The Aruba VIA Client for Linux Debian packages are... not good.
First of all, there's no package repository. The instructions say that it can only be downloaded from Aruba's web site, behind a login. Also the instructions are outdated; they mention version 3.0.0.82618, but the file on the site is version 3.1.0.1811011...
Now that we've downloaded it, let's see what we've got.
$ dpkg -s via Package: via Status: install ok installed Priority: optional Section: net Installed-Size: 10336 Maintainer: dl-team-via <support@arubanetworks.com> Architecture: amd64 Version: 3.1.0.1811011-1811011.ubuntu1204 Replaces: clearpass-onguard, via Depends: libtdb1 Recommends: libc6 (>= 2.17), libdbus-1-3 (>= 1.0.2), libgcc1 (>= 1:4.1.1), libglib2.0-0 (>= 2.37.3), libgnome-keyring0 (>= 2.22.2), libnm-glib-vpn1 (>= 0.7.999), libproxy1 (>= 0.4.7), libqt4-network (>= 4:4.5.3), libqtcore4 (>= 4:4.7.0~beta1), libqtgui4 (>= 4:4.8.0), libstdc++6 (>= 4.1.1), libtdb1 (>= 1.2.7+git20101214), libxml2 (>= 2.7.4), zlib1g (>= 1:1.1.4), gdebi, iproute, traceroute, iptables Conflicts: clearpass-onguard Conffiles: /etc/init.d/via-vpn 27e1a3a9063887e510955ddf234b77db /etc/dbus-1/system.d/nm-viavpn-service.conf 2fe93d527bb7b4eb86f30437d1627f4f /etc/xdg/autostart/via-auto.desktop 6311f7d10405e313a9889c904ace7f2f /etc/bash_completion.d/via-cli cc2f708b4bf1ccb01df9723a77ec67cf /etc/NetworkManager/VPN/nm-viavpn-service.name 977b940c3a95ce629a82d0216cd1f48e Description: The Virtual Intranet Access (VIA) Client Homepage: www.arubanetworks.com
Already we see some package smells:
- The package declares itself in the Replaces field
- The package's dependencies are in the Recommends field. This means that the package manager isn't able to do its job of making sure that all the package's dependencies are actually installed.
Why does the package depend on gdebi? That makes absolutely no sense!
Many of these dependencies are obsolete. Qt4 is not present on modern distributions; the libnm-glib was deprecated in NetworkManager 1.0 (2015) and hasn't been build by default since NetworkManager 1.12! (I created the via-deps package to work around some of these issues).
- An init script, in 2019? Where's the systemd service?
The nm-viavpn-service should be in /usr/lib/NetworkManager/VPN.
Let's take a look at the maintainer scripts...
From via.postinst:
if [ ! -e /usr/share/via/via_config.xml ]; then cp /usr/share/via/via_config.xml.default /usr/share/via/via_config.xml || true fiIf via_config.xml is supposed to be a conffile then it should be put in /etc/via and managed via the package manager's own configuration file handling mechanisms.
#restart NetworkManager /usr/sbin/service network-manager restart || true
No care is taken to only restart NetworkManager if it was already running. And maintainer scripts should be using invoke-rc.d, not bypassing the policy-rc.d mechanism.
#restart UI /usr/bin/via-reset-ui-handler || true
This connects to the UNIX socket \0via-vpn-ui rather than the VPN client listening to some kind of signal from the VPN service. Not really the end of the world.
touch /usr/share/via/via_last_updated || true
State should be kept in /var/lib/via.
# create via user shortcut for all per-user destop getent passwd > via_homes.txt _HOMES="$(awk -F':' '{ if ( $3 >= 500 ) print $6 }' via_homes.txt)" _USERS="$(awk -F':' '{ if ( $3 >= 500 ) print $1 }' via_homes.txt)" rm -f via_homes.txt declare -A matrix r=0 for u in ${_USERS} do matrix[$r,0]=$u r=$(expr $r + 1 ) done r=0 for h in ${_HOMES} do matrix[$r,1]=$h r=$(expr $r + 1 ) done for((i=0;i<r;i++)) do u=${matrix[$i,0]} #username p=${matrix[$i,1]} #path if [ -d "$p/Desktop" ]; then echo "Creating $p/Desktop/via-ui.desktop" cp "/usr/share/applications/via-ui.desktop" "$p/Desktop/via-ui.desktop" chmod 777 "$p/Desktop/via-ui.desktop" echo "Setting user permissions for $u to $p/Desktop/via-ui.desktop" chown $u "$p/Desktop/via-ui.desktop" fi doneOh my god. Please just shit all over my filesystem. If you want to put files in the user's home directory like this then you should use autostart-spec. When you already bloody know about since you ship /etc/xdg/autostart/via-auto.desktop in your package!
But don't even do that. I don't want an icon for your VPN client on my desktop. I don't even have a desktop! But even if I did, I wouldn't want your icon permanently there! And I'm shocked, shocked to see that they make the file world writable so that any other user can come along and take over my user account.
And they don't even remove the temporary via_homes.txt file at the end... absolute amateur hour rubbish.
Also, on Debian, user account UIDs start at 1000. So as soon as you install this package on a system with a service account with a UID >= 500, you've polluted its home directory with this rubbish...
From via.postrm:
if [ "$1" = "remove" ]; then killall via-ui > /dev/null 2>&1 fi- Rude, and hardly necessary.
if [ "$1" = "purge" ]; then killall via-ui > /dev/null 2>&1 # Remove all per-user directories getent passwd > via_homes.txt _HOMES="$(awk -F':' '{ if ( $3 >= 500 ) print $6 }' via_homes.txt)" rm -f via_homes.txt for u in $_HOMES do if [ -d "$u/.via" ]; then echo "Removing $u/.via" rm -rf "$u/.via" fi if [ -f "$u/Desktop/via-ui.desktop" ]; then echo "Removing $u/Desktop/via-ui.desktop" rm "$u/Desktop/via-ui.desktop" fi done if [ -d "/root/.via" ]; then echo "Removing /root/.via" rm -rf "/root/.via" fi if [ -d /usr/share/via ]; then echo "Removing /usr/share/via" rm -rf /usr/share/via fi fiOh god, not this shit again. Maintainer scripts must not touch files in home directories!
Also, why are they removing /usr/share/via, which is a directory that they ship in their package? I bet it's because they store all kinds of state in there, rather than putting it in /var/lib/via where it belongs, isn't it...
Mercifully, via.prerm is entirely generated by Debhelper and therefore quite sane.
To be continued, as I gain the patience to document how awful this PoS is to use, let alone install...