From b07818282261bd0c05c984a4f0f2c51fba957259 Mon Sep 17 00:00:00 2001
From: Jakob Meier <comcloudway@ccw.icu>
Date: Mon, 16 Oct 2023 18:03:21 +0200
Subject: [PATCH] testing/openconnect-gnutls: new aport

openconnect build against gnutls instead of openssl
---
 testing/openconnect-gnutls/APKBUILD           | 64 ++++++++++++++
 testing/openconnect-gnutls/fix_gnutls.patch   | 11 +++
 testing/openconnect-gnutls/openconnect.confd  | 26 ++++++
 testing/openconnect-gnutls/openconnect.initd  | 88 +++++++++++++++++++
 .../openconnect-gnutls/openconnect.logrotate  |  7 ++
 5 files changed, 196 insertions(+)
 create mode 100644 testing/openconnect-gnutls/APKBUILD
 create mode 100644 testing/openconnect-gnutls/fix_gnutls.patch
 create mode 100644 testing/openconnect-gnutls/openconnect.confd
 create mode 100644 testing/openconnect-gnutls/openconnect.initd
 create mode 100644 testing/openconnect-gnutls/openconnect.logrotate

diff --git a/testing/openconnect-gnutls/APKBUILD b/testing/openconnect-gnutls/APKBUILD
new file mode 100644
index 0000000..296e72e
--- /dev/null
+++ b/testing/openconnect-gnutls/APKBUILD
@@ -0,0 +1,64 @@
+# Maintainer: Jakob Meier <comcloudway@ccw.icu>
+# Contributor: Myautsai PAN <myautsai@gmail.com>
+# Contributor: Francesco Colista <fcolista@alpinelinux.org>
+pkgname=openconnect-gnutls
+provides=openconnect
+_pkgname=openconnect
+pkgver=9.12
+pkgrel=1
+pkgdesc="Open client for Cisco AnyConnect VPN"
+url="https://www.infradead.org/openconnect/"
+arch="all"
+license="LGPL-2.1-or-later"
+depends="vpnc iproute2"
+makedepends="autoconf automake intltool openssl-dev libxml2-dev
+	krb5-dev lz4-dev libproxy-dev linux-headers stoken-dev
+	pcsc-lite-dev oath-toolkit-dev python3-dev gnutls-dev"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-openrc $pkgname-bash-completion"
+source="https://www.infradead.org/openconnect/download/openconnect-$pkgver.tar.gz
+
+	fix_gnutls.patch
+
+	$_pkgname.initd
+	$_pkgname.confd
+	$_pkgname.logrotate
+	"
+options="!check" # fail with new openssl
+builddir="$srcdir/$_pkgname-$pkgver"
+
+build() {
+		#--with-openssl \
+	./configure \
+		--prefix=/usr \
+		--sbindir=/usr/bin \
+		--disable-static \
+		--disable-rpath \
+		--with-stoken \
+		--with-vpnc-script=/etc/vpnc/vpnc-script \
+		--disable-nls
+	make
+}
+
+check() {
+	make check || {
+		cat tests/test-suite.log
+		return 1
+	}
+}
+
+package() {
+	make DESTDIR="$pkgdir" install
+	install -Dm755 "$srcdir"/$_pkgname.initd "$pkgdir"/etc/init.d/$_pkgname
+	install -Dm644 "$srcdir"/$_pkgname.confd "$pkgdir"/etc/conf.d/$_pkgname
+	install -Dm644 "$srcdir"/$_pkgname.logrotate "$pkgdir"/etc/logrotate.d/$_pkgname
+	mkdir -p "$pkgdir"/var/log/openconnect
+	mkdir -p "$pkgdir"/etc/openconnect
+}
+
+sha512sums="
+5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e  openconnect-9.12.tar.gz
+a8ca0c5ffe07af2a3e6acd8170daf2078bbb177815c828c1bc141a46d656572f1ae4d03491bf75a657bb5fe5256ba3f4f4bf8d9b8ff0b9846de29365abd7003e  fix_gnutls.patch
+994a8100ef0618e22c5aa6c6ac517632ad16fd58f41abda8379f5cdca8a1ffd6eff5a4cc2d6464db60bf6cc3df1237696cbe055cf83b4c0ccfe77042baa7b1e2  openconnect.initd
+a689df7141621c80bca77fdd1e01397b98882c7fd8db79b2fe1495916656522234e3af739538002533c003e4243e9af4bf80cd73bae961e15568997ce89ef6d5  openconnect.confd
+3b269eb7f469343d48e6e3aa694c5c051811c217217bebf2e74d051cbacf2b57ba926ea69474d30937067f45100863188f719db3fa1bcb4862ddbf446bdd48d2  openconnect.logrotate
+"
diff --git a/testing/openconnect-gnutls/fix_gnutls.patch b/testing/openconnect-gnutls/fix_gnutls.patch
new file mode 100644
index 0000000..6a91a91
--- /dev/null
+++ b/testing/openconnect-gnutls/fix_gnutls.patch
@@ -0,0 +1,11 @@
+--- a/gnutls-dtls.c
++++ b/gnutls-dtls.c
+@@ -410,7 +410,7 @@
+ 	gnutls_session_t dtls_ssl;
+ 	int err, ret;
+ 
+-	err = gnutls_init(&dtls_ssl, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK|GNUTLS_NO_EXTENSIONS);
++	err = gnutls_init(&dtls_ssl, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK|GNUTLS_EXT_NONE);
+ 	if (err) {
+ 		vpn_progress(vpninfo, PRG_ERR,
+ 			     _("Failed to initialize DTLS: %s\n"),
diff --git a/testing/openconnect-gnutls/openconnect.confd b/testing/openconnect-gnutls/openconnect.confd
new file mode 100644
index 0000000..53b14e6
--- /dev/null
+++ b/testing/openconnect-gnutls/openconnect.confd
@@ -0,0 +1,26 @@
+# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel:
+#
+# server_vpnname
+# password_vpnname
+# vpnopts_vpnname
+#
+# The tunnel will need to be started with a symbolic link to openconnect:
+#
+# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname
+#
+# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you
+# need to create executable scripts in a directory with the same name as
+# the vpn tunnel (vpn0 can be replaced with the vpn name):
+#
+# mkdir /etc/openconnect/vpn0
+# cd /etc/openconnect/vpn0"
+# echo '#!/bin/sh' > preup.sh"
+# cp preup.sh predown.sh"
+# cp preup.sh postup.sh"
+# cp preup.sh postdown.sh"
+# chmod 755 /etc/openconnect/vpn0/*"
+
+server_vpn0="vpn.server.tld"
+password_vpn0="YOUR_PASSWORD"
+# Any OPENCONNECT options my go here (see openconnect --help)
+vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME --script=/etc/openconnect/openconnect.sh"
diff --git a/testing/openconnect-gnutls/openconnect.initd b/testing/openconnect-gnutls/openconnect.initd
new file mode 100644
index 0000000..3ff0b25
--- /dev/null
+++ b/testing/openconnect-gnutls/openconnect.initd
@@ -0,0 +1,88 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPN="${RC_SVCNAME#*.}"
+VPNDIR="/etc/openconnect/${VPN}"
+VPNLOG="/var/log/openconnect/${VPN}"
+VPNLOGFILE="${VPNLOG}/openconnect.log"
+VPNERRFILE="${VPNLOG}/openconnect.err"
+
+command="/usr/bin/openconnect"
+name="OpenConnect: ${VPN}"
+pidfile="/run/openconnect/${VPN}.pid"
+stopsig="SIGINT"
+
+depend() {
+	before netmount
+}
+
+checkconfig() {
+	if [ $VPN = "openconnect" ]; then
+		eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
+		eerror
+		eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
+		eerror
+		eerror "And then call it instead:"
+		eerror
+		eerror "/etc/init.d/openconnect.vpn0 start"
+		return 1
+	fi
+}
+
+checktuntap() {
+	if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
+		if ! modprobe tun ; then
+			eerror "TUN/TAP support is not available in this kernel"
+			return 1
+		fi
+	fi
+}
+
+run_hook() {
+	if [ -x "$1" ]; then
+		"$@"
+	fi
+}
+
+start_pre() {
+	checkconfig || return
+	checktuntap || return
+	checkpath -d "${VPNLOG}" || return
+	checkpath -d /run/openconnect || return
+	run_hook "${VPNDIR}/preup.sh"
+}
+
+start() {
+	local server vpnopts password
+	eval server=\$server_${VPN}
+	eval vpnopts=\$vpnopts_${VPN}
+	eval password=\$password_${VPN}
+
+	ebegin "Starting ${name}"
+	start-stop-daemon --start --exec "${command}" -- \
+		--background \
+		--interface="${VPN}" \
+		--pid-file="${pidfile}" \
+		${vpnopts} \
+		"${server}" \
+		>> "${VPNLOGFILE}" \
+		2>> "${VPNERRFILE}" \
+		<<EOF
+${password}
+EOF
+	eend $?
+}
+
+start_post() {
+	run_hook "${VPNDIR}/postup.sh"
+}
+
+stop_pre() {
+	checkconfig || return
+	run_hook "${VPNDIR}/predown.sh"
+}
+
+stop_post() {
+	run_hook "${VPNDIR}/postdown.sh"
+}
diff --git a/testing/openconnect-gnutls/openconnect.logrotate b/testing/openconnect-gnutls/openconnect.logrotate
new file mode 100644
index 0000000..541c0a4
--- /dev/null
+++ b/testing/openconnect-gnutls/openconnect.logrotate
@@ -0,0 +1,7 @@
+# openconnect logrotate for Alpine Linux
+#
+/var/log/openconnect/*/* {
+  missingok
+  size 5M
+  notifempty
+}
-- 
2.38.5