-
-
Save whi-tw/e6e27dc8c3e1c7ca70569a6dd95d20da to your computer and use it in GitHub Desktop.
Cisco Anyconnect cscan compatibility for Arch Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| if [ "${1}" == "-q" ] && [[ ${2} == --qf* ]]; then | |
| arch="$(uname -m)" | |
| ver="$(pacman -Q ${@: -1} | awk '{print $2}')" | |
| if [ ! -z "${ver}" ]; then | |
| echo "{\"name\":\"${@: -1}\",\"version\":\"${ver}\",\"arch\":\"${arch}\"}" | |
| else | |
| echo "package ${@: -1} is not installed" | |
| fi | |
| elif [ "${1}" == "-ql" ]; then | |
| pacman -Ql "${@: -1}" | awk '{print $2}' | |
| else | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Horribly grubby (but working) script for Arch to get Cisco Anyconnect's hostscan to work properly on arch.
This script should be made executable and added to somewhere on the system PATH (not your local user!). I've stuck it in my home directory, and symlinked it to
/bin/rpm.cscan will call
rpm -q --qf=\{"name":"%{NAME}","version":"%{VERSION}","arch":"%{ARCH}"\}, clamavand this will translate that into a valid json object for it to then parse:Obviously this highlights the issue of trusting what some arbitrary command running on an uncontrolled system returns, as the calls to
pacmancould easily be replaced by just echoing out versions that cscan wants to see. But this at least attempts to be trustworthy.Finally, some software uses grubby OS checking mechanisms and makes mandatory calls to
rpm. I've tried to make this as non-affecting as possible, but theifon line 2 could be updated to be more specific so it only responds to the queries thatcscanmakes. I've seen this cause problems with, for example,dkms, however I have already handled this case.