aws-client-vpn: init at 1.0.0

[mcwitt]

Motivation for this change

Closes #128022

Note: This is not yet working. I'm pretty new to contributing to nixpkgs, and this is my first attempt at packaging a binary, so I'd appreciate any advice on the approach. Below is a description of the issues I've worked around so far.

1. 12a3c2d Start with bare-bones derivation from this wiki example using autoPatchelfHook. The results in a broken binary that immediately fails at runtime with Process terminated. Couldn't find a valid ICU package installed on the system.
2. 592643a Switch to manually patching executables and libraries with patchelf, add missing icu and gtk3 libraries to rpath. Now we get a popup saying There was a problem. Please report the issue (with grayed-out "Agree" button).
3. 1139919 Use wrapProgram from wrapGAppsHook to add redirect from /opt/awsvpnclient to $out/awsvpnclient. Now the error popup is gone and we get a normal-looking license agreement popup. But after accepting the application exits with the following printed to the terminal:

   (AWS VPN Client:61868): Gtk-CRITICAL **: 16:23:53.708: gtk_tree_model_iter_nth_child: assertion 'n >= 0' failed
   
   (AWS VPN Client:61868): Gtk-CRITICAL **: 16:23:53.708: gtk_list_store_get_path: assertion 'iter->stamp == priv->stamp' failed
   fish: Job 1, 'AWS\ VPN\ Client' terminated by signal SIGSEGV (Address boundary error)
   

4. Ran with gdb to find the following context on the segfault

   Thread 1 ".AWS VPN Client" received signal SIGSEGV, Segmentation fault.
   0x00007fff4d6742d6 in findElementWithHash (pH=0x8e4fe0, pKey=0x7fff4d7ae95f "charindex", pHash=0x0)
       at ../core/sqlite3.c:32947
   32947	../core/sqlite3.c: No such file or directory.
   

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• 21.11 Release Notes (or backporting 21.05 Relase notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-in-distress/3604/43

[SuperSandro2000]

We cannot have $out/awsvpnclient

[mcwitt]

I wasn't sure what to do here - the package is meant to be installed in /opt and all executables and libraries are under /opt/awsvpnclient in the package. Would it be better to just copy opt to $out/opt? (I think the binaries hardcode the /opt/awsvpnclient path, which is what made the redirects necessary, but it seems like we'd need to preserve the structure).

[SuperSandro2000]

/opt/awsvpnclient wont work anyway and if we change the path anyway we can also rewrite it to $out/lib etc.

[mcwitt]

Thanks, I updated to put awsvpnclient under lib/awsvpnclient in 48375ff

[mcwitt]

Thanks for the review @SuperSandro2000 !

[mcwitt]

I got a little further in debugging the segfault by running in gdb with

cd $(dirname "$(readlink -f "$(command -v "AWS VPN Client")")")/.. && nix run nixpkgs.gdb -c gdb awsvpnclient/".AWS VPN Client-wrapped"
(gdb) run

which results in

Thread 1 ".AWS VPN Client" received signal SIGSEGV, Segmentation fault.
0x00007fff4d6742d6 in findElementWithHash (pH=0x8e4fe0, pKey=0x7fff4d7ae95f "charindex", pHash=0x0)
    at ../core/sqlite3.c:32947
32947	../core/sqlite3.c: No such file or directory.

(gdb) bt
#0  0x00007fff4d6742d6 in findElementWithHash (pH=0x857820, pKey=0x7fff4d7ae95f "charindex", pHash=0x0) at ../core/sqlite3.c:32947
#1  0x00007fff4d67446a in sqlite3HashFind (pH=0x857820, pKey=0x7fff4d7ae95f "charindex") at ../core/sqlite3.c:33006
#2  0x00007fff4d6dc4cc in sqlite3FindFunction (db=0x8575e8, zName=0x7fff4d7ae95f "charindex", nArg=2, enc=1 '\001', createFlag=0 '\000') at ../core/sqlite3.c:115551
#3  0x00007fff4d768969 in RegisterExtensionFunctions (db=0x8575e8) at ../contrib/extension-functions.c:1817
#4  0x00007fff4d769024 in sqlite3_open_interop (filename=0x7fff58223648 "/home/matt/.config/AWSVPNClient/awsvpnclientmetrics.db", vfsName=0x0, flags=6, extFuncs=1,
    ppdb=0x7fffffffa4b8) at interop.c:429
#5  0x00007fff80617316 in ?? ()
#6  0x007f007f007f007f in ?? ()
#7  0x00000000010a0021 in ?? ()
#8  0x00007ffff7583718 in vtable for InlinedCallFrame () from /nix/store/jxvwn64g5n8ipggwhw5yqn5s311dn95m-aws-client-vpn-1.0.0/awsvpnclient/libcoreclr.so
#9  0x00007fffffffb798 in ?? ()
#10 0x00007fff8069d108 in ?? ()
#11 0x00007fff8069d108 in ?? ()
#12 0x00007fffffffa390 in ?? ()
#13 0x00007fff80617316 in ?? ()
#14 0x00007fffffffa430 in ?? ()
#15 0x00007fff58223638 in ?? ()
#16 0x00007fff8069d108 in ?? ()
#17 0x0000000000635f20 in ?? ()
#18 0x00007fffffffa4b8 in ?? ()
#19 0x0000000000000000 in ?? ()

So it looks like the segfault is happening inside sqlite (but I'm thinking this is more likely to be a manifestation of the problem than a root cause?)

[ivankovnatsky]

followed your steps, no clue yet.

you probably want to add yourself to maintainers list: https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix

[SuperSandro2000]

Why?

[mcwitt]

Without this I get

Failed to create CoreCLR, HRESULT: 0x80004005

when trying to run the binary (I found this workaround mentioned here). Admittedly I don't really understand the issue or why this fixes it; would be good to know if there's a better solution.

[mausch]

This seems to happen with all dotnet applications, no idea why.
IMHO just slap a comment to explain setting this, as in https://github.com/NixOS/nixpkgs/pull/114162/files#diff-07dd1ac705a7596aa88012cb4ed0854081fcb79530bfd88b06b5510c7fe0c571R24-R26

[mcwitt]

Good call, added a note in baef5fe

[mausch]

I don't have any specific advice but have a look at #114162 for reference - it's another dotnet application from AWS, also packaged as deb, so they probably have roughly the same dependencies, probably need similar workarounds, etc.

[mcwitt]

@mausch Thanks for the review! I'm on vacation for another week but planning to come back to this when I return. The example dot net derivation you referenced looks useful.

[abhibansal530]

Any update on this? I am also looking for a nixpkg to run AWS VPN client.

[mcwitt]

I see that 1.0.3 is now available. I tried upgrading in the hope that whatever issue was causing the segfault would be resolved, but no such luck.

I did manage to simplify the method of getting to the same result as before by following #114162 and using autoPatchelfHook instead of patching manually. At this point I'm not sure what to try next to resolve the segfault issue. Any pointers (hehe) would be really appreciated.

@abhibansal530 have you given this project a try? It's been satisfactory for me in the meantime. Full disclosure, I'm actually not using AWS VPN at work anymore, so getting this working hasn't been a super high priority for me lately. If anyone is up for taking it over, feel free to.

[abhibansal530]

Thanks @mcwitt , for now I was able to use AWS VPN using project mentioned by you.

[ymatsiuk]

I've created a flake for the updated wrapper from samm-git/aws-vpn-client#16 -> here

[bhoudebert]

I've created a flake for the updated wrapper from samm-git/aws-vpn-client#16 -> here

I used, with a little bump this https://github.com/ymatsiuk/awsvpnclient based on samm-git

It is working, even if I have to copy/paste the link (triggered link browser does result in a dummy page) I get authenticated.

Could we move forward by including this/part of this as nixpkgs?

[wusticality]

I've created a flake for the updated wrapper from samm-git/aws-vpn-client#16 -> here

Thank you so much for this, you saved me on NixOS.