dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-06 08:43:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
210a55934d7f8b691d591fc535f14857d0431ad6
site/public/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html

256 lines
20 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html><head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge"><title>AppGate SDP on Arch Linux - davegallant</title><link rel="icon" type="image/png" href=https://davegallant.ca/favicon.ico /><meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux." />
<meta property="og:image" content=""/>
<meta property="og:title" content="AppGate SDP on Arch Linux" />
<meta property="og:description" content="AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux." />
<meta property="og:type" content="article" />
<meta property="og:url" content="/blog/2020/03/16/appgate-sdp-on-arch-linux/" /><meta property="article:section" content="post" />
<meta property="article:published_time" content="2020-03-16T22:00:15-04:00" />
<meta property="article:modified_time" content="2020-03-16T22:00:15-04:00" />
<meta name="twitter:card" content="summary"/>
<meta name="twitter:title" content="AppGate SDP on Arch Linux"/>
<meta name="twitter:description" content="AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux."/>
<script src="https://cdn.jsdelivr.net/npm/feather-icons/dist/feather.min.js"></script>
<link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:ital,wght@1,500&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Fira+Sans&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Roboto+Mono" rel="stylesheet">
<link rel="stylesheet" type="text/css" media="screen" href="/css/main.b62676bff4820110a8d277865623140415878fe61d482b3d5dee841dfd5553b8.css" />
<link id="darkModeStyle" rel="stylesheet" type="text/css" href="/css/dark.885c118c37fd8d649bb670e65fcdf4e2b1a882335fbd1909c02eb749371db510.css" disabled />
<script type="text/javascript"
src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
</script>
<script type="text/x-mathjax-config">
MathJax.Hub.Config({
tex2jax: {
inlineMath: [['$','$'], ['\\(','\\)']],
displayMath: [['$$','$$'], ['\[','\]']],
processEscapes: true,
processEnvironments: true,
skipTags: ['script', 'noscript', 'style', 'textarea', 'pre'],
TeX: { equationNumbers: { autoNumber: "AMS" },
extensions: ["AMSmath.js", "AMSsymbols.js"] }
}
});
</script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.css">
<script defer src="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.js"></script>
<script defer src="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/contrib/auto-render.min.js" onload="renderMathInElement(document.body);"></script>
<script>
document.addEventListener("DOMContentLoaded", function() {
renderMathInElement(document.body, {
delimiters: [
{left: "$$", right: "$$", display: true},
{left: "$", right: "$", display: false}
]
});
});
</script>
<link rel="stylesheet" type="text/css" href="/css/custom.2e59ff60a2d9c7e42e3c1af2aff0ba627da46f910a234867e98d178eb05c87dc.css">
</head>
<body>
<div class="content"><header>
<div class="main">
<a href="/">davegallant</a>
</div>
<nav>
<a href="/">Home</a>
<a href="/post">All posts</a>
<a href="/about">About</a>
<a href="/tags">Tags</a>
| <span id="dark-mode-toggle" onclick="toggleTheme()"></span>
<script src="/js/themetoggle.js"></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">AppGate SDP on Arch Linux</h1>
<div class="meta">Posted on Mar 16, 2020</div>
</div>
<section class="body"><p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p>
<p>Depending on the AppGate SDP Server that is running, you may require a client that is more recent than the latest package on <a href="https://aur.archlinux.org/packages/appgate-sdp/">AUR</a>.
As of right now, the latest AUR is <code>4.2.2-1</code>.</p>
<p>These steps highlight how to get it working with <code>Python3.8</code> by making a 1 line modification to AppGate source code.</p>
<h1 id="packaging">Packaging</h1>
<p>We already know the community package is currently out of date, so let&rsquo;s clone it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>git clone https://aur.archlinux.org/appgate-sdp.git
</span></span><span style="display:flex;"><span>cd appgate-sdp
</span></span></code></pre></div><p>You&rsquo;ll likely notice that the version is not what we want, so let&rsquo;s modify the <code>PKGBUILD</code> to the following:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#75715e"># Maintainer: Pawel Mosakowski &lt;pawel at mosakowski dot net&gt;</span>
</span></span><span style="display:flex;"><span>pkgname<span style="color:#f92672">=</span>appgate-sdp
</span></span><span style="display:flex;"><span>conflicts<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;appgate-sdp-headless&#39;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>pkgver<span style="color:#f92672">=</span>4.3.2
</span></span><span style="display:flex;"><span>_download_pkgver<span style="color:#f92672">=</span>4.3
</span></span><span style="display:flex;"><span>pkgrel<span style="color:#f92672">=</span><span style="color:#ae81ff">1</span>
</span></span><span style="display:flex;"><span>epoch<span style="color:#f92672">=</span>
</span></span><span style="display:flex;"><span>pkgdesc<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;Software Defined Perimeter - GUI client&#34;</span>
</span></span><span style="display:flex;"><span>arch<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;x86_64&#39;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>url<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;https://www.cyxtera.com/essential-defense/appgate-sdp/support&#34;</span>
</span></span><span style="display:flex;"><span>license<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;custom&#39;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span><span style="color:#75715e"># dependecies calculated by namcap</span>
</span></span><span style="display:flex;"><span>depends<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;gconf&#39;</span> <span style="color:#e6db74">&#39;libsecret&#39;</span> <span style="color:#e6db74">&#39;gtk3&#39;</span> <span style="color:#e6db74">&#39;python&#39;</span> <span style="color:#e6db74">&#39;nss&#39;</span> <span style="color:#e6db74">&#39;libxss&#39;</span> <span style="color:#e6db74">&#39;nodejs&#39;</span> <span style="color:#e6db74">&#39;dnsmasq&#39;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>source<span style="color:#f92672">=(</span><span style="color:#e6db74">&#34;https://sdpdownloads.cyxtera.com/AppGate-SDP-</span><span style="color:#e6db74">${</span>_download_pkgver<span style="color:#e6db74">}</span><span style="color:#e6db74">/clients/</span><span style="color:#e6db74">${</span>pkgname<span style="color:#e6db74">}</span><span style="color:#e6db74">_</span><span style="color:#e6db74">${</span>pkgver<span style="color:#e6db74">}</span><span style="color:#e6db74">_amd64.deb&#34;</span>
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;appgatedriver.service&#34;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>options<span style="color:#f92672">=(</span>staticlibs<span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>prepare<span style="color:#f92672">()</span> <span style="color:#f92672">{</span>
</span></span><span style="display:flex;"><span> tar -xf data.tar.xz
</span></span><span style="display:flex;"><span><span style="color:#f92672">}</span>
</span></span><span style="display:flex;"><span>package<span style="color:#f92672">()</span> <span style="color:#f92672">{</span>
</span></span><span style="display:flex;"><span> cp -dpr <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>srcdir<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span>/<span style="color:#f92672">{</span>etc,lib,opt,usr<span style="color:#f92672">}</span> <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>pkgdir<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span>
</span></span><span style="display:flex;"><span> mv -v <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/lib/systemd/system&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/lib/systemd/&#34;</span>
</span></span><span style="display:flex;"><span> rm -vrf <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/lib&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#e6db74">&#34;</span>$srcdir<span style="color:#e6db74">/appgatedriver.service&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/lib/systemd/system/appgatedriver.service&#34;</span>
</span></span><span style="display:flex;"><span> mkdir -vp <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/doc/appgate/copyright&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/doc/appgate/LICENSE.github&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/doc/appgate/LICENSES.chromium.html.bz2&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">}</span>
</span></span><span style="display:flex;"><span>md5sums<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;17101aac7623c06d5fbb95f50cf3dbdc&#39;</span>
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;002644116e20b2d79fdb36b7677ab4cf&#39;</span><span style="color:#f92672">)</span>
</span></span></code></pre></div><p>Let&rsquo;s first make sure we have some dependencies. If you do not have <a href="https://github.com/Jguer/yay">yay</a>, check it out.</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>yay -S dnsmasq gconf
</span></span></code></pre></div><p>Now, let&rsquo;s install it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>makepkg -si
</span></span></code></pre></div><h1 id="running-the-client">Running the client</h1>
<p>Ok, let&rsquo;s run the client by executing <code>appgate</code>.</p>
<p>It complains about not being able to connect.</p>
<p>Easy fix:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>sudo systemctl start appgatedriver.service
</span></span></code></pre></div><p>Now we should be connected&hellip; but DNS is not working?</p>
<h1 id="fixing-the-dns">Fixing the DNS</h1>
<p>Running <code>resolvectl</code> should display that something is not right.</p>
<p>Why is the DNS not being set by appgate?</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ head -3 /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span><span style="color:#75715e">#!/usr/bin/env python3</span>
</span></span><span style="display:flex;"><span><span style="color:#e6db74">&#39;&#39;</span><span style="color:#960050;background-color:#1e0010">&#39;</span>
</span></span><span style="display:flex;"><span>This is used to set and unset the DNS.
</span></span></code></pre></div><p>It seems like python3 is required for the DNS setting to happen.
Let&rsquo;s try to run it.</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span>/opt/appgate/linux/set_dns:88: SyntaxWarning: <span style="color:#e6db74">&#34;is&#34;</span> with a literal. Did you mean <span style="color:#e6db74">&#34;==&#34;</span>?
</span></span><span style="display:flex;"><span> servers <span style="color:#f92672">=</span> <span style="color:#f92672">[(</span> socket.AF_INET <span style="color:#66d9ef">if</span> x.version is <span style="color:#ae81ff">4</span> <span style="color:#66d9ef">else</span> socket.AF_INET6, map<span style="color:#f92672">(</span>int, x.packed<span style="color:#f92672">))</span> <span style="color:#66d9ef">for</span> x in servers<span style="color:#f92672">]</span>
</span></span><span style="display:flex;"><span>Traceback <span style="color:#f92672">(</span>most recent call last<span style="color:#f92672">)</span>:
</span></span><span style="display:flex;"><span> File <span style="color:#e6db74">&#34;/opt/appgate/linux/set_dns&#34;</span>, line 30, in &lt;module&gt;
</span></span><span style="display:flex;"><span> import dbus
</span></span><span style="display:flex;"><span>ModuleNotFoundError: No module named <span style="color:#e6db74">&#39;dbus&#39;</span>
</span></span></code></pre></div><p>Ok, let&rsquo;s install it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo python3.8 -m pip install dbus-python
</span></span></code></pre></div><p>Will it work now? Not yet. There&rsquo;s another issue:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span>/opt/appgate/linux/set_dns:88: SyntaxWarning: <span style="color:#e6db74">&#34;is&#34;</span> with a literal. Did you mean <span style="color:#e6db74">&#34;==&#34;</span>?
</span></span><span style="display:flex;"><span> servers <span style="color:#f92672">=</span> <span style="color:#f92672">[(</span> socket.AF_INET <span style="color:#66d9ef">if</span> x.version is <span style="color:#ae81ff">4</span> <span style="color:#66d9ef">else</span> socket.AF_INET6, map<span style="color:#f92672">(</span>int, x.packed<span style="color:#f92672">))</span> <span style="color:#66d9ef">for</span> x in servers<span style="color:#f92672">]</span>
</span></span><span style="display:flex;"><span>module <span style="color:#e6db74">&#39;platform&#39;</span> has no attribute <span style="color:#e6db74">&#39;linux_distribution&#39;</span>
</span></span></code></pre></div><p>This is a breaking change in Python3.8.</p>
<p>So what is calling <code>platform.linux_distribution</code>?</p>
<p>Let&rsquo;s search for it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo grep -r <span style="color:#e6db74">&#39;linux_distribution&#39;</span> /opt/appgate/linux/
</span></span><span style="display:flex;"><span>/opt/appgate/linux/nm.py: <span style="color:#66d9ef">if</span> platform.linux_distribution<span style="color:#f92672">()[</span>0<span style="color:#f92672">]</span> !<span style="color:#f92672">=</span> <span style="color:#e6db74">&#39;Fedora&#39;</span>:
</span></span></code></pre></div><p>Aha! So this is in the local AppGate source code. This should be an easy fix. Let&rsquo;s just replace this line with:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-python" data-lang="python"><span style="display:flex;"><span><span style="color:#66d9ef">if</span> <span style="color:#66d9ef">True</span>: <span style="color:#75715e"># Since we are not using Fedora :)</span>
</span></span></code></pre></div><h1 id="wrapping-up">Wrapping up</h1>
<p>It turns out there are <a href="https://docs.python.org/3.7/library/platform.html#platform.linux_distribution">breaking changes</a> in Python3.8.</p>
<p>The docs say <code>Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.</code></p>
<p>I suppose this highlights one of the caveats of relying upon the system&rsquo;s python, rather than having an isolated, dedicated environment for all dependencies.</p></section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href="/tags/linux">linux</a></li>
<li><a href="/tags/vpn">vpn</a></li>
<li><a href="/tags/python">python</a></li>
</ul>
</nav>
</div>
</article>
</main>
<section id='comments' class='comments'>
<div class='container sep-before'>
<div class='comments'><script>
var getTheme = window.localStorage && window.localStorage.getItem("theme-storage");
getTheme = getTheme == null ? 'light' : getTheme;
let theme = getTheme === 'dark' ? 'github-dark' : 'github-light';
let s = document.createElement('script');
s.src = 'https://utteranc.es/client.js';
s.setAttribute('repo', 'davegallant\/davegallant.github.io');
s.setAttribute('issue-term', 'pathname');
s.setAttribute('theme', theme);
s.setAttribute('crossorigin', 'anonymous');
s.setAttribute('async', '');
document.querySelector('div.comments').innerHTML = '';
document.querySelector('div.comments').appendChild(s);
</script>
</div>
</div>
</section><footer>
<div style="display:flex"><a class="soc" href="https://github.com/davegallant" rel="me" title="GitHub"><i data-feather="github"></i></a>
<a class="border"></a><a class="soc" href="https://twitter.com/davega11ant/" rel="me" title="Twitter"><i data-feather="twitter"></i></a>
<a class="border"></a><a class="soc" href="https://fosstodon.org/@davegallant" rel="me" title="Mastodon"><i data-feather="speaker"></i></a>
<a class="border"></a><a class="soc" href="https://www.linkedin.com/in/dave-gallant/" rel="me" title="LinkedIn"><i data-feather="linkedin"></i></a>
<a class="border"></a></div>
<div class="footer-info">
2023 Dave Gallant | Theme based on <a
href="https://github.com/athul/archie">Archie</a> | Built with <a href="https://gohugo.io">Hugo</a>
</div>
</footer>
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-98710982-2', 'auto');
ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<script>
feather.replace()
</script></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink