dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-07 09:02:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Redesign home page

Browse Source
This commit is contained in:
Dave Gallant
2024-01-07 22:42:41 -05:00
parent 6a405662e9
commit fad71f3265
31 changed files with 28 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
content/blog/appgate-sdp-on-arch-linux/index.md Normal file
View File

@@ -0,0 +1,155 @@
---
title: "AppGate SDP on Arch Linux"
date: 2020-03-16T22:00:15-04:00
draft: false
comments: true
tags: ['linux', 'vpn', 'python']
author: "Dave Gallant"
---
AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP `4.3.2` working on Arch Linux.
<!--more-->
Depending on the AppGate SDP Server that is running, you may require a client that is more recent than the latest package on [AUR](https://aur.archlinux.org/packages/appgate-sdp/).
As of right now, the latest AUR is `4.2.2-1`.
These steps highlight how to get it working with `Python3.8` by making a 1 line modification to AppGate source code.
# Packaging
We already know the community package is currently out of date, so let's clone it:
```shell
git clone https://aur.archlinux.org/appgate-sdp.git
cd appgate-sdp
```
You'll likely notice that the version is not what we want, so let's modify the `PKGBUILD` to the following:
```shell
# Maintainer: Pawel Mosakowski <pawel at mosakowski dot net>
pkgname=appgate-sdp
conflicts=('appgate-sdp-headless')
pkgver=4.3.2
_download_pkgver=4.3
pkgrel=1
epoch=
pkgdesc="Software Defined Perimeter - GUI client"
arch=('x86_64')
url="https://www.cyxtera.com/essential-defense/appgate-sdp/support"
license=('custom')
# dependecies calculated by namcap
depends=('gconf' 'libsecret' 'gtk3' 'python' 'nss' 'libxss' 'nodejs' 'dnsmasq')
source=("https://sdpdownloads.cyxtera.com/AppGate-SDP-${_download_pkgver}/clients/${pkgname}_${pkgver}_amd64.deb"
"appgatedriver.service")
options=(staticlibs)
prepare() {
tar -xf data.tar.xz
}
package() {
cp -dpr "${srcdir}"/{etc,lib,opt,usr} "${pkgdir}"
mv -v "$pkgdir/lib/systemd/system" "$pkgdir/usr/lib/systemd/"
rm -vrf "$pkgdir/lib"
cp -v "$srcdir/appgatedriver.service" "$pkgdir/usr/lib/systemd/system/appgatedriver.service"
mkdir -vp "$pkgdir/usr/share/licenses/appgate-sdp"
cp -v "$pkgdir/usr/share/doc/appgate/copyright" "$pkgdir/usr/share/licenses/appgate-sdp"
cp -v "$pkgdir/usr/share/doc/appgate/LICENSE.github" "$pkgdir/usr/share/licenses/appgate-sdp"
cp -v "$pkgdir/usr/share/doc/appgate/LICENSES.chromium.html.bz2" "$pkgdir/usr/share/licenses/appgate-sdp"
}
md5sums=('17101aac7623c06d5fbb95f50cf3dbdc'
'002644116e20b2d79fdb36b7677ab4cf')
```
Let's first make sure we have some dependencies. If you do not have [yay](https://github.com/Jguer/yay), check it out.
```shell
yay -S dnsmasq gconf
```
Now, let's install it:
```shell
makepkg -si
```
# Running the client
Ok, let's run the client by executing `appgate`.
It complains about not being able to connect.
Easy fix:
```shell
sudo systemctl start appgatedriver.service
```
Now we should be connected... but DNS is not working?
# Fixing the DNS
Running `resolvectl` should display that something is not right.
Why is the DNS not being set by appgate?
```shell
$ head -3 /opt/appgate/linux/set_dns
#!/usr/bin/env python3
'''
This is used to set and unset the DNS.
```
It seems like python3 is required for the DNS setting to happen.
Let's try to run it.
```shell
$ sudo /opt/appgate/linux/set_dns
/opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="?
servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
Traceback (most recent call last):
File "/opt/appgate/linux/set_dns", line 30, in <module>
import dbus
ModuleNotFoundError: No module named 'dbus'
```
Ok, let's install it:
```shell
$ sudo python3.8 -m pip install dbus-python
```
Will it work now? Not yet. There's another issue:
```shell
$ sudo /opt/appgate/linux/set_dns
/opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="?
servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
module 'platform' has no attribute 'linux_distribution'
```
This is a breaking change in Python3.8.
So what is calling `platform.linux_distribution`?
Let's search for it:
```shell
$ sudo grep -r 'linux_distribution' /opt/appgate/linux/
/opt/appgate/linux/nm.py: if platform.linux_distribution()[0] != 'Fedora':
```
Aha! So this is in the local AppGate source code. This should be an easy fix. Let's just replace this line with:
```python
if True: # Since we are not using Fedora :)
```
# Wrapping up
It turns out there are [breaking changes](https://docs.python.org/3.7/library/platform.html#platform.linux_distribution) in Python3.8.
The docs say `Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.`
I suppose this highlights one of the caveats of relying upon the system's python, rather than having an isolated, dedicated environment for all dependencies.