installer: add DNS auto-fix (ensure_dns_working), include gnupg and ca-certificates; call before Mullvad fetch

2025-08-11 09:40:15 +00:00 · 2025-08-11 09:40:15 +00:00 · a1fa915f0b
commit a1fa915f0b
parent 437a4b14af
1 changed files with 63 additions and 0 deletions
--- a/install.sh
+++ b/install.sh
@ -381,6 +381,63 @@ check_requirements() {
    log "System requirements checked"
 }

+# Ensure DNS works and configure resolvers if needed
+ensure_dns_working() {
+    info "Verifying DNS resolution..."
+
+    # Quick success path
+    if getent hosts deb.debian.org >/dev/null 2>&1 || getent hosts github.com >/dev/null 2>&1; then
+        log "DNS is working"
+        return 0
+    fi
+
+    warning "DNS not resolving. Attempting automatic fix..."
+
+    # Try systemd-resolved if available
+    if command -v resolvectl >/dev/null 2>&1 || systemctl list-unit-files | grep -q systemd-resolved.service; then
+        systemctl enable --now systemd-resolved >/dev/null 2>&1 || true
+        # Use stub resolv.conf if present, else the static one
+        if [ -f /run/systemd/resolve/stub-resolv.conf ]; then
+            ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || true
+        elif [ -f /run/systemd/resolve/resolv.conf ]; then
+            ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf || true
+        fi
+        # Seed with public DNS on the LAN interface
+        if [ -n "$LAN_INTERFACE" ] && command -v resolvectl >/dev/null 2>&1; then
+            resolvectl dns "$LAN_INTERFACE" 1.1.1.1 1.0.0.1 >/dev/null 2>&1 || true
+            resolvectl domain "$LAN_INTERFACE" "~." >/dev/null 2>&1 || true
+        fi
+    fi
+
+    # If still not working, try resolvconf fallback
+    if ! getent hosts deb.debian.org >/dev/null 2>&1 && command -v resolvconf >/dev/null 2>&1; then
+        mkdir -p /etc/resolvconf/resolv.conf.d
+        {
+            echo "nameserver 1.1.1.1"
+            echo "nameserver 1.0.0.1"
+        } > /etc/resolvconf/resolv.conf.d/head
+        resolvconf --enable-updates >/dev/null 2>&1 || true
+        resolvconf -u >/dev/null 2>&1 || true
+    fi
+
+    # Last-resort: write resolv.conf directly (may be overwritten later)
+    if ! getent hosts deb.debian.org >/dev/null 2>&1; then
+        {
+            echo "nameserver 1.1.1.1"
+            echo "nameserver 9.9.9.9"
+        } > /etc/resolv.conf
+    fi
+
+    # Final check
+    if getent hosts deb.debian.org >/dev/null 2>&1 || getent hosts github.com >/dev/null 2>&1; then
+        log "DNS repaired"
+        return 0
+    fi
+
+    warning "DNS still not working. Please verify your container's DNS setup (systemd-resolved or resolvconf) and rerun the installer."
+    return 1
+}
+
 # Install dependencies
 install_dependencies() {
    log "Installing dependencies..."
@ -407,6 +464,8 @@ install_dependencies() {
        resolvconf
        net-tools
        jq
+        gnupg
+        ca-certificates
    )
    
    for package in "${packages[@]}"; do
@ -551,6 +610,9 @@ EOF
 # Install Mullvad
 install_mullvad() {
    log "Installing Mullvad client..."
+
+    # Ensure DNS works before fetching keys
+    ensure_dns_working || true
    
    # Download Mullvad signing key
    curl -fsSL https://mullvad.net/media/mullvad-code-signing.asc | gpg --dearmor -o /usr/share/keyrings/mullvad-keyring.gpg
@ -1084,6 +1146,7 @@ main() {
    fi
    
    install_dependencies
+    ensure_dns_working || true
    create_directories
    install_vpn_provider  # Install VPN first (needs internet)
    install_killswitch    # Then activate killswitch (blocks internet)