Skip to content

[pull] master from angristan:master #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 6 commits into from
Apr 30, 2026
Merged

[pull] master from angristan:master #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3502aec
fix --no-color option
angristan Apr 30, 2026
821b581
Bound Docker test waits
angristan Apr 30, 2026
a6ed5e7
Pass test wait timeouts to systemd
angristan Apr 30, 2026
9ff040e
fix Easy-RSA download when HOME is unset
angristan Apr 30, 2026
cacea28
chore(deps): update ubuntu docker tag to v26
renovate[bot] Apr 24, 2026
935e559
chore(deps): update docker/setup-buildx-action action to v4
renovate[bot] Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/docker-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ jobs:
persist-credentials: false

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4

- name: Build server image
run: |
Expand Down
48 changes: 26 additions & 22 deletions openvpn-install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,25 +22,26 @@ VERBOSE=${VERBOSE:-0}
LOG_FILE=${LOG_FILE:-openvpn-install.log}
OUTPUT_FORMAT=${OUTPUT_FORMAT:-table} # table or json - json suppresses log output

# Color definitions (disabled if not a terminal, unless FORCE_COLOR=1)
# Color definitions (disabled if not a terminal, unless FORCE_COLOR=1).
# Keep these mutable so --no-color can disable colors after startup.
if [[ -t 1 ]] || [[ $FORCE_COLOR == "1" ]]; then
readonly COLOR_RESET='\033[0m'
readonly COLOR_RED='\033[0;31m'
readonly COLOR_GREEN='\033[0;32m'
readonly COLOR_YELLOW='\033[0;33m'
readonly COLOR_BLUE='\033[0;34m'
readonly COLOR_CYAN='\033[0;36m'
readonly COLOR_DIM='\033[0;90m'
readonly COLOR_BOLD='\033[1m'
COLOR_RESET='\033[0m'
COLOR_RED='\033[0;31m'
COLOR_GREEN='\033[0;32m'
COLOR_YELLOW='\033[0;33m'
COLOR_BLUE='\033[0;34m'
COLOR_CYAN='\033[0;36m'
COLOR_DIM='\033[0;90m'
COLOR_BOLD='\033[1m'
else
readonly COLOR_RESET=''
readonly COLOR_RED=''
readonly COLOR_GREEN=''
readonly COLOR_YELLOW=''
readonly COLOR_BLUE=''
readonly COLOR_CYAN=''
readonly COLOR_DIM=''
readonly COLOR_BOLD=''
COLOR_RESET=''
COLOR_RED=''
COLOR_GREEN=''
COLOR_YELLOW=''
COLOR_BLUE=''
COLOR_CYAN=''
COLOR_DIM=''
COLOR_BOLD=''
fi

# Write to log file (no colors, with timestamp)
Expand Down Expand Up @@ -2714,17 +2715,20 @@ function installOpenVPN() {

# Install the latest version of easy-rsa from source, if not already installed.
if [[ ! -d /etc/openvpn/server/easy-rsa/ ]]; then
run_cmd_fatal "Downloading Easy-RSA v${EASYRSA_VERSION}" curl -fL --retry 5 -o ~/easy-rsa.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_VERSION}/EasyRSA-${EASYRSA_VERSION}.tgz"
local easy_rsa_archive
easy_rsa_archive=$(mktemp /tmp/easy-rsa.XXXXXX.tgz) || log_fatal "Failed to create temporary Easy-RSA archive"

run_cmd_fatal "Downloading Easy-RSA v${EASYRSA_VERSION}" curl -fL --retry 5 -o "$easy_rsa_archive" "https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_VERSION}/EasyRSA-${EASYRSA_VERSION}.tgz"
log_info "Verifying Easy-RSA checksum..."
CHECKSUM_OUTPUT=$(echo "${EASYRSA_SHA256} $HOME/easy-rsa.tgz" | sha256sum -c 2>&1) || {
CHECKSUM_OUTPUT=$(echo "${EASYRSA_SHA256} $easy_rsa_archive" | sha256sum -c 2>&1) || {
_log_to_file "[CHECKSUM] $CHECKSUM_OUTPUT"
run_cmd "Cleaning up failed download" rm -f ~/easy-rsa.tgz
run_cmd "Cleaning up failed download" rm -f "$easy_rsa_archive"
log_fatal "SHA256 checksum verification failed for easy-rsa download!"
}
_log_to_file "[CHECKSUM] $CHECKSUM_OUTPUT"
run_cmd_fatal "Creating Easy-RSA directory" mkdir -p /etc/openvpn/server/easy-rsa
run_cmd_fatal "Extracting Easy-RSA" tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/server/easy-rsa
run_cmd "Cleaning up archive" rm -f ~/easy-rsa.tgz
run_cmd_fatal "Extracting Easy-RSA" tar xzf "$easy_rsa_archive" --strip-components=1 --no-same-owner --directory /etc/openvpn/server/easy-rsa
run_cmd "Cleaning up archive" rm -f "$easy_rsa_archive"

cd /etc/openvpn/server/easy-rsa/ || return
case $CERT_TYPE in
Expand Down
2 changes: 1 addition & 1 deletion test/Dockerfile.client
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# checkov:skip=CKV_DOCKER_2:Test container doesn't need healthcheck
# checkov:skip=CKV_DOCKER_3:OpenVPN client requires root for NET_ADMIN
FROM ubuntu:24.04
FROM ubuntu:26.04

ENV DEBIAN_FRONTEND=noninteractive

Expand Down
4 changes: 2 additions & 2 deletions test/Dockerfile.server
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# checkov:skip=CKV_DOCKER_2:Test container doesn't need healthcheck
# checkov:skip=CKV_DOCKER_3:OpenVPN server requires root for NET_ADMIN
# checkov:skip=CKV_DOCKER_7:Base image is parameterized, some use latest tag
ARG BASE_IMAGE=ubuntu:24.04
ARG BASE_IMAGE=ubuntu:26.04
FROM ${BASE_IMAGE}

ARG BASE_IMAGE
Expand Down Expand Up @@ -80,7 +80,7 @@ RUN printf '%s\n' \
'[Service]' \
'Type=oneshot' \
'Environment=HOME=/root' \
'PassEnvironment=AUTH_MODE TLS_SIG TLS_KEY_FILE TLS_VERSION_MIN TLS13_CIPHERSUITES CLIENT_IPV6 VPN_SUBNET_IPV6' \
'PassEnvironment=AUTH_MODE TLS_SIG TLS_KEY_FILE TLS_VERSION_MIN TLS13_CIPHERSUITES CLIENT_IPV6 VPN_SUBNET_IPV6 WAIT_TIMEOUT_SIGNAL WAIT_TIMEOUT_CONNECT WAIT_TIMEOUT_REVOKE' \
'WorkingDirectory=/root' \
'ExecStart=/entrypoint.sh' \
'RemainAfterExit=yes' \
Expand Down
Loading