/bin/pulsesecure ConnectionStore p0226 tE2 ConnectionStoreDocSet.cpp: 568 - 'ConnectionStoreService' Failed fopen: 2 /var/lib/pulsesecure/pulse/connstore.tmp

When trying to connect to my connection, it gives an error when verifying the certificate, the following message appears in the log:

user /opt/pulsesecure/bin/pulseUI pulseUI p48165 tBC3D linuxCert.cpp: 1318 - 'JamCertLib' getSystemInfo: Linux 5.10.15-arch1-1 # 1 SMP PREEMPT Wed, 10 Feb 2021 18: 32: 4 0 +0000 x86_64
user /opt/pulsesecure/bin/pulseUI pulseUI p48165 tBC3D linuxCert.cpp: 1339 - 'JamCertLib' Certificate CA store file: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
user /opt/pulsesecure/bin / pulseUI pulseUI p48165 tBC3D linuxCert.cpp: 1356 - 'JamCertLib' Failed to load CA certs. verifyTrust failed

After creating the directory /var/lib/pulsesecure/pulse, and the symbolic link /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt -> /etc/ca-certificates/extracted/ca -bundle.trust.crt

When trying to connect it stays in a loop, conecting -> securing connection

On the terminal there are continually messages: DBUS api call failed with code: 2 - message: GDBus.Error: org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files

The following error appears in the log:

root /opt/pulsesecure/bin/pulsesecure dsTMService p49941 tC343 tunnel2.cpp: 197 - 'TM' Initialize (): ERROR: Create I_IPSecSystemMgr failed 0xe0020026

The HostChecker seems to terminate well root /opt/pulsesecure/bin/pulsesecure HostCheckerService p0226 tB E43 TnccLink.cpp: 142 - 'NotifyConnectionChange' Host check finished, result for connection 0x1 on NAR 0x132d481, new state Open ': Success'

The error seems to be when trying to create the virtual network adapter.

chiwanpark commented on 2021-02-06 12:06 (UTC)

@abyss02 I've already packaged the new client, and posted it to the previous comment (https://aur.archlinux.org/packages/pulse-secure/?O=10&PP=10#comment-7870590) with test request.

I'm struggling with the failure of host checker in 9.1r10. After fixing the failure, I'll upload the new package.

<deleted-account> commented on 2021-02-06 11:04 (UTC)

hey, can you please provide the new client 9.1.R10, you can find it here: https://vubnet.vub.ac.be/downloads.html

je-vv commented on 2021-02-06 03:57 (UTC)

Do we need a service to start puilse-secure now? Ohh boy... But I don't think the seg faulting using the backported libs, are due to that, do you @chiwanpark?

BTW, I don't think I can test any time soon then, if systemd is required, since I use Artix, so I'd need to port the service to S6, which is the init+supervisor system I use. So if the package moves to a newer release (I see it worked for @mattonthehill) I'll have to stick with the 7.73.0, until porting the service, or finding a work around by using openconnect somehow. I understand openconnect doesn't handle pulse MFA, but perhaps some people out there is doing magic with it...

chiwanpark commented on 2021-02-06 03:41 (UTC)

@mattonthehill: Thanks for your testing. :)

@je-vv: from 9.1R10, you need to start pulsesecure.service via sudo systemd start pulsesecure.service. The message DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files is shown because the service is not running.

I will automatically enable the service after updated package. Thanks for reporting.

je-vv commented on 2021-02-06 03:29 (UTC)

@thecrow, I don't know what else to put in there, they don't accept the fact the package got broken.

@chiwanpark, I tested the binary package you made available with 9.1r10.0_b5655, without reverting curl, neither changing LD_LIBRARY_PATH, and it just seg faults without any output:

% /opt/pulsesecure/bin/pulseUI
Segmentation fault

And by using the backported libraries provided by curl-pulse-secure thorough LD_LIBRARY_PATH, it still seg faults, though the gui shows up for a bit less than a second:

% export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/local/pulse"
% /opt/pulsesecure/bin/pulseUI
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
Segmentation fault

So now, things look way worse than before, because it seg fauls no matter if using the backported libraries or not...

Running without backported libs with gdb shows:

% gdb /opt/pulsesecure/bin/pulseUI
...
Reading symbols from /opt/pulsesecure/bin/pulseUI...
(No debugging symbols found in /opt/pulsesecure/bin/pulseUI)
(gdb) run
Starting program: /opt/pulsesecure/bin/pulseUI 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff09aff7e in __strcmp_avx2 () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff09aff7e in __strcmp_avx2 () at /usr/lib/libc.so.6
#1  0x00007ffff12dacbb in lh_insert () at /opt/pulsesecure/lib/dsOpenSSL/libcrypto.so
#2  0x00007ffff123c994 in OBJ_NAME_add () at /opt/pulsesecure/lib/dsOpenSSL/libcrypto.so
#3  0x00007fffeca0e021 in  () at /usr/lib/libssl.so.1.1
#4  0x00007ffff7f7918f in __pthread_once_slow () at /usr/lib/libpthread.so.0
#5  0x00007fffec8e54ea in CRYPTO_THREAD_run_once () at /usr/lib/libcrypto.so.1.1
#6  0x00007fffeca0e224 in OPENSSL_init_ssl () at /usr/lib/libssl.so.1.1
#7  0x00007fffecb40731 in  () at /usr/lib/libcurl.so.4
#8  0x00007fffecaf3735 in  () at /usr/lib/libcurl.so.4
#9  0x00007ffff7fe12de in call_init.part () at /lib64/ld-linux-x86-64.so.2
#10 0x00007ffff7fe13c8 in _dl_init () at /lib64/ld-linux-x86-64.so.2
#11 0x00007ffff098d0e5 in _dl_catch_exception () at /usr/lib/libc.so.6
#12 0x00007ffff7fe5705 in dl_open_worker () at /lib64/ld-linux-x86-64.so.2
#13 0x00007ffff098d088 in _dl_catch_exception () at /usr/lib/libc.so.6
#14 0x00007ffff7fe4f3e in _dl_open () at /lib64/ld-linux-x86-64.so.2
#15 0x00007ffff7f6334c in  () at /usr/lib/libdl.so.2
#16 0x00007ffff098d088 in _dl_catch_exception () at /usr/lib/libc.so.6
#17 0x00007ffff098d153 in _dl_catch_error () at /usr/lib/libc.so.6
#18 0x00007ffff7f63b89 in  () at /usr/lib/libdl.so.2
#19 0x00007ffff7f633d8 in dlopen () at /usr/lib/libdl.so.2
#20 0x00007fffed1161ac in  () at /usr/lib/libdw.so.1
#21 0x00007ffff7fe12de in call_init.part () at /lib64/ld-linux-x86-64.so.2
#22 0x00007ffff7fe13c8 in _dl_init () at /lib64/ld-linux-x86-64.so.2
#23 0x00007ffff7fd20ca in _dl_start_user () at /lib64/ld-linux-x86-64.so.2
#24 0x0000000000000001 in  ()
#25 0x00007fffffffdbde in  ()
#26 0x0000000000000000 in  ()

So there you go, there are still issues with the curl library...

And doing the same using LD_LIBRARYPATH with the backported curl libraries:

% gdb /opt/pulsesecure/bin/pulseUI
...
Reading symbols from /opt/pulsesecure/bin/pulseUI...
(No debugging symbols found in /opt/pulsesecure/bin/pulseUI)
(gdb) run
Starting program: /opt/pulsesecure/bin/pulseUI 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffec007640 (LWP 7998)]
[New Thread 0x7fffeb806640 (LWP 7999)]
[New Thread 0x7fffeaec0640 (LWP 8000)]
[New Thread 0x7fffec0a6a40 (LWP 8001)]
[New Thread 0x7fffea6bf640 (LWP 8003)]
[New Thread 0x7fffe9ebe640 (LWP 8004)]
[New Thread 0x7fffe88da640 (LWP 8005)]
[New Thread 0x7fffd3fff640 (LWP 8006)]
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
[Thread 0x7fffe88da640 (LWP 8005) exited]
[Thread 0x7fffd3fff640 (LWP 8006) exited]
[New Thread 0x7fffd3fff640 (LWP 8007)]
[Thread 0x7fffe9ebe640 (LWP 8004) exited]
[Thread 0x7fffea6bf640 (LWP 8003) exited]
[New Thread 0x7fffea6bf640 (LWP 8010)]
[New Thread 0x7fffe9ebe640 (LWP 8011)]
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 

Thread 11 "pulseUI" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffea6bf640 (LWP 8010)]
0x00007ffff09b7ee1 in __memset_avx2_erms () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff09b7ee1 in __memset_avx2_erms () at /usr/lib/libc.so.6
#1  0x0000555555554ccc in  ()
#2  0x0000555555550495 in GetDSAccessServiceInterface(pincGuid const&, unsigned int, void**) ()
#3  0x0000555555550586 in DSAccessGetPluginInterface(char const*, pincGuid const&, unsigned int, void**) ()
#4  0x000055555551bb3e in DialogManager::InitiateJUNS() ()
#5  0x000055555552436f in DialogManager::OnJamTimer(unsigned int) ()
#6  0x0000555555507c1b in CJamCommandListProcessor::OnJamTimer(unsigned int) ()
#7  0x00007ffff7f5d63c in  () at /usr/lib/librt.so.1
#8  0x00007ffff7f713e9 in start_thread () at /usr/lib/libpthread.so.0
#9  0x00007ffff0952293 in clone () at /usr/lib/libc.so.6

Then there are issues with glibc...

And the community forum seems totally useless to me, as well as the comments some of those guys have included in the github issue... Whether saying got get support with a big shot guy doing business with them, or just install a newer version, which is just as useless, when never getting to debug what's broken. It's really tiresome to try arguing with them.

mattonthehill commented on 2021-02-05 20:36 (UTC)

Thanks for your package @chiwanpark - I managed to connect to my workplace's VPN, after the following steps:

  • Install curl-pulse-secure;
  • Start the pulsesecure service;
  • Run PulseUI with "LD_LIBRARY_PATH=/usr/local/pulse pulseUI"

It still complains quite a lot, but it worked and let me set up a connection. Thanks again!

thecrow commented on 2021-01-26 12:59 (UTC)

@chiwanpark,@je-vv Podeis actualizar la información que solicitan desde el foro de pulse secure, para replicar el problema con curl 7.74

je-vv commented on 2021-01-23 22:56 (UTC)

@chiwanpark, although 9.1R10 does not fix the curl related segfault, I see it positive if you update the package any ways. Thanks a lot !

je-vv commented on 2021-01-23 22:53 (UTC)

BTW, on all 3 posts under the pulse-secure comuniy forum where I'm involved, the answer is always to get a big shot on business relations with pulse-secure, to get in contact with them. So I guess there won't be any support from pulse-secure to final users on the issues their own SW generates. There's NO way to reach out to their devs or support team. I don't have any alternative, given the company where I work chose pulse-secure and uses MFA even requiring its GUI, which depends on obsolete and insecure webkitgtk.

I guess the work around with curl-pulse-secure is all there will be, until everything starts segfaulting on other platforms with more users, like redhat derivatives and debian/ubuntu derivatives, which can influence big shots from IT making business with them. That's to be expected from closed source SW I'd guess... How disappointing !!

tryax commented on 2021-01-21 09:46 (UTC)

/pulseUi: error while loading shared libraries: libicui18n.so.67: cannot open shared object file: No such file or directory

lib32-icu has been updated to 68.2-1, so pulse can't find version 67?

chiwanpark commented on 2021-01-19 15:46 (UTC)

@je-vv: the 9.1R10 does not fix the curl related crash. I guess that the user posting 9.1R10 works with curl 7.74 in Ubuntu did test with OpenSSL < 1.1.0. I've posted the question about OpenSSL version to the forum.

https://community.pulsesecure.net/t5/Pulse-Desktop-Clients/Linux-Pulse-Client-does-not-work-with-curl-7-74/m-p/44607/highlight/true#M2253

chiwanpark commented on 2021-01-19 15:41 (UTC) (edited on 2021-01-19 15:46 (UTC) by chiwanpark)

@je-vv and other users: I've packaged the new 9.1R10 client. However, in my testing environment host checker does not work properly. Thus, I didn't upload the package to AUR repository. But I request for someone to test the package. (You need to install curl 7.73 to run this package)

https://drive.google.com/file/d/1FbcwS1keRbT2L4hFMBX51tTvCWqkp07j/view?usp=sharing

Any reports are welcome.

chiwanpark commented on 2021-01-19 10:59 (UTC)

@je-vv I'm trying to upgrade this package to the 9.1R10 release, but it takes more time than the previous version. In 9.1R10, Pulse Secure client are totally rewritten.

je-vv commented on 2021-01-18 21:08 (UTC)

@chiwanpark and @yan12125, according to https://community.pulsesecure.net/t5/Pulse-Desktop-Clients/Linux-Pulse-Client-does-not-work-with-curl-7-74/m-p/44599/highlight/true#M2249, latest version of 9.1R10 should have fixed the curl issue, and then curl-pulse-secure wouldn't be needed... Can you please upgrade?

bakgwailo commented on 2021-01-15 20:35 (UTC) (edited on 2021-01-15 20:44 (UTC) by bakgwailo)

@andrea.denisse @hedin504

edit: nevermind, fixed the segfault by installing the curl-pulse-secure AUR package.

microdou commented on 2021-01-11 13:41 (UTC)

Using curl-pulse-secure is the best solution. Don't use soft link!

JL55 commented on 2021-01-10 06:56 (UTC)

Can confirm the workaround @bidulock suggested works: Copy the libcurl.so.4.7.0 (and the soft links libcurl.so.4 and libcurl.so) of package curl-7.73.0-1 to /usr/local/pulse/ solved the segmentation fault issue.

For the icu problem, I installed the latest webkitgtk binary package (https://aur.archlinux.org/packages/webkitgtk/#pinned-690142) and everything works.

bidulock commented on 2021-01-06 08:30 (UTC)

I added package curl-pulse-secure to the AUR that installs binary libcurl library from curl 7.73.0-1 into /usr/local/pulse. Using this package will get rid of core dumps. Might add it to depends until curl or pulse is fixed.

bidulock commented on 2021-01-06 08:02 (UTC)

@SJrX pulseUi is already executed with a LD_LIBRARY_PATH. It is sufficient to copy libcurl.so.4.7.0 from curl-7.73.0-1 to /usr/local/pulse Then you can have a fully up to date system. But thanks for the approach!

hedin504 commented on 2021-01-06 07:58 (UTC) (edited on 2021-01-06 07:59 (UTC) by hedin504)

@andrea.denisse I have the same problem

denisse commented on 2021-01-06 00:21 (UTC)

I tried this package and compiled webkitgtk, when I try to execute pulseUi I get a segmentation fault (core dumped) pulseUi error.

Is anyone else experiencing this problem?

je-vv commented on 2021-01-04 22:16 (UTC)

BTW @SJrX, I just tried with my laptop totally up to date, both from official repos and AUR, and everything worked out just fine, no need to rebuild webkitgtk. The last change on webkitgtk (https://aur.archlinux.org/cgit/aur.git/log/?h=webkitgtk "Patching for build with icu 68.2") was precisely about adding a "68.2" icu patch. Not sure, if from 10 days ago to Today, some libs might have changed preventing webkitgkt to build again, but around those 10 days ago, building it had no issues. Perhaps you could try the binary as well.

I'll be posting something about migrating to webkit2gtk on the pulse-secure forums, but it seems no devs pay attention to that. I have no clue why on earth pulse-secure still depends on webkit1 for webui support... I'll also be posting about how to accomplish webui MFA from the command line, to see if the users have gotten that solved, and stop using obsolete webkitgtk...

je-vv commented on 2021-01-04 21:31 (UTC)

@SJrX, I see, I haven't had to rebuild webkitgtk since its last rebuilt needed like a week and a couple of days more ago. I'll just try it again. But your backporting solutions looks fine to me. Actually at least the curl one seems like a good temporal work around that could be implemented in this same pulse-secure package, while upstream fixes the curl issue.

SJrX commented on 2021-01-04 21:26 (UTC) (edited on 2021-01-04 21:27 (UTC) by SJrX)

@je-vv at the moment, webkitgtk can't be rebuilt is my understanding, and my thing failed today. I didn't try with webkitgtk-bin.

I can't speak to anything about changing the internal package, I am doing a hack just to work around the issue. If people more knowledgable than me want to use it, then all the better :)

je-vv commented on 2021-01-04 21:23 (UTC) (edited on 2021-01-04 21:27 (UTC) by je-vv)

@SJrX, according to the pinned messages, on both pulse-secure and webkitgtk, the icu version change, only requires webkitgtk to rebuild, no need to backport icu, or revert it. Tough I agree rebuilding takes a huge amount of time. I'd love to stop needing the pulse-secure GUI just for MFA. The curl issue though, does require wether backporting or reverting curl. BTW, I like your backporting solution, and I'm wondering if that could be incorporated temporally (while there's no new pulse-secure version with the fix to work with newest curl), into the pulse-secure AUR package itself, not as a directory in $HOME, but rather being part of "/usr/local/pulse". Notice /usr/bin/pulseUi wouldn't need any modification, since it already modifies LD_LIBRARY_PATH accordingly, but /usr/bin/pulsesvc might need to be moved to "/usr/local/pulse", and a bash or shell wrapper (/usr/bin/pulsesvc_wrapper) is needed around it, changing LD_LIBRARY_PATH in it.

Perhaps @yan12125 or @chiwanpark can take a look. But at any rate, for the curl issue, I'd recommend users to push to the pulse-secure company, since they are the ones to finally fix the issue.

Moreover, if the company (upstream) is also pushed to use webkit2gtk, rather than the old obsolete and insecure webkitgtk, that would be much better...

SJrX commented on 2021-01-04 20:48 (UTC)

So I had two issues that prevented this from working today. The first is that icu (https://archlinux.org/packages/core/x86_64/icu/) has been upgraded, the second is the curl issues with 7.74, in previous comments.

icu and especially curl have lots of dependencies so it didn't seem smart to downgrade them. What I did was I found the previous archives, and unzipped them somewhere, then used LD_LIBRARY_PATH to use the old versions. You can get the old versions from the Arch Linux Archive, here are some examples.

mkdir -p ~/old_versions cd ~/old_versions wget https://archive.archlinux.org/packages/c/curl/curl-7.73.0-1-x86_64.pkg.tar.zst wget https://archive.archlinux.org/packages/i/icu/icu-67.1-1-x86_64.pkg.tar.zst

At this point you should validate the signatures for the packages.

Then unarchive them: tar -I zstd -xvf curl-7.73.0-1-x86_64.pkg.tar.zst tar -I zstd -xvf icu-67.1-1-x86_64.pkg.tar.zst

Then export LD_LIBRARY_PATH=/home/<username>/old_versions/usr/lib/:$LD_LIBRARY_PATH

then ran pulseUi and it worked.

CC @je-vv

je-vv commented on 2021-01-04 17:53 (UTC)

@Hubro, I see your comment on https://aur.archlinux.org/packages/webkitgtk/#comment-784272, however, strangely enough, it built for me, with its latest change ~10 days ago... I do prefer building it, but have you tried using the binary AUR package (https://aur.archlinux.org/packages/webkitgtk-bin)? That might prevent building issues I'd guess..

I do have to use webkitgtk, since I have no clue how to use pulse-secure with MFA on the command line, and that's a must where I work unfortunately, :( However if you don't use the multi factor authentication, and use an OTP instead, or similar non multi factor auth, then you can get away with using the pulse-secure command line. I used it for several years, without even having webkitgtk installed... An usage example:

pulsesvc -h ${GATEWAY} -u ${USER} -p ${OATH_PIN_PASS} -r "OATH Passcode"

But it all depends on what the org needing you to use this privative SW requires...

« First ‹ Previous 1 2 3 4 5 6 Next › Last »