From c9e712b983f09b6e71f3a116db76f923cf5d4886 Mon Sep 17 00:00:00 2001
From: K900 <me@0upti.me>
Date: Thu, 28 Mar 2019 12:17:15 +0300
Subject: [PATCH] First commit

---
 .SRCINFO                  |  27 +++++++++
 .gitattributes            |   1 +
 .gitignore                |   5 ++
 AnyConnectLocalPolicy.xml |   9 +++
 PKGBUILD                  | 114 ++++++++++++++++++++++++++++++++++++++
 anyconnect.csh            |   1 +
 anyconnect.sh             |   1 +
 vpnagentd.service         |   9 +++
 8 files changed, 167 insertions(+)
 create mode 100644 .SRCINFO
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 AnyConnectLocalPolicy.xml
 create mode 100644 PKGBUILD
 create mode 100644 anyconnect.csh
 create mode 100644 anyconnect.sh
 create mode 100644 vpnagentd.service

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 0000000..fafc0c6
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,27 @@
+pkgbase = cisco-anyconnect
+	pkgdesc = Cisco AnyConnect Secure Mobility Client
+	pkgver = 4.7.00136
+	pkgrel = 1
+	url = https://www.cisco.com/c/en/us/products/security/anyconnect-secure-mobility-client/index.html
+	arch = x86_64
+	license = custom
+	depends = libxml2
+	depends = ca-certificates
+	optdepends = hicolor-icon-theme: required by desktop shortcuts
+	optdepends = gtk2: required by vpnui
+	optdepends = glib2: required by vpnui
+	optdepends = gtk3: required by acwebhelper
+	options = !strip
+	source = file://anyconnect-linux64-4.7.00136-core-vpn-webdeploy-k9.sh
+	source = vpnagentd.service
+	source = anyconnect.sh
+	source = anyconnect.csh
+	source = AnyConnectLocalPolicy.xml
+	sha256sums = 39d369f3081fb6dbc795a92df3a07e404cebf8c43383abd45d65a2a83b32a9b1
+	sha256sums = 9d37640195b0fa4ffb073e1b006b4b9546595f7bd3b25a4fe9a0d43a75cd57b8
+	sha256sums = dcc7a5dcbe4387f3e4a2a3f260b4197faf1b79adddf0d4dad3a02bc6041effa6
+	sha256sums = 0fcd62bd5d734c239bb7bda7c7e7791b9b8d76a019d2b42ff74caa998e7e9733
+	sha256sums = b7c65a236e671d3eb527a3377e22b66018c450d726f71fa6344530a75255dac7
+
+pkgname = cisco-anyconnect
+
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..c93ed51
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+anyconnect-linux64-4.6.03049-core-vpn-webdeploy-k9.sh filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..bc20e23
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+*.log
+pkg/
+src/
+*.pkg.tar*
+anyconnect-linux64-*-core-vpn-webdeploy-k9.sh
diff --git a/AnyConnectLocalPolicy.xml b/AnyConnectLocalPolicy.xml
new file mode 100644
index 0000000..7c2183e
--- /dev/null
+++ b/AnyConnectLocalPolicy.xml
@@ -0,0 +1,9 @@
+<!--?xml version="1.0" encoding="UTF-8"?-->
+<AnyConnectLocalPolicy
+    acversion="2.4.140"
+    xmlns="http://schemas.xmlsoap.org/encoding/"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemalocation="http://schemas.xmlsoap.org/encoding/ AnyConnectLocalPolicy.xsd"
+>
+    <BypassDownloader>true</BypassDownloader>
+</AnyConnectLocalPolicy>
\ No newline at end of file
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 0000000..edb8900
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,114 @@
+# Maintainer: K900 <me@0upti.me>
+
+pkgname=cisco-anyconnect
+pkgver=4.7.00136
+pkgrel=1
+pkgdesc='Cisco AnyConnect Secure Mobility Client'
+arch=('x86_64')
+depends=('libxml2' 'ca-certificates')
+optdepends=(
+    'hicolor-icon-theme: required by desktop shortcuts'
+    'gtk2: required by vpnui'
+    'glib2: required by vpnui'
+    'gtk3: required by acwebhelper'
+)
+license=('custom')
+
+# stripping the binaries trips some sort of an integrity check inside vpnagentd
+options=('!strip')
+
+url='https://www.cisco.com/c/en/us/products/security/anyconnect-secure-mobility-client/index.html'
+
+_filename="anyconnect-linux64-${pkgver}-core-vpn-webdeploy-k9.sh"
+
+# you will have to obtain the installer yourself - it's not available publicly
+source=("file://${_filename}" "vpnagentd.service" "anyconnect.sh" "anyconnect.csh" "AnyConnectLocalPolicy.xml")
+
+sha256sums=('39d369f3081fb6dbc795a92df3a07e404cebf8c43383abd45d65a2a83b32a9b1'
+            '9d37640195b0fa4ffb073e1b006b4b9546595f7bd3b25a4fe9a0d43a75cd57b8'
+            'dcc7a5dcbe4387f3e4a2a3f260b4197faf1b79adddf0d4dad3a02bc6041effa6'
+            '0fcd62bd5d734c239bb7bda7c7e7791b9b8d76a019d2b42ff74caa998e7e9733'
+            'b7c65a236e671d3eb527a3377e22b66018c450d726f71fa6344530a75255dac7')
+
+prepare() {
+    cd "${srcdir}"
+
+    # stolen from vpn_install.sh
+    local marker=$((`grep -an "[B]EGIN\ ARCHIVE" "${_filename}" | cut -d ":" -f 1` + 1))
+    local marker_end=$((`grep -an "[E]ND\ ARCHIVE" "${_filename}" | cut -d ":" -f 1` - 1))
+
+    head -n ${marker_end} "${_filename}" | tail -n +${marker} | head --bytes=-1 | tar xz
+}
+
+package() {
+    cd "${srcdir}/vpn"
+
+    # install binaries
+    for binary in "vpnagentd" "vpn" "vpndownloader" "vpndownloader-cli" "manifesttool" "acinstallhelper" "vpnui" "acwebhelper"; do
+        install -Dm755 ${binary} "${pkgdir}/opt/cisco/anyconnect/bin/${binary}"
+    done
+
+    # install libs
+    for lib in "libvpnagentutilities.so" "libvpncommon.so" "libvpncommoncrypt.so" \
+        "libvpnapi.so" "libacruntime.so" "libacciscossl.so" "libacciscocrypto.so" \
+        "libboost_date_time.so" "libboost_filesystem.so" "libboost_system.so" \
+        "libboost_thread.so" "libboost_signals.so" "libboost_chrono.so" \
+        "libaccurl.so.4.5.0"; do
+        install -Dm755 ${lib} "${pkgdir}/opt/cisco/anyconnect/lib/${lib}"
+    done
+
+    # the installer copies all the other symlinks, but creates this one
+    # for some reason so let's just create it ourselves
+    ln -s /opt/cisco/anyconnect/lib/libaccurl.so.4.5.0 "${pkgdir}/opt/cisco/anyconnect/lib/libaccurl.so.4"
+
+    # install plugins
+    # we intentionally don't install the telemetry plugin here
+    # because it tries to write to /opt and we don't want that
+    for plugin in "libvpnipsec.so"; do
+        install -Dm755 ${plugin} "${pkgdir}/opt/cisco/anyconnect/bin/plugins/${plugin}"
+    done
+
+    cp -R resources "${pkgdir}/opt/cisco/anyconnect/resources"
+
+    # install some misc stuff
+    install -Dm444 AnyConnectProfile.xsd "${pkgdir}/opt/cisco/anyconnect/profile/AnyConnectProfile.xsd"
+
+    for file in "ACManifestVPN.xml" "update.txt" "AnyConnectLocalPolicy.xsd"; do
+        install -Dm444 ${file} "${pkgdir}/opt/cisco/anyconnect/${file}"
+    done
+
+    # install desktop file for vpnui
+    install -Dm644 resources/vpnui48.png "${pkgdir}/usr/share/icons/hicolor/48x48/apps/cisco-anyconnect.png"
+    install -Dm644 resources/vpnui128.png "${pkgdir}/usr/share/icons/hicolor/128x128/apps/cisco-anyconnect.png"
+
+    # no, Cisco, you don't get to have your own menu category
+    echo "Categories=Network" >> cisco-anyconnect.desktop
+    install -Dm644 cisco-anyconnect.desktop "${pkgdir}/usr/share/applications/cisco-anyconnect.desktop"
+
+    # install license
+    for license in "license.txt" "OpenSource.html"; do
+        install -Dm644 ${license} "${pkgdir}/usr/share/licenses/${pkgname}/${license}"
+    done
+
+    # install systemd unit for vpnagentd
+    install -Dm644 "${srcdir}/vpnagentd.service" "${pkgdir}/usr/lib/systemd/system/vpnagentd.service"
+
+    # install profile files - this makes sure we have all the tools in $PATH
+    for profile in "anyconnect.sh" "anyconnect.csh"; do
+        install -Dm644 "${srcdir}/${profile}" "${pkgdir}/etc/profile.d/${profile}"
+    done
+
+    # install CA certificates
+    # Cisco ships their own copy of the VeriSign root, but we already have that in the system store
+    # so don't install that and just symlink our system bundle
+    mkdir -p "${pkgdir}/opt/.cisco/certificates/ca"
+    ln -s /etc/ca-certificates/extracted/tls-ca-bundle.pem "${pkgdir}/opt/.cisco/certificates/ca/system-ca.pem"
+
+    # install custom policy to disable auto updates
+    # AnyConnect will attempt to update itself as root, and then run all over both itself and our packaging
+    # so prevent it from doing anything like that
+    #
+    # this may break some really quirky setups that require downloading files from the server,
+    # but there's no other way around it that I could find
+    install -Dm644 "${srcdir}/AnyConnectLocalPolicy.xml" "${pkgdir}/opt/cisco/anyconnect/AnyConnectLocalPolicy.xml"
+}
diff --git a/anyconnect.csh b/anyconnect.csh
new file mode 100644
index 0000000..5e26081
--- /dev/null
+++ b/anyconnect.csh
@@ -0,0 +1 @@
+setenv PATH "${PATH}:/opt/cisco/anyconnect/bin"
diff --git a/anyconnect.sh b/anyconnect.sh
new file mode 100644
index 0000000..4ffba09
--- /dev/null
+++ b/anyconnect.sh
@@ -0,0 +1 @@
+export PATH="${PATH}:/opt/cisco/anyconnect/bin"
diff --git a/vpnagentd.service b/vpnagentd.service
new file mode 100644
index 0000000..cc360f5
--- /dev/null
+++ b/vpnagentd.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Cisco AnyConnect
+After=network.target
+
+[Service]
+ExecStart=/opt/cisco/anyconnect/bin/vpnagentd -d
+
+[Install]
+WantedBy=multi-user.target