From df6c02bf95446e69e3cd2634088818dc3ccd07e1 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sun, 29 Aug 2021 15:12:17 -0500 Subject: [PATCH] Improve Libreswan install - Skip downloading and installing Libreswan if the same version is already installed. --- vpnsetup_amzn.sh | 64 +++++++++++++++++++++++++------------------ vpnsetup_centos.sh | 64 +++++++++++++++++++++++++------------------ vpnsetup_ubuntu.sh | 68 +++++++++++++++++++++++++++------------------- 3 files changed, 116 insertions(+), 80 deletions(-) diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh index 4a06d00..10d9cc1 100755 --- a/vpnsetup_amzn.sh +++ b/vpnsetup_amzn.sh @@ -184,23 +184,34 @@ get_ikev2_script() { [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null } -get_libreswan() { - bigecho "Downloading Libreswan..." +check_libreswan() { SWAN_VER=4.5 - swan_file="libreswan-$SWAN_VER.tar.gz" - swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" - swan_url2="https://download.libreswan.org/$swan_file" - ( - set -x - wget -t 3 -T 30 -q -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -q -O "$swan_file" "$swan_url2" - ) || exit 1 - /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" - tar xzf "$swan_file" && /bin/rm -f "$swan_file" + ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) + swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//') + [ "$swan_ver_old" = "$SWAN_VER" ] +} + +get_libreswan() { + if ! check_libreswan; then + bigecho "Downloading Libreswan..." + swan_file="libreswan-$SWAN_VER.tar.gz" + swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" + swan_url2="https://download.libreswan.org/$swan_file" + ( + set -x + wget -t 3 -T 30 -q -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -q -O "$swan_file" "$swan_url2" + ) || exit 1 + /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" + tar xzf "$swan_file" && /bin/rm -f "$swan_file" + else + bigecho "Libreswan $SWAN_VER is already installed, skipping..." + fi } install_libreswan() { - bigecho "Compiling and installing Libreswan, please wait..." - cd "libreswan-$SWAN_VER" || exit 1 + if ! check_libreswan; then + bigecho "Compiling and installing Libreswan, please wait..." + cd "libreswan-$SWAN_VER" || exit 1 cat > Makefile.inc.local <<'EOF' WERROR_CFLAGS=-w -s USE_DNSSEC=false @@ -208,20 +219,21 @@ USE_DH2=true USE_NSS_KDF=false FINALNSSDIR=/etc/ipsec.d EOF - if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then - echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local - fi - NPROCS=$(grep -c ^processor /proc/cpuinfo) - [ -z "$NPROCS" ] && NPROCS=1 - ( - set -x - make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null - ) + if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then + echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local + fi + NPROCS=$(grep -c ^processor /proc/cpuinfo) + [ -z "$NPROCS" ] && NPROCS=1 + ( + set -x + make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null + ) - cd /opt/src || exit 1 - /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" - if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then - exiterr "Libreswan $SWAN_VER failed to build." + cd /opt/src || exit 1 + /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" + if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then + exiterr "Libreswan $SWAN_VER failed to build." + fi fi } diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 44f9b73..dc3b93a 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -238,23 +238,34 @@ get_ikev2_script() { [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null } -get_libreswan() { - bigecho "Downloading Libreswan..." +check_libreswan() { SWAN_VER=4.5 - swan_file="libreswan-$SWAN_VER.tar.gz" - swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" - swan_url2="https://download.libreswan.org/$swan_file" - ( - set -x - wget -t 3 -T 30 -q -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -q -O "$swan_file" "$swan_url2" - ) || exit 1 - /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" - tar xzf "$swan_file" && /bin/rm -f "$swan_file" + ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) + swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//') + [ "$swan_ver_old" = "$SWAN_VER" ] +} + +get_libreswan() { + if ! check_libreswan; then + bigecho "Downloading Libreswan..." + swan_file="libreswan-$SWAN_VER.tar.gz" + swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" + swan_url2="https://download.libreswan.org/$swan_file" + ( + set -x + wget -t 3 -T 30 -q -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -q -O "$swan_file" "$swan_url2" + ) || exit 1 + /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" + tar xzf "$swan_file" && /bin/rm -f "$swan_file" + else + bigecho "Libreswan $SWAN_VER is already installed, skipping..." + fi } install_libreswan() { - bigecho "Compiling and installing Libreswan, please wait..." - cd "libreswan-$SWAN_VER" || exit 1 + if ! check_libreswan; then + bigecho "Compiling and installing Libreswan, please wait..." + cd "libreswan-$SWAN_VER" || exit 1 cat > Makefile.inc.local <<'EOF' WERROR_CFLAGS=-w -s USE_DNSSEC=false @@ -262,20 +273,21 @@ USE_DH2=true USE_NSS_KDF=false FINALNSSDIR=/etc/ipsec.d EOF - if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then - echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local - fi - NPROCS=$(grep -c ^processor /proc/cpuinfo) - [ -z "$NPROCS" ] && NPROCS=1 - ( - set -x - make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null - ) + if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then + echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local + fi + NPROCS=$(grep -c ^processor /proc/cpuinfo) + [ -z "$NPROCS" ] && NPROCS=1 + ( + set -x + make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null + ) - cd /opt/src || exit 1 - /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" - if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then - exiterr "Libreswan $SWAN_VER failed to build." + cd /opt/src || exit 1 + /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" + if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then + exiterr "Libreswan $SWAN_VER failed to build." + fi fi } diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh index 4b5e506..ad5f31b 100755 --- a/vpnsetup_ubuntu.sh +++ b/vpnsetup_ubuntu.sh @@ -226,23 +226,34 @@ get_ikev2_script() { [ -s ikev2.sh ] && chmod +x ikev2.sh && ln -s /opt/src/ikev2.sh /usr/bin 2>/dev/null } -get_libreswan() { - bigecho "Downloading Libreswan..." +check_libreswan() { SWAN_VER=4.5 - swan_file="libreswan-$SWAN_VER.tar.gz" - swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" - swan_url2="https://download.libreswan.org/$swan_file" - ( - set -x - wget -t 3 -T 30 -q -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -q -O "$swan_file" "$swan_url2" - ) || exit 1 - /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" - tar xzf "$swan_file" && /bin/rm -f "$swan_file" + ipsec_ver=$(/usr/local/sbin/ipsec --version 2>/dev/null) + swan_ver_old=$(printf '%s' "$ipsec_ver" | sed -e 's/.*Libreswan U\?//' -e 's/\( (\|\/K\).*//') + [ "$swan_ver_old" = "$SWAN_VER" ] +} + +get_libreswan() { + if ! check_libreswan; then + bigecho "Downloading Libreswan..." + swan_file="libreswan-$SWAN_VER.tar.gz" + swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz" + swan_url2="https://download.libreswan.org/$swan_file" + ( + set -x + wget -t 3 -T 30 -q -O "$swan_file" "$swan_url1" || wget -t 3 -T 30 -q -O "$swan_file" "$swan_url2" + ) || exit 1 + /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" + tar xzf "$swan_file" && /bin/rm -f "$swan_file" + else + bigecho "Libreswan $SWAN_VER is already installed, skipping..." + fi } install_libreswan() { - bigecho "Compiling and installing Libreswan, please wait..." - cd "libreswan-$SWAN_VER" || exit 1 + if ! check_libreswan; then + bigecho "Compiling and installing Libreswan, please wait..." + cd "libreswan-$SWAN_VER" || exit 1 cat > Makefile.inc.local <<'EOF' WERROR_CFLAGS=-w -s USE_DNSSEC=false @@ -250,28 +261,29 @@ USE_DH2=true USE_NSS_KDF=false FINALNSSDIR=/etc/ipsec.d EOF - if ! grep -qs 'VERSION_CODENAME=' /etc/os-release; then + if ! grep -qs 'VERSION_CODENAME=' /etc/os-release; then cat >> Makefile.inc.local <<'EOF' USE_DH31=false USE_NSS_AVA_COPY=true USE_NSS_IPSEC_PROFILE=false USE_GLIBC_KERN_FLIP_HEADERS=true EOF - fi - if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then - echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local - fi - NPROCS=$(grep -c ^processor /proc/cpuinfo) - [ -z "$NPROCS" ] && NPROCS=1 - ( - set -x - make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null - ) + fi + if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then + echo "USE_XFRM_INTERFACE_IFLA_HEADER=true" >> Makefile.inc.local + fi + NPROCS=$(grep -c ^processor /proc/cpuinfo) + [ -z "$NPROCS" ] && NPROCS=1 + ( + set -x + make "-j$((NPROCS+1))" -s base >/dev/null && make -s install-base >/dev/null + ) - cd /opt/src || exit 1 - /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" - if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then - exiterr "Libreswan $SWAN_VER failed to build." + cd /opt/src || exit 1 + /bin/rm -rf "/opt/src/libreswan-$SWAN_VER" + if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then + exiterr "Libreswan $SWAN_VER failed to build." + fi fi }