Added Ubuntu Bionic support

This commit is contained in:
Orazio 2019-11-19 17:29:41 +01:00
parent b0cfd17c9c
commit e2da52b1a7
2 changed files with 156 additions and 121 deletions

View file

@ -22,14 +22,14 @@ PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
# Dependencies that are required by the script, regardless of the VPN protocol chosen # Dependencies that are required by the script, regardless of the VPN protocol chosen
BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools dhcpcd5) BASE_DEPS=(git tar wget grep iptables-persistent dnsutils whiptail net-tools)
# Dependencies that where actually installed by the script. For example if the script requires # Dependencies that where actually installed by the script. For example if the script requires
# grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling # grep and dnsutils but dnsutils is already installed, we save grep here. This way when uninstalling
# PiVPN we won't prompt to remove packages that may have been installed by the user for other reasons # PiVPN we won't prompt to remove packages that may have been installed by the user for other reasons
TO_INSTALL=() TO_INSTALL=()
pivpnGitUrl="https://github.com/orazioedoardo/pivpn.git" pivpnGitUrl="https://github.com/pivpn/pivpn.git"
easyrsaVer="3.0.6" easyrsaVer="3.0.6"
easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-unix-v${easyrsaVer}.tgz" easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}/EasyRSA-unix-v${easyrsaVer}.tgz"
@ -63,12 +63,12 @@ noOSSupport(){
if [ "${runUnattended}" = 'true' ]; then if [ "${runUnattended}" = 'true' ]; then
echo "::: Invalid OS detected" echo "::: Invalid OS detected"
echo "::: We have not been able to detect a supported OS." echo "::: We have not been able to detect a supported OS."
echo "::: Currently this installer supports Raspbian (Buster) and Debian (Buster)." echo "::: Currently this installer supports Raspbian (Buster), Debian (Buster) and Ubuntu (Bionic)."
exit 1 exit 1
fi fi
whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS. whiptail --msgbox --backtitle "INVALID OS DETECTED" --title "Invalid OS" "We have not been able to detect a supported OS.
Currently this installer supports Raspbian (Buster) and Debian (Buster). Currently this installer supports Raspbian (Buster), Debian (Buster) and Ubuntu (Bionic).
If you think you received this message in error, you can post an issue on the GitHub at https://github.com/pivpn/pivpn/issues." ${r} ${c} If you think you received this message in error, you can post an issue on the GitHub at https://github.com/pivpn/pivpn/issues." ${r} ${c}
exit 1 exit 1
} }
@ -97,32 +97,36 @@ distroCheck(){
if hash lsb_release 2>/dev/null; then if hash lsb_release 2>/dev/null; then
PLAT=$(lsb_release -si) PLAT=$(lsb_release -si)
OSCN=$(lsb_release -sc) # We want this to be trusty xenial or jessie OSCN=$(lsb_release -sc)
else # else get info from os-release else # else get info from os-release
source /etc/os-release source /etc/os-release
PLAT=$(awk '{print $1}' <<< "$NAME") PLAT=$(awk '{print $1}' <<< "$NAME")
VER="$VERSION_ID" VER="$VERSION_ID"
declare -A VER_MAP=(["10"]="buster") declare -A VER_MAP=(["10"]="buster" ["18.04"]="bionic")
OSCN=${VER_MAP["${VER}"]} OSCN=${VER_MAP["${VER}"]}
fi fi
case ${PLAT} in case ${PLAT} in
Debian|Raspbian) Debian|Raspbian|Ubuntu)
case ${OSCN} in case ${OSCN} in
buster) buster|bionic)
;; ;;
*) *)
maybeOS_Support maybeOSSupport
;; ;;
esac esac
;; ;;
*) *)
noOS_Support noOSSupport
;; ;;
esac esac
if [ "$PLAT" = "Raspbian" ]; then
BASE_DEPS+=(dhcpcd5)
fi
echo "PLAT=${PLAT}" > /tmp/setupVars.conf echo "PLAT=${PLAT}" > /tmp/setupVars.conf
echo "OSCN=${OSCN}" >> /tmp/setupVars.conf echo "OSCN=${OSCN}" >> /tmp/setupVars.conf
} }
@ -705,10 +709,13 @@ installOpenVPN(){
} }
installWireGuard(){ installWireGuard(){
if [ "$PLAT" = "Raspbian" ]; then
# If this Raspberry Pi uses armv7l we can use the package from the repo # If this Raspberry Pi uses armv7l we can use the package from the repo
# https://lists.zx2c4.com/pipermail/wireguard/2017-November/001885.html # https://lists.zx2c4.com/pipermail/wireguard/2017-November/001885.html
# Otherwhise compile and build the kernel module via DKMS (so it will # Otherwhise compile and build the kernel module via DKMS (so it will
# be recompiled on kernel upgrades) # be recompiled on kernel upgrades)
if [ "$(uname -m)" = "armv7l" ]; then if [ "$(uname -m)" = "armv7l" ]; then
echo "::: Installing WireGuard from Debian package... " echo "::: Installing WireGuard from Debian package... "
@ -806,7 +813,9 @@ Pin-Priority: 500" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
echo "WG_SNAPSHOT=${WG_SNAPSHOT}" >> /tmp/setupVars.conf echo "WG_SNAPSHOT=${WG_SNAPSHOT}" >> /tmp/setupVars.conf
elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then fi
elif [ "$PLAT" = "Debian" ]; then
echo "::: Installing WireGuard from Debian package... " echo "::: Installing WireGuard from Debian package... "
echo "::: Adding Debian repository... " echo "::: Adding Debian repository... "
@ -818,6 +827,13 @@ Pin-Priority: 90" | $SUDO tee /etc/apt/preferences.d/limit-unstable > /dev/null
PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms) PIVPN_DEPS=(linux-headers-amd64 qrencode wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
elif [ "$PLAT" = "Ubuntu" ]; then
echo "::: Installing WireGuard from PPA... "
$SUDO add-apt-repository ppa:wireguard/wireguard -y
PIVPN_DEPS=(qrencode wireguard wireguard-tools wireguard-dkms)
installDependentPackages PIVPN_DEPS[@]
fi fi
} }
@ -1447,7 +1463,7 @@ confNetwork(){
fi fi
case ${PLAT} in case ${PLAT} in
Debian|Raspbian) Debian|Raspbian|Ubuntu)
$SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null $SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null
;; ;;
esac esac
@ -1479,7 +1495,7 @@ if \$programname == 'ovpn-server' then stop" | $SUDO tee /etc/rsyslog.d/30-openv
# Restart the logging service # Restart the logging service
case ${PLAT} in case ${PLAT} in
Debian|Raspbian) Debian|Raspbian|Ubuntu)
$SUDO systemctl restart rsyslog.service || true $SUDO systemctl restart rsyslog.service || true
;; ;;
esac esac
@ -1544,17 +1560,24 @@ confUnattendedUpgrades(){
cd /etc/apt/apt.conf.d cd /etc/apt/apt.conf.d
if [ "$PLAT" = "Ubuntu" ]; then
# Ubuntu 50unattended-upgrades should already just have security enabled
# so we just need to configure the 10periodic file
echo "APT::Periodic::Update-Package-Lists \"1\";
APT::Periodic::Download-Upgradeable-Packages \"1\";
APT::Periodic::AutocleanInterval \"5\";
APT::Periodic::Unattended-Upgrade \"1\";" | $SUDO tee 10periodic > /dev/null
else
# Fix Raspbian config
if [ "$PLAT" = "Raspbian" ]; then if [ "$PLAT" = "Raspbian" ]; then
wget -qO- "$UNATTUPG_CONFIG" | $SUDO tar xz wget -qO- "$UNATTUPG_CONFIG" | $SUDO tar xz
$SUDO cp "unattended-upgrades-$UNATTUPG_RELEASE/data/50unattended-upgrades.Raspbian" 50unattended-upgrades $SUDO cp "unattended-upgrades-$UNATTUPG_RELEASE/data/50unattended-upgrades.Raspbian" 50unattended-upgrades
$SUDO rm -rf "unattended-upgrades-$UNATTUPG_RELEASE" $SUDO rm -rf "unattended-upgrades-$UNATTUPG_RELEASE"
fi fi
# Enable automatic updates via the unstable repository when installing from debian package
if [ "$VPN" = "wireguard" ] && [ "$(uname -m)" != "armv6l" ]; then
$SUDO sed -i '/Unattended-Upgrade::Origins-Pattern {/a"o=Debian,a=unstable";' 50unattended-upgrades
fi
# Add the remaining settings for all other distributions # Add the remaining settings for all other distributions
echo "APT::Periodic::Enable \"1\"; echo "APT::Periodic::Enable \"1\";
APT::Periodic::Update-Package-Lists \"1\"; APT::Periodic::Update-Package-Lists \"1\";
@ -1562,6 +1585,15 @@ confUnattendedUpgrades(){
APT::Periodic::Unattended-Upgrade \"1\"; APT::Periodic::Unattended-Upgrade \"1\";
APT::Periodic::AutocleanInterval \"7\"; APT::Periodic::AutocleanInterval \"7\";
APT::Periodic::Verbose \"0\";" | $SUDO tee 02periodic > /dev/null APT::Periodic::Verbose \"0\";" | $SUDO tee 02periodic > /dev/null
fi
# Enable automatic updates via the unstable repository when installing from debian package
if [ "$VPN" = "wireguard" ] && [ "$PLAT" != "Ubuntu" ] && [ "$(uname -m)" != "armv6l" ]; then
if ! grep -q '"o=Debian,a=unstable";' 50unattended-upgrades;
$SUDO sed -i '/Unattended-Upgrade::Origins-Pattern {/a"o=Debian,a=unstable";' 50unattended-upgrades
fi
fi
} }
installScripts(){ installScripts(){
@ -1706,7 +1738,7 @@ main(){
echo "::: Restarting services..." echo "::: Restarting services..."
# Start services # Start services
case ${PLAT} in case ${PLAT} in
Debian|Raspbian) Debian|Raspbian|Ubuntu)
if [ "$VPN" = "openvpn" ]; then if [ "$VPN" = "openvpn" ]; then
$SUDO systemctl enable openvpn.service &> /dev/null $SUDO systemctl enable openvpn.service &> /dev/null
$SUDO systemctl start openvpn.service $SUDO systemctl start openvpn.service

View file

@ -98,18 +98,21 @@ removeAll(){
case $yn in case $yn in
[Yy]* ) if [ "${i}" = "wireguard" ]; then [Yy]* ) if [ "${i}" = "wireguard" ]; then
if [ "$(uname -m)" = "armv7l" ] || [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then # On Debian and armv7l Raspbian, remove the unstable repo (on armv6l Raspbian
# there is no wireguard package). On Ubuntu, remove the PPA.
if [ "$PLAT" = "Debian" ] || { [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv7l" ]; }; then
rm /etc/apt/sources.list.d/unstable.list rm /etc/apt/sources.list.d/unstable.list
rm /etc/apt/preferences.d/limit-unstable rm /etc/apt/preferences.d/limit-unstable
$PKG_MANAGER update &> /dev/null $PKG_MANAGER update &> /dev/null
elif [ "$PLAT" = "Ubuntu" ]; then
add-apt-repository ppa:wireguard/wireguard -r -y
fi fi
elif [ "${i}" = "wireguard-dkms" ]; then elif [ "${i}" = "wireguard-dkms" ]; then
# If we installed wireguard-dkms and we are on armv6l, then we manually need # On armv6l Raspbian we manually remove the kernel module and skip the apt
# to remove the kernel module and skip the apt uninstallation (since it's not an # uninstallation (since it's not an actual package).
# actual package) if [ "$PLAT" = "Raspbian" ] && [ "$(uname -m)" = "armv6l" ]; then
if [ "$(uname -m)" = "armv6l" ]; then
dkms remove wireguard/"${WG_SNAPSHOT}" --all dkms remove wireguard/"${WG_SNAPSHOT}" --all
rm -rf /usr/src/wireguard-* rm -rf /usr/src/wireguard-*
break break
@ -117,7 +120,7 @@ removeAll(){
elif [ "${i}" = "dirmngr" ]; then elif [ "${i}" = "dirmngr" ]; then
# If dirmngr was installed, then we had previously installed wireguard on armv7l # If dirmngr was installed, then we had previously installed wireguard on armv7l Raspbian
# so we remove the repository keys # so we remove the repository keys
apt-key remove E1CF20DDFFE4B89E802658F1E0B11894F66AEC98 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE &> /dev/null apt-key remove E1CF20DDFFE4B89E802658F1E0B11894F66AEC98 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE &> /dev/null