Gpclient for PureOS

On my beloved FreeBSD I compile a port security/globalprotect-openconnect which builds and installs:

openconnect-9.12.pkg
globalprotect-openconnect-1.4.9_1.pkg

and then I run from cmd line gpclient which connects me with the Paloalto GlobalProtect VPN and gives me full access to my company network. See also the attached GUI.

On the L5 I installed

sudo apt install openconnect
sudo apt install gp-saml-gui

gp-saml-gui  (asks for credentials)

but ends without creating a VPN tunnel. How could I get gpclient?

I don’t know, have not tried, but maybe one or both of these packages could help:

network-manager-openconnect
network-manager-openconnect-gnome

I cloned the sourced for the client from

Its README says about installing:

Installation

Debian/Ubuntu based distributions

Install from PPA (Ubuntu 18.04 and later, except 24.04)

sudo apt-get install gir1.2-gtk-3.0 gir1.2-webkit2-4.0
sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
sudo apt-get update
sudo apt-get install globalprotect-openconnect

but we do not have `

add-apt-repository

How could I add this ppa repository?

Install software-properties-common first:

sudo apt install software-properties-common

Then you can use the apt-add-repository command after.

Thanks. But this raises another issue with GnuPG:

purism@pureos:~/guru$ sudo GNUPGHOME=/home/purism/.gnupg add-apt-repository ppa:yuezk/globalprotect-openconnect
 A GlobalProtect VPN client (GUI) for Linux, based on OpenConnect and Tauri, supports SSO authentication mode.
 More info: https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keybox '/tmp/tmplb0silfh/pubring.gpg' created
gpg: /tmp/tmplb0silfh/trustdb.gpg: trustdb created
gpg: key 53FC26B43838D761: public key "Launchpad PPA for Kevin Yue" imported
gpg: Total number processed: 1
gpg:               imported: 1
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
gpg: no valid OpenPGP data found.

Why it tries to create a temp. trustdb.gpg while my GnuPG env is fine:

purism@pureos:~/guru$ ls -l /home/purism/.gnupg/trustdb.gpg 
-rw------- 1 purism purism 1440 May 12 12:36 /home/purism/.gnupg/trustdb.gpg

purism@pureos:~/guru$ pass test
secret

Not sure, but there are alternative instructions in the README.md:

purism@pureos:~$ sudo apt install --fix-broken globalprotect-openconnect_*.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package globalprotect-openconnect_2.3.3-1_amd64.deb
E: Unable to locate package globalprotect-openconnect_2.3.3-1_arm64.deb

Did you download the packaged Debian binary from the GitHub releases page to $HOME?

https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v2.3.3/globalprotect-openconnect_2.3.3-1_arm64.deb

Yes, I did so. I watch, being root, the command with:

strace -f -o apt.tr apt install --fix-broken locate package globalprotect-openconnect_2.3.3-1_arm64.deb

In the file apt.tr is shown, that it does not look for the file locally:

$ grep global apt.tr
14328 execve("/usr/bin/apt", ["apt", "install", "--fix-broken", "globalprotect-openconnect"], 0xffffc4ab1080 /* 13 vars */) = 0
14328 write(2, "Unable to locate package globalp"..., 50) = 50

Okay, create another GitHub issue and wait until @yuezk responds to it.

Running the above command, a part of the warning, results in an empty keyring file

purism@pureos:~$ ls -l /etc/apt/trusted.gpg.d/
...
-rw-r--r-- 1 root root 2332 Mar 18  2023 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root 2252 Jun 23  2023 pureos-archive-keyring.gpg
-rw-r--r-- 1 root root    0 Jun 23 11:37 yuezk_ubuntu_globalprotect-openconnect.gpg

I fetched the key from the autor and loaded it by hand:

purism@pureos:~$ sudo apt-key --keyring /etc/apt/trusted.gpg.d/yuezk_ubuntu_globalprotect-openconnect.gpg add publicKeyGlobalProtect
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
purism@pureos:~$ sudo apt-key --keyring /etc/apt/trusted.gpg.d/yuezk_ubuntu_globalprotect-openconnect.gpg list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg.d/yuezk_ubuntu_globalprotect-openconnect.gpg
-----------------------------------------------------------------
pub   rsa4096 2020-06-07 [SC]
      7937 C393 0829 92E5 D6E4  A604 53FC 26B4 3838 D761
uid           [ unknown] Launchpad PPA for Kevin Yue


purism@pureos:~$  sudo apt-get update
Get:1 http://ppa.launchpad.net/yuezk/globalprotect-openconnect/ubuntu oracular InRelease [17.9 kB]
Get:2 https://repo.pureos.net/pureos byzantium InRelease [9,641 B]
Get:3 https://repo.pureos.net/pureos byzantium-updates InRelease [9,649 B]
Get:4 https://repo.pureos.net/pureos byzantium-security InRelease [9,650 B]
Fetched 46.8 kB in 4s (11.9 kB/s)
Reading package lists... Done

purism@pureos:~$ sudo apt-get install globalprotect-openconnect
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package globalprotect-openconnect

Change the codename to focal and see if it works. Additionally, the personal package archive is connecting with HTTP, so upgrading it to HTTPS may resolve your issue.

Assuming, that you wanted me to change the following file:

purism@pureos:~$ cat /etc/apt/sources.list.d/yuezk-ubuntu-globalprotect-openconnect-oracular.list
deb http://ppa.launchpad.net/yuezk/globalprotect-openconnect/ubuntu focal main
# deb-src http://ppa.launchpad.net/yuezk/globalprotect-openconnect/ubuntu oracular main

this gives now:

purism@pureos:~$ sudo apt-get update
Hit:1 http://ppa.launchpad.net/yuezk/globalprotect-openconnect/ubuntu focal InRelease
Get:2 https://repo.pureos.net/pureos byzantium InRelease [9,641 B]
Get:3 https://repo.pureos.net/pureos byzantium-updates InRelease [9,649 B]
Get:4 https://repo.pureos.net/pureos byzantium-security InRelease [9,650 B]
Fetched 28.9 kB in 2s (13.4 kB/s)
Reading package lists... Done
purism@pureos:~$ sudo apt-get install globalprotect-openconnect
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libopenconnect5 : Depends: libhogweed5 but it is not installable
E: Unable to correct problems, you have held broken packages.

The HTTP ./. HTTPS I tested already. Does not work either.

Okay, try adding byzantium-updates-proposed as another source.

How do I do this exactly? If I look into /etc/apt/source.list I don’t know the exact line.

sudo apt edit-sources
1

Then copy and paste this new line of code:

deb https://repo.pureos.net/pureos byzantium-updates-proposed main

Save your changes, exit GNU Nano, then try updating apt again.

purism@pureos:~$ sudo apt edit-sources
[sudo] password for purism:
Your '/etc/apt/sources.list' file changed, please run 'apt-get update'.
purism@pureos:~$ sudo apt-get update
Get:1 https://repo.pureos.net/pureos byzantium InRelease [9,641 B]
Get:2 https://repo.pureos.net/pureos byzantium-updates InRelease [9,649 B]
Get:3 https://repo.pureos.net/pureos byzantium-security InRelease [9,650 B]
Get:4 https://repo.pureos.net/pureos byzantium-updates-proposed InRelease [4,742 B]
Ign:5 https://repo.pureos.net/pureos byzantium/main Translation-en
Get:5 https://repo.pureos.net/pureos byzantium/main Translation-en [5,685 kB]
Get:6 https://repo.pureos.net/pureos byzantium-updates-proposed/main all Packages [5,040 B]
Get:7 https://repo.pureos.net/pureos byzantium-updates-proposed/main arm64 Packages [10.9 kB]
Ign:8 https://repo.pureos.net/pureos byzantium-updates-proposed/main Translation-en
Get:8 https://repo.pureos.net/pureos byzantium-updates-proposed/main Translation-en [9,752 B]
Fetched 5,744 kB in 7s (846 kB/s)
Reading package lists... Done
purism@pureos:~$ sudo apt-get install globalprotect-openconnect
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package globalprotect-openconnect


purism@pureos:~$ sudo apt search globalprotect
Sorting... Done
Full Text Search... Done
gp-saml-gui/byzantium 0.0~git20201229-2 all
  login to a GlobalProtect VPN that uses SAML authentication

libopenconnect-dev/byzantium 8.10-2+b1 arm64
  open client for Cisco AnyConnect, Pulse, GlobalProtect VPN - development files

libopenconnect5/byzantium 8.10-2+b1 arm64
  open client for Cisco AnyConnect, Pulse, GlobalProtect VPN - shared library

network-manager-openconnect/byzantium 1.2.6-1 arm64
  network management framework (OpenConnect plugin core)

openconnect/byzantium 8.10-2+b1 arm64
  open client for Cisco AnyConnect, Pulse, GlobalProtect VPN

I think, I will give up on installing gpclient

Btw: This is the first time that I see that FreeBSD can install something (note: I say “install” and not wading through complex make procedures) which Debian can’t

I notice these instructions are different from the official documentation:

Download and Install the GlobalProtect App for Linux

Could you use this instead?

https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-user-guide/globalprotect-app-for-linux/download-and-install-the-globalprotect-app-for-linux

Download the GlobalProtect app for Linux.

1. Log in to the Customer Support Portal. After you enter your username and password credentials, you are authenticated and you are logged in to the support site. …

which requires a device and a sales number. Game Over

As FreeBSD is able to compile gpclient from source, I will try it as well on the L5. Details see/follow here: