You are not logged in.

#1 2020-04-24 07:30:13

tiagoespinha
Member
Registered: 2020-04-24
Posts: 8

PKGBUILD review request: f5cli

Hi everyone,

This is the first PKGBUILD that I'm making. It's a VPN client for the F5 BIG-IP solution. There's already a similar package (f5vpn) but that one is meant to be used by logging in via the browser which then triggers the local F5 client to start.

This one allows a fully CLI process and is preferred by many as otherwise one must have a browser tab open for the whole duration of the VPN session.

Any feedback is appreciated.

# Maintainer: Tiago Espinha <tiago+aur@espinha.co.uk>
pkgname=f5cli
pkgver=7190.2020.0221.1
pkgrel=1
pkgdesc="CLI version of the VPN client using the F5Networks BIG-IP APM"
arch=("x86_64")
license=('Commercial')
source_x86_64=("linux_f5cli-${pkgver}.x86_64.rpm::https://connect.healthsystem.virginia.edu/public/download/linux_f5vpn.x86_64.rpm")
package() {
        chmod u+s "usr/local/lib/F5Networks/SSLVPN/svpn_x86_64"
        install -dm755 "${pkgdir}/usr/bin/"
        install -dm755 "${pkgdir}/usr/local/lib/F5Networks/SSLVPN/var/run" # For svpn.pid
        cp -a usr "${pkgdir}"
}
md5sums_x86_64=('bfd46a796b00b4e34ce3cf8e35593e86')

Offline

#2 2020-04-24 10:54:13

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,866

Re: PKGBUILD review request: f5cli

chmod u+s "usr/local/lib/F5Networks/SSLVPN/svpn_x86_64"

install -dm755 "${pkgdir}/usr/local/lib/F5Networks/SSLVPN/var/run" # For svpn.pid

On archlinux /usr/local/ is supposed to be used only for installations not managed by pacman.
PKGBUILDs should leave /usr/local/ alone .


license=('Commercial')

You probably want to use "custom" and put the license in $pkgdir/usr/share/licenses/$pkgname  folder
see https://wiki.archlinux.org/index.php/PKGBUILD#license for details.


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#3 2020-04-24 11:20:45

tiagoespinha
Member
Registered: 2020-04-24
Posts: 8

Re: PKGBUILD review request: f5cli

Thanks for your reply @Lone_Wolf

Do you reckon it'd be acceptable to straight up install whatever's in /usr/local/**/* into /usr/ ?

I'm very new to packaging in Arch so any bit of guidance is helpful - thank you.

Offline

#4 2020-04-24 11:42:48

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,866

Re: PKGBUILD review request: f5cli

I overlooked that the source for this package is a rpm binary.
Adapting those to work on archlinux can be tricky.

I am able to download the source file and it appears to be packed for install under /opt/f5  .
That should work on archlinux also and is a good location for commercial stuff that's supposed to run stand alone,

Try installing everything in the rpm to $pkgdir/opt/ .


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#5 2020-04-24 11:55:54

tiagoespinha
Member
Registered: 2020-04-24
Posts: 8

Re: PKGBUILD review request: f5cli

Oh no - I made a mistake - apologies. I'm pointing to the wrong binary.

Here goes again:

# Maintainer: Tiago Espinha <tiago+aur@espinha.co.uk>
pkgname=f5cli
pkgver=7190.2020.0221.1
pkgrel=1
pkgdesc="CLI version of the VPN client using the F5Networks BIG-IP APM"
arch=("x86_64")
license=('Commercial')
source_x86_64=("linux_f5cli-${pkgver}.x86_64.rpm::https://connect.healthsystem.virginia.edu/public/download/linux_f5cli.x86_64.rpm")
package() {
        chmod u+s "usr/local/lib/F5Networks/SSLVPN/svpn_x86_64"
        install -dm755 "${pkgdir}/usr/bin/"
        install -dm755 "${pkgdir}/usr/local/lib/F5Networks/SSLVPN/var/run" # For svpn.pid
        cp -a usr "${pkgdir}"
}
md5sums_x86_64=('bfd46a796b00b4e34ce3cf8e35593e86')

Where it read f5vpn in the path, it should have read f5cli. This happened because I was reusing much of the package that's already in the AUR (f5vpn).

This one does not make use of /opt/ as far as I can tell.

Offline

#6 2020-04-24 13:21:51

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,441
Website

Re: PKGBUILD review request: f5cli

It's good to look at examples already in the AUR, but don't assume they are good.  Sadly a large portion of what is in the AUR is crap.

Follow the wiki and man pages primarily.

Note, in addition to the previous comments (which I don't see incorporated yet) the package name should also end in a -bin suffix.  And while purely cosmetic, the functions (like package) are generally separated by a blank line from variables.  For better or worse, going against such practice - even if completely harmless - will often make the PKGBUILD just look less polished and trustworthy.  The checksums are generally also with the variables at the top, but there are other cases with them at the bottom because they were tacked on with makepkg -g.

Last edited by Trilby (2020-04-24 13:22:49)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#7 2020-04-24 13:36:20

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,461

Re: PKGBUILD review request: f5cli

I disagree on the -bin suffix. It's only necessary to differentiate a binary version from a source-built version. If there's no source available, it's not necessary.

Why are you creating an empty "${pkgdir}/usr/bin/"?

Offline

#8 2020-04-24 13:58:58

tiagoespinha
Member
Registered: 2020-04-24
Posts: 8

Re: PKGBUILD review request: f5cli

Yeah on the -bin suffix the wiki pages' advice is the same as Scimmia's: only put it in if the source is available. This is not the case for this package. Only the binary is distributed.

So here's a new version incorporating, I think, all of the suggestions so far:

# Maintainer: Tiago Espinha <tiago+aur@espinha.co.uk>
pkgname=f5cli
pkgver=7190.2020.0221.1
pkgrel=1
pkgdesc="CLI version of the VPN client using the F5Networks BIG-IP APM"
arch=("x86_64")
license=('Commercial')
source_x86_64=("linux_f5cli-${pkgver}.x86_64.rpm::https://connect.healthsystem.virginia.edu/public/download/linux_f5cli.x86_64.rpm")
md5sums_x86_64=('bfd46a796b00b4e34ce3cf8e35593e86')

package() {
        chmod u+s "usr/local/lib/F5Networks/SSLVPN/svpn_x86_64"
        install -dm755 "${pkgdir}/usr/bin/"
        install -dm755 "${pkgdir}/usr/local/lib/F5Networks/SSLVPN/var/run" # For svpn.pid
        cp -a usr "${pkgdir}"
}

As for the suggestion re: licensing, the package doesn't contain a license file. So the license is effectively closed-source/commercial - should I still set it to custom in such a case?

> Why are you creating an empty "${pkgdir}/usr/bin/"?

I'm not entirely sure about this. Effectively the package has a directory tree of /usr/local/{lib,bin} which based on the comments above sounds like I should be installing in /usr/{lib,bin} . That's roughly what I thought the first install command was doing but it seems like I probably misunderstood it...

I'll give it another go to get things in the right directories.

Offline

#9 2020-04-24 14:05:12

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,441
Website

Re: PKGBUILD review request: f5cli

Sounds good for the suffix.  Out of curiosity, where in the wiki do you see this.  I tried to look this up and I'm not finding any mention of the suffixes now in the formal guidelines ... I may need more coffee.

tiagoespinha wrote:

As for the suggestion re: licensing, the package doesn't contain a license file. So the license is effectively closed-source/commercial

This does not follow ... at all.  If there is no license, it is illegal to use or distribute.  Period.

There is a license file included with f5vpn, I'm not sure where they got it from.

EDIT: I also see there is no upstream url in your PKGBUILD.  The source comes from a univerity apparently redistrubuting the binary which originally came from f5.com (which seems to require a login to download anything).  This may be illegal redistrubution by the university - if this is the case, it should not be used.

EDIT 2: according to the license with the f5vpn package, redistribution of the binary is not allowed.  The virginia.edu host is violating the license terms.  Please do not use it.

Last edited by Trilby (2020-04-24 14:14:44)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#10 2020-04-24 14:38:46

tiagoespinha
Member
Registered: 2020-04-24
Posts: 8

Re: PKGBUILD review request: f5cli

Trilby wrote:

There is a license file included with f5vpn, I'm not sure where they got it from.

I _think_ the f5vpn does have a LICENSE file, but the f5cli doesn't.

Trilby wrote:

EDIT 2: according to the license with the f5vpn package, redistribution of the binary is not allowed.  The virginia.edu host is violating the license terms.  Please do not use it.

I think this is one of those dark gray areas. The license may say so (I haven't personally checked myself but I believe you), yet at the same time this is how the F5 VPN server is meant to distribute the software that allows Linux clients to connect. You need to be able to access them, before connecting to the VPN, so those files need to be distributed to would-be users by the VPN server instance itself. In fact, for other distros, when you try to login to the VPN server, it directly gives you two necessarily-publicly-accessible links (one for a .deb, one for a .rpm) to that exact binary that the f5vpn AUR package uses.

Personally, IANAL, but I think because it's the F5 server software itself that's distributing its own software and not the company sharing it on the side then that makes it okay. But again, don't quote me on this for any sort of legal advice.

Trilby wrote:

This does not follow ... at all.  If there is no license, it is illegal to use or distribute.  Period.

Either way the above is a fair point and in the interest of not getting in legal trouble, I'll drop this project.

Trilby wrote:

Sounds good for the suffix.  Out of curiosity, where in the wiki do you see this.

I found it here: https://wiki.archlinux.org/index.php/AU … submission

Packages that use prebuilt deliverables, when the sources are available, must use the -bin suffix. An exception to this is with Java. The AUR should not contain the binary tarball created by makepkg, nor should it contain the filelist.

Last edited by tiagoespinha (2020-04-24 14:40:59)

Offline

#11 2020-04-24 14:42:58

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,441
Website

Re: PKGBUILD review request: f5cli

tiagoespinha wrote:

Either way the above is a fair point and in the interest of not getting in legal trouble, I'll drop this project.

I didn't intend that result.  If I were you I'd contact F5 directly for guidance.  They have an active support website.

I am a stickler for adhering to licenses (even when, or especially when I don't like them), but communicating with the author or intellectual property owner often quickly clears up ambiguities.

And thanks for the link - it was a lack of coffee.  I was searching in the webpage like in a man page for '\-bin' to "escape" the dash ... so it didn't match *headdesk*.

Last edited by Trilby (2020-04-24 14:44:14)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#12 2020-04-24 14:47:59

tiagoespinha
Member
Registered: 2020-04-24
Posts: 8

Re: PKGBUILD review request: f5cli

Trilby wrote:
tiagoespinha wrote:

Either way the above is a fair point and in the interest of not getting in legal trouble, I'll drop this project.

I didn't intend that result.  If I were you I'd contact F5 directly for guidance.  They have an active support website.

I appreciate that smile but I'm also a stickler for the rules and at this stage this feels like more effort than it is worth. Especially since the F5 VPN seems to be quite a bit of a fringe provider of VPN software such that going through that effort just to get the package published on AUR probably wouldn't be worth it considering how few people probably would benefit from it.

Offline

#13 2020-04-24 14:57:20

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,461

Re: PKGBUILD review request: f5cli

tiagoespinha wrote:

So here's a new version incorporating, I think, all of the suggestions so far:

I think you meant NONE of the suggestions so far

Offline

#14 2020-04-24 15:07:24

tiagoespinha
Member
Registered: 2020-04-24
Posts: 8

Re: PKGBUILD review request: f5cli

Scimmia wrote:
tiagoespinha wrote:

So here's a new version incorporating, I think, all of the suggestions so far:

I think you meant NONE of the suggestions so far

Sorry. Not going to engage in a pointless discussion. Nice try though.

Thanks to everyone else for the input. Very helpful smile

Offline

#15 2020-04-24 20:57:50

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: PKGBUILD review request: f5cli

Personally, IANAL, but I think because it's the F5 server software itself that's distributing its own software and not the company sharing it on the side then that makes it okay. But again, don't quote me on this for any sort of legal advice.

If the f5.com company does in fact itself link to this download url then I don't see the problem.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#16 2020-04-24 21:07:01

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: PKGBUILD review request: f5cli

tiagoespinha wrote:
Scimmia wrote:
tiagoespinha wrote:

So here's a new version incorporating, I think, all of the suggestions so far:

I think you meant NONE of the suggestions so far

Sorry. Not going to engage in a pointless discussion. Nice try though.

https://wiki.archlinux.org/index.php/Co … ther_users
Scimmia was correct, you haven't incorporated any of the suggestions in the first few posts...


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#17 2020-04-24 21:38:31

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,441
Website

Re: PKGBUILD review request: f5cli

eschwartz wrote:

If the f5.com company does in fact itself link to this download url then I don't see the problem.

I don't believe they do.  The statement was reasoned that "People need the software to connect, so they must be able to download it."  That is true, but is missing the key point in the middle: they can download it (legally) from the f5 after they pay for it.

FYI, there seems to be a linux f5vpn unofficial cli client that is licensed GPL3 here:
https://fuhm.net/software/f5vpn-login/

Last edited by Trilby (2020-04-24 21:42:30)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#18 2020-04-24 21:44:19

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: PKGBUILD review request: f5cli

Well, I'm not entirely sure what "the F5 server software itself that's distributing its own software" means.

In fact, for other distros, when you try to login to the VPN server, it directly gives you two necessarily-publicly-accessible links (one for a .deb, one for a .rpm) to that exact binary that the f5vpn AUR package uses.

Hmmm... is it saying the f5 server software is designed by f5 to produce public download links customized for a specific f5 paid deployment? If so, it would seem that virginia.edu must have permission to publicly host this download link.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#19 2020-04-24 22:22:50

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,441
Website

Re: PKGBUILD review request: f5cli

Yet the license says this is not allowed.  Just because one can find a publicly accessible link does not mean it is legal to use.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#20 2020-04-27 06:43:21

tiagoespinha
Member
Registered: 2020-04-24
Posts: 8

Re: PKGBUILD review request: f5cli

Slithery wrote:
tiagoespinha wrote:
Scimmia wrote:

I think you meant NONE of the suggestions so far

Sorry. Not going to engage in a pointless discussion. Nice try though.

https://wiki.archlinux.org/index.php/Co … ther_users
Scimmia was correct, you haven't incorporated any of the suggestions in the first few posts...

He wasn't though. I did incorporate the suggestions which were clear black and white (e.g., spacing) and the ones I didn't, I asked for advice on hoping to iterate towards a final PKGBUILD and conscious that I wasn't there yet.

But, to follow up on the pedantry, seeing as I did incorporate at least one, this "you haven't incorporated ANY" (emphasis mine) is wrong.

Arch Linux is a respectful, inclusive community. Anti-social or offensive behaviour will not be tolerated. Simply put, treat others as you would be treated; respect them and their views, even if you disagree with them. When you do find yourself disagreeing; counter the idea or the argument. Do not engage in ad hominem attacks.

I clearly stated in my first post that this is the first package that I'm making. And I respectfully asked for advice.

Scimmia wrote:

I think you meant NONE of the suggestions so far

This is not factual and is, in my view, not a behaviour of a "inclusive community".

But this has clearly diverged. I will not be pursuing this package. Please feel free to close, delete, or whatever the rules state. I don't really care at this stage. I was trying to do a service to the community, not engaging in pointless grammar contests which is what the "inclusive community" has thrown at me.

Again, thanks @Trilby et al for the useful advice.

Offline

Board footer

Powered by FluxBB