Added Ubuntu Bionic support

2024-12-19 11:20:15 +00:00 · 2019-11-19 17:29:41 +01:00 · 2019-11-19 17:29:41 +01:00 · e2da52b1a7
commit e2da52b1a7
parent b0cfd17c9c
2 changed files with 156 additions and 121 deletions
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@ -22,14 +22,14 @@ PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
 PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"

 # Dependencies that are required by the script, regardless of the VPN protocol chosen
-BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools dhcpcd5)
+BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools)

 # Dependencies that where actually installed by the script. For example if the script requires
 # grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling
 # PiVPN we won't prompt to remove packages that may have been installed by the user for other reasons
 TO_INSTALL=()

-pivpnGitUrl="https://github.com/orazioedoardo/pivpn.git"
+pivpnGitUrl="https://github.com/pivpn/pivpn.git"
 easyrsaVer="3.0.6"
 easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-unix-v${easyrsaVer}.tgz"

@ -63,12 +63,12 @@ noOSSupport(){
 	if [ "${runUnattended}" = 'true' ]; then
 		echo "::: Invalid OS detected"
 		echo "::: We have not been able to detect a supported OS."
-		echo "::: Currently this installer supports Raspbian (Buster) and Debian (Buster)."
+		echo "::: Currently this installer supports Raspbian (Buster), Debian (Buster) and Ubuntu (Bionic)."
 		exit 1
 	fi

 	whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS.
-Currently this installer supports Raspbian (Buster) and Debian (Buster).
+Currently this installer supports Raspbian (Buster), Debian (Buster) and Ubuntu (Bionic).
 If you think you received this message in error, you can post an issue on the GitHub at https://github.com/pivpn/pivpn/issues." ${r} ${c}
 	exit 1
 }
@ -97,32 +97,36 @@ distroCheck(){
 	if hash lsb_release 2>/dev/null; then

 		PLAT=$(lsb_release -si)
-		OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie
+		OSCN=$(lsb_release -sc)

 	else # else get info from os-release

 		source /etc/os-release
 		PLAT=$(awk '{print $1}' <<< "$NAME")
 		VER="$VERSION_ID"
-		declare -A VER_MAP=(["10"]="buster")
+		declare -A VER_MAP=(["10"]="buster" ["18.04"]="bionic")
 		OSCN=${VER_MAP["${VER}"]}
 	fi

 	case ${PLAT} in
-		Debian|Raspbian)
+		Debian|Raspbian|Ubuntu)
 		case ${OSCN} in
-			buster)
+			buster|bionic)
 			;;
 			*)
-			maybeOS_Support
+			maybeOSSupport
 			;;
 		esac
 		;;
 		*)
-		noOS_Support
+		noOSSupport
 		;;
 	esac

+	if [ "$PLAT" = "Raspbian" ]; then
+		BASE_DEPS+=(dhcpcd5)
+	fi
+
 	echo "PLAT=${PLAT}" > /tmp/setupVars.conf
 	echo "OSCN=${OSCN}" >> /tmp/setupVars.conf
 }
@ -705,119 +709,131 @@ installOpenVPN(){
 }

 installWireGuard(){
-	# If this Raspberry Pi uses armv7l we can use the package from the repo
-	# https://lists.zx2c4.com/pipermail/wireguard/2017-November/001885.html
-	# Otherwhise compile and build the kernel module via DKMS (so it will
-	# be recompiled on kernel upgrades)
-	if [ "$(uname -m)" = "armv7l" ]; then
+	if [ "$PLAT" = "Raspbian" ]; then

-		echo "::: Installing WireGuard from Debian package... "
-		# dirmngr is used to download repository keys, whereas qrencode is used to generate qrcodes
-		# from config file, for use with mobile clients
-		PIVPN_DEPS=(dirmngr qrencode)
-		installDependentPackages PIVPN_DEPS[@]
-		# Do not upgrade packages from the unstable repository except for wireguard
-		echo "::: Adding Debian repository... "
-		echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
-		echo "Package: *
-Pin: release a=unstable
-Pin-Priority: 1
+		# If this Raspberry Pi uses armv7l we can use the package from the repo
+		# https://lists.zx2c4.com/pipermail/wireguard/2017-November/001885.html
+		# Otherwhise compile and build the kernel module via DKMS (so it will
+		# be recompiled on kernel upgrades)

-Package: wireguard wireguard-dkms wireguard-tools
-Pin: release a=unstable
-Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
+		if [ "$(uname -m)" = "armv7l" ]; then

-		$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
-		$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
-		PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
-		installDependentPackages PIVPN_DEPS[@]
+			echo "::: Installing WireGuard from Debian package... "
+			# dirmngr is used to download repository keys, whereas qrencode is used to generate qrcodes
+			# from config file, for use with mobile clients
+			PIVPN_DEPS=(dirmngr qrencode)
+			installDependentPackages PIVPN_DEPS[@]
+			# Do not upgrade packages from the unstable repository except for wireguard
+			echo "::: Adding Debian repository... "
+			echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
+			echo "Package: *
+		Pin: release a=unstable
+		Pin-Priority: 1

-	elif [ "$(uname -m)" = "armv6l" ]; then
+		Package: wireguard wireguard-dkms wireguard-tools
+		Pin: release a=unstable
+		Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null

-		echo "::: Installing WireGuard from source... "
-		PIVPN_DEPS=(checkinstall dkms libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode jq)
-		installDependentPackages PIVPN_DEPS[@]
+			$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
+			$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
+			PIVPN_DEPS=(raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms)
+			installDependentPackages PIVPN_DEPS[@]

-		WG_SNAPSHOT="$(curl -s https://build.wireguard.com/distros.json | jq -r '."upstream-kmodtools"."version"')"
-		WG_SOURCE="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WG_SNAPSHOT}.tar.xz"
+		elif [ "$(uname -m)" = "armv6l" ]; then

-		# Delete any leftover code
-		$SUDO rm -rf /usr/src/wireguard-*
+			echo "::: Installing WireGuard from source... "
+			PIVPN_DEPS=(checkinstall dkms libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode jq)
+			installDependentPackages PIVPN_DEPS[@]

-		echo "::: Downloading source code... "
-		wget -qO- "${WG_SOURCE}" | $SUDO tar Jxf - --directory /usr/src
-		echo "done!"
+			WG_SNAPSHOT="$(curl -s https://build.wireguard.com/distros.json | jq -r '."upstream-kmodtools"."version"')"
+			WG_SOURCE="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WG_SNAPSHOT}.tar.xz"

-		cd /usr/src
-		$SUDO mv WireGuard-"${WG_SNAPSHOT}" wireguard-"${WG_SNAPSHOT}"
-		cd wireguard-"${WG_SNAPSHOT}"
-		$SUDO mv src/* .
-		$SUDO rmdir src
+			# Delete any leftover code
+			$SUDO rm -rf /usr/src/wireguard-*

-		# We install the userspace tools manually since DKMS only compiles and
-		# installs the kernel module
-		echo "::: Compiling WireGuard tools... "
-		if $SUDO make tools; then
+			echo "::: Downloading source code... "
+			wget -qO- "${WG_SOURCE}" | $SUDO tar Jxf - --directory /usr/src
 			echo "done!"
-		else
-			echo "failed!"
-			exit 1
+
+			cd /usr/src
+			$SUDO mv WireGuard-"${WG_SNAPSHOT}" wireguard-"${WG_SNAPSHOT}"
+			cd wireguard-"${WG_SNAPSHOT}"
+			$SUDO mv src/* .
+			$SUDO rmdir src
+
+			# We install the userspace tools manually since DKMS only compiles and
+			# installs the kernel module
+			echo "::: Compiling WireGuard tools... "
+			if $SUDO make tools; then
+				echo "done!"
+			else
+				echo "failed!"
+				exit 1
+			fi
+
+			# Use checkinstall to install userspace tools so if the user wants to uninstall
+			# PiVPN we can just do apt remove wireguard-tools, instead of manually removing
+			# files from the file system
+			echo "::: Installing WireGuard tools... "
+			if $SUDO checkinstall --pkgname wireguard-tools --pkgversion "${WG_SNAPSHOT}" -y make tools-install; then
+				TO_INSTALL+=("wireguard-tools")
+				echo "done!"
+			else
+				echo "failed!"
+				exit 1
+			fi
+
+			echo "::: Adding WireGuard modules via DKMS... "
+			if $SUDO dkms add wireguard/"${WG_SNAPSHOT}"; then
+				echo "done!"
+			else
+				echo "failed!"
+				$SUDO dkms remove wireguard/"${WG_SNAPSHOT}" --all
+				exit 1
+			fi
+
+			echo "::: Compiling WireGuard modules via DKMS... "
+			if $SUDO dkms build wireguard/"${WG_SNAPSHOT}"; then
+				echo "done!"
+			else
+				echo "failed!"
+				$SUDO dkms remove wireguard/"${WG_SNAPSHOT}" --all
+				exit 1
+			fi
+
+			echo "::: Installing WireGuard modules via DKMS... "
+			if $SUDO dkms install wireguard/"${WG_SNAPSHOT}"; then
+				TO_INSTALL+=("wireguard-dkms")
+				echo "done!"
+			else
+				echo "failed!"
+				$SUDO dkms remove wireguard/"${WG_SNAPSHOT}" --all
+				exit 1
+			fi
+
+			echo "WG_SNAPSHOT=${WG_SNAPSHOT}" >> /tmp/setupVars.conf
+
 		fi

-		# Use checkinstall to install userspace tools so if the user wants to uninstall
-		# PiVPN we can just do apt remove wireguard-tools, instead of manually removing
-		# files from the file system
-		echo "::: Installing WireGuard tools... "
-		if $SUDO checkinstall --pkgname wireguard-tools --pkgversion "${WG_SNAPSHOT}" -y make tools-install; then
-			TO_INSTALL+=("wireguard-tools")
-			echo "done!"
-		else
-			echo "failed!"
-			exit 1
-		fi
-
-		echo "::: Adding WireGuard modules via DKMS... "
-		if $SUDO dkms add wireguard/"${WG_SNAPSHOT}"; then
-			echo "done!"
-		else
-			echo "failed!"
-			$SUDO dkms remove wireguard/"${WG_SNAPSHOT}" --all
-			exit 1
-		fi
-
-		echo "::: Compiling WireGuard modules via DKMS... "
-		if $SUDO dkms build wireguard/"${WG_SNAPSHOT}"; then
-			echo "done!"
-		else
-			echo "failed!"
-			$SUDO dkms remove wireguard/"${WG_SNAPSHOT}" --all
-			exit 1
-		fi
-
-		echo "::: Installing WireGuard modules via DKMS... "
-		if $SUDO dkms install wireguard/"${WG_SNAPSHOT}"; then
-			TO_INSTALL+=("wireguard-dkms")
-			echo "done!"
-		else
-			echo "failed!"
-			$SUDO dkms remove wireguard/"${WG_SNAPSHOT}" --all
-			exit 1
-		fi
-
-		echo "WG_SNAPSHOT=${WG_SNAPSHOT}" >> /tmp/setupVars.conf
-
-	elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
+	elif [ "$PLAT" = "Debian" ]; then

 		echo "::: Installing WireGuard from Debian package... "
 		echo "::: Adding Debian repository... "
 		echo "deb http://deb.debian.org/debian/ unstable main" | $SUDO tee /etc/apt/sources.list.d/unstable.list > /dev/null
 		echo "Package: *
-Pin: release a=unstable
-Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
+	Pin: release a=unstable
+	Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
 		$SUDO ${UPDATE_PKG_CACHE} &> /dev/null
 		PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
 		installDependentPackages PIVPN_DEPS[@]

+	elif [ "$PLAT" = "Ubuntu" ]; then
+
+		echo "::: Installing WireGuard from PPA... "
+		$SUDO add-apt-repository ppa:wireguard/wireguard -y
+		PIVPN_DEPS=(qrencode wireguard wireguard-tools wireguard-dkms)
+		installDependentPackages PIVPN_DEPS[@]
+
 	fi
 }

@ -1447,7 +1463,7 @@ confNetwork(){
 		fi

 		case ${PLAT} in
-			Debian|Raspbian)
+			Debian|Raspbian|Ubuntu)
 				$SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null
 			;;
 		esac
@ -1479,7 +1495,7 @@ if \$programname == 'ovpn-server' then stop" | $SUDO tee /etc/rsyslog.d/30-openv

 	# Restart the logging service
 	case ${PLAT} in
-		Debian|Raspbian)
+		Debian|Raspbian|Ubuntu)
 			$SUDO systemctl restart rsyslog.service || true
 		;;
 	esac
@ -1544,24 +1560,40 @@ confUnattendedUpgrades(){

 	cd /etc/apt/apt.conf.d

-	if [ "$PLAT" = "Raspbian" ]; then
-		wget -qO- "$UNATTUPG_CONFIG" | $SUDO tar xz
-		$SUDO cp "unattended-upgrades-$UNATTUPG_RELEASE/data/50unattended-upgrades.Raspbian" 50unattended-upgrades
-		$SUDO rm -rf "unattended-upgrades-$UNATTUPG_RELEASE"
-	fi
+	if [ "$PLAT" = "Ubuntu" ]; then

-	# Enable automatic updates via the unstable repository when installing from debian package
-	if [ "$VPN" = "wireguard" ] && [ "$(uname -m)" != "armv6l" ]; then
-		$SUDO sed -i '/Unattended-Upgrade::Origins-Pattern {/a"o=Debian,a=unstable";' 50unattended-upgrades
-	fi
+		# Ubuntu 50unattended-upgrades should already just have security enabled
+		# so we just need to configure the 10periodic file
+		echo "APT::Periodic::Update-Package-Lists \"1\";
+	APT::Periodic::Download-Upgradeable-Packages \"1\";
+	APT::Periodic::AutocleanInterval \"5\";
+	APT::Periodic::Unattended-Upgrade \"1\";" | $SUDO tee 10periodic > /dev/null

-	# Add the remaining settings for all other distributions
-	echo "APT::Periodic::Enable \"1\";
+	else
+
+		# Fix Raspbian config
+		if [ "$PLAT" = "Raspbian" ]; then
+			wget -qO- "$UNATTUPG_CONFIG" | $SUDO tar xz
+			$SUDO cp "unattended-upgrades-$UNATTUPG_RELEASE/data/50unattended-upgrades.Raspbian" 50unattended-upgrades
+			$SUDO rm -rf "unattended-upgrades-$UNATTUPG_RELEASE"
+		fi
+
+		# Add the remaining settings for all other distributions
+		echo "APT::Periodic::Enable \"1\";
 	APT::Periodic::Update-Package-Lists \"1\";
 	APT::Periodic::Download-Upgradeable-Packages \"1\";
 	APT::Periodic::Unattended-Upgrade \"1\";
 	APT::Periodic::AutocleanInterval \"7\";
 	APT::Periodic::Verbose \"0\";" | $SUDO tee 02periodic > /dev/null
+
+	fi
+
+	# Enable automatic updates via the unstable repository when installing from debian package
+	if [ "$VPN" = "wireguard" ] && [ "$PLAT" != "Ubuntu" ] && [ "$(uname -m)" != "armv6l" ]; then
+		if ! grep -q '"o=Debian,a=unstable";' 50unattended-upgrades;
+			$SUDO sed -i '/Unattended-Upgrade::Origins-Pattern {/a"o=Debian,a=unstable";' 50unattended-upgrades
+		fi
+	fi
 }

 installScripts(){
@ -1706,7 +1738,7 @@ main(){
 	echo "::: Restarting services..."
 	# Start services
 	case ${PLAT} in
-		Debian|Raspbian)
+		Debian|Raspbian|Ubuntu)
 			if [ "$VPN" = "openvpn" ]; then
 				$SUDO systemctl enable openvpn.service &> /dev/null
 				$SUDO systemctl start openvpn.service
--- a/scripts/uninstall.sh
+++ b/scripts/uninstall.sh
@ -98,18 +98,21 @@ removeAll(){
 			case $yn in
 				[Yy]* ) if [ "${i}" = "wireguard" ]; then

-							if [ "$(uname -m)" = "armv7l" ] || [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
+							# On Debian and armv7l Raspbian, remove the unstable repo (on armv6l Raspbian
+							# there is no wireguard package). On Ubuntu, remove the PPA.
+							if [ "$PLAT" = "Debian" ] || { [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv7l" ]; }; then
 								rm /etc/apt/sources.list.d/unstable.list
 								rm /etc/apt/preferences.d/limit-unstable
 								$PKG_MANAGER update &> /dev/null
+							elif [ "$PLAT" = "Ubuntu" ]; then
+								add-apt-repository ppa:wireguard/wireguard -r -y
 							fi

 						elif [ "${i}" = "wireguard-dkms" ]; then

-							# If we installed wireguard-dkms and we are on armv6l, then we manually need
-							# to remove the kernel module and skip the apt uninstallation (since it's not an
-							# actual package)
-							if [ "$(uname -m)" = "armv6l" ]; then
+							# On armv6l Raspbian we manually remove the kernel module and skip the apt
+							# uninstallation (since it's not an actual package).
+							if [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv6l" ]; then
 								dkms remove wireguard/"${WG_SNAPSHOT}" --all
 								rm -rf /usr/src/wireguard-*
 								break
@ -117,7 +120,7 @@ removeAll(){

 						elif [ "${i}" = "dirmngr" ]; then

-							# If dirmngr was installed, then we had previously installed wireguard on armv7l
+							# If dirmngr was installed, then we had previously installed wireguard on armv7l Raspbian
 							# so we remove the repository keys
 							apt-key remove E1CF20DDFFE4B89E802658F1E0B11894F66AEC98 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE &> /dev/null