Added back Debian 10 support

2024-12-18 19:00:15 +00:00 · 2019-10-14 15:06:34 +02:00 · 2019-10-14 15:06:34 +02:00 · 1777d5c239
commit 1777d5c239
parent 5e16322f9e
3 changed files with 60 additions and 30 deletions
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@ -91,7 +91,7 @@ distroCheck(){
 	fi

 	case ${PLAT} in
-		Raspbian)
+		Debian|Raspbian)
 		case ${OSCN} in
 			buster)
 			;;
@ -120,7 +120,7 @@ checkHostname(){
 			if [[ ${#host_name} -le 28 && $host_name  =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{1,28}$  ]]; then
 				echo "::: Hostname valid and length OK, proceeding..."
 			fi
-	   done
+		done
 	else
 		echo "::: Hostname length OK"
 	fi
@ -525,6 +525,7 @@ installWireGuard(){
 	# Otherwhise compile and build the kernel module via DKMS (so it will
 	# be recompiled on kernel upgrades)
 	if [ "$(uname -m)" = "armv7l" ]; then
+
 		echo "::: Installing WireGuard from Debian package... "
 		# dirmngr is used to download repository keys, whereas qrencode is used to generate qrcodes
 		# from config file, for use with mobile clients
@ -532,20 +533,22 @@ installWireGuard(){
 		installDependentPackages PIVPN_DEPS[@]
 		# Do not upgrade packages from the unstable repository except for wireguard
 		echo "::: Adding Debian repository... "
-		echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee -a /etc/apt/sources.list.d/unstable.list > /dev/null
+		echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
 		echo "Package: *
 Pin: release a=unstable
 Pin-Priority: 1

 Package: wireguard wireguard-dkms wireguard-tools
 Pin: release a=unstable
-Pin-Priority: 500" | $SUDO tee -a /etc/apt/preferences.d/limit-unstable > /dev/null
+Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null

 		$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
 		$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
 		PIVPN_DEPS=(wireguard)
 		installDependentPackages PIVPN_DEPS[@]
+
 	elif [ "$(uname -m)" = "armv6l" ]; then
+
 		echo "::: Installing WireGuard from source... "
 		PIVPN_DEPS=(libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode)
 		installDependentPackages PIVPN_DEPS[@]
@ -553,8 +556,8 @@ Pin-Priority: 500" | $SUDO tee -a /etc/apt/preferences.d/limit-unstable > /dev/n
 		# Delete any leftover code
 		$SUDO rm -rf /usr/src/wireguard-*

-		echo -n "::: Downloading source code... "
-		wget -O- "${WG_SOURCE}" | $SUDO tar Jxf - --directory /usr/src
+		echo "::: Downloading source code... "
+		wget -qO- "${WG_SOURCE}" | $SUDO tar Jxf - --directory /usr/src
 		echo "done!"

 		cd /usr/src
@ -565,7 +568,7 @@ Pin-Priority: 500" | $SUDO tee -a /etc/apt/preferences.d/limit-unstable > /dev/n

 		# We install the userspace tools manually since DKMS only compiles and
 		# installs the kernel module
-		echo -n "::: Compiling WireGuard tools... "
+		echo "::: Compiling WireGuard tools... "
 		if $SUDO make tools; then
 			echo "done!"
 		else
@ -573,7 +576,7 @@ Pin-Priority: 500" | $SUDO tee -a /etc/apt/preferences.d/limit-unstable > /dev/n
 			exit 1
 		fi

-		echo -n "::: Installing WireGuard tools... "
+		echo "::: Installing WireGuard tools... "
 		if $SUDO make install tools; then
 			echo "done!"
 		else
@ -581,7 +584,7 @@ Pin-Priority: 500" | $SUDO tee -a /etc/apt/preferences.d/limit-unstable > /dev/n
 			exit 1
 		fi

-		echo -n "::: Adding WireGuard modules via DKMS... "
+		echo "::: Adding WireGuard modules via DKMS... "
 		if $SUDO dkms add wireguard/"${WG_SNAPSHOT}"; then
 			echo "done!"
 		else
@ -590,7 +593,7 @@ Pin-Priority: 500" | $SUDO tee -a /etc/apt/preferences.d/limit-unstable > /dev/n
 			exit 1
 		fi

-		echo -n "::: Compiling WireGuard modules via DKMS... "
+		echo "::: Compiling WireGuard modules via DKMS... "
 		if $SUDO dkms build wireguard/"${WG_SNAPSHOT}"; then
 			echo "done!"
 		else
@ -599,7 +602,7 @@ Pin-Priority: 500" | $SUDO tee -a /etc/apt/preferences.d/limit-unstable > /dev/n
 			exit 1
 		fi

-		echo -n "::: Installing WireGuard modules via DKMS... "
+		echo "::: Installing WireGuard modules via DKMS... "
 		if $SUDO dkms install wireguard/"${WG_SNAPSHOT}"; then
 			echo "done!"
 		else
@ -607,6 +610,17 @@ Pin-Priority: 500" | $SUDO tee -a /etc/apt/preferences.d/limit-unstable > /dev/n
 			$SUDO dkms remove wireguard/"${WG_SNAPSHOT}" --all
 			exit 1
 		fi
+
+	elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
+
+		echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
+		echo "Package: *
+Pin: release a=unstable
+Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
+		$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
+		PIVPN_DEPS=(qrencode wireguard)
+		installDependentPackages PIVPN_DEPS[@]
+
 	fi
 }

@ -862,9 +876,9 @@ askEncryption(){
 	fi

 	if ([ "$pivpnENCRYPT" -ge "3072" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $pivpnENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from their database.\nMore information about this service can be found here: https://2ton.com.au/safeprimes/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." ${r} ${c}); then
-		DOWNLOAD_DH_PARAM=true
+		DOWNLOAD_DH_PARAM=1
 	else
-		DOWNLOAD_DH_PARAM=false
+		DOWNLOAD_DH_PARAM=0
 	fi

 	echo "pivpnENCRYPT=${pivpnENCRYPT}" >> /tmp/setupVars.conf
@ -885,7 +899,7 @@ confOpenVPN(){
 	fi

 	# Get easy-rsa
-	wget -q -O - "${easyrsaRel}" | $SUDO tar xz -C /etc/openvpn && $SUDO mv /etc/openvpn/EasyRSA-v${easyrsaVer} /etc/openvpn/easy-rsa
+	wget -qO- "${easyrsaRel}" | $SUDO tar xz -C /etc/openvpn && $SUDO mv /etc/openvpn/EasyRSA-v${easyrsaVer} /etc/openvpn/easy-rsa
 	# fix ownership
 	$SUDO chown -R root:root /etc/openvpn/easy-rsa
 	$SUDO mkdir /etc/openvpn/easy-rsa/pki
@ -916,9 +930,9 @@ set_var EASYRSA_KEY_SIZE   ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
 	# Build the server
 	EASYRSA_CERT_EXPIRE=3650 ${SUDOE} ./easyrsa build-server-full ${SERVER_NAME} nopass

-	if [[ ${DOWNLOAD_DH_PARAM} == true ]]; then
+	if [ ${DOWNLOAD_DH_PARAM} -eq 1 ]; then
 		# Downloading parameters
-		${SUDOE} curl "https://2ton.com.au/getprimes/random/dhparam/${pivpnENCRYPT}" -o "/etc/openvpn/easy-rsa/pki/dh${pivpnENCRYPT}.pem"
+		${SUDOE} curl -s "https://2ton.com.au/getprimes/random/dhparam/${pivpnENCRYPT}" -o "/etc/openvpn/easy-rsa/pki/dh${pivpnENCRYPT}.pem"
 	else
 		# Generate Diffie-Hellman key exchange
 		${SUDOE} ./easyrsa gen-dh
@ -989,6 +1003,13 @@ confOVPN(){
 }

 confWireGuard(){
+	if [ -d /etc/wireguard ]; then
+		$SUDO rm -r /etc/wireguard
+		$SUDO mkdir /etc/wireguard
+		$SUDO chown root:root /etc/wireguard
+		$SUDO chmod 700 /etc/wireguard
+	fi
+
 	whiptail --title "Server Information" --msgbox "The Server Keys and Pre-Shared key will now be generated." "${r}" "${c}"
 	$SUDO mkdir /etc/wireguard/configs
 	$SUDO touch /etc/wireguard/configs/clients.txt
@ -1072,7 +1093,7 @@ confNetwork(){
 		fi

 		case ${PLAT} in
-			Raspbian)
+			Debian|Raspbian)
 				$SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null
 			;;
 		esac
@ -1104,7 +1125,7 @@ if \$programname == 'ovpn-server' then stop" | $SUDO tee /etc/rsyslog.d/30-openv

  # Restart the logging service
 	case ${PLAT} in
-		Raspbian)
+		Debian|Raspbian)
 			$SUDO systemctl restart rsyslog.service || true
 		;;
 	esac
@ -1153,11 +1174,15 @@ askUnattendedUpgrades(){
 confUnattendedUpgrades(){
 	cd /etc/apt/apt.conf.d

-	wget -q -O- "$UNATTUPG_CONFIG" | $SUDO tar xz
-	$SUDO cp "unattended-upgrades-$UNATTUPG_RELEASE/data/50unattended-upgrades.Raspbian" 50unattended-upgrades
-	$SUDO rm -rf "unattended-upgrades-$UNATTUPG_RELEASE"
+	if [ "$PLAT" = "Raspbian" ]; then
+		wget -qO- "$UNATTUPG_CONFIG" | $SUDO tar xz
+		$SUDO cp "unattended-upgrades-$UNATTUPG_RELEASE/data/50unattended-upgrades.Raspbian" 50unattended-upgrades
+		$SUDO rm -rf "unattended-upgrades-$UNATTUPG_RELEASE"
+	fi

-	if [ "$VPN" = "WireGuard" ] && [ "$(uname -m)" = "armv7l" ]; then
+	# On architectures different from armv6l, where we install wireguard from source, enable
+	# automatic updates via the unstable repository
+	if [ "$VPN" = "WireGuard" ] && [ "$(uname -m)" != "armv6l" ]; then
 		sed -i '/Unattended-Upgrade::Origins-Pattern {/a"o=Debian,a=unstable";' 50unattended-upgrades
 	fi

@ -1183,7 +1208,7 @@ installScripts() {
 	FOLDER=$(tr '[:upper:]' '[:lower:]' <<< "$VPN")
 	$SUDO cp /etc/.pivpn/scripts/$FOLDER/*.sh /opt/pivpn/
 	$SUDO chmod 0755 /opt/pivpn/*.sh
-	$SUDO cp /etc/.pivpn/$FOLDER/pivpn /usr/local/bin/pivpn
+	$SUDO cp /etc/.pivpn/$FOLDER/scripts/pivpn /usr/local/bin/pivpn
 	$SUDO chmod 0755 /usr/local/bin/pivpn
 	$SUDO cp /etc/.pivpn/scripts/$FOLDER/bash-completion /etc/bash_completion.d/pivpn
 	. /etc/bash_completion.d/pivpn
@ -1285,7 +1310,7 @@ main(){
 	echo "::: Restarting services..."
 	# Start services
 	case ${PLAT} in
-		Raspbian)
+		Debian|Raspbian)
 			if [ "$VPN" = "OpenVPN" ]; then
 				$SUDO systemctl enable openvpn.service
 				$SUDO systemctl start openvpn.service
--- a/scripts/openvpn/removeOVPN.sh
+++ b/scripts/openvpn/removeOVPN.sh
@ -1,10 +1,16 @@
 #!/usr/bin/env bash
 # PiVPN: revoke client script

-install_user=$(</etc/pivpn/install_user)
-PLAT=$(</etc/pivpn/DET_PLATFORM)
+setupVars="/etc/pivpn/setupVars.conf"
 INDEX="/etc/openvpn/easy-rsa/pki/index.txt"

+if [ ! -f "${setupVars}" ]; then
+    echo "::: Missing setup vars file!"
+    exit 1
+fi
+
+source "${setupVars}"
+
 helpFunc() {
    echo "::: Revoke a client ovpn profile"
    echo ":::"
@ -56,7 +62,7 @@ if [[ -z "${CERTS_TO_REVOKE}" ]]; then
    done <${INDEX}
    printf "\n"
    
-    echo "::: Please enter the Name of the client to be revoked from the list above:"
+    echo -n "::: Please enter the Name of the client to be revoked from the list above: "
    read -r NAME
    
    if [[ -z "${NAME}" ]]; then
@ -104,8 +110,6 @@ fi

 cd /etc/openvpn/easy-rsa || exit

-install_home=$(grep -m1 "^${install_user}:" /etc/passwd | cut -d: -f6)
-install_home=${install_home%/} # remove possible trailing slash
 for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
    printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}"
    ./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}"
--- a/scripts/wireguard/pivpnDEBUG.sh
+++ b/scripts/wireguard/pivpnDEBUG.sh
@ -24,6 +24,7 @@ printf "=============================================\n"
 echo -e "::::  \e[4mServer configuration shown below\e[0m   ::::"
 cd /etc/wireguard/keys
 cp ../wg0.conf ../wg0.tmp
+# Replace every key in the server configuration with just it's file name
 for k in *; do
    sed "s#$(cat "$k")#$k#" -i ../wg0.tmp
 done
@ -148,7 +149,7 @@ else
    fi
 fi

-# grep -w (whole word) is used so port 111940 with now match when looking for 1194
+# grep -w (whole word) is used so port 11940 won't match when looking for 1194
 if netstat -uanp | grep -w "${pivpnPORT}" | grep -q 'udp'; then
    echo ":: [OK] WireGuard is listening on port ${pivpnPORT}/udp"
 else