| .DS_Store | |
| .dependencies | |
| homebrew | |
| src | |
| usr |
This directory contains a simple build script and Makefile
to build openconnect (with keychain support) on macOS.
Tested on macOS 10.15 Catalina.
Install Xcode.
Simply run make command, then it will download dependencies and build openconnect.
openconnect will be installed in usr/sbin/openconnect.
NOTE The binary and dependencies are not relocatable.
| #!/usr/bin/env bash | |
| set -e | |
| readonly PREFIX=$(cd -P "$(dirname "$BASH_SOURCE[0]")" && pwd -P)/usr | |
| echo "Use $PREFIX as PREFIX" | |
| echo "Run autogen.sh" | |
| sh ./autogen.sh | |
| if [[ ! -e ./configure ]]; then | |
| echo "No configure script found." >&2 | |
| exit 1 | |
| fi | |
| echo "Prepare vpnc-script" | |
| readonly VPNC_SCRIPT_PATH=$PREFIX/etc/vpnc-script | |
| readonly VPNC_SCRIPT_URL="http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/6e04e0bbb66c0bf0ae055c0f4e58bea81dbb5c3c:/vpnc-script" | |
| readonly VPNC_SCRIPT_SHA256="48b1673e1bfaacbfa4e766c41e15dd8458726cca8f3e07991d078d0d5b7c55e9" | |
| if [[ ! -d $(dirname "$VPNC_SCRIPT_PATH") ]]; then | |
| mkdir -p "$(dirname "$VPNC_SCRIPT_PATH")" | |
| fi | |
| if [[ ! -e $VPNC_SCRIPT_PATH ]]; then | |
| echo "$VPNC_SCRIPT_PATH is not found, downloading." | |
| curl -fsSL -o "$VPNC_SCRIPT_PATH" "$VPNC_SCRIPT_URL" | |
| if [[ $(openssl dgst -sha256 < "$VPNC_SCRIPT_PATH") != "$VPNC_SCRIPT_SHA256" ]]; then | |
| echo "SHA256 doesn't match." >&2 | |
| exit 1 | |
| fi | |
| chmod 755 "$VPNC_SCRIPT_PATH" | |
| fi | |
| echo "Checking openssl" | |
| readonly OPENSSL_PREFIX=$(brew --prefix openssl) | |
| if [[ ! -e $OPENSSL_PREFIX ]]; then | |
| echo "No openssl found." >&2 | |
| exit 1 | |
| fi | |
| echo "Run configure script" | |
| env \ | |
| LIBXML2_CFLAGS="-I$(xcrun --show-sdk-path)/usr/include/libxml2" \ | |
| PKG_CONFIG_PATH="$OPENSSL_PREFIX/lib/pkgconfig:$PKG_CONFIG_PATH" \ | |
| ./configure \ | |
| --prefix=$PREFIX \ | |
| --enable-keychain \ | |
| --disable-nls \ | |
| --without-gnutls \ | |
| --with-vpnc-script=$VPNC_SCRIPT_PATH |
| .PHONY: all | |
| all: usr/sbin/openconnect | |
| homebrew: | |
| mkdir homebrew | |
| curl -L "https://github.com/Homebrew/brew/tarball/master"|tar xz --strip 1 -C homebrew | |
| .dependencies: homebrew | |
| homebrew/bin/brew install autoconf automake libtool pkgconfig openssl && touch .dependencies | |
| src: | |
| git clone https://github.com/niw/openconnect.git src | |
| cd src && git checkout -t origin/add_keychain_support | |
| src/Makefile: .dependencies src | |
| cd src && env PATH=$(CURDIR)/homebrew/bin:$(PATH) sh ../configure.sh | |
| usr/sbin/openconnect: .dependencies src/Makefile | |
| cd src && make -j4 && make install | |
| .PHONY: clean | |
| clean: | |
| git clean -dffX |
@patrickisgreat Probably this script is deprecated (written 3 years ago and I don't remember details...,) have you tried to use simply the one provided in Homebrew? (e.g. simply install homebrew and run brew install openconnect.)
I actually did try that. The issues I'm facing is our Cisco ASAs have self signed certificates which cannot be used for digital signing under modern GnuTLS, which is what installs by default in the latest openconnect build. OpenSSL doesn't care and will connect. For the curious, I got your scripts working in Big Sur. I SHA256 check from configure.sh, and used openSSL 1.0 in the Makefile. Homebrew by default will install openSSL 3.0 which has removed or deprecated functions which openconnect 8.10 imports in various C files, so it will not build with openSSL 3.0. I updated these lines in the Makefile.
.dependencies: homebrew homebrew/bin/brew install autoconf automake libtool pkgconfig rbenv/tap/openssl@1.0 && touch .dependencies
I also had to remove this from the configure.sh
if [[ $(openssl dgst -sha256 < "$VPNC_SCRIPT_PATH") != "$VPNC_SCRIPT_SHA256" ]]; then echo "SHA256 doesn't match." >&2 exit 1 fi
Ah... I see, yeah, it uses GnuTLS by default.
So need to use OpenSSL, and also skip hash check for vpnc script. make sense!
Yeah and I was originally drawn to your gist because:
a.) You had this working on a Mac
b.) You had this build flag: --without-gnutls \
Which automatically builds openconnect with openSSL.
On Sanoma, make sure to export am_cv_func_iconv_works=yes
@capripot
Do you think it is possible to build OpenConnect in such a way that it does not need usr/lib or system dependencies and all its dependencies are in one folder?
Hi! I am trying to get this to work on Big Sur and running into problems. I will gladly hire you / pay you for your time if you can help me get this working on Big Sur.