OpenConnect 9.01 does not work under Ubuntu 20.04

Wed May 4 10:59:14 PDT 2022

On Wed, 2022-05-04 at 18:30 +0100, David Woodhouse wrote:
> On Wed, 2022-05-04 at 16:51 +0000, Schütz Dominik wrote:
> > 
> > when i install "openconnect_9.01-0+9.1_amd64.deb" from "https://software.opensuse.org/download.html?project=home%3Abluca%3Aopenconnect%3Arelease&;package=openconnect"
> > it doesn't work, see text below:
> 
> Make sure you also install the matching libopenconnect5 package from
> https://download.opensuse.org/repositories/home:/bluca:/openconnect:/release/Ubuntu_20.04/amd64/libopenconnect5_9.01-0+9.1_amd64.deb
> 
> I just did that here, and those builds *don't* have PKSC support.
> 
>  $ openconnect --version
> OpenConnect version v9.01-0+9.1
> Using GnuTLS 3.6.13. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
> Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
> Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script
>  $ ldd /usr/sbin/openconnect | grep pskc
>  $

There is no libpksc on Ubuntu 20.04:

https://packages.ubuntu.com/search?suite=all&section=all&arch=any&keywords=libpskc-dev&searchon=names

> It's not clear why you managed to install the openconnect binary
> package without the corresponding library. In RPM packaging you get a
> dependency on 'libopenconnect.so.5(OPENCONNECT_5_8)(64bit)' which is
> handled automatically. You wouldn't be able to install a package which
> *uses* new symbols from libopenconnect.so.5.8 without also installing
> that package.
> 
> In Debian it's apparently different; I'm not sure if this is just
> something that Debian packaging doesn't handle at all, or if it's an
> issue with the way we build in OBS? Luca?

The same can be done by maintaining a symbols file. I do that for the
actual Debian/Ubuntu builds (
https://salsa.debian.org/debian/openconnect/-/blob/master/debian/libopenconnect5.symbols
), but it's a _lot_ of work and it would constantly break the builds as
new things are added/removed, so I did not add it to the upstream
builds.

Instead, there's a strict dependency on the same version of the
package:

Depends: libopenconnect5 (= 9.01-0+9.1)

Which makes a bit more sense for the upstream system, and it ensures
that the packages are all updated in lockstep.

It is not possible to install the openconnect package without the
corresponding exact libopenconnect5 package, unless it was manually
downloaded and forced through, which is of course a terrible idea. The
repository is there to be used via apt/apt-get/aptitude/synaptic.

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220504/ff294045/attachment-0001.sig>