Last active
October 13, 2021 21:41
-
-
Save patcable/d8897babae004bad804ce094a4a92e1a to your computer and use it in GitHub Desktop.
vpnkit w/ yubikey tools and opensc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
######################################################### | |
# Configuration | |
######################################################### | |
# PKG_NAME is the actual name of the package "NAME-x.y.z.pkg" | |
PKG_NAME=vpnkit | |
# PKG_VERSION is the x.y.z above. | |
PKG_VERSION=1.2.3 | |
# This is an identifier "tld.orgname.vpnkit" would work. | |
PKG_BUNDLE_ID=net.pcable.vpnkit | |
# Where should this be installed on the system? | |
INSTALLED_PREFIX="/usr/local/vpnkit" | |
# Deps | |
OPENSSL_VERSION=1.1.1l # https://www.openssl.org/source/ | |
LIBYUBIKEY_VERSION=1.13 # https://github.com/Yubico/yubico-c/releases | |
JSONC_VERSION=0.13.1-20180305 # https://github.com/json-c/json-c/releases - later versions of jsonc incompatable w/ ykpers | |
YKPERS_VERSION=1.20.0 # https://github.com/Yubico/yubikey-personalization/releases | |
YKPIV_VERSION=2.2.1 # https://github.com/Yubico/yubico-piv-tool/releases | |
# Arch specific env vars | |
case $(uname -m) in | |
"x86_64") | |
BREW_PATH="/usr/local/bin/brew" | |
;; | |
"arm64") | |
BREW_PATH="/opt/homebrew/bin/brew" | |
;; | |
*) | |
BREW_PATH="" | |
;; | |
esac | |
######################################################### | |
# End Configuration | |
######################################################### | |
function error() { | |
echo "*** failure: $1" | |
if [[ $2 != "pre" ]]; then | |
echo "Scratch exists at $SCRATCH_DIR. You can rerun." | |
echo "To try again from nothing, `rm .scratch_dir`" | |
fi | |
exit 1 | |
} | |
if [[ ! -d "/Library/OpenSC" ]]; then | |
error "You should have OpenSC installed - grab that from https://github.com/OpenSC/OpenSC/wiki" "pre" | |
fi | |
if [[ ! -a $BREW_PATH ]]; then | |
error "You'll need homebrew - grab that from https://brew.sh" "pre" | |
fi | |
# Saves a bit of time if we have an error during the build. | |
if [[ -a .scratch_dir ]]; then | |
SCRATCH_DIR=$(cat .scratch_dir) | |
else | |
SCRATCH_DIR=$(mktemp -d) | |
echo "$SCRATCH_DIR" > .scratch_dir | |
fi | |
brew install check cmake gengetopt help2man libtool pkg-config asciidoc libxml2 gsed automake docbook-xsl | |
export XML_CATALOG_FILES=/opt/homebrew/etc/xml/catalog | |
export MAINDIR=$(pwd) | |
######################################################### | |
# Build the things | |
######################################################### | |
#### OpenSSL | |
if [[ ! -d "$MAINDIR/openssl-${OPENSSL_VERSION}" ]]; then | |
curl -L https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz -o openssl-${OPENSSL_VERSION}.tar.gz | |
tar -zxvf openssl-${OPENSSL_VERSION}.tar.gz | |
fi | |
cd openssl-${OPENSSL_VERSION} | |
./Configure --prefix=${INSTALLED_PREFIX} darwin64-$(uname -m)-cc | |
if [[ $? != 0 ]]; then | |
error "openssl configure" | |
fi | |
make -j4 | |
if [[ $? != 0 ]]; then | |
error "openssl build" | |
fi | |
echo "*** make install for openssl takes a bit. its fine." | |
make install DESTDIR=$SCRATCH_DIR >/dev/null | |
if [[ $? != 0 ]]; then | |
error "openssl install" | |
fi | |
export PKG_CONFIG_PATH=${SCRATCH_DIR}/usr/local/tsvpnkit/lib/pkgconfig | |
cd $MAINDIR | |
#### libyubikey | |
if [[ ! -d "$MAINDIR/yubico-c-libyubikey-${LIBYUBIKEY_VERSION}" ]]; then | |
curl -L https://github.com/Yubico/yubico-c/archive/libyubikey-${LIBYUBIKEY_VERSION}.tar.gz -o libyubikey-${LIBYUBIKEY_VERSION}.tar.gz | |
tar -zxvf libyubikey-${LIBYUBIKEY_VERSION}.tar.gz | |
fi | |
cd yubico-c-libyubikey-${LIBYUBIKEY_VERSION} | |
autoreconf --install | |
./configure --prefix=${INSTALLED_PREFIX} | |
if [[ $? != 0 ]]; then | |
error "libyubikey configure" | |
fi | |
gsed -i '/^A2X/ s/$/ --no-xmllint/' Makefile | |
make install DESTDIR=$SCRATCH_DIR | |
if [[ $? != 0 ]]; then | |
error "libyubikey build/install" | |
fi | |
cd $MAINDIR | |
#### json-c 0.13.1 (later doesnt work w/ ykpers) | |
if [[ ! -d "$MAINDIR/json-c-json-c-${JSONC_VERSION}" ]]; then | |
curl -L https://github.com/json-c/json-c/archive/json-c-${JSONC_VERSION}.tar.gz -o json-c-${JSONC_VERSION}.tar.gz | |
tar -zxvf json-c-${JSONC_VERSION}.tar.gz | |
fi | |
cd json-c-json-c-${JSONC_VERSION} | |
./configure --prefix=${INSTALLED_PREFIX} | |
if [[ $? != 0 ]]; then | |
error "json-c configure" | |
fi | |
make install DESTDIR=$SCRATCH_DIR | |
if [[ $? != 0 ]]; then | |
error "json-c build/install" | |
fi | |
cd $MAINDIR | |
#### yubikey-personalization (for managing OTP app on the card) | |
if [[ ! -d "$MAINDIR/yubikey-personalization-${YKPERS_VERSION}" ]]; then | |
curl -L https://github.com/Yubico/yubikey-personalization/archive/v${YKPERS_VERSION}.tar.gz -o yubikey-personalization-${YKPERS_VERSION}.tar.gz | |
tar -zxvf yubikey-personalization-${YKPERS_VERSION}.tar.gz | |
fi | |
cd yubikey-personalization-${YKPERS_VERSION} | |
autoreconf --install | |
LDFLAGS="-L${SCRATCH_DIR}/usr/local/tsvpnkit/lib" CFLAGS="-I${SCRATCH_DIR}/usr/local/tsvpnkit/include -I${SCRATCH_DIR}/usr/local/tsvpnkit/include/json-c" ./configure --prefix=${INSTALLED_PREFIX} | |
if [[ $? != 0 ]]; then | |
error "yubikey-personalization configure" | |
fi | |
make install DESTDIR=$SCRATCH_DIR | |
if [[ $? != 0 ]]; then | |
error "yubikey-personalization build/install" | |
fi | |
cd $MAINDIR | |
#### piv-tool (manages the certificates on the card) | |
if [[ ! -d "$MAINDIR/yubico-piv-tool-yubico-piv-tool-${YKPIV_VERSION}" ]]; then | |
curl -L https://github.com/Yubico/yubico-piv-tool/archive/yubico-piv-tool-${YKPIV_VERSION}.tar.gz -o yubico-piv-tool-${YKPIV_VERSION}.tar.gz | |
tar -zxvf yubico-piv-tool-${YKPIV_VERSION}.tar.gz | |
fi | |
cd yubico-piv-tool-yubico-piv-tool-${YKPIV_VERSION} | |
mkdir build | |
cd build | |
LDFLAGS="-L$SCRATCH_DIR/usr/local/tsvpnkit/lib" cmake -DCMAKE_INSTALL_PREFIX=${INSTALLED_PREFIX} -DCMAKE_C_FLAGS="-I$SCRATCH_DIR/usr/local/tsvpnkit/include" -DGENERATE_MAN_PAGES=off .. | |
if [[ $? != 0 ]]; then | |
error "piv-tool cmake" | |
fi | |
make install DESTDIR=$SCRATCH_DIR | |
if [[ $? != 0 ]]; then | |
error "piv-tool build/install" | |
fi | |
cd $MAINDIR | |
######################################################### | |
#### Build package | |
mkdir -p $SCRATCH_DIR/Library | |
cp -a /Library/OpenSC $SCRATCH_DIR/Library | |
cd $MAINDIR | |
pkgbuild --root $SCRATCH_DIR --identifier $PKG_BUNDLE_ID --version $PKG_VERSION --install-location / ${PKG_NAME}-${PKG_VERSION}.pkg | |
rm -Rf $SCRATCH_DIR | |
rm .scratch_dir |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment