Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Download OpenVPN key via HTTPS if retrieving via keyserver fails

Browse source
This commit is contained in:
Orazio 2020-03-10 13:00:23 +01:00
parent efcb262fa5
commit c1c1720aef
1 changed files with 38 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
auto_install/install.sh
View file

@ -22,8 +22,8 @@ dhcpcdFile="/etc/dhcpcd.conf"
subnetClass="24" subnetClass="24"
debianOvpnUserGroup="openvpn:openvpn" debianOvpnUserGroup="openvpn:openvpn"
# OpenVPN GPG fingerprint (you can look it up at https://keyserver.ubuntu.com) # OpenVPN GPG fingerprint, you can look it up at https://keyserver.ubuntu.com (prepend '0x' before it)
OPENVPN_KEY_ID="0x30ebf4e73cce63eee124dd278e6da8b4e158c569" OPENVPN_KEY_ID="30EBF4E73CCE63EEE124DD278E6DA8B4E158C569"
######## PKG Vars ######## ######## PKG Vars ########
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
@ -49,6 +49,9 @@ easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}
UNATTUPG_RELEASE="1.16" UNATTUPG_RELEASE="1.16"
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz" UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz"
# Fallback url for the OpenVPN key
OPENVPN_KEY_URL="https://swupdate.openvpn.net/repos/repo-public.gpg"
######## Undocumented Flags. Shhh ######## ######## Undocumented Flags. Shhh ########
runUnattended=false runUnattended=false
skipSpaceCheck=false skipSpaceCheck=false
@ -1090,6 +1093,32 @@ askWhichVPN(){
echo "VPN=${VPN}" >> /tmp/setupVars.conf echo "VPN=${VPN}" >> /tmp/setupVars.conf
} }
downloadVerifyKey(){
local KEY_URL="$1"
local EXPECTED_KEY_ID="$2"
local KEY_CONTENT
local KEY_INFO
local DOWNLOADED_KEY_ID
if ! KEY_CONTENT="$(wget -qO- "$KEY_URL")"; then
return 1
fi
if ! KEY_INFO="$(gpg --show-key --with-colons <<< "$KEY_CONTENT")"; then
return 1
fi
DOWNLOADED_KEY_ID="$(sed -n '/^pub:/,/^fpr:/p' <<< "$KEY_INFO" | grep '^fpr' | cut -d ':' -f 10)"
if [ "$DOWNLOADED_KEY_ID" != "$EXPECTED_KEY_ID" ]; then
return 1
fi
echo "$KEY_CONTENT"
return 0
}
installOpenVPN(){ installOpenVPN(){
local PIVPN_DEPS local PIVPN_DEPS
@ -1107,8 +1136,13 @@ installOpenVPN(){
# we have the right key # we have the right key
echo "::: Adding repository key..." echo "::: Adding repository key..."
if ! $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$OPENVPN_KEY_ID"; then if ! $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$OPENVPN_KEY_ID"; then
echo "::: Failed to import OpenVPN GPG key" echo "::: Import via keyserver failed, now trying wget"
exit 1 if ! downloadVerifyKey "$OPENVPN_KEY_URL" "$OPENVPN_KEY_ID" | $SUDO apt-key add -; then
echo "::: Can't import OpenVPN GPG key"
exit 1
else
echo "::: Acquired key $OPENVPN_KEY_ID"
fi
fi fi
if ! grep -qR "deb http.\?://build.openvpn.net/debian/openvpn/stable.\? $OSCN main" /etc/apt/sources.list*; then if ! grep -qR "deb http.\?://build.openvpn.net/debian/openvpn/stable.\? $OSCN main" /etc/apt/sources.list*; then