openconnect

The primary motivation for creating this extension is to address a critical bug in openconnect-9.12-7 (the version currently available in Fedora 42) that prevents successful connections to certain VPN configurations. This bug is tracked here: https://gitlab.com/openconnect/openconnect/-/issues/659

This extension is intended as a temporary solution until the openconnect package is updated in the official Fedora repositories. The issue is also tracked in Red Hat Bugzilla here: https://bugzilla.redhat.com/show_bug.cgi?id=2376504

It is built from a COPR: dwmw2/openconnect.

Compatibility

This sysext is compatible with Fedora Atomic Desktops.

Versions available

See the openconnect versions.

Usage instructions

First time setup

Run those commands if you have not yet installed any sysext on your system:

sudo install -d -m 0755 -o 0 -g 0 /var/lib/extensions /var/lib/extensions.d
sudo restorecon -RFv /var/lib/extensions /var/lib/extensions.d
sudo systemctl enable --now systemd-sysext.service

Installation

Define a helper function:

install_sysext() {
  SYSEXT="${1}"
  URL="https://extensions.fcos.fr/extensions"
  sudo install -d -m 0755 -o 0 -g 0 /etc/sysupdate.${SYSEXT}.d
  sudo restorecon -RFv /etc/sysupdate.${SYSEXT}.d
  curl --silent --fail --location "${URL}/${SYSEXT}.conf" \
    | sudo tee "/etc/sysupdate.${SYSEXT}.d/${SYSEXT}.conf"
  sudo /usr/lib/systemd/systemd-sysupdate update --component "${SYSEXT}"
}

Install the sysext:

install_sysext openconnect

Reboot your system or refresh the merged sysexts:

sudo systemctl restart systemd-sysext.service
systemd-sysext status

Note that this will merge all installed sysexts unconditionally.

Updates

Update this sysext using:

sudo /usr/lib/systemd/systemd-sysupdate update --component openconnect

If you want to use the new version immediately, make sure to refresh the merged sysexts:

sudo systemctl restart systemd-sysext.service
systemd-sysext status

To update all sysexts on a system:

for c in $(/usr/lib/systemd/systemd-sysupdate components --json=short | jq --raw-output '.components[]'); do
    sudo /usr/lib/systemd/systemd-sysupdate update --component "${c}"
done

Uninstall

Define a helper function:

uninstall_sysext() {
  SYSEXT="${1}"
  sudo rm -i "/var/lib/extensions/${SYSEXT}.raw"
  sudo rm -i "/var/lib/extensions.d/${SYSEXT}-"*".raw"
  sudo rm -i "/etc/sysupdate.${SYSEXT}.d/${SYSEXT}.conf"
  sudo rmdir "/etc/sysupdate.${SYSEXT}.d/"
}

Uninstall the sysext:

uninstall_sysext openconnect

Reboot your system or refresh the merged sysexts:

sudo systemctl restart systemd-sysext.service
systemd-sysext status