From eae70d0295449f5426213e001c46043bdbf8c60d Mon Sep 17 00:00:00 2001 From: Orazio Date: Thu, 12 Mar 2020 13:00:18 +0100 Subject: [PATCH] Verify that the available OpenVPN version has ECC support --- auto_install/install.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 69aac26..e71f604 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -1129,7 +1129,12 @@ installOpenVPN(){ # Use x86-only OpenVPN APT repo on x86 Debian/Ubuntu systems if [ "$PLAT" != "Raspbian" ] && [ "$X86_SYSTEM" -eq 1 ]; then - if [ -n "$(apt-cache policy openvpn | grep 'Candidate:' | awk '{print $2}')" ]; then + + AVAILABLE_OPENVPN="$(apt-cache policy openvpn | grep 'Candidate:' | awk '{print $2}')" + + # If there is an available openvpn package and its version is at least 2.4 + # (required for ECC support), do not add the repository + if [ -n "$AVAILABLE_OPENVPN" ] && dpkg --compare-versions "$AVAILABLE_OPENVPN" ge 2.4; then echo "::: OpenVPN is already available in the repositories" else # gnupg is used by apt-key to import the openvpn GPG key into the @@ -1137,9 +1142,8 @@ installOpenVPN(){ PIVPN_DEPS=(gnupg) installDependentPackages PIVPN_DEPS[@] - # We will download the repository key regardless of whether the user - # has already enabled the openvpn repository or not, just to make sure - # we have the right key + # We will download the repository key for the official repository from a + # keyserver. If we fail, we will attempt to download the key via HTTPS echo "::: Adding repository key..." if ! $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$OPENVPN_KEY_ID"; then echo "::: Import via keyserver failed, now trying wget"