search

cernekee / ics-openconnect

Android UI for OpenConnect VPN client
GNU General Public License v2.0
358 stars 130 forks source link

Android 10 App Crash #51

Closed alienator88 closed 4 years ago

alienator88 commented 4 years ago

The app crashes when trying to connect on Android 10/OxygenOS. Seeing the following error in logcat: libc Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 11944 (OpenVPNManageme), pid 9948 (app.openconnect)

siromidz commented 3 years ago

Hi did you run ? rm -rf external/openconnect then git clone https://gitlab.com/openconnect/openconnect external/

i exactly took these steps: git clone https://github.com/cernekee/ics-openconnect cd ics-openconnect git submodule init git submodule update rm -rf external/openconnect cd external git clone https://gitlab.com/openconnect/openconnect openconnect/ make -C external ./misc/download-artifacts.sh

and finally got: A/libc: FORTIFY: %n not allowed on Android Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 6505 (OpenVPNManageme), pid 6435 (app.openconnect)

siromidz commented 3 years ago

Hi did you run ? rm -rf external/openconnect then git clone https://gitlab.com/openconnect/openconnect external/

i exactly took these steps: git clone https://github.com/cernekee/ics-openconnect cd ics-openconnect git submodule init git submodule update rm -rf external/openconnect cd external git clone https://gitlab.com/openconnect/openconnect openconnect/ make -C external ./misc/download-artifacts.sh

and finally got: A/libc: FORTIFY: %n not allowed on Android Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 6505 (OpenVPNManageme), pid 6435 (app.openconnect)

full log is: D/OpenConnect: AssetExtractor: skipping /data/user/0/app.openconnect/files/android_csd.sh I/OpenConnect: AssetExtractor: writing /data/user/0/app.openconnect/files_64/run_pie E/OpenConnect: AssetExtractor: caught exception java.io.FileNotFoundException: /data/user/0/app.openconnect/files_64/run_pie: open failed: ENOENT (No such file or directory) at libcore.io.IoBridge.open(IoBridge.java:496) at java.io.FileOutputStream.(FileOutputStream.java:235) at java.io.FileOutputStream.(FileOutputStream.java:186) at app.openconnect.core.AssetExtractor.writeStream(AssetExtractor.java:75) at app.openconnect.core.AssetExtractor.extractAll(AssetExtractor.java:133) at app.openconnect.core.AssetExtractor.extractAll(AssetExtractor.java:148) at app.openconnect.core.OpenConnectManagementThread.extractBinaries(OpenConnectManagementThread.java:666) at app.openconnect.core.OpenConnectManagementThread.runVPN(OpenConnectManagementThread.java:693) at app.openconnect.core.OpenConnectManagementThread.run(OpenConnectManagementThread.java:282) at java.lang.Thread.run(Thread.java:919) Caused by: android.system.ErrnoException: open failed: ENOENT (No such file or directory) at libcore.io.Linux.open(Native Method) at libcore.io.ForwardingOs.open(ForwardingOs.java:167) at libcore.io.BlockGuardOs.open(BlockGuardOs.java:252) at libcore.io.ForwardingOs.open(ForwardingOs.java:167) at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:7255) at libcore.io.IoBridge.open(IoBridge.java:482) at java.io.FileOutputStream.(FileOutputStream.java:235)  at java.io.FileOutputStream.(FileOutputStream.java:186)  at app.openconnect.core.AssetExtractor.writeStream(AssetExtractor.java:75)  at app.openconnect.core.AssetExtractor.extractAll(AssetExtractor.java:133)  at app.openconnect.core.AssetExtractor.extractAll(AssetExtractor.java:148)  at app.openconnect.core.OpenConnectManagementThread.extractBinaries(OpenConnectManagementThread.java:666)  at app.openconnect.core.OpenConnectManagementThread.runVPN(OpenConnectManagementThread.java:693)  at app.openconnect.core.OpenConnectManagementThread.run(OpenConnectManagementThread.java:282)  at java.lang.Thread.run(Thread.java:919)  A/libc: FORTIFY: %n not allowed on Android Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 6505 (OpenVPNManageme), pid 6435 (app.openconnect)

NgoHuy commented 3 years ago

can you try to build from my repo https://github.com/NgoHuy/ics-openconnect/tree/latest-curl?

siromidz commented 3 years ago

can you try to build from my repo https://github.com/NgoHuy/ics-openconnect/tree/latest-curl?

hi and thank you very much for your help but my problem did not solve.

still i get this error: --------- beginning of crash 2021-03-05 19:07:01.801 7139-7189/app.openconnect A/libc: FORTIFY: %n not allowed on Android 2021-03-05 19:07:01.801 7139-7189/app.openconnect A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 7189 (OpenVPNManageme), pid 7139 (app.openconnect).

full log:

2021-03-05 19:07:01.489 7139-7139/app.openconnect W/ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@df92bf4 2021-03-05 19:07:01.628 7139-7189/app.openconnect D/OpenConnect: AssetExtractor: skipping /data/user/0/app.openconnect/files/android_csd.sh 2021-03-05 19:07:01.636 7139-7189/app.openconnect I/OpenConnect: AssetExtractor: writing /data/user/0/app.openconnect/files_64/run_pie 2021-03-05 19:07:01.639 7139-7189/app.openconnect E/OpenConnect: AssetExtractor: caught exception java.io.FileNotFoundException: /data/user/0/app.openconnect/files_64/run_pie: open failed: ENOENT (No such file or directory) at libcore.io.IoBridge.open(IoBridge.java:496) at java.io.FileOutputStream.(FileOutputStream.java:235) at java.io.FileOutputStream.(FileOutputStream.java:186) at app.openconnect.core.AssetExtractor.writeStream(AssetExtractor.java:75) at app.openconnect.core.AssetExtractor.extractAll(AssetExtractor.java:133) at app.openconnect.core.AssetExtractor.extractAll(AssetExtractor.java:148) at app.openconnect.core.OpenConnectManagementThread.extractBinaries(OpenConnectManagementThread.java:666) at app.openconnect.core.OpenConnectManagementThread.runVPN(OpenConnectManagementThread.java:693) at app.openconnect.core.OpenConnectManagementThread.run(OpenConnectManagementThread.java:282) at java.lang.Thread.run(Thread.java:919) Caused by: android.system.ErrnoException: open failed: ENOENT (No such file or directory) at libcore.io.Linux.open(Native Method) at libcore.io.ForwardingOs.open(ForwardingOs.java:167) at libcore.io.BlockGuardOs.open(BlockGuardOs.java:252) at libcore.io.ForwardingOs.open(ForwardingOs.java:167) at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:7255) at libcore.io.IoBridge.open(IoBridge.java:482) at java.io.FileOutputStream.(FileOutputStream.java:235)  at java.io.FileOutputStream.(FileOutputStream.java:186)  at app.openconnect.core.AssetExtractor.writeStream(AssetExtractor.java:75)  at app.openconnect.core.AssetExtractor.extractAll(AssetExtractor.java:133)  at app.openconnect.core.AssetExtractor.extractAll(AssetExtractor.java:148)  at app.openconnect.core.OpenConnectManagementThread.extractBinaries(OpenConnectManagementThread.java:666)  at app.openconnect.core.OpenConnectManagementThread.runVPN(OpenConnectManagementThread.java:693)  at app.openconnect.core.OpenConnectManagementThread.run(OpenConnectManagementThread.java:282)  at java.lang.Thread.run(Thread.java:919) 

--------- beginning of crash

2021-03-05 19:07:01.801 7139-7189/app.openconnect A/libc: FORTIFY: %n not allowed on Android 2021-03-05 19:07:01.801 7139-7189/app.openconnect A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 7189 (OpenVPNManageme), pid 7139 (app.openconnect)

siromidz commented 3 years ago

in apps build.gradle i see this targetSdkVersion 19.

tnzil commented 3 years ago

in apps build.gradle i see this targetSdkVersion 19.

Are you using linux for compiling ics-openconnect?

siromidz commented 3 years ago

in apps build.gradle i see this targetSdkVersion 19.

Are you using linux for compiling ics-openconnect?

Yes I'm using kali

siromidz commented 3 years ago

can you try to build from my repo https://github.com/NgoHuy/ics-openconnect/tree/latest-curl?

no other solutions my friend?

NgoHuy commented 3 years ago

I built it successfully with my repo. Not sure with cernekee's repo

siromidz commented 3 years ago

I built it successfully with my repo. Not sure with cernekee's repo

yes. build is successful. but it crashes on android API 29.

NgoHuy commented 3 years ago

this is my apk, does it crash on your phone? https://drive.google.com/file/d/1ynE77127QPLzoDSLCXOPI2HEMx3YXGXN/view?usp=sharing

siromidz commented 3 years ago

this is my apk, does it crash on your phone? https://drive.google.com/file/d/1ynE77127QPLzoDSLCXOPI2HEMx3YXGXN/view?usp=sharing

No! this apk was OK. then in your opinion why am I still having this problem?

tnzil commented 3 years ago

this is my apk, does it crash on your phone? https://drive.google.com/file/d/1ynE77127QPLzoDSLCXOPI2HEMx3YXGXN/view?usp=sharing

No! this apk was OK. then in your opinion why am I still having this problem?

Try to build with @NgoHuy repo where you need to add other 3 arch for lower Android models and it will work perfectly.

siromidz commented 3 years ago

can you try to build from my repo https://github.com/NgoHuy/ics-openconnect/tree/latest-curl?

hello dear friend. i tried these ways to connect to openconnect server on android 10+:

1. git clone https://github.com/cernekee/ics-openconnect cd ics-openconnect git submodule init git submodule update cd external/openconnect git checkout master git submodule update --init cd ../.. make -C external

./misc/download-artifacts.sh

2. git clone https://github.com/NgoHuy/ics-openconnect.git cd ics-openconnect git submodule init git submodule update cd external/openconnect git checkout master git submodule update --init cd ../.. make -C external

./misc/download-artifacts.sh

3. git clone https://github.com/NgoHuy/ics-openconnect.git cd ics-openconnect ./misc/download-artifacts.sh

4. git clone https://github.com/NgoHuy/ics-openconnect.git cd ics-openconnect git submodule init git submodule update make -C external ./misc/download-artifacts.sh

none of them was successfull.

siromidz commented 3 years ago

this is my apk, does it crash on your phone? https://drive.google.com/file/d/1ynE77127QPLzoDSLCXOPI2HEMx3YXGXN/view?usp=sharing

No idea what i have done wrong?

siromidz commented 2 years ago

this is my apk, does it crash on your phone? https://drive.google.com/file/d/1ynE77127QPLzoDSLCXOPI2HEMx3YXGXN/view?usp=sharing

No! this apk was OK. then in your opinion why am I still having this problem?

Try to build with @NgoHuy repo where you need to add other 3 arch for lower Android models and it will work perfectly.

do you have any solutions for this problem?

NgoHuy commented 2 years ago

this is my apk, does it crash on your phone? https://drive.google.com/file/d/1ynE77127QPLzoDSLCXOPI2HEMx3YXGXN/view?usp=sharing

No! this apk was OK. then in your opinion why am I still having this problem?

Try to build with @NgoHuy repo where you need to add other 3 arch for lower Android models and it will work perfectly.

do you have any solutions for this problem?

did you use latest-curl branch? https://github.com/NgoHuy/ics-openconnect/tree/latest-curl

siromidz commented 2 years ago

this is my apk, does it crash on your phone? https://drive.google.com/file/d/1ynE77127QPLzoDSLCXOPI2HEMx3YXGXN/view?usp=sharing

No! this apk was OK. then in your opinion why am I still having this problem?

Try to build with @NgoHuy repo where you need to add other 3 arch for lower Android models and it will work perfectly.

do you have any solutions for this problem?

did you use latest-curl branch? https://github.com/NgoHuy/ics-openconnect/tree/latest-curl

i cloned the code in this url and then followed these steps: cd ics-openconnect git submodule init git submodule update cd external/openconnect git checkout master git submodule update --init make -C external ./misc/download-artifacts.sh

NgoHuy commented 2 years ago

please checkout latest-curl before building

siromidz commented 2 years ago

please checkout latest-curl before building

you mean after these steps?

NgoHuy commented 2 years ago

checkout before any step :D

siromidz commented 2 years ago

checkout before any step :D so I should clone, checkout, and then follow the steps. thank you

siromidz commented 2 years ago

should i run git checkout master after git submodule update???

siromidz commented 2 years ago

i tried these git clone https://github.com/NgoHuy/ics-openconnect.git cd ics-openconnect git checkout latest-curl git submodule init git submodule update
cd external/openconnect
git submodule update --init cd ../..
make -C external
./misc/download-artifacts.sh

but failed!!!!

NgoHuy commented 2 years ago

git clone https://github.com/NgoHuy/ics-openconnect.git cd ics-openconnect git checkout latest-curl git submodule init git submodule update cd external/openconnect git checkout master git pull git submodule update --init cd ../.. make -C external

tnzil commented 2 years ago

i tried these git clone https://github.com/NgoHuy/ics-openconnect.git cd ics-openconnect git checkout latest-curl git submodule init git submodule update cd external/openconnect git submodule update --init cd ../.. make -C external ./misc/download-artifacts.sh

but failed!!!!

Kindly share output logs

NgoHuy commented 2 years ago

I confirmed that I built with error from openconnect master branch.

NgoHuy commented 2 years ago

I forgot mention that on archlinux or debian, in external/openconnect/android/Makefile must define -fuse-ld=gold in EXTRA_CFLAGS

siromidz commented 2 years ago

I forgot mention that on archlinux or debian, in external/openconnect/android/Makefile must define -fuse-ld=gold in EXTRA_CFLAGS

where has to be changed in that file? there are multiple places EXTRA_CFLAGS is used.

siromidz commented 2 years ago

I forgot mention that on archlinux or debian, in external/openconnect/android/Makefile must define -fuse-ld=gold in EXTRA_CFLAGS

i added the -fuse-ld=gold at 2 positions where EXTRA_CFLAGS was used but got the same result

siromidz commented 2 years ago

I forgot mention that on archlinux or debian, in external/openconnect/android/Makefile must define -fuse-ld=gold in EXTRA_CFLAGS

i changed the file you mentioned like this:

#
# This Makefile attempts to build OpenConnect and its dependencies for Android
#
# It doesn't do a stunning job of tracking changes in the dependencies and
# automatically rebuilding them, but it's good enough for getting them built
# and installed into its own local sysroot.
#
# As long as you have the Android NDK toolchain on your path, you should then
# be able to edit fairly much anything in place and rebuild it locally.
#
# It should also be fairly simple to extend this to cross-compile for any target

# Last tested with https://dl.google.com/android/repository/android-ndk-r21b-linux-x86_64.zip

NDK     := /opt/android-sdk-linux_x86/android-ndk-r21b
ARCH    := x86_64
API_LEVEL := 23

EXTRA_CFLAGS := -fuse-ld=gold

# You should be able to just 'make ARCH=x86' and it should DTRT.
ifeq ($(ARCH),arm)
TRIPLET := arm-linux-androideabi
EXTRA_CFLAGS := -march=armv7-a -mthumb -fuse-ld=gold
endif
ifeq ($(ARCH),arm64)
TRIPLET := aarch64-linux-android
API_LEVEL := 26
endif
ifeq ($(ARCH),x86)
TRIPLET := i686-linux-android
endif
ifeq ($(ARCH),x86_64)
TRIPLET := x86_64-linux-android
endif

TOPDIR := $(shell pwd)
DESTDIR := $(TOPDIR)/$(TRIPLET)/out

EXTRA_CFLAGS += -D__ANDROID_API__=$(API_LEVEL) -O2

TOOLCHAIN := $(TOPDIR)/$(TRIPLET)/toolchain
TOOLCHAIN_BUILT := $(TOOLCHAIN)/.built
TOOLCHAIN_OPTS := --platform=android-$(API_LEVEL) --arch=$(ARCH) \
          --install-dir=$(TOOLCHAIN)
PATH := $(TOOLCHAIN)/bin:$(PATH)

OC_SYSROOT := $(TOOLCHAIN)/sysroot/usr
PKG_CONFIG_LIBDIR := $(OC_SYSROOT)/lib/pkgconfig

export PATH PKG_CONFIG_LIBDIR

# PKG_CONFIG_LIBDIR gets exported to sub-makes, but not to $(shell
PKG_CONFIG := PKG_CONFIG_LIBDIR=$(PKG_CONFIG_LIBDIR) pkg-config

MAKEINSTALL=$(MAKE) INSTALL=$(TOPDIR)/install_symlink.sh
FETCH=$(TOPDIR)/fetch.sh

CONFIGURE_ARGS := --host=$(TRIPLET) --prefix=$(OC_SYSROOT) \
          --disable-shared --enable-static --with-pic \
          CC=$(TRIPLET)-clang CFLAGS="$(EXTRA_CFLAGS)"

SOURCE_LIST = $(LIBXML2_SRC)/configure $(GMP_SRC)/configure \
    $(NETTLE_SRC)/configure $(GNUTLS_SRC)/configure \
    $(STOKEN_SRC)/configure $(OATH_SRC)/configure \
    $(LZ4_DIR)/Makefile

PKG_LIST := LIBXML2 GMP NETTLE GNUTLS STOKEN OATH LZ4

MIRROR_TEST_TARGETS := $(addprefix mirror-test-,$(PKG_LIST))

all: openconnect run_pie

#####################################################################
#
# Install a local cross toolchain + sysroot
#
# (The fallback logic is because NDK versions <= r8e can fail after trying to
# use 32-bit binaries on a 64-bit NDK installation.)
#
$(TOOLCHAIN_BUILT):
    $(NDK)/build/tools/make-standalone-toolchain.sh $(TOOLCHAIN_OPTS) || \
        $(NDK)/build/tools/make-standalone-toolchain.sh \
            $(TOOLCHAIN_OPTS) --system=linux-x86_64
    touch $@

#####################################################################
#
# Build libxml2 with minimal configuration for OpenConnect
#
# http://xmlsoft.org/news.html
LIBXML2_VER := 2.9.11
LIBXML2_TAR := libxml2-$(LIBXML2_VER).tar.gz
LIBXML2_SHA := 886f696d5d5b45d780b2880645edf9e0c62a4fd6841b853e824ada4e02b4d331
LIBXML2_SRC := sources/libxml2-$(LIBXML2_VER)
LIBXML2_BUILD := $(TRIPLET)/libxml2

$(LIBXML2_TAR):
    $(FETCH) $@ $(LIBXML2_SHA)

$(LIBXML2_SRC)/configure: $(LIBXML2_TAR)
    mkdir -p sources
    tar xfz $<  -C sources
    touch $@

$(LIBXML2_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(LIBXML2_SRC)/configure
    mkdir -p $(LIBXML2_BUILD)
    cd $(LIBXML2_BUILD) && ../../$(LIBXML2_SRC)/configure $(CONFIGURE_ARGS) \
        --without-c14n -without-catalog --without-debug --without-docbook \
        --without-fexceptions --without-ftp --without-history \
        --without-http --without-iconv --without-iconv \
        --without-iso8859x --without-legacy --without-pattern \
        --without-push --without-regexps --without-run-debug \
        --without-sax1 --without-schemas --without-schematron \
        --without-threads --without-valid --without-xinclude \
        --without-xpath --without-xptr --without-zlib --without-lzma \
        --without-coverage --without-python

$(LIBXML2_BUILD)/libxml2.la: $(LIBXML2_BUILD)/Makefile
    $(MAKE) -C $(LIBXML2_BUILD) libxml2.la

$(LIBXML2_BUILD)/libxml-2.0.pc: $(LIBXML2_BUILD)/Makefile
    $(MAKE) -C $(LIBXML2_BUILD) libxml-2.0.pc

$(OC_SYSROOT)/lib/libxml2.la: $(LIBXML2_BUILD)/libxml2.la
    $(MAKEINSTALL) -C $(LIBXML2_BUILD) install-libLTLIBRARIES

$(OC_SYSROOT)/lib/pkgconfig/libxml-2.0.pc: $(LIBXML2_BUILD)/libxml-2.0.pc
    $(MAKEINSTALL) -C $(LIBXML2_BUILD) install-data

LIBXML_DEPS := $(OC_SYSROOT)/lib/libxml2.la $(OC_SYSROOT)/lib/pkgconfig/libxml-2.0.pc

libxml: $(LIBXML_DEPS)

#####################################################################
#
# Build GNU MP
#
# https://gmplib.org/
GMP_VER := 6.2.1
GMP_TAR := gmp-$(GMP_VER).tar.xz
GMP_SHA := fd4829912cddd12f84181c3451cc752be224643e87fac497b69edddadc49b4f2
GMP_SRC := sources/gmp-$(GMP_VER)
GMP_BUILD := $(TRIPLET)/gmp

$(GMP_TAR):
    $(FETCH) $@ $(GMP_SHA)

$(GMP_SRC)/configure: $(GMP_TAR)
    mkdir -p sources
    tar -xJf $< -C sources
    touch $@

$(GMP_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(GMP_SRC)/configure
    mkdir -p $(GMP_BUILD)
    cd $(GMP_BUILD) && ../../$(GMP_SRC)/configure $(CONFIGURE_ARGS) 

$(GMP_BUILD)/libgmp.la: $(GMP_BUILD)/Makefile
    $(MAKE) -C $(GMP_BUILD)

$(OC_SYSROOT)/lib/libgmp.la: $(GMP_BUILD)/libgmp.la
    $(MAKEINSTALL) -C $(GMP_BUILD) install

GMP_DEPS := $(OC_SYSROOT)/lib/libgmp.la

gmp: $(GMP_DEPS)

#####################################################################
#
# Build nettle
#
# https://ftp.gnu.org/gnu/nettle/
NETTLE_VER := 3.6
NETTLE_TAR := nettle-$(NETTLE_VER).tar.gz
NETTLE_SHA := d24c0d0f2abffbc8f4f34dcf114b0f131ec3774895f3555922fe2f40f3d5e3f1
NETTLE_SRC := sources/nettle-$(NETTLE_VER)
NETTLE_BUILD := $(TRIPLET)/nettle

$(NETTLE_TAR):
    $(FETCH) $@ $(NETTLE_SHA)

$(NETTLE_SRC)/configure: $(NETTLE_TAR)
    mkdir -p sources
    tar xfz $< -C sources
    touch $@

$(NETTLE_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(NETTLE_SRC)/configure $(GMP_DEPS)
    mkdir -p $(NETTLE_BUILD)
    cd $(NETTLE_BUILD) && ../../$(NETTLE_SRC)/configure $(CONFIGURE_ARGS)

$(NETTLE_BUILD)/libnettle.a: $(NETTLE_BUILD)/Makefile
    $(MAKE) -C $(NETTLE_BUILD) SUBDIRS=

$(OC_SYSROOT)/lib/libnettle.a: $(NETTLE_BUILD)/libnettle.a
    $(MAKEINSTALL) -C $(NETTLE_BUILD) SUBDIRS= install

NETTLE_DEPS := $(OC_SYSROOT)/lib/libnettle.a

nettle: $(NETTLE_DEPS)

#####################################################################
#
# Build GnuTLS
#
# https://www.gnutls.org/download.html
GNUTLS_VER := 3.6.16
GNUTLS_TAR := gnutls-$(GNUTLS_VER).tar.xz
GNUTLS_SHA := 1b79b381ac283d8b054368b335c408fedcb9b7144e0c07f531e3537d4328f3b3
GNUTLS_SRC := sources/gnutls-$(GNUTLS_VER)
GNUTLS_BUILD := $(TRIPLET)/gnutls

$(GNUTLS_TAR):
    $(FETCH) $@ $(GNUTLS_SHA)

$(GNUTLS_SRC)/configure: $(GNUTLS_TAR)
    mkdir -p sources
    xz -d < $< | tar xf - -C sources
    touch $@

#$(GNUTLS_SRC)/configure.ac:
#   mkdir -p sources
#   cd sources && git clone git://gitorious.org/gnutls/gnutls.git

#$(GNUTLS_SRC)/configure: $(GNUTLS_SRC)/configure.ac
#   touch $(GNUTLS_SRC)/ChangeLog
#   cd $(GNUTLS_SRC) && autoreconf -fvi

$(GNUTLS_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(GNUTLS_SRC)/configure $(NETTLE_DEPS)
    mkdir -p $(GNUTLS_BUILD)
    cd $(GNUTLS_BUILD) && ../../$(GNUTLS_SRC)/configure $(CONFIGURE_ARGS) \
        AUTOGEN=/bin/false \
        --disable-threads --disable-tests --disable-nls \
        --disable-doc --disable-openssl-compatibility --disable-cxx \
        --disable-openssl-compatibility --disable-ocsp --disable-tools \
        --disable-anon-authentication --with-included-libtasn1 \
        --enable-psk-authentication --disable-srp-authentication \
        --disable-dtls-srtp-support  --enable-dhe --enable-ecdhe \
        --with-included-unistring --without-p11-kit --disable-guile

$(GNUTLS_BUILD)/lib/libgnutls.la: $(GNUTLS_BUILD)/Makefile
    $(MAKE) -C $(GNUTLS_BUILD)

$(OC_SYSROOT)/lib/libgnutls.la: $(GNUTLS_BUILD)/lib/libgnutls.la
    $(MAKEINSTALL) -C $(GNUTLS_BUILD) install

GNUTLS_DEPS := $(OC_SYSROOT)/lib/libgnutls.la

gnutls: $(GNUTLS_DEPS)

#####################################################################
#
# Build libstoken
#
# https://sourceforge.net/projects/stoken/files/
STOKEN_VER := 0.92
STOKEN_TAR := stoken-$(STOKEN_VER).tar.gz
STOKEN_SHA := aa2b481b058e4caf068f7e747a2dcf5772bcbf278a4f89bc9efcbf82bcc9ef5a
STOKEN_SRC := sources/stoken-$(STOKEN_VER)
STOKEN_BUILD := $(TRIPLET)/stoken

$(STOKEN_TAR):
    $(FETCH) $@ $(STOKEN_SHA)

$(STOKEN_SRC)/configure: $(STOKEN_TAR)
    mkdir -p sources
    tar xfz $< -C sources
    touch $@

$(STOKEN_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(STOKEN_SRC)/configure $(NETTLE_DEPS)
    mkdir -p $(STOKEN_BUILD)
    cd $(STOKEN_BUILD) && ../../$(STOKEN_SRC)/configure $(CONFIGURE_ARGS) \
        --without-gtk

$(STOKEN_BUILD)/libstoken.la: $(STOKEN_BUILD)/Makefile
    $(MAKE) -C $(STOKEN_BUILD)

$(OC_SYSROOT)/lib/libstoken.la: $(STOKEN_BUILD)/libstoken.la
    $(MAKEINSTALL) -C $(STOKEN_BUILD) install

STOKEN_DEPS := $(OC_SYSROOT)/lib/libstoken.la

stoken: $(STOKEN_DEPS)

#####################################################################
#
# Build liboath
#
# https://download.savannah.nongnu.org/releases/oath-toolkit/
OATH_VER := 2.6.7
OATH_TAR := oath-toolkit-$(OATH_VER).tar.gz
OATH_SHA := 36eddfce8f2f36347fb257dbf878ba0303a2eaafe24eaa071d5cd302261046a9
OATH_SRC := sources/oath-toolkit-$(OATH_VER)
OATH_BUILD := $(TRIPLET)/oath

$(OATH_TAR):
    $(FETCH) $@ $(OATH_SHA)

$(OATH_SRC)/configure: $(OATH_TAR)
    mkdir -p sources
    tar xfz $< -C sources
    > $(OATH_SRC)/liboath/gl/freading.c
    touch $@

$(OATH_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(OATH_SRC)/configure
    mkdir -p $(OATH_BUILD)
    cd $(OATH_BUILD) && ../../$(OATH_SRC)/configure $(CONFIGURE_ARGS) \
        --disable-pskc --disable-pam \
        gl_cv_func_fflush_stdin=yes \
        gl_cv_func_fpurge_works=yes

$(OATH_BUILD)/liboath/liboath.la: $(OATH_BUILD)/Makefile
    $(MAKE) -C $(OATH_BUILD)/liboath

$(OC_SYSROOT)/lib/liboath.la: $(OATH_BUILD)/liboath/liboath.la
    $(MAKEINSTALL) -C $(OATH_BUILD)/liboath install

OATH_DEPS := $(OC_SYSROOT)/lib/liboath.la

oath: $(OATH_DEPS)

#####################################################################
#
# Build liblz4
#
# https://github.com/lz4/lz4/tags
LZ4_VER := 1.9.3
LZ4_TAR := lz4-v$(LZ4_VER).tar.gz
LZ4_SHA := 030644df4611007ff7dc962d981f390361e6c97a34e5cbc393ddfbe019ffe2c1
LZ4_DIR := $(TRIPLET)/lz4-$(LZ4_VER)

$(LZ4_TAR):
    $(FETCH) $@ $(LZ4_SHA)

$(LZ4_DIR)/Makefile: $(LZ4_TAR)
    mkdir -p $(TRIPLET)
    tar xzf $< -C $(TRIPLET)
    touch $@

$(OC_SYSROOT)/lib/liblz4.a: $(TOOLCHAIN_BUILT) $(LZ4_DIR)/Makefile
    $(MAKE) -C $(LZ4_DIR)/lib \
        CC="$(TRIPLET)-clang $(EXTRA_CFLAGS)" \
        AR="$(TRIPLET)-ar" \
        LIBDIR=$(OC_SYSROOT)/lib \
        INCLUDEDIR=$(OC_SYSROOT)/include \
        install
    rm -f $(OC_SYSROOT)/lib/liblz4.so*

LZ4_DEPS := $(OC_SYSROOT)/lib/liblz4.a

lz4: $(LZ4_DEPS)

#####################################################################
#
# Build OpenConnect for Android
#
OPENCONNECT_SRC := ..
OPENCONNECT_BUILD := $(TRIPLET)/openconnect

$(OPENCONNECT_SRC)/configure:
    cd $(OPENCONNECT_SRC) && ./autogen.sh

$(OPENCONNECT_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(GNUTLS_DEPS) $(LIBXML_DEPS) \
        $(STOKEN_DEPS) $(OATH_DEPS) $(LZ4_DEPS) $(OPENCONNECT_SRC)/configure
    mkdir -p $(OPENCONNECT_BUILD)
    cd $(OPENCONNECT_BUILD) && ../../../configure \
    --host=$(TRIPLET) --prefix=/ \
    CFLAGS="$(EXTRA_CFLAGS) -fvisibility=default -fPIE" \
    LDFLAGS="$(EXTRA_LDFLAGS) -rdynamic -pie" \
    GNUTLS_LIBS="$(shell $(PKG_CONFIG) --static --libs gnutls)" \
    LIBSTOKEN_LIBS="$(shell $(PKG_CONFIG) --static --libs stoken)" \
    --enable-shared --with-vpnc-script=/etc/vpnc/vpnc-script \
    --with-java=$(OC_SYSROOT)/include --enable-jni-standalone \
    --disable-symvers

openconnect: $(OPENCONNECT_BUILD)/Makefile
    make -C $(OPENCONNECT_BUILD)
    make -C $(OPENCONNECT_BUILD) install-strip DESTDIR=$(DESTDIR)

#####################################################################
#
# Build run_pie helper program
#
$(DESTDIR)/sbin/run_pie: run_pie.c $(TOOLCHAIN_BUILT)
    mkdir -p $(DESTDIR)/sbin
    $(TRIPLET)-clang $< -o $@ -ldl

.PHONY: run_pie
run_pie: $(DESTDIR)/sbin/run_pie

#####################################################################
#
# Special targets for maintainer use
#

# download + extract, but do not build
.PHONY: sources
sources: $(SOURCE_LIST)

.PHONY: $(MIRROR_TEST_TARGETS)
$(MIRROR_TEST_TARGETS) : mirror-test-% :
    $(FETCH) --mirror-test $($(*)_TAR) $($(*)_SHA)

# (re)test all mirrors for all packages. safe for use with "make -jN"
.PHONY: mirror-test
mirror-test: $(MIRROR_TEST_TARGETS)
NgoHuy commented 2 years ago

you should edit this line EXTRA_CFLAGS += -D__ANDROID_API__=$(API_LEVEL) -O2

siromidz commented 2 years ago

EXTRA_CFLAGS += -D__ANDROID_API__=$(API_LEVEL) -O2

I changed that line to this: EXTRA_CFLAGS += -D__ANDROID_API__=$(API_LEVEL) -O2 -fuse-ld=gold but nothing changed. still crash

2021-07-15 07:52:13.965 24018-24216/app.openconnect A/libc: FORTIFY: %n not allowed on Android
2021-07-15 07:52:13.965 24018-24216/app.openconnect A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 24216 (OpenVPNManageme), pid 24018 (app.openconnect)
siromidz commented 2 years ago

EXTRA_CFLAGS += -D__ANDROID_API__=$(API_LEVEL) -O2

I changed that line to this: EXTRA_CFLAGS += -D__ANDROID_API__=$(API_LEVEL) -O2 -fuse-ld=gold but nothing changed. still crash

2021-07-15 07:52:13.965 24018-24216/app.openconnect A/libc: FORTIFY: %n not allowed on Android
2021-07-15 07:52:13.965 24018-24216/app.openconnect A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 24216 (OpenVPNManageme), pid 24018 (app.openconnect)

did I edit that line correctly?

siromidz commented 2 years ago

git clone https://github.com/NgoHuy/ics-openconnect.git cd ics-openconnect git checkout latest-curl git submodule init git submodule update cd external/openconnect git checkout master git pull git submodule update --init cd ../.. make -C external

does this work on redhat?

siromidz commented 2 years ago

EXTRA_CFLAGS += -D__ANDROID_API__=$(API_LEVEL) -O2

I changed that line to this: EXTRA_CFLAGS += -D__ANDROID_API__=$(API_LEVEL) -O2 -fuse-ld=gold but nothing changed. still crash

2021-07-15 07:52:13.965 24018-24216/app.openconnect A/libc: FORTIFY: %n not allowed on Android
2021-07-15 07:52:13.965 24018-24216/app.openconnect A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 24216 (OpenVPNManageme), pid 24018 (app.openconnect)

@NgoHuy is this correct? or i have to edit this in another way? I'm using kali linux

NgoHuy commented 2 years ago

I'm not sure why it crashed, I use debian and archlinux to build it

siromidz commented 2 years ago

I'm not sure why it crashed, I use debian and archlinux to build it

could you please tell me the exact distribution and version you are using so that I can compile the project?

NgoHuy commented 2 years ago

I use debian and archlinux with latest update

daktak commented 7 months ago

this is my apk, does it crash on your phone? https://drive.google.com/file/d/1ynE77127QPLzoDSLCXOPI2HEMx3YXGXN/view?usp=sharing

This still works on Android 13. I had to rename by certs to .jpg as file permissions seemed to only work for "Media"

wolandtel commented 3 months ago

I've wasted all the day to build it. So that's the step-by-step instruction.

mkdir ics-openconnect
cd ics-openconnect

# download gnutls+nettle.patch
git clone https://github.com/cernekee/ics-openconnect ics-openconnect.github

cd ics-openconnect
# external/Makefile → check ANDROID_NDK path; remove anything except arm from ARCHS

git submodule init
git submodule update

cd external/openconnect
git apply ../../../gnutls+nettle.patch
cd ../..

make -C external

./gradlew assembleDebug

cd ..
mv ics-openconnect.github/app/build/outputs/apk/debug/app-debug.apk OpenConnect.apk

gnutls+nettle.patch.zip

And the result: OpenConnect.apk.zip

ildar commented 3 months ago

Mikhail, thank you so much for your contribution. I asked F-Droid guys to build it according to your instructions. Thanks again! ref: https://gitlab.com/fdroid/fdroiddata/-/issues/941

ildar commented 3 months ago

Mikhail, ppl, can anyone update the libopenconnect to the latest version?

ildar commented 3 months ago

Found another repo, maybe worth moving. https://gitlab.com/openconnect/ics-openconnect/-/issues/8

DimitriPapadopoulos commented 3 months ago

It would be worth submitting a pull request to https://gitlab.com/openconnect/openconnect/. The above patch doesn't appear to apply cleanly to the current master branch, I'll have a look.

Indeed, https://gitlab.com/openconnect/ics-openconnect/ is more recent and the patch you refer to is obsolete as far as I can see.

wolandtel commented 3 months ago

The above patch doesn't appear to apply cleanly to the current master branch

Of course. When you do git submodule … you get the tag v8.03 of openconnect.

wolandtel commented 3 months ago

Mikhail, ppl, can anyone update the libopenconnect to the latest version?

What do you mean? Build ics-openconnect with the latest version of the lib? What for?

wolandtel commented 3 months ago

Found another repo, maybe worth moving. https://gitlab.com/openconnect/ics-openconnect/-/issues/8

Gitlab project has the same build problems as the current one. And maybe a little bit more. And all the difference is a new functionality (protocols added). I was need just an openconnect.

DimitriPapadopoulos commented 3 months ago

Oh, I see, I wasn't aware it uses submodule, sorry about it. Any way, the OpenConnect library has been maintained in https://gitlab.com/openconnect/openconnect/ for years and 8.0.3 has become obsolete, although I understand it works for you. What way forward would you suggest for the community?

wolandtel commented 3 months ago

Dimitri, I think only an openconnect's maintainer has enough knowledge to build android client with the actual version of libopenconnect. It hasn't been built for the x86 arch, for example (v8.0.3) and I've just skipped it. So I suppose there will be a lot of issues if you try to build with the libopenconnect's master.