nocci/mvpg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

installer: add DNS auto-fix (ensure_dns_working), include gnupg and ca-certificates; call before Mullvad fetch

Browse source
This commit is contained in:
root 2025-08-11 09:40:15 +00:00
parent 437a4b14af
commit a1fa915f0b
1 changed files with 63 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

63
install.sh
View file

@ -381,6 +381,63 @@ check_requirements() {
log "System requirements checked" log "System requirements checked"
} }
# Ensure DNS works and configure resolvers if needed
ensure_dns_working() {
info "Verifying DNS resolution..."
# Quick success path
if getent hosts deb.debian.org >/dev/null 2>&1 || getent hosts github.com >/dev/null 2>&1; then
log "DNS is working"
return 0
fi
warning "DNS not resolving. Attempting automatic fix..."
# Try systemd-resolved if available
if command -v resolvectl >/dev/null 2>&1 || systemctl list-unit-files | grep -q systemd-resolved.service; then
systemctl enable --now systemd-resolved >/dev/null 2>&1 || true
# Use stub resolv.conf if present, else the static one
if [ -f /run/systemd/resolve/stub-resolv.conf ]; then
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || true
elif [ -f /run/systemd/resolve/resolv.conf ]; then
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf || true
fi
# Seed with public DNS on the LAN interface
if [ -n "$LAN_INTERFACE" ] && command -v resolvectl >/dev/null 2>&1; then
resolvectl dns "$LAN_INTERFACE" 1.1.1.1 1.0.0.1 >/dev/null 2>&1 || true
resolvectl domain "$LAN_INTERFACE" "~." >/dev/null 2>&1 || true
fi
fi
# If still not working, try resolvconf fallback
if ! getent hosts deb.debian.org >/dev/null 2>&1 && command -v resolvconf >/dev/null 2>&1; then
mkdir -p /etc/resolvconf/resolv.conf.d
{
echo "nameserver 1.1.1.1"
echo "nameserver 1.0.0.1"
} > /etc/resolvconf/resolv.conf.d/head
resolvconf --enable-updates >/dev/null 2>&1 || true
resolvconf -u >/dev/null 2>&1 || true
fi
# Last-resort: write resolv.conf directly (may be overwritten later)
if ! getent hosts deb.debian.org >/dev/null 2>&1; then
{
echo "nameserver 1.1.1.1"
echo "nameserver 9.9.9.9"
} > /etc/resolv.conf
fi
# Final check
if getent hosts deb.debian.org >/dev/null 2>&1 || getent hosts github.com >/dev/null 2>&1; then
log "DNS repaired"
return 0
fi
warning "DNS still not working. Please verify your container's DNS setup (systemd-resolved or resolvconf) and rerun the installer."
return 1
}
# Install dependencies # Install dependencies
install_dependencies() { install_dependencies() {
log "Installing dependencies..." log "Installing dependencies..."
@ -407,6 +464,8 @@ install_dependencies() {
resolvconf resolvconf
net-tools net-tools
jq jq
gnupg
ca-certificates
) )
for package in "${packages[@]}"; do for package in "${packages[@]}"; do
@ -552,6 +611,9 @@ EOF
install_mullvad() { install_mullvad() {
log "Installing Mullvad client..." log "Installing Mullvad client..."
# Ensure DNS works before fetching keys
ensure_dns_working || true
# Download Mullvad signing key # Download Mullvad signing key
curl -fsSL https://mullvad.net/media/mullvad-code-signing.asc | gpg --dearmor -o /usr/share/keyrings/mullvad-keyring.gpg curl -fsSL https://mullvad.net/media/mullvad-code-signing.asc | gpg --dearmor -o /usr/share/keyrings/mullvad-keyring.gpg
@ -1084,6 +1146,7 @@ main() {
fi fi
install_dependencies install_dependencies
ensure_dns_working || true
create_directories create_directories
install_vpn_provider # Install VPN first (needs internet) install_vpn_provider # Install VPN first (needs internet)
install_killswitch # Then activate killswitch (blocks internet) install_killswitch # Then activate killswitch (blocks internet)