dnscrypt-autoinstall.sh

1. #!/bin/bash
2.  
3. ###
4. # Installation and autoconfigure script for debian'ish systems and dnscrypt.
5. #
6. # This script will install pre-req's, make & install dnscrypt and finally set it up
7. # as a daemon service that runs on system startup. It also gives you the option to
8. # choose which DNSCrypt service to use and easily reconfigure DNSCrypt and uninstall it.
9. #
10. # This script should work on new(er) debian'ish releases.
11. #
12. # Author: Simon Clausen <kontakt@simonclausen.dk>
13. # Version: 0.3
14. #
15. # Todo: proper init script, download newest version, handle failed download, fix quirks
16. #
17. ###
18.  
19. # Are you root?
20. if [ $(id -u) != 0 ]; then
21. echo "Error!"
22. echo ""
23. echo "You need to be root to run this script."
24. exit 1
25. fi
26.  
27. # Vars for stuff
28. LSODIUMINST=false
29. DNSCRYPTINST=false
30. DNSCRYPTCONF=false
31. LSODIUMVER=0.4.5
32. DNSCRYPTVER=1.4.0
33. LSODIUMURL="https://download.libsodium.org/libsodium/releases"
34. DNSCRYPTURL="http://download.dnscrypt.org/dnscrypt-proxy"
35. WHICHRESOLVER=dnscrypteu
36.  
37. function config_interface {
38. echo ""
39. echo "Which DNSCrypt service would you like to use?"
40. echo ""
41. echo "1) DNSCrypt.eu (Europe - no logs, DNSSEC)"
42. echo "2) OpenDNS (Anycast)"
43. echo "3) CloudNS (Australia - no logs, DNSSEC)"
44. echo "4) OpenNIC (Japan - no logs)"
45. echo "5) OpenNIC (Europe - no logs)"
46. echo "6) Soltysiak.com (Europe - no logs, DNSSEC)"
47. echo ""
48. read -p "Select an option [1-6]: " OPTION
49. case $OPTION in
50. 1)
51. WHICHRESOLVER=dnscrypteu
52. ;;
53. 2)
54. WHICHRESOLVER=opendns
55. ;;
56. 3)
57. WHICHRESOLVER=cloudns
58. ;;
59. 4)
60. WHICHRESOLVER=opennicjp
61. ;;
62. 5)
63. WHICHRESOLVER=openniceu
64. ;;
65. 6)
66. WHICHRESOLVER=soltysiak
67. ;;
68. esac
69. return 0
70. }
71.  
72. function config_do {
73. curl -Lo initscript-$WHICHRESOLVER.sh https://raw.github.com/simonclausen/dnscrypt-autoinstall/master/init-scripts/initscript-$WHICHRESOLVER.sh
74. if [ $DNSCRYPTCONF == true ]; then
75. /etc/init.d/dnscrypt-proxy stop
76. update-rc.d -f dnscrypt-proxy remove
77. rm /etc/init.d/dnscrypt-proxy
78. fi
79. mv initscript-$WHICHRESOLVER.sh /etc/init.d/dnscrypt-proxy
80. chmod +x /etc/init.d/dnscrypt-proxy
81. update-rc.d dnscrypt-proxy defaults
82. /etc/init.d/dnscrypt-proxy start
83. return 0
84. }
85.  
86. function import_gpgkey {
87. echo "Importing key with ID: $1"
88. gpg --keyserver keys.gnupg.net --recv-key $1
89. if [ $? -ne 0 ]; then
90.          echo "Error importing key $1"
91. exit 1
92.         fi
93. }
94.  
95. function verify_sig {
96. echo "Verifying signature of: $2"
97. gpg --verify $1 $2
98.  
99. if [ $? -ne 0 ]; then
100. echo "Error verifying signature"
101. exit 1
102. fi
103. }
104.  
105. if [ -e /usr/local/sbin/dnscrypt-proxy ]; then
106. DNSCRYPTINST=true
107. fi
108.  
109. if [ -e /usr/local/lib/libsodium.so ]; then
110. LSODIUMINST=true
111. fi
112.  
113. if [ -e /etc/init.d/dnscrypt-proxy ]; then
114. DNSCRYPTCONF=true
115. fi
116.  
117. if [ $DNSCRYPTINST == true ]; then
118. if [ $DNSCRYPTCONF == true ]; then
119. echo ""
120. echo "Welcome to dnscrypt-autoinstall script."
121. echo ""
122. echo "It seems like DNSCrypt was installed and configured by this script."
123. echo ""
124. echo "What would you like to do?"
125. echo ""
126. echo "1) Configure another DNSCrypt service"
127. echo "2) Uninstall DNSCrypt and remove the auto-startup config"
128. echo "3) Exit"
129. echo ""
130. read -p "Select an option [1-3]: " OPTION
131. case $OPTION in
132. 1)
133. config_interface
134. config_do
135. echo "Reconfig done. Quitting."
136. exit
137. ;;
138. 2)
139. /etc/init.d/dnscrypt-proxy stop
140. update-rc.d -f dnscrypt-proxy remove
141. rm /etc/init.d/dnscrypt-proxy
142. rm /usr/local/sbin/dnscrypt-proxy
143. deluser dnscrypt
144. rm -rf /etc/dnscrypt
145. chattr -i /etc/resolv.conf
146. mv /etc/resolv.conf-dnscryptbak /etc/resolv.conf
147. echo "DNSCrypt has been removed. Quitting."
148. exit
149. ;;
150. 3)
151. echo "Bye!"
152. exit
153. ;;
154. esac
155. else
156. echo ""
157. echo "Error!"
158. echo ""
159. echo "It seems like DNSCrypt is already installed but"
160. echo "not configured by this script."
161. echo ""
162. echo "Remove DNSCrypt and it's configuration completely"
163. echo "from the system and run this script again."
164. echo ""
165. echo "Quitting."
166. exit 1
167. fi
168. else
169. if nc -z -w1 127.0.0.1 53; then
170. echo ""
171. echo "Error!"
172. echo ""
173. echo "It looks like there is already a DNS server"
174. echo "or forwarder installed and listening on 127.0.0.1."
175. echo ""
176. echo "To use DNSCypt, you need to either uninstall it"
177. echo "or make it listen on another IP than 127.0.0.1."
178. echo ""
179. echo "Quitting."
180. exit 1
181. else
182. echo ""
183. echo "Welcome to dnscrypt-autoinstall script."
184. echo ""
185. echo "This will install DNSCrypt and autoconfigure it to run as a daemon at start up."
186. echo ""
187. read -n1 -r -p "Press any key to continue..."
188. clear
189. echo ""
190. echo "Would you like to see a list of supported providers?"
191. read -p "(DNSCrypt.eu is default) [y/n]: " -e -i n SHOWLIST
192. if [ $SHOWLIST == "y" ]; then
193. config_interface
194. fi
195.  
196. # Install prereqs and make a working dir
197. apt-get update
198. apt-get install -y automake libtool build-essential ca-certificates curl
199. cd
200. mkdir dnscrypt-autoinstall
201. cd dnscrypt-autoinstall
202.  
203. # Import GPG key to verify files
204. import_gpgkey 1CDEA439
205.  
206. # Is libsodium installed?
207. if [ $LSODIUMINST == false ]; then
208. # Nope? Then let's get it set up
209. curl -o libsodium-$LSODIUMVER.tar.gz $LSODIUMURL/libsodium-$LSODIUMVER.tar.gz
210. curl -o libsodium-$LSODIUMVER.tar.gz.sig $LSODIUMURL/libsodium-$LSODIUMVER.tar.gz.sig
211.  
212. # Verify signature
213. verify_sig libsodium-$LSODIUMVER.tar.gz.sig libsodium-$LSODIUMVER.tar.gz
214.  
215. tar -zxf libsodium-$LSODIUMVER.tar.gz
216. cd libsodium-$LSODIUMVER
217. ./configure
218. make
219. make check
220. make install
221. ldconfig
222. cd ..
223. fi
224.  
225. # Continue with dnscrypt installation
226. curl -o dnscrypt-proxy-$DNSCRYPTVER.tar.gz $DNSCRYPTURL/dnscrypt-proxy-$DNSCRYPTVER.tar.gz
227. curl -o dnscrypt-proxy-$DNSCRYPTVER.tar.gz.sig $DNSCRYPTURL/dnscrypt-proxy-$DNSCRYPTVER.tar.gz.sig
228.  
229. # Verify signature
230. verify_sig dnscrypt-proxy-$DNSCRYPTVER.tar.gz.sig dnscrypt-proxy-$DNSCRYPTVER.tar.gz
231.  
232. tar -zxf dnscrypt-proxy-$DNSCRYPTVER.tar.gz
233. cd dnscrypt-proxy-$DNSCRYPTVER
234. ./configure
235. make
236. make install
237. cd ..
238.  
239. # Add dnscrypt user and homedir
240. adduser --system --home /etc/dnscrypt/run --shell /bin/false --group \
241. --disabled-password --disabled-login dnscrypt
242.  
243. # Set up init script
244. config_do
245.  
246. # Set up resolv.conf to use dnscrypt
247. mv /etc/resolv.conf /etc/resolv.conf-dnscryptbak
248. echo "nameserver 127.0.0.1" > /etc/resolv.conf
249. echo "nameserver 127.0.0.2" >> /etc/resolv.conf
250.  
251. # Dirty but dependable
252. chattr +i /etc/resolv.conf
253.  
254. # Clean up
255. cd
256. rm -rf dnscrypt-autoinstall
257. fi
258. fi