Skip to content

Instantly share code, notes, and snippets.

@patcable
Last active October 13, 2021 21:41
Show Gist options
  • Save patcable/d8897babae004bad804ce094a4a92e1a to your computer and use it in GitHub Desktop.
Save patcable/d8897babae004bad804ce094a4a92e1a to your computer and use it in GitHub Desktop.
vpnkit w/ yubikey tools and opensc
#!/bin/bash
#########################################################
# Configuration
#########################################################
# PKG_NAME is the actual name of the package "NAME-x.y.z.pkg"
PKG_NAME=vpnkit
# PKG_VERSION is the x.y.z above.
PKG_VERSION=1.2.3
# This is an identifier "tld.orgname.vpnkit" would work.
PKG_BUNDLE_ID=net.pcable.vpnkit
# Where should this be installed on the system?
INSTALLED_PREFIX="/usr/local/vpnkit"
# Deps
OPENSSL_VERSION=1.1.1l # https://www.openssl.org/source/
LIBYUBIKEY_VERSION=1.13 # https://github.com/Yubico/yubico-c/releases
JSONC_VERSION=0.13.1-20180305 # https://github.com/json-c/json-c/releases - later versions of jsonc incompatable w/ ykpers
YKPERS_VERSION=1.20.0 # https://github.com/Yubico/yubikey-personalization/releases
YKPIV_VERSION=2.2.1 # https://github.com/Yubico/yubico-piv-tool/releases
# Arch specific env vars
case $(uname -m) in
"x86_64")
BREW_PATH="/usr/local/bin/brew"
;;
"arm64")
BREW_PATH="/opt/homebrew/bin/brew"
;;
*)
BREW_PATH=""
;;
esac
#########################################################
# End Configuration
#########################################################
function error() {
echo "*** failure: $1"
if [[ $2 != "pre" ]]; then
echo "Scratch exists at $SCRATCH_DIR. You can rerun."
echo "To try again from nothing, `rm .scratch_dir`"
fi
exit 1
}
if [[ ! -d "/Library/OpenSC" ]]; then
error "You should have OpenSC installed - grab that from https://github.com/OpenSC/OpenSC/wiki" "pre"
fi
if [[ ! -a $BREW_PATH ]]; then
error "You'll need homebrew - grab that from https://brew.sh" "pre"
fi
# Saves a bit of time if we have an error during the build.
if [[ -a .scratch_dir ]]; then
SCRATCH_DIR=$(cat .scratch_dir)
else
SCRATCH_DIR=$(mktemp -d)
echo "$SCRATCH_DIR" > .scratch_dir
fi
brew install check cmake gengetopt help2man libtool pkg-config asciidoc libxml2 gsed automake docbook-xsl
export XML_CATALOG_FILES=/opt/homebrew/etc/xml/catalog
export MAINDIR=$(pwd)
#########################################################
# Build the things
#########################################################
#### OpenSSL
if [[ ! -d "$MAINDIR/openssl-${OPENSSL_VERSION}" ]]; then
curl -L https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz -o openssl-${OPENSSL_VERSION}.tar.gz
tar -zxvf openssl-${OPENSSL_VERSION}.tar.gz
fi
cd openssl-${OPENSSL_VERSION}
./Configure --prefix=${INSTALLED_PREFIX} darwin64-$(uname -m)-cc
if [[ $? != 0 ]]; then
error "openssl configure"
fi
make -j4
if [[ $? != 0 ]]; then
error "openssl build"
fi
echo "*** make install for openssl takes a bit. its fine."
make install DESTDIR=$SCRATCH_DIR >/dev/null
if [[ $? != 0 ]]; then
error "openssl install"
fi
export PKG_CONFIG_PATH=${SCRATCH_DIR}/usr/local/tsvpnkit/lib/pkgconfig
cd $MAINDIR
#### libyubikey
if [[ ! -d "$MAINDIR/yubico-c-libyubikey-${LIBYUBIKEY_VERSION}" ]]; then
curl -L https://github.com/Yubico/yubico-c/archive/libyubikey-${LIBYUBIKEY_VERSION}.tar.gz -o libyubikey-${LIBYUBIKEY_VERSION}.tar.gz
tar -zxvf libyubikey-${LIBYUBIKEY_VERSION}.tar.gz
fi
cd yubico-c-libyubikey-${LIBYUBIKEY_VERSION}
autoreconf --install
./configure --prefix=${INSTALLED_PREFIX}
if [[ $? != 0 ]]; then
error "libyubikey configure"
fi
gsed -i '/^A2X/ s/$/ --no-xmllint/' Makefile
make install DESTDIR=$SCRATCH_DIR
if [[ $? != 0 ]]; then
error "libyubikey build/install"
fi
cd $MAINDIR
#### json-c 0.13.1 (later doesnt work w/ ykpers)
if [[ ! -d "$MAINDIR/json-c-json-c-${JSONC_VERSION}" ]]; then
curl -L https://github.com/json-c/json-c/archive/json-c-${JSONC_VERSION}.tar.gz -o json-c-${JSONC_VERSION}.tar.gz
tar -zxvf json-c-${JSONC_VERSION}.tar.gz
fi
cd json-c-json-c-${JSONC_VERSION}
./configure --prefix=${INSTALLED_PREFIX}
if [[ $? != 0 ]]; then
error "json-c configure"
fi
make install DESTDIR=$SCRATCH_DIR
if [[ $? != 0 ]]; then
error "json-c build/install"
fi
cd $MAINDIR
#### yubikey-personalization (for managing OTP app on the card)
if [[ ! -d "$MAINDIR/yubikey-personalization-${YKPERS_VERSION}" ]]; then
curl -L https://github.com/Yubico/yubikey-personalization/archive/v${YKPERS_VERSION}.tar.gz -o yubikey-personalization-${YKPERS_VERSION}.tar.gz
tar -zxvf yubikey-personalization-${YKPERS_VERSION}.tar.gz
fi
cd yubikey-personalization-${YKPERS_VERSION}
autoreconf --install
LDFLAGS="-L${SCRATCH_DIR}/usr/local/tsvpnkit/lib" CFLAGS="-I${SCRATCH_DIR}/usr/local/tsvpnkit/include -I${SCRATCH_DIR}/usr/local/tsvpnkit/include/json-c" ./configure --prefix=${INSTALLED_PREFIX}
if [[ $? != 0 ]]; then
error "yubikey-personalization configure"
fi
make install DESTDIR=$SCRATCH_DIR
if [[ $? != 0 ]]; then
error "yubikey-personalization build/install"
fi
cd $MAINDIR
#### piv-tool (manages the certificates on the card)
if [[ ! -d "$MAINDIR/yubico-piv-tool-yubico-piv-tool-${YKPIV_VERSION}" ]]; then
curl -L https://github.com/Yubico/yubico-piv-tool/archive/yubico-piv-tool-${YKPIV_VERSION}.tar.gz -o yubico-piv-tool-${YKPIV_VERSION}.tar.gz
tar -zxvf yubico-piv-tool-${YKPIV_VERSION}.tar.gz
fi
cd yubico-piv-tool-yubico-piv-tool-${YKPIV_VERSION}
mkdir build
cd build
LDFLAGS="-L$SCRATCH_DIR/usr/local/tsvpnkit/lib" cmake -DCMAKE_INSTALL_PREFIX=${INSTALLED_PREFIX} -DCMAKE_C_FLAGS="-I$SCRATCH_DIR/usr/local/tsvpnkit/include" -DGENERATE_MAN_PAGES=off ..
if [[ $? != 0 ]]; then
error "piv-tool cmake"
fi
make install DESTDIR=$SCRATCH_DIR
if [[ $? != 0 ]]; then
error "piv-tool build/install"
fi
cd $MAINDIR
#########################################################
#### Build package
mkdir -p $SCRATCH_DIR/Library
cp -a /Library/OpenSC $SCRATCH_DIR/Library
cd $MAINDIR
pkgbuild --root $SCRATCH_DIR --identifier $PKG_BUNDLE_ID --version $PKG_VERSION --install-location / ${PKG_NAME}-${PKG_VERSION}.pkg
rm -Rf $SCRATCH_DIR
rm .scratch_dir
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment