|
| 1 | +--- |
| 2 | +title: "Speedrunning setting up a plasma-nm development environment" |
| 3 | +tags: ["plasma"] |
| 4 | +date: 2024-02-11T19:55:59-08:00 |
| 5 | +draft: false |
| 6 | +--- |
| 7 | + |
| 8 | +* Why did I set up a plasma-nm development environment in the first place? |
| 9 | + |
| 10 | +** Why did I want to contribute changes to plasma-nm? |
| 11 | + |
| 12 | +If you have peaked at my GitHub profile or activity, you probably know a couple of |
| 13 | +things about me. |
| 14 | + |
| 15 | +1. I do not use Plasma or GNOME but rather Xmonad. |
| 16 | +2. I mostly focus on kernel development and related low-level subjects these |
| 17 | + days. |
| 18 | + |
| 19 | +So why would I bother contributing to ~plasma-nm~? Well, the company that pays |
| 20 | +me for my day job uses Cisco AnyConnect as the VPN solution. From our company's |
| 21 | +IT management perspective, Cisco AnyConnect "supports" Windows, macOS, and |
| 22 | +Linux. The Linux client does not meet our needs, and we need to support FreeBSD |
| 23 | +development as well. We depend heavily on the [[https://www.infradead.org/openconnect/][openconnect]] reverse-engineered |
| 24 | +alternative. The company uses a strict SSO model backed by Microsoft Identity |
| 25 | +Platform services. Support for SSO flows is available through the AnyConnect |
| 26 | +ecosystem through the SAML mechanism, which openconnect has implemented in |
| 27 | +recent years. There are two possible flows/algorithms for the SAML model with |
| 28 | +AnyConnect. One flow involves needing to feed cookies programmatically back into |
| 29 | +~libopenconnect~ for the authentication browser to succeed. The other flow |
| 30 | +involves redirecting a base64 blob that was generated through an authentication |
| 31 | +process done in a browser like Firefox or Chromium back to a localhost server |
| 32 | +run by openconnect for the sake of IPC with the external browser program. While |
| 33 | +the latter flow is much easier to utilize by users with no additional code |
| 34 | +changes required to be used, Cisco limits the external browser flow to newer |
| 35 | +hardware devices in their product model. This means supporting both flows is an |
| 36 | +important task for providing support for a variety of users. |
| 37 | + |
| 38 | +My personal motivation for adding this support was to empower young college |
| 39 | +students and academics who are interested in developing Linux but need to |
| 40 | +utilize their IT infrastructure in their institutions at the same time. Using |
| 41 | +AnyConnect/GlobalProtect on Linux platforms tends to not be viable for students, |
| 42 | +leading them to depend on ~openconnect~. A number of academic institutions have |
| 43 | +now started enforcing SSO flows for their VPN login flows. Not having the bits |
| 44 | +needed to support the cookie-based SSO authentication flow using ~plasma-nm~ |
| 45 | +along with ~openconnect~ would be disastrous for students using the Plasma |
| 46 | +environment. |
| 47 | + |
| 48 | +** Why not use NixOS like I normally do for working on random projects? |
| 49 | + |
| 50 | +Recapping, the reason I use NixOS is that it empowers me with the ability to |
| 51 | +rapidly work on complex upstream open source projects without needing to waste |
| 52 | +large amounts of time with development environment setup to be able to rebuild |
| 53 | +and use those projects from source. The first two features I authored for adding |
| 54 | +both [[https://invent.kde.org/plasma/plasma-nm/-/merge_requests/197][SAML external browser flows]] and [[https://invent.kde.org/plasma/plasma-nm/-/merge_requests/208][SAML built-in browser flows]] for ~plasma-nm~ |
| 55 | +were actually tested on NixOS, where I was able to work on these features |
| 56 | +without spending much time due to how quickly NixOS let me test my ~plasma-nm~ |
| 57 | +tree with zero manual setup work. I just passed a pointer to my local |
| 58 | +~plasma-nm~ tree, and NixOS took care of the rest for letting me test my |
| 59 | +~plasma-nm~ changes. I do not like MIS-type problems, which I feel NixOS |
| 60 | +eliminates in a lot of cases. |
| 61 | + |
| 62 | +The reason I did not continue using NixOS for ~plasma-nm~ development is that |
| 63 | +NixOS will base its dependencies off of released versions. With the Plasma 5.27 |
| 64 | +freeze to focus on the Plasma 6 efforts, the upstream codebase for Plasma |
| 65 | +components and frameworks heavily diverged from the 5.27 release components. To |
| 66 | +be able to get an upstream version of plasma-nm compatible with NixOS, I would |
| 67 | +need to rebuild a lot of dependencies from source. This is something that I did |
| 68 | +not want to burn time on. Recently, there has been work on a [[https://github.com/nix-community/kde2nix?tab=readme-ov-file][kde2nix]] packaging |
| 69 | +(which has now been upstreamed), but I was always running into cache misses, |
| 70 | +etc., and saw a lot of rebuilding from source. |
| 71 | + |
| 72 | +* Shortcutting the work needed to get a plasma-nm development environment |
| 73 | + |
| 74 | +Now, it's time to speedrun getting a ~plasma-nm~ development environment. |
| 75 | + |
| 76 | +1. Install the [[https://neon.kde.org/download][KDE Neon Developer Edition image]] (likely something like Arch |
| 77 | + Linux can work as well) |
| 78 | +2. Set up ~kdesrc-build~ using the [[https://community.kde.org/Get_Involved/development][wiki guide]] (**NOTE:** ~kde-builder~ is a |
| 79 | + drop-in replacement for ~kdesrc-build~ that is being tested at the time of |
| 80 | + writing this article) |
| 81 | +3. [[https://community.kde.org/Get_Involved/development/Set_up_a_development_environment][Set up a development environment with kdesrc-build or kde-builder]] |
| 82 | +4. [[https://community.kde.org/Get_Involved/development/Build_software_with_kdesrc-build][Build software with kdesrc-build]] |
| 83 | +5. The examples shown in the guide in step 4 all use ~kdesrc-run~ with very |
| 84 | + isolated GUI programs. You will likely notice that ~plasma-nm~ cannot be |
| 85 | + tested the same way. |
| 86 | +6. We will do ~kdesrc-build plasma-nm~ to build all the ~plasma-nm~ KDE |
| 87 | + frameworks dependencies. I actually just note the dependencies manually and |
| 88 | + ~kdesrc-build~ each one, but that involves reading the CMake files in the |
| 89 | + ~plasma-nm~ project. The point of this article is speedrunning getting |
| 90 | + started with ~plasma-nm~ development. |
| 91 | +7. In a directory outside the ~~/kde~ directory, ~git clone |
| 92 | + https://invent.kde.org/plasma/plasma-nm.git && cd plasma-nm~ |
| 93 | +8. ~mkdir build~ |
| 94 | +9. ~cd build~ |
| 95 | +10. ~cmake ../ -DCMAKE_FIND_ROOT_PATH=~/kde/ -DCMAKE_INSTALL_PREFIX=/usr [-DDISABLE_MODEMMANAGER_SUPPORT=true]~ |
| 96 | +11. ~make~ |
| 97 | +12. ~sudo make install~ |
| 98 | +13. Restart the plasma shell for the new ~plasma-nm~ instance to be loaded (I |
| 99 | + login-logout as my mindless speedrunning solution). |
| 100 | + |
| 101 | +The big thing to notice is that my testing flow is heavily based on the |
| 102 | +[[https://invent.kde.org/plasma/plasma-nm/-/blob/master/README.md][plasma-nm README]]. The main thing I did was simplify handling the dependencies |
| 103 | +using ~kdesrc-build~. I originally considered compiling and installing all the |
| 104 | +KDE frameworks dependencies and transitive dependencies by hand. It proved to be |
| 105 | +overwhelming. Instead, I depend on ~kdesrc-build~ to do this on my behalf and |
| 106 | +use ~-DCMAKE_FIND_ROOT_PATH=~/kde/~ to let CMake lookup the pre-builts of the |
| 107 | +KDE frameworks dependencies made by ~kdesrc-build~. |
0 commit comments