Advertisement
opexxx

dnscrypt-autoinstall.sh

Jul 7th, 2014
367
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 6.15 KB | None | 0 0
  1. #!/bin/bash
  2.  
  3. ###
  4. # Installation and autoconfigure script for debian'ish systems and dnscrypt.
  5. #
  6. # This script will install pre-req's, make & install dnscrypt and finally set it up
  7. # as a daemon service that runs on system startup. It also gives you the option to
  8. # choose which DNSCrypt service to use and easily reconfigure DNSCrypt and uninstall it.
  9. #
  10. # This script should work on new(er) debian'ish releases.
  11. #
  12. # Author: Simon Clausen <kontakt@simonclausen.dk>
  13. # Version: 0.3
  14. #
  15. # Todo: proper init script, download newest version, handle failed download, fix quirks
  16. #
  17. ###
  18.  
  19. # Are you root?
  20. if [ $(id -u) != 0 ]; then
  21. echo "Error!"
  22. echo ""
  23. echo "You need to be root to run this script."
  24. exit 1
  25. fi
  26.  
  27. # Vars for stuff
  28. LSODIUMINST=false
  29. DNSCRYPTINST=false
  30. DNSCRYPTCONF=false
  31. LSODIUMVER=0.4.5
  32. DNSCRYPTVER=1.4.0
  33. LSODIUMURL="https://download.libsodium.org/libsodium/releases"
  34. DNSCRYPTURL="http://download.dnscrypt.org/dnscrypt-proxy"
  35. WHICHRESOLVER=dnscrypteu
  36.  
  37. function config_interface {
  38. echo ""
  39. echo "Which DNSCrypt service would you like to use?"
  40. echo ""
  41. echo "1) DNSCrypt.eu (Europe - no logs, DNSSEC)"
  42. echo "2) OpenDNS (Anycast)"
  43. echo "3) CloudNS (Australia - no logs, DNSSEC)"
  44. echo "4) OpenNIC (Japan - no logs)"
  45. echo "5) OpenNIC (Europe - no logs)"
  46. echo "6) Soltysiak.com (Europe - no logs, DNSSEC)"
  47. echo ""
  48. read -p "Select an option [1-6]: " OPTION
  49. case $OPTION in
  50. 1)
  51. WHICHRESOLVER=dnscrypteu
  52. ;;
  53. 2)
  54. WHICHRESOLVER=opendns
  55. ;;
  56. 3)
  57. WHICHRESOLVER=cloudns
  58. ;;
  59. 4)
  60. WHICHRESOLVER=opennicjp
  61. ;;
  62. 5)
  63. WHICHRESOLVER=openniceu
  64. ;;
  65. 6)
  66. WHICHRESOLVER=soltysiak
  67. ;;
  68. esac
  69. return 0
  70. }
  71.  
  72. function config_do {
  73. curl -Lo initscript-$WHICHRESOLVER.sh https://raw.github.com/simonclausen/dnscrypt-autoinstall/master/init-scripts/initscript-$WHICHRESOLVER.sh
  74. if [ $DNSCRYPTCONF == true ]; then
  75. /etc/init.d/dnscrypt-proxy stop
  76. update-rc.d -f dnscrypt-proxy remove
  77. rm /etc/init.d/dnscrypt-proxy
  78. fi
  79. mv initscript-$WHICHRESOLVER.sh /etc/init.d/dnscrypt-proxy
  80. chmod +x /etc/init.d/dnscrypt-proxy
  81. update-rc.d dnscrypt-proxy defaults
  82. /etc/init.d/dnscrypt-proxy start
  83. return 0
  84. }
  85.  
  86. function import_gpgkey {
  87. echo "Importing key with ID: $1"
  88. gpg --keyserver keys.gnupg.net --recv-key $1
  89. if [ $? -ne 0 ]; then
  90.          echo "Error importing key $1"
  91. exit 1
  92.         fi
  93. }
  94.  
  95. function verify_sig {
  96. echo "Verifying signature of: $2"
  97. gpg --verify $1 $2
  98.  
  99. if [ $? -ne 0 ]; then
  100. echo "Error verifying signature"
  101. exit 1
  102. fi
  103. }
  104.  
  105. if [ -e /usr/local/sbin/dnscrypt-proxy ]; then
  106. DNSCRYPTINST=true
  107. fi
  108.  
  109. if [ -e /usr/local/lib/libsodium.so ]; then
  110. LSODIUMINST=true
  111. fi
  112.  
  113. if [ -e /etc/init.d/dnscrypt-proxy ]; then
  114. DNSCRYPTCONF=true
  115. fi
  116.  
  117. if [ $DNSCRYPTINST == true ]; then
  118. if [ $DNSCRYPTCONF == true ]; then
  119. echo ""
  120. echo "Welcome to dnscrypt-autoinstall script."
  121. echo ""
  122. echo "It seems like DNSCrypt was installed and configured by this script."
  123. echo ""
  124. echo "What would you like to do?"
  125. echo ""
  126. echo "1) Configure another DNSCrypt service"
  127. echo "2) Uninstall DNSCrypt and remove the auto-startup config"
  128. echo "3) Exit"
  129. echo ""
  130. read -p "Select an option [1-3]: " OPTION
  131. case $OPTION in
  132. 1)
  133. config_interface
  134. config_do
  135. echo "Reconfig done. Quitting."
  136. exit
  137. ;;
  138. 2)
  139. /etc/init.d/dnscrypt-proxy stop
  140. update-rc.d -f dnscrypt-proxy remove
  141. rm /etc/init.d/dnscrypt-proxy
  142. rm /usr/local/sbin/dnscrypt-proxy
  143. deluser dnscrypt
  144. rm -rf /etc/dnscrypt
  145. chattr -i /etc/resolv.conf
  146. mv /etc/resolv.conf-dnscryptbak /etc/resolv.conf
  147. echo "DNSCrypt has been removed. Quitting."
  148. exit
  149. ;;
  150. 3)
  151. echo "Bye!"
  152. exit
  153. ;;
  154. esac
  155. else
  156. echo ""
  157. echo "Error!"
  158. echo ""
  159. echo "It seems like DNSCrypt is already installed but"
  160. echo "not configured by this script."
  161. echo ""
  162. echo "Remove DNSCrypt and it's configuration completely"
  163. echo "from the system and run this script again."
  164. echo ""
  165. echo "Quitting."
  166. exit 1
  167. fi
  168. else
  169. if nc -z -w1 127.0.0.1 53; then
  170. echo ""
  171. echo "Error!"
  172. echo ""
  173. echo "It looks like there is already a DNS server"
  174. echo "or forwarder installed and listening on 127.0.0.1."
  175. echo ""
  176. echo "To use DNSCypt, you need to either uninstall it"
  177. echo "or make it listen on another IP than 127.0.0.1."
  178. echo ""
  179. echo "Quitting."
  180. exit 1
  181. else
  182. echo ""
  183. echo "Welcome to dnscrypt-autoinstall script."
  184. echo ""
  185. echo "This will install DNSCrypt and autoconfigure it to run as a daemon at start up."
  186. echo ""
  187. read -n1 -r -p "Press any key to continue..."
  188. clear
  189. echo ""
  190. echo "Would you like to see a list of supported providers?"
  191. read -p "(DNSCrypt.eu is default) [y/n]: " -e -i n SHOWLIST
  192. if [ $SHOWLIST == "y" ]; then
  193. config_interface
  194. fi
  195.  
  196. # Install prereqs and make a working dir
  197. apt-get update
  198. apt-get install -y automake libtool build-essential ca-certificates curl
  199. cd
  200. mkdir dnscrypt-autoinstall
  201. cd dnscrypt-autoinstall
  202.  
  203. # Import GPG key to verify files
  204. import_gpgkey 1CDEA439
  205.  
  206. # Is libsodium installed?
  207. if [ $LSODIUMINST == false ]; then
  208. # Nope? Then let's get it set up
  209. curl -o libsodium-$LSODIUMVER.tar.gz $LSODIUMURL/libsodium-$LSODIUMVER.tar.gz
  210. curl -o libsodium-$LSODIUMVER.tar.gz.sig $LSODIUMURL/libsodium-$LSODIUMVER.tar.gz.sig
  211.  
  212. # Verify signature
  213. verify_sig libsodium-$LSODIUMVER.tar.gz.sig libsodium-$LSODIUMVER.tar.gz
  214.  
  215. tar -zxf libsodium-$LSODIUMVER.tar.gz
  216. cd libsodium-$LSODIUMVER
  217. ./configure
  218. make
  219. make check
  220. make install
  221. ldconfig
  222. cd ..
  223. fi
  224.  
  225. # Continue with dnscrypt installation
  226. curl -o dnscrypt-proxy-$DNSCRYPTVER.tar.gz $DNSCRYPTURL/dnscrypt-proxy-$DNSCRYPTVER.tar.gz
  227. curl -o dnscrypt-proxy-$DNSCRYPTVER.tar.gz.sig $DNSCRYPTURL/dnscrypt-proxy-$DNSCRYPTVER.tar.gz.sig
  228.  
  229. # Verify signature
  230. verify_sig dnscrypt-proxy-$DNSCRYPTVER.tar.gz.sig dnscrypt-proxy-$DNSCRYPTVER.tar.gz
  231.  
  232. tar -zxf dnscrypt-proxy-$DNSCRYPTVER.tar.gz
  233. cd dnscrypt-proxy-$DNSCRYPTVER
  234. ./configure
  235. make
  236. make install
  237. cd ..
  238.  
  239. # Add dnscrypt user and homedir
  240. adduser --system --home /etc/dnscrypt/run --shell /bin/false --group \
  241. --disabled-password --disabled-login dnscrypt
  242.  
  243. # Set up init script
  244. config_do
  245.  
  246. # Set up resolv.conf to use dnscrypt
  247. mv /etc/resolv.conf /etc/resolv.conf-dnscryptbak
  248. echo "nameserver 127.0.0.1" > /etc/resolv.conf
  249. echo "nameserver 127.0.0.2" >> /etc/resolv.conf
  250.  
  251. # Dirty but dependable
  252. chattr +i /etc/resolv.conf
  253.  
  254. # Clean up
  255. cd
  256. rm -rf dnscrypt-autoinstall
  257. fi
  258. fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement