From de7a529c6cf744d0f3e1375b132add705dc24996 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sat, 2 Jan 2021 14:25:50 -0600 Subject: [PATCH] Cleanup - Remove Debian 8 from VPN upgrade script, which is EOL on 06/30/2020 - Include OS arch when checking Libreswan version - Other minor improvements --- extras/vpnupgrade.sh | 21 ++++++++------------- extras/vpnupgrade_amzn.sh | 3 ++- extras/vpnupgrade_centos.sh | 30 ++++++++++++++---------------- vpnsetup.sh | 3 ++- vpnsetup_amzn.sh | 3 ++- vpnsetup_centos.sh | 25 ++++++++++++++----------- 6 files changed, 42 insertions(+), 43 deletions(-) diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh index 351816a..eca94e6 100644 --- a/extras/vpnupgrade.sh +++ b/extras/vpnupgrade.sh @@ -26,6 +26,7 @@ exiterr2() { exiterr "'apt-get install' failed."; } vpnupgrade() { os_type=$(lsb_release -si 2>/dev/null) +os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID") case $os_type in *[Uu]buntu*) @@ -44,6 +45,11 @@ case $os_type in ;; esac +debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9') +if [ "$debian_ver" = "8" ] || [ "$debian_ver" = "jessiesid" ]; then + exiterr "Debian 8 or Ubuntu < 16.04 is not supported." +fi + if [ -f /proc/user_beancounters ]; then exiterr "OpenVZ VPS is not supported." fi @@ -78,8 +84,7 @@ EOF fi swan_ver_cur=4.1 -debian_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9') -swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanverupg?ver=$swan_ver_cur" +swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then swan_ver_latest=$swan_ver_cur @@ -142,16 +147,6 @@ NOTE: This script will make the following changes to your IPsec config: EOF -debian_ver=$(sed 's/\..*//' /etc/debian_version) -if [ "$debian_ver" = "8" ]; then -cat <<'EOF' -WARNING: Debian 8 (Jessie) has reached its end-of-life on June 30, 2020. - Users should upgrade to a newer Debian version. - See: https://www.debian.org/News/2020/20200709 - -EOF -fi - case $SWAN_VER in 3.2[679]|3.3[12]) cat <<'EOF' @@ -213,7 +208,7 @@ cat > Makefile.inc.local <<'EOF' WERROR_CFLAGS=-w USE_DNSSEC=false EOF -if [ "$SWAN_VER" != "4.1" ] || [ "$debian_ver" = "8" ] || ! grep -qs 'VERSION_CODENAME=' /etc/os-release; then +if [ "$SWAN_VER" != "4.1" ] || ! grep -qs 'VERSION_CODENAME=' /etc/os-release; then cat >> Makefile.inc.local <<'EOF' USE_DH31=false USE_NSS_AVA_COPY=true diff --git a/extras/vpnupgrade_amzn.sh b/extras/vpnupgrade_amzn.sh index 6d1adcd..dd1cbef 100644 --- a/extras/vpnupgrade_amzn.sh +++ b/extras/vpnupgrade_amzn.sh @@ -25,6 +25,7 @@ exiterr2() { exiterr "'yum install' failed."; } vpnupgrade() { +os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') if ! grep -qs "Amazon Linux release 2" /etc/system-release; then echo "Error: This script only supports Amazon Linux 2." >&2 echo "For Ubuntu/Debian, use https://git.io/vpnupgrade" >&2 @@ -62,7 +63,7 @@ EOF fi swan_ver_cur=4.1 -swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?ver=$swan_ver_cur" +swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then swan_ver_latest=$swan_ver_cur diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh index d1b7876..c98600e 100644 --- a/extras/vpnupgrade_centos.sh +++ b/extras/vpnupgrade_centos.sh @@ -25,12 +25,22 @@ exiterr2() { exiterr "'yum install' failed."; } vpnupgrade() { -if ! grep -qs -e "release 7" -e "release 8" /etc/redhat-release; then +if grep -qs "release 7" /etc/redhat-release; then + os_ver=7 +elif grep -qs "release 8" /etc/redhat-release; then + os_ver=8 +else echo "Error: This script only supports CentOS/RHEL 7 and 8." >&2 echo "For Ubuntu/Debian, use https://git.io/vpnupgrade" >&2 exit 1 fi +os_type=centos +os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') +if grep -qs "Red Hat" /etc/redhat-release; then + os_type=rhel +fi + if [ -f /proc/user_beancounters ]; then exiterr "OpenVZ VPS is not supported." fi @@ -64,18 +74,8 @@ EOF exit 1 fi -os_type=centos -if grep -qs "Red Hat" /etc/redhat-release; then - os_type=rhel -fi -if grep -qs "release 7" /etc/redhat-release; then - os_ver=7 -else - os_ver=8 -fi - swan_ver_cur=4.1 -swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?ver=$swan_ver_cur" +swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanverupg?arch=$os_arch&ver=$swan_ver_cur&ver2=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then swan_ver_latest=$swan_ver_cur @@ -179,14 +179,12 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \ REPO1='--enablerepo=*server-*optional*' REPO2='--enablerepo=*releases-optional*' REPO3='--enablerepo=[Pp]ower[Tt]ools' +[ "$os_type" = "rhel" ] && REPO3='--enablerepo=codeready-builder-for-rhel-8-*' -if grep -qs "release 7" /etc/redhat-release; then +if [ "$os_ver" = "7" ]; then yum -y install systemd-devel || exiterr2 yum "$REPO1" "$REPO2" -y install libevent-devel fipscheck-devel || exiterr2 else - if grep -qs "Red Hat" /etc/redhat-release; then - REPO3='--enablerepo=codeready-builder-for-rhel-8-*' - fi yum "$REPO3" -y install systemd-devel libevent-devel fipscheck-devel || exiterr2 fi diff --git a/vpnsetup.sh b/vpnsetup.sh index e42d9a3..538e3e8 100755 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -49,6 +49,7 @@ check_ip() { vpnsetup() { os_type=$(lsb_release -si 2>/dev/null) +os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') [ -z "$os_type" ] && [ -f /etc/os-release ] && os_type=$(. /etc/os-release && printf '%s' "$ID") case $os_type in *[Uu]buntu*) @@ -197,7 +198,7 @@ SWAN_VER=4.1 swan_file="libreswan-$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url2="https://download.libreswan.org/$swan_file" -swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanver?ver=$SWAN_VER" +swan_ver_url="https://dl.ls20.com/v1/$os_type/$debian_ver/swanver?arch=$os_arch&ver=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then swan_ver_latest=$SWAN_VER diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh index 33990d3..e74e261 100644 --- a/vpnsetup_amzn.sh +++ b/vpnsetup_amzn.sh @@ -47,6 +47,7 @@ check_ip() { vpnsetup() { +os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') if ! grep -qs "Amazon Linux release 2" /etc/system-release; then echo "Error: This script only supports Amazon Linux 2." >&2 echo "For Ubuntu/Debian, use https://git.io/vpnsetup" >&2 @@ -158,7 +159,7 @@ SWAN_VER=4.1 swan_file="libreswan-$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url2="https://download.libreswan.org/$swan_file" -swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?ver=$SWAN_VER" +swan_ver_url="https://dl.ls20.com/v1/amzn/2/swanver?arch=$os_arch&ver=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then swan_ver_latest=$SWAN_VER diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 3034a68..aa2b6c7 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -48,12 +48,22 @@ check_ip() { vpnsetup() { -if ! grep -qs -e "release 7" -e "release 8" /etc/redhat-release; then +if grep -qs "release 7" /etc/redhat-release; then + os_ver=7 +elif grep -qs "release 8" /etc/redhat-release; then + os_ver=8 +else echo "Error: This script only supports CentOS/RHEL 7 and 8." >&2 echo "For Ubuntu/Debian, use https://git.io/vpnsetup" >&2 exit 1 fi +os_type=centos +os_arch=$(uname -m | tr -dc 'A-Za-z0-9_-') +if grep -qs "Red Hat" /etc/redhat-release; then + os_type=rhel +fi + if [ -f /proc/user_beancounters ]; then exiterr "OpenVZ VPS is not supported." fi @@ -147,6 +157,7 @@ REPO1='--enablerepo=epel' REPO2='--enablerepo=*server-*optional*' REPO3='--enablerepo=*releases-optional*' REPO4='--enablerepo=[Pp]ower[Tt]ools' +[ "$os_type" = "rhel" ] && REPO4='--enablerepo=codeready-builder-for-rhel-8-*' yum -y install nss-devel nspr-devel pkgconfig pam-devel \ libcap-ng-devel libselinux-devel curl-devel nss-tools \ @@ -154,19 +165,11 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \ yum "$REPO1" -y install xl2tpd || exiterr2 -os_type=centos -if grep -qs "Red Hat" /etc/redhat-release; then - os_type=rhel - REPO4='--enablerepo=codeready-builder-for-rhel-8-*' -fi - use_nft=0 -if grep -qs "release 7" /etc/redhat-release; then - os_ver=7 +if [ "$os_ver" = "7" ]; then yum -y install systemd-devel iptables-services || exiterr2 yum "$REPO2" "$REPO3" -y install libevent-devel fipscheck-devel || exiterr2 else - os_ver=8 yum "$REPO4" -y install systemd-devel libevent-devel fipscheck-devel || exiterr2 if systemctl is-active --quiet firewalld.service \ || grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf; then @@ -187,7 +190,7 @@ SWAN_VER=4.1 swan_file="libreswan-$SWAN_VER.tar.gz" swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" swan_url2="https://download.libreswan.org/$swan_file" -swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?ver=$SWAN_VER" +swan_ver_url="https://dl.ls20.com/v1/$os_type/$os_ver/swanver?arch=$os_arch&ver=$SWAN_VER" swan_ver_latest=$(wget -t 3 -T 15 -qO- "$swan_ver_url") if ! printf '%s' "$swan_ver_latest" | grep -Eq '^([3-9]|[1-9][0-9])\.([0-9]|[1-9][0-9])$'; then swan_ver_latest=$SWAN_VER