AW: OpenConnect 9.01 does not work under Ubuntu 20.04

Wed May 4 11:37:27 PDT 2022

I did not find the latest version of "lipopenconnect5" for "openconnect_9.01-0+9.1" and then I got the latest version of "openconnect" and "libopenconnect5" from "https://launchpad.net/ubuntu/+source /openconnect/9.01-1/+build/23596572" and adjusted the DEBIAN/control accordingly so that I can install both packages. But after "libopenconnect" was missing too many dependencies on Ubuntu 20.04 compared to Ubuntu 22.04, I manually copied "libopenconnect.so.5.8" to my client.

Now that I've installed the latest versions from "https://download.opensuse.org/repositories/home:/bluca:/openconnect:/release/Ubuntu_20.04/amd64/", v9.01 works on Ubuntu 20.04 with username + Password and Smartcard for "--protocol=nc" and "--protocol=pulse". TPM2 also works for "--protocol=nc".

Thanks.

Regards,
Dominik

-----Ursprüngliche Nachricht-----
Von: David Woodhouse <dwmw2 at infradead.org> 
Gesendet: Mittwoch, 4. Mai 2022 19:30
An: Schütz Dominik <Dominik.Schuetz at esolutions.de>; openconnect-devel at lists.infradead.org
Cc: Luca Boccassi <bluca at debian.org>
Betreff: Re: OpenConnect 9.01 does not work under Ubuntu 20.04

On Wed, 2022-05-04 at 16:51 +0000, Schütz Dominik wrote:
> 
> when i install "openconnect_9.01-0+9.1_amd64.deb" from "https://software.opensuse.org/download.html?project=home%3Abluca%3Aopenconnect%3Arelease&;package=openconnect"
> it doesn't work, see text below:

Make sure you also install the matching libopenconnect5 package from https://download.opensuse.org/repositories/home:/bluca:/openconnect:/release/Ubuntu_20.04/amd64/libopenconnect5_9.01-0+9.1_amd64.deb

I just did that here, and those builds *don't* have PKSC support.

 $ openconnect --version
OpenConnect version v9.01-0+9.1
Using GnuTLS 3.6.13. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script
 $ ldd /usr/sbin/openconnect | grep pskc  $

It's not clear why you managed to install the openconnect binary package without the corresponding library. In RPM packaging you get a dependency on 'libopenconnect.so.5(OPENCONNECT_5_8)(64bit)' which is handled automatically. You wouldn't be able to install a package which
*uses* new symbols from libopenconnect.so.5.8 without also installing that package.

In Debian it's apparently different; I'm not sure if this is just something that Debian packaging doesn't handle at all, or if it's an issue with the way we build in OBS? Luca?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6003 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220504/f3c4855b/attachment-0001.p7s>