From e88980f337d217ee4f5df53cc0021346ce8c996b Mon Sep 17 00:00:00 2001 From: jumpsmm7 <49514613+jumpsmm7@users.noreply.github.com> Date: Thu, 9 Nov 2023 05:54:36 -0500 Subject: [PATCH] Dev v2.5.1 (#184) * reformatted script and auxiliary files. * added ssh terminal command line quick options. --- gen/manager | 596 ++++---- gen/manager.md5sum | 2 +- installer | 3654 +++++++++++++++++++++++--------------------- installer.md5sum | 2 +- 4 files changed, 2269 insertions(+), 1985 deletions(-) diff --git a/gen/manager b/gen/manager index c7e8f56..9ea1025 100644 --- a/gen/manager +++ b/gen/manager @@ -1,293 +1,375 @@ #!/bin/sh -[ -f /jffs/dnscrypt/.config ] && . /jffs/dnscrypt/.config; +[ -f /jffs/dnscrypt/.config ] && . /jffs/dnscrypt/.config -NAME="$(basename "$0")[$$]"; +NAME="$(basename "$0")[$$]" -append_on_demand () { - local TARGET LINE - TARGET="$1"; - shift; - for LINE in "$@"; do - if ! grep -qF "$LINE" "$TARGET"; then - printf "%s\n" "$LINE" >> "$TARGET"; - fi; - done; +append_on_demand() { + local TARGET LINE + TARGET="$1" + shift + for LINE in "$@"; do + if ! grep -qF "$LINE" "$TARGET"; then + printf "%s\n" "$LINE" >>"$TARGET" + fi + done } -check_dns_environment () { - local NVCHECK - NVCHECK="0"; - if [ "$(nvram get dnspriv_enable)" != "0" ]; then { nvram set dnspriv_enable="0"; }; NVCHECK="$((NVCHECK+1))"; fi; - if [ "$(pidof stubby)" ]; then { killall -q -9 stubby 2>/dev/null; }; NVCHECK="$((NVCHECK+1))"; fi; - if [ "$(nvram get dhcp_dns1_x)" ] && [ "$NVCHECK" != "0" ]; then { nvram set dhcp_dns1_x=""; }; NVCHECK="$((NVCHECK+1))"; fi; - if [ "$(nvram get dhcp_dns2_x)" ] && [ "$NVCHECK" != "0" ]; then { nvram set dhcp_dns2_x=""; }; NVCHECK="$((NVCHECK+1))"; fi; - if [ "$(nvram get dhcpd_dns_router)" != "1" ] && [ "$NVCHECK" != "0" ]; then { nvram set dhcpd_dns_router="1"; }; NVCHECK="$((NVCHECK+1))"; fi; - if [ "$NVCHECK" != "0" ]; then { nvram commit; }; { service restart_dnsmasq >/dev/null 2>&1; }; { service_wait netcheck 150; }; fi; +check_dns_environment() { + local NVCHECK + NVCHECK="0" + if [ "$(nvram get dnspriv_enable)" != "0" ]; then + { nvram set dnspriv_enable="0"; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(pidof stubby)" ]; then + { killall -q -9 stubby 2>/dev/null; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcp_dns1_x)" ] && [ "$NVCHECK" != "0" ]; then + { nvram set dhcp_dns1_x=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcp_dns2_x)" ] && [ "$NVCHECK" != "0" ]; then + { nvram set dhcp_dns2_x=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcpd_dns_router)" != "1" ] && [ "$NVCHECK" != "0" ]; then + { nvram set dhcpd_dns_router="1"; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$NVCHECK" != "0" ]; then + { nvram commit; } + { service restart_dnsmasq >/dev/null 2>&1; } + { service_wait netcheck 150; } + fi } -dnscrypt_proxy_run () { - local lock_dir pid pid_file start end runtime - lock_dir="/tmp/dnscrypt-proxy"; - pid_file="${lock_dir}/pid"; - case "$1" in - "") - if [ -z "$(sed -n '2p' $pid_file)" ]; then return 1; else return 0; fi; - ;; - *) - if ( mkdir ${lock_dir} ) 2> /dev/null || { [ -e "${pid_file}" ] && [ -n "$(sed -n '2p' $pid_file)" ]; } || { [ "$1" = "stop_dnscrypt_proxy" ]; }; then - ( trap 'rm -rf "$lock_dir"; exit $?' EXIT; { service_wait dnscrypt_proxy_run; }; rm -rf "$lock_dir"; )& pid="$!"; - { printf "%s\n" "$pid" > $pid_file; start="$(date +%s)"; { service_wait "$1" 30; }; end="$(date +%s)"; runtime="$((end-start))"; printf "%s\n" "$runtime" >> $pid_file; logger -st "$NAME" "$1 took $runtime second(s) to complete."; }; - else - logger -st "$NAME" "Lock owned by $(sed -n '1p' $pid_file) exists; preventing duplicate runs!"; - fi; - ;; - esac; +dnscrypt_proxy_run() { + local lock_dir pid pid_file start end runtime + lock_dir="/tmp/dnscrypt-proxy" + pid_file="${lock_dir}/pid" + case "$1" in + "") + if [ -z "$(sed -n '2p' $pid_file)" ]; then return 1; else return 0; fi + ;; + *) + if (mkdir ${lock_dir}) 2>/dev/null || { [ -e "${pid_file}" ] && [ -n "$(sed -n '2p' $pid_file)" ]; } || { [ "$1" = "stop_dnscrypt_proxy" ]; }; then + ( + trap 'rm -rf "$lock_dir"; exit $?' EXIT + { service_wait dnscrypt_proxy_run; } + rm -rf "$lock_dir" + ) & + pid="$!" + { + printf "%s\n" "$pid" >$pid_file + start="$(date +%s)" + { service_wait "$1" 30; } + end="$(date +%s)" + runtime="$((end - start))" + printf "%s\n" "$runtime" >>$pid_file + logger -st "$NAME" "$1 took $runtime second(s) to complete." + } + else + logger -st "$NAME" "Lock owned by $(sed -n '1p' $pid_file) exists; preventing duplicate runs!" + fi + ;; + esac } -dnsmasq_params () { - local DNS VAR - if { ! readlink -f /etc/resolv.conf | grep -qE ^'/rom/etc/resolv.conf' && df -h | grep -qoE '/tmp/resolv.conf'; }; then { umount /tmp/resolv.conf 2>/dev/null; }; fi; - if [ -n "$(pidof dnscrypt-proxy)" ]; then - cp -a /tmp/resolv.dnsmasq /jffs/dnscrypt/resolv.dnsmasq; - append_on_demand /etc/dnsmasq.conf "no-resolv"; - append_on_demand /jffs/dnscrypt/resolv.dnsmasq "server=127.0.1.1"; - for DNS in $(nvram get wan_dns) $(nvram get wan0_dns) $(nvram get wan1_dns) $(nvram get wan_dns1_x) $(nvram get wan_dns2_x) $(nvram get wan0_dns1_x) $(nvram get wan0_dns2_x) $(nvram get wan1_dns1_x) $(nvram get wan1_dns2_x) $(nvram get wan0_xdns) $(nvram get wan1_xdns) $(nvram get ipv6_get_dns); do - sed -i "/^server=$DNS.*$/d" /jffs/dnscrypt/resolv.dnsmasq; - done; - for VAR in 1 2 3; do - DNS="$(nvram get "ipv6_dns$VAR")"; - [ -n "$DNS" ] && sed -i "/^server=$DNS.*$/d" /jffs/dnscrypt/resolv.dnsmasq; - done; - sed -i "/^servers-file=.*$/d" /etc/dnsmasq.conf; - append_on_demand /etc/dnsmasq.conf "servers-file=/jffs/dnscrypt/resolv.dnsmasq"; - if { ! readlink -f /etc/resolv.conf | grep -qE ^'/rom/etc/resolv.conf' && [ "$DNSCRYPT_LOCAL" = "YES" ]; }; then { mount -o bind /rom/etc/resolv.conf /tmp/resolv.conf; }; fi; - fi; +dnsmasq_params() { + local DNS VAR + if { ! readlink -f /etc/resolv.conf | grep -qE ^'/rom/etc/resolv.conf' && df -h | grep -qoE '/tmp/resolv.conf'; }; then { umount /tmp/resolv.conf 2>/dev/null; }; fi + if [ -n "$(pidof dnscrypt-proxy)" ]; then + cp -a /tmp/resolv.dnsmasq /jffs/dnscrypt/resolv.dnsmasq + append_on_demand /etc/dnsmasq.conf "no-resolv" + append_on_demand /jffs/dnscrypt/resolv.dnsmasq "server=127.0.1.1" + for DNS in $(nvram get wan_dns) $(nvram get wan0_dns) $(nvram get wan1_dns) $(nvram get wan_dns1_x) $(nvram get wan_dns2_x) $(nvram get wan0_dns1_x) $(nvram get wan0_dns2_x) $(nvram get wan1_dns1_x) $(nvram get wan1_dns2_x) $(nvram get wan0_xdns) $(nvram get wan1_xdns) $(nvram get ipv6_get_dns); do + sed -i "/^server=$DNS.*$/d" /jffs/dnscrypt/resolv.dnsmasq + done + for VAR in 1 2 3; do + DNS="$(nvram get "ipv6_dns$VAR")" + [ -n "$DNS" ] && sed -i "/^server=$DNS.*$/d" /jffs/dnscrypt/resolv.dnsmasq + done + sed -i "/^servers-file=.*$/d" /etc/dnsmasq.conf + append_on_demand /etc/dnsmasq.conf "servers-file=/jffs/dnscrypt/resolv.dnsmasq" + if { ! readlink -f /etc/resolv.conf | grep -qE ^'/rom/etc/resolv.conf' && [ "$DNSCRYPT_LOCAL" = "YES" ]; }; then { mount -o bind /rom/etc/resolv.conf /tmp/resolv.conf; }; fi + fi } -init_hwrng () { - local COUNT - COUNT="0"; - while [ ! -c "$RNG_DEV" ]; do - if [ "$COUNT" -gt 120 ]; then - logger -st "$NAME" "ERROR: Unable to find HWRNG device. Aborting..."; - if [ -f "/jffs/dnscrypt/haveged" ]; then { /jffs/dnscrypt/haveged -w 1024 -d 32 -i 32 -v 1; }; logger -st "$NAME" "Haveged: Using available haveged instead..."; fi; - return 1; - fi; - COUNT="$((COUNT+1))"; - sleep 1; - done; - { /jffs/dnscrypt/stty raw -echo -ixoff -F "$RNG_DEV" speed 115200; }; - { /jffs/dnscrypt/rngd -r "$RNG_DEV"; }; - if [ "$?" -eq "0" ]; then logger -st "$NAME" "rngd: Started for $RNG_DEV"; return 0; fi; +init_hwrng() { + local COUNT + COUNT="0" + while [ ! -c "$RNG_DEV" ]; do + if [ "$COUNT" -gt 120 ]; then + logger -st "$NAME" "ERROR: Unable to find HWRNG device. Aborting..." + if [ -f "/jffs/dnscrypt/haveged" ]; then + { /jffs/dnscrypt/haveged -w 1024 -d 32 -i 32 -v 1; } + logger -st "$NAME" "Haveged: Using available haveged instead..." + fi + return 1 + fi + COUNT="$((COUNT + 1))" + sleep 1 + done + { /jffs/dnscrypt/stty raw -echo -ixoff -F "$RNG_DEV" speed 115200; } + { /jffs/dnscrypt/rngd -r "$RNG_DEV"; } + if [ "$?" -eq "0" ]; then + logger -st "$NAME" "rngd: Started for $RNG_DEV" + return 0 + fi } netcheck() { - local ALIVE - if { [ "$(/bin/date -u +"%Y")" -gt "1970" ] || [ "$(/bin/date -u '+%s')" -ge "$(/bin/date -u -r "$0" '+%s')" ]; }; then ALIVE="0"; else ALIVE="1"; fi; - if { [ "$(ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1; printf "%s" "$?")" = "0" ] && [ "$(nslookup google.com 127.0.0.1 >/dev/null 2>&1; printf "%s" "$?")" = "0" ]; }; then ALIVE="0"; else ALIVE="$((ALIVE+1))"; fi; - if { [ "$(curl -Is http://www.google.com | head -n 1 >/dev/null 2>&1; printf "%s" "$?")" = "0" ] || [ "$(wget -q --spider http://google.com >/dev/null 2>&1; printf "%s" "$?")" = "0" ]; }; then ALIVE="0"; else ALIVE="$((ALIVE+1))"; fi; - if [ "$ALIVE" -ne "0" ]; then return 1; else return 0; fi; + local ALIVE + if { [ "$(/bin/date -u +"%Y")" -gt "1970" ] || [ "$(/bin/date -u '+%s')" -ge "$(/bin/date -u -r "$0" '+%s')" ]; }; then ALIVE="0"; else ALIVE="1"; fi + if { [ "$( + ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1 + printf "%s" "$?" + )" = "0" ] && [ "$( + nslookup google.com 127.0.0.1 >/dev/null 2>&1 + printf "%s" "$?" + )" = "0" ]; }; then ALIVE="0"; else ALIVE="$((ALIVE + 1))"; fi + if { [ "$( + curl -Is http://www.google.com | head -n 1 >/dev/null 2>&1 + printf "%s" "$?" + )" = "0" ] || [ "$( + wget -q --spider http://google.com >/dev/null 2>&1 + printf "%s" "$?" + )" = "0" ]; }; then ALIVE="0"; else ALIVE="$((ALIVE + 1))"; fi + if [ "$ALIVE" -ne "0" ]; then return 1; else return 0; fi } -proc_optimizations () { - { printf "4194304" > /proc/sys/kernel/pid_max; }; # Ensure max PID coverage - { printf "2" > /proc/sys/vm/overcommit_memory; }; # Ensure ratio algorithm checks properly work including swap. - { printf "60" > /proc/sys/vm/swappiness; }; # Ensure swappiness is set for more readily usability. - { printf "50" > /proc/sys/vm/overcommit_ratio; }; # Ensure a proper overcommit policy is available. - { printf "4194304" > /proc/sys/net/core/rmem_max; }; # Ensure UDP receive buffer set to 4M. - { printf "1048576" > /proc/sys/net/core/wmem_max; }; # Ensure 1M for wmem_max. - { printf "0" > /proc/sys/net/ipv4/icmp_ratelimit; }; # Ensure Control over MTRS - { printf "256" > /proc/sys/net/ipv4/neigh/default/gc_thresh1; }; # Increase ARP cache sizes and GC thresholds - { printf "1024" > /proc/sys/net/ipv4/neigh/default/gc_thresh2; }; # Increase ARP cache sizes and GC thresholds - { printf "2048" > /proc/sys/net/ipv4/neigh/default/gc_thresh3; }; # Increase ARP cache sizes and GC thresholds - { printf "240" > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_max_retrans; }; # Lower conntrack tcp_timeout_max_retrans from 300 to 240 - if [ -n "$(nvram get ipv6_service)" ]; then #IPV6 proc variants - { printf "0" > /proc/sys/net/ipv6/icmp/ratelimit; }; - { printf "256" > /proc/sys/net/ipv6/neigh/default/gc_thresh1; }; - { printf "1024" > /proc/sys/net/ipv6/neigh/default/gc_thresh2; }; - { printf "2048" > /proc/sys/net/ipv6/neigh/default/gc_thresh3; }; - fi; +proc_optimizations() { + { printf "4194304" >/proc/sys/kernel/pid_max; } # Ensure max PID coverage + { printf "2" >/proc/sys/vm/overcommit_memory; } # Ensure ratio algorithm checks properly work including swap. + { printf "60" >/proc/sys/vm/swappiness; } # Ensure swappiness is set for more readily usability. + { printf "50" >/proc/sys/vm/overcommit_ratio; } # Ensure a proper overcommit policy is available. + { printf "4194304" >/proc/sys/net/core/rmem_max; } # Ensure UDP receive buffer set to 4M. + { printf "1048576" >/proc/sys/net/core/wmem_max; } # Ensure 1M for wmem_max. + { printf "0" >/proc/sys/net/ipv4/icmp_ratelimit; } # Ensure Control over MTRS + { printf "256" >/proc/sys/net/ipv4/neigh/default/gc_thresh1; } # Increase ARP cache sizes and GC thresholds + { printf "1024" >/proc/sys/net/ipv4/neigh/default/gc_thresh2; } # Increase ARP cache sizes and GC thresholds + { printf "2048" >/proc/sys/net/ipv4/neigh/default/gc_thresh3; } # Increase ARP cache sizes and GC thresholds + { printf "240" >/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_max_retrans; } # Lower conntrack tcp_timeout_max_retrans from 300 to 240 + if [ -n "$(nvram get ipv6_service)" ]; then #IPV6 proc variants + { printf "0" >/proc/sys/net/ipv6/icmp/ratelimit; } + { printf "256" >/proc/sys/net/ipv6/neigh/default/gc_thresh1; } + { printf "1024" >/proc/sys/net/ipv6/neigh/default/gc_thresh2; } + { printf "2048" >/proc/sys/net/ipv6/neigh/default/gc_thresh3; } + fi } -service_wait () { - umask 022 - local OPT - [ -z "$2" ] && OPT="10" || OPT="$2"; - ( - { timezone; cd '/'; trap '' HUP INT QUIT ABRT TERM TSTP; }; - { exec 0< '/dev/null'; exec 1> '/dev/null'; exec 2> '/dev/null'; }; - { local maxwait i; maxwait="300"; i="0"; while [ "$i" -le "$maxwait" ]; do if [ "$(nvram get success_start_service)" = '1' ] && { "$1"; }; then break; fi; sleep 10; i="$((i + OPT))"; done; }; - { trap - HUP INT QUIT ABRT TERM TSTP; if [ "$i" -gt "$maxwait" ]; then return 1; else return 0; fi; }; - )& local PID="$!"; wait $PID; - return "$?"; +service_wait() { + umask 022 + local OPT + [ -z "$2" ] && OPT="10" || OPT="$2" + ( + { + timezone + cd '/' + trap '' HUP INT QUIT ABRT TERM TSTP + } + { + exec 0<'/dev/null' + exec 1>'/dev/null' + exec 2>'/dev/null' + } + { + local maxwait i + maxwait="300" + i="0" + while [ "$i" -le "$maxwait" ]; do + if [ "$(nvram get success_start_service)" = '1' ] && { "$1"; }; then break; fi + sleep 10 + i="$((i + OPT))" + done + } + { + trap - HUP INT QUIT ABRT TERM TSTP + if [ "$i" -gt "$maxwait" ]; then return 1; else return 0; fi + } + ) & + local PID="$!" + wait $PID + return "$?" } -start_dnscrypt_proxy () { - local DNSCRYPT_START - { cd /jffs/dnscrypt; } || exit; - { killall -s 9 "$(pidof dnscrypt-proxy)" 2>/dev/null || killall -q -9 dnscrypt-proxy 2>/dev/null; }; - DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"; - logger -st "$NAME" "Starting dnscrypt-proxy from $NAME."; - { nohup $DNSCRYPT_START >/dev/null 2>&1 /dev/null 2>&1; }; fi; - if [ -n "$(pidof dnscrypt-proxy)" ] && { service_wait netcheck 300; }; then return "0"; else return "1"; fi; +start_dnscrypt_proxy() { + local DNSCRYPT_START + { cd /jffs/dnscrypt; } || exit + { killall -s 9 "$(pidof dnscrypt-proxy)" 2>/dev/null || killall -q -9 dnscrypt-proxy 2>/dev/null; } + DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml" + logger -st "$NAME" "Starting dnscrypt-proxy from $NAME." + { nohup $DNSCRYPT_START >/dev/null 2>&1 /dev/null 2>&1; }; fi + if [ -n "$(pidof dnscrypt-proxy)" ] && { service_wait netcheck 300; }; then return "0"; else return "1"; fi } -start_monitor () { - trap '' HUP INT QUIT ABRT TERM; - trap 'EXIT="1"' USR1; - trap 'EXIT="2"' USR2; - { service_wait netcheck; }; - local COUNT EXIT RANDOM; - EXIT="0"; - RANDOM="0"; - logger -st "$NAME" "Starting Monitor!"; - while true; do - if [ -f "/jffs/dnscrypt/dnscrypt-proxy" ]; then - case $EXIT in - "0") - timezone; - case $RANDOM in - "4320") - RANDOM="0"; - if [ -n "$COUNT" ]; then logger -st "$NAME" "Randomization: Health Check; Monitor will randomize it!"; unset COUNT; fi; - ;; - *) - if [ -z "$COUNT" ]; then RANDOM="0"; else RANDOM="$((RANDOM + 1))"; fi; - ;; - esac; - case "$COUNT" in - "") - COUNT="0"; - "$0" opendns-update; - { dnscrypt_proxy_run start_dnscrypt_proxy; }; - ;; - esac; - case "$(pidof dnscrypt-proxy)" in - "") - logger -st "$NAME" "Warning: dnscrypt-proxy is dead; Monitor will start it!"; - unset COUNT; - ;; - *) - case $COUNT in - "30"|"60"|"90") - "$0" opendns-update; - if [ "$COUNT" = "90" ]; then COUNT="0"; else COUNT="$((COUNT + 1))"; fi; - if { ! service_wait netcheck 150; }; then logger -st "$NAME" "Warning: dnscrypt-proxy is not responding; Monitor will re-start it!"; unset COUNT; fi; - ;; - *) - COUNT="$((COUNT + 1))"; - ;; - esac; - esac; - if [ -n "$COUNT" ]; then sleep 10; fi; - ;; - "1") - logger -st "$NAME" "Stopping Monitor!"; - trap - HUP INT QUIT ABRT USR1 USR2 TERM; - { dnscrypt_proxy_run stop_dnscrypt_proxy; }; - break; - ;; - "2") - logger -st "$NAME" "Monitor is restarting dnscrypt-proxy!"; - unset COUNT; - EXIT="0"; - ;; - esac; - fi; - done; +start_monitor() { + trap '' HUP INT QUIT ABRT TERM + trap 'EXIT="1"' USR1 + trap 'EXIT="2"' USR2 + { service_wait netcheck; } + local COUNT EXIT RANDOM + EXIT="0" + RANDOM="0" + logger -st "$NAME" "Starting Monitor!" + while true; do + if [ -f "/jffs/dnscrypt/dnscrypt-proxy" ]; then + case $EXIT in + "0") + timezone + case $RANDOM in + "4320") + RANDOM="0" + if [ -n "$COUNT" ]; then + logger -st "$NAME" "Randomization: Health Check; Monitor will randomize it!" + unset COUNT + fi + ;; + *) + if [ -z "$COUNT" ]; then RANDOM="0"; else RANDOM="$((RANDOM + 1))"; fi + ;; + esac + case "$COUNT" in + "") + COUNT="0" + "$0" opendns-update + { dnscrypt_proxy_run start_dnscrypt_proxy; } + ;; + esac + case "$(pidof dnscrypt-proxy)" in + "") + logger -st "$NAME" "Warning: dnscrypt-proxy is dead; Monitor will start it!" + unset COUNT + ;; + *) + case $COUNT in + "30" | "60" | "90") + "$0" opendns-update + if [ "$COUNT" = "90" ]; then COUNT="0"; else COUNT="$((COUNT + 1))"; fi + if { ! service_wait netcheck 150; }; then + logger -st "$NAME" "Warning: dnscrypt-proxy is not responding; Monitor will re-start it!" + unset COUNT + fi + ;; + *) + COUNT="$((COUNT + 1))" + ;; + esac + ;; + esac + if [ -n "$COUNT" ]; then sleep 10; fi + ;; + "1") + logger -st "$NAME" "Stopping Monitor!" + trap - HUP INT QUIT ABRT USR1 USR2 TERM + { dnscrypt_proxy_run stop_dnscrypt_proxy; } + break + ;; + "2") + logger -st "$NAME" "Monitor is restarting dnscrypt-proxy!" + unset COUNT + EXIT="0" + ;; + esac + fi + done } -stop_dnscrypt_proxy () { - { cd /jffs/dnscrypt; } || exit; - logger -st "$NAME" "Stopping dnscrypt-proxy from $NAME."; - { killall -s 9 "$(pidof dnscrypt-proxy)" 2>/dev/null || killall -q -9 dnscrypt-proxy 2>/dev/null; }; - if grep -qF "servers-file=/jffs/dnscrypt/resolv.dnsmasq" "/etc/dnsmasq.conf"; then { service restart_dnsmasq >/dev/null 2>&1; }; fi; - if [ -z "$(pidof dnscrypt-proxy)" ] && { service_wait netcheck 300; }; then return 0; else return 1; fi; +stop_dnscrypt_proxy() { + { cd /jffs/dnscrypt; } || exit + logger -st "$NAME" "Stopping dnscrypt-proxy from $NAME." + { killall -s 9 "$(pidof dnscrypt-proxy)" 2>/dev/null || killall -q -9 dnscrypt-proxy 2>/dev/null; } + if grep -qF "servers-file=/jffs/dnscrypt/resolv.dnsmasq" "/etc/dnsmasq.conf"; then { service restart_dnsmasq >/dev/null 2>&1; }; fi + if [ -z "$(pidof dnscrypt-proxy)" ] && { service_wait netcheck 300; }; then return 0; else return 1; fi } -stop_monitor () { - local SIGNAL - case "$1" in - "$MON_PID") - SIGNAL="12"; - ;; - "$$") - if [ -n "$MON_PID" ]; then SIGNAL="10"; else { dnscrypt_proxy_run stop_dnscrypt_proxy; }; fi; - ;; - esac; - [ -n "$SIGNAL" ] && { kill -s "$SIGNAL" "$MON_PID" 2>/dev/null; }; +stop_monitor() { + local SIGNAL + case "$1" in + "$MON_PID") + SIGNAL="12" + ;; + "$$") + if [ -n "$MON_PID" ]; then SIGNAL="10"; else { dnscrypt_proxy_run stop_dnscrypt_proxy; }; fi + ;; + esac + [ -n "$SIGNAL" ] && { kill -s "$SIGNAL" "$MON_PID" 2>/dev/null; } } -timezone () { - local TIMEZONE TARGET - TIMEZONE="/jffs/dnscrypt/localtime"; - TARGET="/etc/localtime"; - if { [ ! -f "$TARGET" ] && [ -f "$TIMEZONE" ]; }; then { ln -sf "$TIMEZONE" "$TARGET"; }; fi; - if [ -f "$TARGET" ] || [ "$(readlink "$TARGET")" ]; then { if [ "$(/bin/date -u '+%s')" -le "$(/bin/date -u -r "$0" '+%s')" ]; then { /bin/date -u -s "$(/bin/date -u -r "$0" '+%Y-%m-%d %H:%M:%S')"; }; else { touch "$0"; }; fi; }; fi; +timezone() { + local TIMEZONE TARGET + TIMEZONE="/jffs/dnscrypt/localtime" + TARGET="/etc/localtime" + if { [ ! -f "$TARGET" ] && [ -f "$TIMEZONE" ]; }; then { ln -sf "$TIMEZONE" "$TARGET"; }; fi + if [ -f "$TARGET" ] || [ "$(readlink "$TARGET")" ]; then { if [ "$(/bin/date -u '+%s')" -le "$(/bin/date -u -r "$0" '+%s')" ]; then { /bin/date -u -s "$(/bin/date -u -r "$0" '+%Y-%m-%d %H:%M:%S')"; }; else { touch "$0"; }; fi; }; fi } -update_opendns () { - if [ -z "$OPENDNS_USER" ] || [ -z "$OPENDNS_PASSWORD" ] || [ "$1" -gt 2 ]; then - return; - fi; - sleep 5; - RET="$(curl -k -s -u "$OPENDNS_USER:$OPENDNS_PASSWORD" "https://updates.opendns.com/nic/update?hostname=")"; - case "$RET" in - good*) - logger -st "$NAME" "OpenDNS: Update IP succeeded"; - ;; - badauth*) - logger -st "$NAME" "OpenDNS: Wrong username or password"; - ;; - *) - logger -st "$NAME" "OpenDNS: Received error $RET"; - update_opendns "$(($1+1))"; - ;; - esac; +update_opendns() { + if [ -z "$OPENDNS_USER" ] || [ -z "$OPENDNS_PASSWORD" ] || [ "$1" -gt 2 ]; then + return + fi + sleep 5 + RET="$(curl -k -s -u "$OPENDNS_USER:$OPENDNS_PASSWORD" "https://updates.opendns.com/nic/update?hostname=")" + case "$RET" in + good*) + logger -st "$NAME" "OpenDNS: Update IP succeeded" + ;; + badauth*) + logger -st "$NAME" "OpenDNS: Wrong username or password" + ;; + *) + logger -st "$NAME" "OpenDNS: Received error $RET" + update_opendns "$(($1 + 1))" + ;; + esac } -if { [ "$2" != "x" ] && printf "%s" "$1" | /bin/grep -qE "^(((dnscrypt-)?(start|stop)|restart|kill)$)"; }; then { service "$1"_dnscrypt-proxy >/dev/null 2>&1; exit; }; fi; -{ for PID in $(pidof "$(basename "$0")"); do if { awk '{ print }' "/proc/${PID}/cmdline" | grep -q monitor-start; } && [ "$PID" != "$$" ]; then { MON_PID="$PID"; }; fi; done; }; +if { [ "$2" != "x" ] && printf "%s" "$1" | /bin/grep -qE "^(((dnscrypt-)?(start|stop)|restart|kill)$)"; }; then { + service "$1"_dnscrypt-proxy >/dev/null 2>&1 + exit +}; fi +{ for PID in $(pidof "$(basename "$0")"); do if { awk '{ print }' "/proc/${PID}/cmdline" | grep -q monitor-start; } && [ "$PID" != "$$" ]; then { MON_PID="$PID"; }; fi; done; } -unset TZ; +unset TZ case "$1" in - "dnsmasq") - dnsmasq_params; - ;; - "start"|"restart"|"dnscrypt-start") - { "$0" init-start >/dev/null 2>&1; }; - ;; - "stop"|"kill"|"dnscrypt-stop") - { "$0" services-stop >/dev/null 2>&1; }; - ;; - "monitor-start") - if [ -n "$MON_PID" ]; then { stop_monitor "$MON_PID"; }; else { start_monitor & }; fi; - ;; - "opendns-update") - { update_opendns 0 & }; - ;; - "init-start"|"services-stop") - timezone; - if [ -n "$RAN_PRV" ]; then { kill -s 9 "$(pidof haveged jitterentropy-rngd rngd stty)" 2>/dev/null || killall -q -9 haveged jitterentropy-rngd rngd stty 2>/dev/null; }; fi; - case "$1" in - "init-start") - proc_optimizations; - case "$RAN_PRV" in - "haveged") - { /jffs/dnscrypt/haveged -w 1024 -d 32 -i 32 -v 1; }; - ;; - "rngd") - { init_hwrng & }; - ;; - esac; - { "$0" monitor-start; }; - ;; - "services-stop") - { stop_monitor "$$"; }; - ;; - esac; - ;; -esac; +"dnsmasq") + dnsmasq_params + ;; +"start" | "restart" | "dnscrypt-start") + { "$0" init-start >/dev/null 2>&1; } + ;; +"stop" | "kill" | "dnscrypt-stop") + { "$0" services-stop >/dev/null 2>&1; } + ;; +"monitor-start") + if [ -n "$MON_PID" ]; then { stop_monitor "$MON_PID"; }; else { start_monitor & } fi + ;; +"opendns-update") + { update_opendns 0 & } + ;; +"init-start" | "services-stop") + timezone + if [ -n "$RAN_PRV" ]; then { kill -s 9 "$(pidof haveged jitterentropy-rngd rngd stty)" 2>/dev/null || killall -q -9 haveged jitterentropy-rngd rngd stty 2>/dev/null; }; fi + case "$1" in + "init-start") + proc_optimizations + case "$RAN_PRV" in + "haveged") + { /jffs/dnscrypt/haveged -w 1024 -d 32 -i 32 -v 1; } + ;; + "rngd") + { init_hwrng & } + ;; + esac + { "$0" monitor-start; } + ;; + "services-stop") + { stop_monitor "$$"; } + ;; + esac + ;; +esac check_dns_environment diff --git a/gen/manager.md5sum b/gen/manager.md5sum index 60868b0..63dab35 100644 --- a/gen/manager.md5sum +++ b/gen/manager.md5sum @@ -1 +1 @@ -809c0619e029ea07350e6787427f8a8e +2b6081bb96d7c6546ba0fec1f1abfc50 diff --git a/installer b/installer index 00b7db5..22fdfaf 100755 --- a/installer +++ b/installer @@ -16,7 +16,7 @@ #██║████╗ ██║██╔════╝╚══██╔══╝██╔══██╗██║ ██║ ██╔════╝██╔══██╗ bigeyes0x0 # #██║██╔██╗ ██║███████╗ ██║ ███████║██║ ██║ █████╗ ██████╔╝ Current Maintainer: # #██║██║╚██╗██║╚════██║ ██║ ██╔══██║██║ ██║ ██╔══╝ ██╔══██╗ SomeWhereOverTheRainBow # -#██║██║ ╚████║███████║ ██║ ██║ ██║███████╗███████╗███████╗██║ ██║ v2.5.0 # +#██║██║ ╚████║███████║ ██║ ██║ ██║███████╗███████╗███████╗██║ ██║ v2.5.1 # #╚═╝╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚══════╝╚══════╝╚══════╝╚═╝ ╚═╝ # ################################################################################################################### @@ -30,7 +30,7 @@ export LC_ALL=C export PATH="/sbin:/bin:/usr/sbin:/usr/bin:$PATH" -DI_VERSION="v2.5.0" +DI_VERSION="v2.5.1" export DI_VERSION readonly LATEST_URL="https://api.github.com/repos/jedisct1/dnscrypt-proxy/releases/latest" @@ -61,1605 +61,1783 @@ INPUT="$(printf "%s" "${BOLD} => ${NORM}")" || true readonly INPUT _quote() { - printf "%s\n" "$1" | sed 's/[]\/()$*.^|[]/\\&/g' + printf "%s\n" "$1" | sed 's/[]\/()$*.^|[]/\\&/g' } PTXT() { - case "$1" in - -n) - for i in "${@:2}"; do - printf "%s" "$i" - done - ;; - *) - for i in "$@"; do - printf "%s\n" "$i" - done - ;; - esac -} - -backup_restore () { - if [ "$1" = "BACKUP" ] && [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ]; then - if [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then - PTXT "$INFO There is an old backup detected." - local USE_OLD - if read_yesno "Do you want to continue?(this will remove the old backup)"; then USE_OLD="NO"; else USE_OLD="YES"; fi - if [ "$USE_OLD" = "YES" ]; then - PTXT "$INFO Leaving Old Backup." - end_op_message 1 - elif [ "$USE_OLD" = "NO" ]; then - PTXT "$INFO Removing Old Backup." - rm -rf "${BASE_DIR}/backup_dnscrypt.tar.gz" - fi - fi - PTXT "$INFO This operation will backup dnscrypt-proxy(<4MB)to jffs partition." \ - "$INFO Please wait a moment." - tar -czvf "${BASE_DIR}/backup_dnscrypt.tar.gz" -C "$TARG_DIR" ../dnscrypt/ >/dev/null 2>&1 - PTXT "$INFO Backup complete" - [ -z "$2" ] && end_op_message 0 - elif [ "$1" = "BACKUP" ] && [ ! -d "$TARG_DIR" ] && [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; then - PTXT "$ERROR No ${TARG_DIR}/dnscrypt-proxy to Backup!" - end_op_message 1 - fi - if [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ] && [ "$1" = "RESTORE" ]; then - PTXT "$INFO Please wait a moment." - tar -xzvf "${BASE_DIR}/backup_dnscrypt.tar.gz" -C "$BASE_DIR" >/dev/null 2>&1 - chown "$(nvram get http_username)":root ${TARG_DIR}/* - chmod 755 "${TARG_DIR}/dnscrypt-proxy" - chmod 644 "${TARG_DIR}/public-resolvers.md" \ - "${TARG_DIR}/public-resolvers.md.minisig" \ - "${TARG_DIR}/relays.md" \ - "${TARG_DIR}/relays.md.minisig" \ - "${TARG_DIR}/odoh-servers.md" \ - "${TARG_DIR}/odoh-servers.md.minisig" \ - "${TARG_DIR}/odoh-relays.md" \ - "${TARG_DIR}/odoh-relays.md.minisig" \ - "${TARG_DIR}/dnscrypt-resolvers.csv" \ - "${TARG_DIR}/dnscrypt-resolvers.csv.minisig" - chown nobody:nobody "${TARG_DIR}/public-resolvers.md" \ - "${TARG_DIR}/public-resolvers.md.minisig" \ - "${TARG_DIR}/relays.md" \ - "${TARG_DIR}/relays.md.minisig" \ - "${TARG_DIR}/odoh-servers.md" \ - "${TARG_DIR}/odoh-servers.md.minisig" \ - "${TARG_DIR}/odoh-relays.md" \ - "${TARG_DIR}/odoh-relays.md.minisig" \ - "${TARG_DIR}/dnscrypt-resolvers.csv" \ - "${TARG_DIR}/dnscrypt-resolvers.csv.minisig" - for i in init-start services-stop; do if { ! grep -q "${TARG_DIR}/manager $i &" "/jffs/scripts/${i}" && grep -q "${TARG_DIR}/manager $i" "/jffs/scripts/${i}"; }; then del_jffs_script "/jffs/scripts/${i}"; fi; done - write_manager_script /jffs/scripts/init-start "init-start &" - write_manager_script /jffs/scripts/services-stop "services-stop &" - write_manager_script /jffs/scripts/dnsmasq.postconf dnsmasq - del_between_magic /jffs/scripts/service-event-end '# Asuswrt-Merlin-Dnscrypt-Proxy-Installer' - write_command_script /jffs/scripts/service-event-end 'if printf "%s" "$@" | /bin/grep -qE "^(((((dnscrypt-)?(start|stop)|restart|kill))_?.*dnscrypt-proxy)$)"; then { sh /jffs/dnscrypt/manager "$(printf "%s" "$@" | /bin/grep -oE "^(((dnscrypt-)?(start|stop)|restart|kill))")" x & }; fi # Asuswrt-Merlin-Dnscrypt-Proxy-Installer' - if ! setup_dnscrypt; then - end_op_message 1 - return - fi - - PTXT "$INFO Starting dnscrypt-proxy..." - service start_dnscrypt-proxy >/dev/null 2>&1 - sleep 1 - if [ -z "$(pidof dnscrypt-proxy)" ]; then - PTXT "$ERROR Couldn't start dnscrypt-proxy" \ - "$ERROR Please send WebUI System Log to dev" - end_op_message 1 - return - fi - service restart_dnscrypt-proxy >/dev/null 2>&1 - PTXT "$INFO Backup restored!" \ - "$INFO - Add swap" \ - "$INFO - Add a RNG" \ - "$INFO - Set your timezone" - end_op_message 0 - elif [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ] && [ "$1" = "RESTORE" ]; then - PTXT "$ERROR No Backup found!" \ - "$ERROR Please make sure Backup Resides in $BASE_DIR" - end_op_message 1 - return - fi -} - -check_dnscrypt_toml () { - [ ! -f "$TOML_FILE" ] && return - PTXT "$INFO Checking dnscrypt-proxy configuration..." - if ! ${TARG_DIR}/dnscrypt-proxy -check -config "$TOML_FILE"; then - PTXT "$INFO Move invalid configuration file to $TOML_ERR" \ - "$INFO Operation will continue with clean config file." - mv "$TOML_FILE" "$TOML_ERR" - return 1 - fi -} - -check_dns_environment () { - if [ -f "/opt/etc/init.d/S61stubby" ] || [ -f "/opt/sbin/stubby" ] || [ -f "/opt/bin/install_stubby" ] || [ -f "/jffs/scripts/install_stubby.sh" ] || [ -d "/jffs/addons/AdGuardHome.d" ]; then - PTXT "$ERROR Potential stubby or adguardhome installation detected." \ - "$ERROR Please remove before attempting to continue." \ - "$ERROR Exiting..." - exit 1 - fi - local NVCHECK - NVCHECK="0" - if [ "$(nvram get dnspriv_enable)" != "0" ]; then { nvram set dnspriv_enable="0"; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(pidof stubby)" ]; then { killall -q -9 stubby 2>/dev/null; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dhcp_dns1_x)" ] && [ "$NVCHECK" != "0" ]; then { nvram set dhcp_dns1_x=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dhcp_dns2_x)" ] && [ "$NVCHECK" != "0" ]; then { nvram set dhcp_dns2_x=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dhcpd_dns_router)" != "1" ] && [ "$NVCHECK" != "0" ]; then { nvram set dhcpd_dns_router="1"; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$NVCHECK" != "0" ]; then { nvram commit; }; { service restart_dnsmasq >/dev/null 2>&1; }; ( while { [ "$(ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1; printf "%s" "$?")" = "0" ] && [ "$(nslookup google.com 127.0.0.1 >/dev/null 2>&1; printf "%s" "$?")" != "0" ]; }; do sleep 1; done; )& local PID="$!"; wait $PID 2>/dev/null; fi - PTXT "$INFO DNS Environment is Ready." -} - -check_dns_filter () { - local NVCHECK USE_SOME - NVCHECK="0" - if [ "$1" -eq 0 ]; then - if [ "$(nvram get dnsfilter_enable_x)" -ne 0 ]; then { nvram set dnsfilter_enable_x="0"; }; NVCHECK="$((NVCHECK+1))"; fi - PTXT "$INFO DNS will not be forced through to Dnscrypt-Proxy." - fi - if [ "$1" -eq 1 ]; then - if [ "$(nvram get dnsfilter_enable_x)" -ne 1 ]; then { nvram set dnsfilter_enable_x="1"; }; NVCHECK="$((NVCHECK+1))"; fi - PTXT "$INFO You can choose to keep any custom dnsfilter values by only redirect non-custom traffic or send all traffic through to Dnscrypt-Proxy." - if read_yesno "Do you want to redirect only NON-CUSTOM DNS resolutions on your network through to Dnscrypt-Proxy?"; then USE_SOME="0"; else USE_SOME="1"; fi - if [ "$USE_SOME" -eq 0 ]; then - if [ "$(nvram get dnsfilter_mode)" != "11" ]; then { nvram set dnsfilter_mode="11"; }; NVCHECK="$((NVCHECK+1))"; fi - PTXT "$INFO DNSFilter is set to control DNS through to Dnscrypt-Proxy, while leaving any Custom Rules and Values." - fi - if [ "$USE_SOME" -eq 1 ]; then - if [ "$(nvram get dnsfilter_custom1)" ]; then { nvram set dnsfilter_custom1=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_custom2)" ]; then { nvram set dnsfilter_custom2=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_custom3)" ]; then { nvram set dnsfilter_custom3=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_mode)" != "11" ]; then { nvram set dnsfilter_mode="11"; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_rulelist)" ]; then { nvram set dnsfilter_rulelist=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_rulelist1)" ]; then { nvram set dnsfilter_rulelist1=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_rulelist2)" ]; then { nvram set dnsfilter_rulelist2=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_rulelist3)" ]; then { nvram set dnsfilter_rulelist3=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_rulelist4)" ]; then { nvram set dnsfilter_rulelist4=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dnsfilter_rulelist5)" ]; then { nvram set dnsfilter_rulelist5=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dhcp_dns1_x)" ]; then { nvram set dhcp_dns1_x=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dhcp_dns2_x)" ]; then { nvram set dhcp_dns2_x=""; }; NVCHECK="$((NVCHECK+1))"; fi - if [ "$(nvram get dhcpd_dns_router)" != "1" ]; then { nvram set dhcpd_dns_router="1"; }; NVCHECK="$((NVCHECK+1))"; fi - PTXT "$INFO DNS is set to redirect All DNS resolutions through to Dnscrypt-Proxy." - fi - fi - if [ "$NVCHECK" != "0" ]; then { nvram commit; }; { service "restart_firewall;restart_dnsmasq" >/dev/null 2>&1; }; ( while { [ "$(ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1; printf "%s" "$?")" = "0" ] && [ "$(nslookup google.com 127.0.0.1 >/dev/null 2>&1; printf "%s" "$?")" != "0" ]; }; do sleep 1; done; )& local PID="$!"; wait $PID 2>/dev/null; fi -} - -check_dns_local () { - local LOCAL_CACHE - case "$1" in - 0) - LOCAL_CACHE="NO" - write_conf DNSCRYPT_LOCAL "\"$LOCAL_CACHE\"" - ;; - 1) - LOCAL_CACHE="YES" - write_conf DNSCRYPT_LOCAL "\"$LOCAL_CACHE\"" - ;; - esac -} - -check_jffs_enabled () { - if [ "$(nvram get jffs2_format)" = "1" ]; then - PTXT "$ERROR JFFS partition is scheduled to be reformatted." \ - "$ERROR Please reboot to format or disable that setting and try again." \ - "$ERROR Exiting..." - exit 1 - fi - local JFFS2_SCRIPTS JFFS2_ENABLED jffs2_on - JFFS2_SCRIPTS="$(nvram get jffs2_scripts)" - [ -z "$(nvram get jffs2_enable)" ] && JFFS2_ENABLED="$(nvram get jffs2_on)" || JFFS2_ENABLED="$(nvram get jffs2_enable)" - [ -z "$(nvram get jffs2_enable)" ] && jffs2_on="jffs2_on" || jffs2_on="jffs2_enable" - if [ "$JFFS2_ENABLED" -ne 1 ] || [ "$JFFS2_SCRIPTS" -ne 1 ]; then - PTXT "$INFO JFFS custom scripts and configs are not enabled." \ - "$INFO Enabling them now!" - nvram set ${jffs2_on}=1 - nvram set jffs2_scripts=1 - nvram commit - else - PTXT "$INFO JFFS custom scripts and configs are already enabled." - fi -} - -check_anonymized_automatic () { - if [ "$1" -eq 0 ] && grep -q '^server_names = .*Static.*' "$TOML_FILE"; then - PTXT "$INFO Custom servers that are potentially not compatible with relays are detected!" \ - "$WARNING These servers might not work with relays." \ - "$WARNING Use at your own risk." - fi - local USE_BROKEN USE_WILDCARD - PTXT "$INFO This allows for the use of server_name='*' as wildcard option for all servers compatible with relays." \ - "$INFO This will be the default route for all compatible servers." \ - "$INFO Additionally routes can be distinctly selected by using via=['*'] as relay wildcard." - if read_yesno "Do you want to use wildcard relay (via=['*']) option?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi - if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_automatic_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list."; choose_relays_automatic; fi - if read_yesno "Do you want to skip using resolvers that are incompatible with anonymization instead of using them directly?"; then USE_BROKEN="true"; else USE_BROKEN="false"; fi - toml_avars_prep skip_incompatible $USE_BROKEN -} - -check_anonymized_disabled () { - toml_avar_disable routes - toml_avars_prep skip_incompatible false - PTXT "$INFO Continue without Relays Support" -} - -check_opendns () { - if grep -q '^server_names = .*cisco.*' "$TOML_FILE"; then - if [ -f "$CONF_FILE" ]; then - local OPENDNS_USER OPENDNS_PASSWORD - OPENDNS_USER="$(awk -F'=' '/OPENDNS_USER/ {print $2}' "$CONF_FILE")" - OPENDNS_PASSWORD="$(awk -F'=' '/OPENDNS_PASSWORD/ {print $2}' "$CONF_FILE")" - if [ "$OPENDNS_USER" ] && [ "$OPENDNS_PASSWORD" ]; then - PTXT "$INFO Found OpenDNS account ${BOLD}${OPENDNS_USER}" \ - "$INFO What do you want to do:" \ - " 1) Use this account" \ - " 2) Setup new account" \ - " 3) Disable OpenDNS account authen" - read_input_num "Your choice" 1 3 - case "$CHOSEN" in - 1) - PTXT "$INFO Use previous account ${BOLD}${OPENDNS_USER}${NORM}" - ;; - 2) - opendns_authen 1 - ;; - 3) - opendns_authen 0 - ;; - esac - else - if read_yesno "Do you want to set up OpenDNS account ip update?"; then opendns_authen 1; else opendns_authen 0; fi - fi - else - if read_yesno "Do you want to set up OpenDNS account ip update?"; then opendns_authen 1; else opendns_authen 0; fi - fi - else - opendns_authen 0 - fi -} - -check_relays () { - local DNSCRYPT_ARGS DNSCRYPT ODOH_ARGS ODOH FRAGSBLOCKED_ARGS FRAGSBLOCKED VARSARGS SERVER COUNT NUMFRAG NUMCRYPT CRYPT - FRAGSBLOCKED_ARGS="$(grep '^fragments_blocked =' "$TOML_ORI" | cut -d'[' -f2- | sed "s/['\"\,]//g;s/]//g;s/^ [ t]*//;s/[ \t]*$//;s/ /|/g")" - NUMCRYPT="0" - while read -r CRYPT; do - CRYPT="$(PTXT "$CRYPT" | cut -d',' -f1)" - if [ "$NUMCRYPT" -eq 0 ]; then - NUMCRYPT="1" - continue - fi - if [ "$NUMCRYPT" -eq 1 ]; then - if ! PTXT "$FRAGSBLOCKED_ARGS" | grep -qoF "$CRYPT"; then DNSCRYPT_ARGS="$CRYPT"; fi - elif [ "$NUMCRYPT" -gt 1 ]; then - if ! PTXT "$FRAGSBLOCKED_ARGS" | grep -qoF "$CRYPT"; then DNSCRYPT_ARGS="${DNSCRYPT_ARGS}|${CRYPT}"; fi - fi - NUMCRYPT="$((NUMCRYPT + 1))" - done < $TARG_DIR/dnscrypt-resolvers.csv - ODOH_ARGS="$(awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {printf "";printf ""$2"";getline;print}' "${TARG_DIR}/odoh-servers.md" | tr '\n' ' ' | sed 's/[ \t]*$//' | sed 's/ /|/g')" - if [ -n "$STAT_CRYPT" ]; then - DNSCRYPT_ARGS="${DNSCRYPT_ARGS}|${STAT_CRYPT}" - fi - if [ -n "$STAT_ODOH" ]; then - ODOH_ARGS="${ODOH_ARGS}|${STAT_ODOH}" - fi - VARSARGS="${DNSCRYPT_ARGS}|${ODOH_ARGS}|${FRAGSBLOCKED_ARGS}" - COUNT="0" - NUMFRAG="0" - [ "$NUMFRAG" -eq 0 ] && toml_avars_prep skip_incompatible false - for SERVER in ${VARSARGS//|/ }; do - if [ "$(grep '^server_names = .*'"${SERVER}"'.*' "$TOML_FILE" | grep -cF "'${SERVER}'")" -ne 0 ]; then - if PTXT "$DNSCRYPT_ARGS" | grep -qoF "$SERVER"; then DNSCRYPT="$SERVER"; fi - if PTXT "$ODOH_ARGS" | grep -qoF "$SERVER"; then ODOH="$SERVER"; fi - if PTXT "$FRAGSBLOCKED_ARGS" | grep -qoF "$SERVER"; then FRAGSBLOCKED="$SERVER"; fi - case "$SERVER" in - "$DNSCRYPT") - if read_yesno "Do you want to add relays for $SERVER?"; then ADD_RELAYS="YES"; else ADD_RELAYS="NO"; fi - if [ "$ADD_RELAYS" = "YES" ]; then PTXT "$INFO You may manually choose relays for $SERVER or you may specify wildcard relay (via=['*'])."; fi - if [ "$COUNT" -eq 0 ] && [ "$ADD_RELAYS" = "YES" ]; then - toml_avar_enable routes - if read_yesno "Do you want to use wildcard relay (via=['*']) option for $SERVER?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi - if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_manual_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list."; choose_relays_manual; fi - COUNT="$((COUNT + 1))" - elif [ "$COUNT" -gt 0 ] && [ "$ADD_RELAYS" = "YES" ]; then - if read_yesno "Do you want to use wildcard relay (via=['*']) option for $SERVER?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi - if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_manual_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list."; choose_relays_manual; fi - elif [ "$ADD_RELAYS" = "NO" ]; then - PTXT "$INFO Skipping relays for $SERVER." - fi - ;; - "$ODOH") - PTXT "$INFO Found $SERVER, Oblivious DNS-over-HTTPS relays are required for Oblivious DNS-over-HTTPS servers." \ - "$INFO You may manually choose relays for $SERVER server or you may specify wildcard relay (via=['*'])." - if [ "$COUNT" -eq 0 ]; then - if read_yesno "Do you want to use wildcard relay (via=['*']) option for $SERVER?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi - if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_manual_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list."; choose_relays_manual_odoh; fi - COUNT="$((COUNT + 1))" - elif [ "$COUNT" -gt 0 ]; then - if read_yesno "Do you want to use wildcard relay (via=['*']) option for $SERVER?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi - if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_manual_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list."; choose_relays_manual_odoh; fi - fi - ;; - "$FRAGSBLOCKED") - if [ "$NUMFRAG" -eq 0 ] && [ "$COUNT" -gt 0 ]; then - local USE_BROKEN - if read_yesno "Do you want to skip using resolvers that are incompatible with anonymization instead of using them directly?"; then USE_BROKEN="true"; else USE_BROKEN="false"; fi - toml_avars_prep skip_incompatible $USE_BROKEN - NUMFRAG="$((NUMFRAG + 1))" - fi - ;; - esac - fi - done - if [ "$COUNT" -eq 0 ] && grep -q '^odoh_servers = .*false.*' "$TOML_FILE" && grep -q '^dnscrypt_servers = .*true.*' "$TOML_FILE"; then - if [ -n "$DNSCRYPT" ] || { grep -q '^dnscrypt_servers = .*true.*' "$TOML_FILE" && ! grep -q '^server_names' "$TOML_FILE"; }; then - PTXT "$INFO To continue, you may still define a default route for all compatible DNSCrypt servers and relays by selecting wildcard option for servers and relays." - if read_yesno "Do you still want to setup wildcard options for servers (server_name "*") and relays (via=['*']) for all compatible DNSCrypt servers and relays?"; then check_anonymized_automatic 0; else check_anonymized_disabled; fi - else - check_anonymized_disabled - fi - elif [ "$COUNT" -eq 0 ] && grep -q '^odoh_servers = .*true.*' "$TOML_FILE" && grep -q '^dnscrypt_servers = .*true.*' "$TOML_FILE"; then - PTXT "$INFO This option allows you to setup wildcard options for servers (server_name "*") and relays (via=['*']) for all compatible servers and relays." - if read_yesno "Do you only want to skip this option for Dnscrypt Servers (still required for ODOH)?"; then choose_relays_automatic_odoh; else COUNT="$((COUNT + 1))"; fi - if [ "$COUNT" -gt 0 ]; then check_anonymized_automatic 0; fi - elif [ "$COUNT" -eq 0 ] && grep -q '^odoh_servers = .*true.*' "$TOML_FILE" && grep -q '^dnscrypt_servers = .*false.*' "$TOML_FILE"; then - PTXT "$INFO This option allows you to setup wildcard options for both servers (server_name "*") and relays (via=['*']) required for Oblivious DNS-over-HTTPS servers." - if read_yesno "Do you want to use wildcard relay (via=['*']) option for (server_name "*")?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi - if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_automatic_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list."; choose_relays_automatic_odoh; fi - elif [ "$COUNT" -eq 0 ] && grep -q '^odoh_servers = .*false.*' "$TOML_FILE" && grep -q '^dnscrypt_servers = .*false.*' "$TOML_FILE"; then - check_anonymized_disabled - fi -} - -check_swap () { - local SWAP_SIZE - SWAP_SIZE="$(awk '/SwapTotal/ {print $2}' /proc/meminfo)" - if [ "$SWAP_SIZE" -gt 0 ]; then - PTXT "$INFO Swap file is already setup" - end_op_message 0 - return - fi - inst_swap -} - -check_version () { - if [ -f "${TARG_DIR}/installer" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ] && [ -z "$2" ]; then - local RMNSTALL LINSTALL MD5SUM_L MD5SUM_R NW_STATE RES_STATE - [ -z "$1" ] && NW_STATE="$(ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1; printf "%s" "$?")" - [ -z "$1" ] && RES_STATE="$(nslookup google.com 127.0.0.1 >/dev/null 2>&1; printf "%s" "$?")" - LINSTALL="$(awk '{ print }' "${TARG_DIR}/installer" | grep -m1 "^DI_VERSION=" | grep -oE '[0-9]{1,2}([.][0-9]{1,2})([.][0-9]{1,2})')" - RMNSTALL="$(curl -sL "${RURL}/installer" | grep -m1 "^DI_VERSION=" | grep -oE '[0-9]{1,2}([.][0-9]{1,2})([.][0-9]{1,2})')" - MD5SUM_L="$(md5sum "${TARG_DIR}/installer" | cut -d' ' -f1)" - MD5SUM_R="$(curl -fsL "${RURL}/installer" | md5sum | awk '{print $1}')" - if { [ -n "$LINSTALL" ] && [ -n "$RMNSTALL" ]; } || { [ "$NW_STATE" = "0" ] && [ "$RES_STATE" = "0" ]; }; then - [ -z "$LINSTALL" ] && exit 1 - [ -z "$RMNSTALL" ] && exit 1 - if [ "$RMNSTALL" != "$LINSTALL" ]; then - PTXT "$INFO New DI_VERSION=v${RMNSTALL} Available!" \ - "$INFO Run Option 1 of the Installer to upgrade DNScrypt Asuswrt Installer." - AUTO_UPDATE="update" - elif [ "$MD5SUM_R" = "$MD5SUM_L" ]; then - PTXT "$INFO DI_VERSION=v${LINSTALL}" - else - PTXT "$INFO DI_VERSION=v${LINSTALL}, but a New Minor Update is Available!" \ - "$INFO Run Option 1 of the Installer to upgrade DNScrypt Asuswrt Installer." - AUTO_UPDATE="update" - fi - local LVERSION - LVERSION="$("${TARG_DIR}/dnscrypt-proxy" -version)" - [ -z "$LVERSION" ] && exit 1 - [ -z "$DNSCRYPT_VER" ] && exit 1 - if [ "$DNSCRYPT_VER" != "$LVERSION" ]; then - PTXT "$INFO New DNSCRYPT_VER=${DNSCRYPT_VER} Available!" \ - "$INFO Run Option 1 of the Installer to upgrade DNScrypt Proxy." - else - PTXT "$INFO DNSCRYPT_VER=${LVERSION}" - fi - if [ -f "${TARG_DIR}/manager" ]; then - local MD5SUM_LM MD5SUM_M - MD5SUM_LM="$(md5sum "${TARG_DIR}/manager" | cut -d' ' -f1)" - MURL="${URL_GEN}/manager" - MD5SUM_M="$(curl -fsL "$MURL" | md5sum | awk '{print $1}')" - if [ "$MD5SUM_M" = "$MD5SUM_LM" ]; then - PTXT "$INFO Manager file is Up-To-Date!" - else - PTXT "$INFO New Manager file is Available!" \ - "$INFO Run Option 1 of the Installer to upgrade the Manager File." - fi - fi - elif { [ -z "$LINSTALL" ] && [ -z "$RMNSTALL" ]; } || { [ "$NW_STATE" = "0" ] && [ "$RES_STATE" != "0" ]; }; then - [ -z "$1" ] && while { [ "$NW_STATE" = "0" ] && [ "$RES_STATE" != "0" ]; }; do sleep 1; NW_STATE="$(ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1; printf "%s" "$?")"; RES_STATE="$(nslookup google.com 127.0.0.1 >/dev/null 2>&1; printf "%s" "$?")"; done && check_version x - [ -n "$1" ] && check_version x x - fi - fi -} - -choose_dnscrypt_server () { - local USE_IPV6 - if [ "$(nvram get ipv6_service)" != "disabled" ]; then { if read_yesno "Do you want to use DNS server over IPv6 (yes only if your connection has IPv6)?"; then USE_IPV6="true"; else USE_IPV6="false"; fi; }; else USE_IPV6="false"; fi - toml_avars_prep ipv6_servers $USE_IPV6 - PTXT "$INFO Choose DNS resolving load balancing strategy:" \ - " 1) p2 (default)" \ - " 2) ph" \ - " 3) first" \ - " 4) random" - read_input_num "Select your strategy" 1 4 - case "$CHOSEN" in - 1) - toml_avars_prep lb_strategy "\'p2\'" - ;; - 2) - toml_avars_prep lb_strategy "\'ph\'" - ;; - 3) - toml_avars_prep lb_strategy "\'first\'" - ;; - 4) - toml_avars_prep lb_strategy "\'random\'" - ;; - esac - if read_yesno "Do you want to use load balance estimator to adjust resolvers based on latency calculations?"; then USE_LBE="true"; else USE_LBE="false"; fi - toml_avars_prep lb_estimator $USE_LBE - PTXT "$INFO Choose how your DNS servers are selected:" \ - " 1) Automatically (default)" \ - " 2) Manually" \ - " 3) Static" - read_input_num "Select your mode" 1 3 - case "$CHOSEN" in - 1) - choose_dnscrypt_server_auto - if grep -q '^dnscrypt_servers = .*true.*' "$TOML_FILE" && [ -z "$CRYPT_COUNT" ]; then CRYPT_COUNT="1"; fi - if read_yesno "Do you want to choose which servers to disable (this can be a long process)?"; then CHOOSE_DISABLED="true"; else CHOOSE_DISABLED="false"; fi - if [ "$CHOOSE_DISABLED" = "true" ]; then choose_dnscrypt_server_disabled; elif [ "$CHOOSE_DISABLED" = "false" ]; then toml_avar_disable disabled_server_names; fi - ;; - 2) - toml_avar_disable disabled_server_names - if read_yesno "Do you only want to use the Oblivious DNS-over-HTTPS protocol?"; then ODOH_ONLY="true"; else ODOH_ONLY="false"; fi - if [ "$ODOH_ONLY" = "true" ]; then choose_dnscrypt_server_odoh; elif [ "$ODOH_ONLY" = "false" ]; then choose_dnscrypt_server_manual; fi - ;; - 3) - toml_avar_disable disabled_server_names - static_chosen 0 - ;; - esac -} - -choose_dnscrypt_server_auto () { - toml_avar_disable server_names - if read_yesno "Use servers that support the DNSCrypt protocol"; then toml_avars_prep dnscrypt_servers true; else toml_avars_prep dnscrypt_servers false; fi - if read_yesno "Use servers that support the DNS-over-HTTPS protocol"; then toml_avars_prep doh_servers true; else toml_avars_prep doh_servers false; fi - if read_yesno "Use servers that support the Oblivious DNS-over-HTTPS protocol"; then toml_avars_prep odoh_servers true; else toml_avars_prep odoh_servers false; fi - if read_yesno "Use only servers that support DNSSEC"; then toml_avars_prep require_dnssec true; else toml_avars_prep require_dnssec false; fi - if read_yesno "Use only servers that do not log user's queries"; then toml_avars_prep require_nolog true; else toml_avars_prep require_nolog false; fi - if read_yesno "Use only servers that do not filter result"; then toml_avars_prep require_nofilter true; else toml_avars_prep require_nofilter false; fi -} - -choose_dnscrypt_server_disabled () { - local INDEX - INDEX="$1" - if [ -z "$INDEX" ]; then - if [ "$USE_IPV6" = "true" ]; then USE_IPV6="NOMATCH"; else USE_IPV6="6"; fi - local RESOLVERS - PTXT "$INFO Available DNS servers to disable: " - INDEX="$(awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/public-resolvers.md" | wc -l)" - awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/public-resolvers.md" - read_input_num "Please choose DNS server to disable" 1 "$INDEX" - else - if ! read_input_num "Please choose next DNS server to disable or press n to stop" 1 "$INDEX" n; then - if grep -q '^odoh_servers = .*true.*' "$TOML_FILE"; then - if read_yesno "Do you want to choose which Oblivious DNS-over-HTTPS DNS servers to disable?"; then ODOH_DISABLED="true"; else ODOH_DISABLED="false"; fi - if [ "$ODOH_DISABLED" = "true" ]; then choose_dnscrypt_server_disabled_odoh; fi - fi - toml_avars_prep disabled_server_names "\"[${RESOLVERS}]\"" - return - fi - fi - local ITEM - ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/public-resolvers.md")" - if PTXT "$RESOLVERS" | grep -qoF "'$ITEM'"; then - PTXT "$INFO $ITEM is already set." - else - if [ "$RESOLVERS" ]; then - RESOLVERS="${RESOLVERS%?}', '$ITEM'" - else - RESOLVERS="'$ITEM'" - fi - fi - choose_dnscrypt_server_disabled "$INDEX" -} - -choose_dnscrypt_server_disabled_odoh () { - local INDEX - INDEX="$1" - if [ -z "$INDEX" ]; then - local ORESOLVERS - PTXT "$INFO Available DNS servers to disable: " - INDEX="$(awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/odoh-servers.md" | wc -l)" - awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/odoh-servers.md" - read_input_num "Please choose DNS server to disable" 1 "$INDEX" - else - if ! read_input_num "Please choose next DNS server to disable or press n to stop" 1 "$INDEX" n; then - RESOLVERS="${ORESOLVERS}, $RESOLVERS" - return - fi - fi - local OITEM - OITEM="$(awk -v INDEX="$CHOSEN" -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/odoh-servers.md")" - if PTXT "$ORESOLVERS" | grep -qoF "'$OITEM'"; then - PTXT "$INFO $OITEM is already set." - else - if [ "$ORESOLVERS" ]; then - ORESOLVERS="${ORESOLVERS%?}', '$OITEM'" - else - ORESOLVERS="'$OITEM'" - fi - fi - choose_dnscrypt_server_disabled_odoh "$INDEX" -} - -choose_dnscrypt_server_manual () { - local INDEX - INDEX="$1" - if [ -z "$INDEX" ]; then - [ "$USE_IPV6" = "true" ] && USE_IPV6="NOMATCH" || USE_IPV6="6" - local RESOLVERS - toml_avars_prep dnscrypt_servers true doh_servers true require_dnssec false require_nolog false require_nofilter false - PTXT "$INFO Available DNS servers: " - INDEX="$(awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/public-resolvers.md" | wc -l)" - awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/public-resolvers.md" - read_input_num "Please choose DNS server." 1 "$INDEX" - else - if ! read_input_num "Please choose next DNS server or press n to stop." 1 "$INDEX" n; then - if read_yesno "Do you want to choose which Oblivious DNS-over-HTTPS DNS servers to enable?"; then ODOH_ENABLE="true"; else ODOH_ENABLE="false"; fi - if [ "$ODOH_ENABLE" = "true" ]; then choose_dnscrypt_server_odoh; elif [ "$ODOH_ENABLE" = "false" ]; then toml_avars_prep odoh_servers "$ODOH_ENABLE"; fi - if read_yesno "Do you want to add any static servers?"; then ADD_STATIC="YES"; else ADD_STATIC="NO"; fi - if [ "$ADD_STATIC" = "YES" ]; then static_chosen 0; fi - toml_avars_prep server_names "\"[${RESOLVERS}]\"" - return - fi - fi - local ITEM - ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/public-resolvers.md")" - if PTXT "$RESOLVERS" | grep -qoF "'$ITEM'"; then - PTXT "$INFO $ITEM is already set" - else - if [ "$RESOLVERS" ]; then - RESOLVERS="${RESOLVERS%?}', '$ITEM'" - else - RESOLVERS="'$ITEM'" - fi - fi - choose_dnscrypt_server_manual "$INDEX" -} - -choose_dnscrypt_server_odoh () { - local INDEX - INDEX="$1" - if [ -z "$INDEX" ]; then - local ORESOLVERS - toml_avars_prep odoh_servers true - PTXT "$INFO Available DNS servers: " - INDEX="$(awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/odoh-servers.md" | wc -l)" - awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/odoh-servers.md" - read_input_num "Please choose DNS server." 1 "$INDEX" - else - if ! read_input_num "Please choose next DNS server or press n to stop." 1 "$INDEX" n; then - if [ "$ODOH_ONLY" = "true" ]; then toml_avars_prep server_names "\"[${ORESOLVERS}]\"" dnscrypt_servers false doh_servers false require_dnssec false require_nolog false require_nofilter false; elif [ "$ODOH_ONLY" = "false" ]; then RESOLVERS="${ORESOLVERS}, $RESOLVERS"; fi - return - fi - fi - local OITEM - OITEM="$(awk -v INDEX="$CHOSEN" -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/odoh-servers.md")" - if PTXT "$ORESOLVERS" | grep -qoF "'$OITEM'"; then - PTXT "$INFO $OITEM is already set" - else - if [ "$ORESOLVERS" ]; then - ORESOLVERS="${ORESOLVERS%?}', '$OITEM'" - else - ORESOLVERS="'$OITEM'" - fi - fi - choose_dnscrypt_server_odoh "$INDEX" -} - -choose_relays_automatic () { - local INDEX - INDEX="$1" - if [ -z "$INDEX" ]; then - if [ "$USE_IPV6" = "true" ]; then USE_IPV6="NOMATCH"; else USE_IPV6="6"; fi - local RELAYS - PTXT "$INFO Available Relay servers: " - INDEX="$(awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/relays.md" | wc -l)" - awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/relays.md" - read_input_num "Please choose RELAY server" 1 "$INDEX" - else - if ! read_input_num "Please choose next RELAY server or press n to stop" 1 "$INDEX" n; then - if grep -q '^odoh_servers = .*true.*' "$TOML_FILE"; then PTXT "$INFO Now to pick relays for Oblivious DNS-over-HTTPS DNS servers."; choose_relays_automatic_odoh; fi - if read_yesno "Do you want to add any static relays?"; then ADD_STATIC="YES"; else ADD_STATIC="NO"; fi - if [ "$ADD_STATIC" = "YES" ]; then static_chosen_relays 0; fi - toml_avars_prep routes "\"[ { server_name='*', via=[$RELAYS] } ]\"" - return - fi - fi - local ITEM - ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/relays.md")" - if PTXT "$RELAYS" | grep -qoF "'$ITEM'"; then - PTXT "$INFO $ITEM is already set." - else - if [ "$RELAYS" ]; then - RELAYS="${RELAYS%?}', '$ITEM'" - else - RELAYS="'$ITEM'" - fi - fi - choose_relays_automatic "$INDEX" -} - -choose_relays_automatic_odoh () { - local INDEX - INDEX="$1" - if [ -z "$INDEX" ]; then - local ORELAYS - PTXT "$INFO Available Relay servers: " - INDEX="$(awk -v PATT="odoh-" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/odoh-relays.md" | wc -l)" - awk -v PATT="odoh-" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/odoh-relays.md" - read_input_num "Please choose RELAY server" 1 "$INDEX" - else - if ! read_input_num "Please choose next RELAY server or press n to stop" 1 "$INDEX" n; then - if grep -q '^dnscrypt_servers = .*false.*' "$TOML_FILE" || [ "$COUNT" -eq 0 ]; then toml_avars_prep routes "\"[ { server_name='*', via=[$ORELAYS] } ]\""; else RELAYS="${ORELAYS}, $RELAYS"; fi - return - fi - fi - local OITEM - OITEM="$(awk -v INDEX="$CHOSEN" -v PATT="odoh-" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/odoh-relays.md")" - if PTXT "$ORELAYS" | grep -qoF "'$OITEM'"; then - PTXT "$INFO $OITEM is already set." - else - if [ "$ORELAYS" ]; then - ORELAYS="${ORELAYS%?}', '$OITEM'" - else - ORELAYS="'$OITEM'" - fi - fi - choose_relays_automatic_odoh "$INDEX" -} - -choose_relays_automatic_wildcard () { - toml_avars_prep routes "\"[ { server_name='*', via=['*'] } ]\"" -} - -choose_relays_manual () { - local INDEX - INDEX="$1" - if [ -z "$INDEX" ]; then - if [ "$USE_IPV6" = "true" ]; then USE_IPV6="NOMATCH"; else USE_IPV6="6"; fi - local RELAYS - PTXT "$INFO Available Relay servers: " - INDEX="$(awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/relays.md" | wc -l)" - awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/relays.md" - read_input_num "Please choose RELAY server" 1 "$INDEX" - else - if ! read_input_num "Please choose next RELAY server or press n to stop" 1 "$INDEX" n; then - if read_yesno "Do you want to add any static relays?"; then ADD_STATIC="YES"; else ADD_STATIC="NO"; fi - if [ "$ADD_STATIC" = "YES" ]; then static_chosen_relays 0; fi - if [ "$COUNT" -eq 0 ]; then - toml_avars_prep routes "\"[ { server_name='$SERVER', via=[$RELAYS] } ]\"" - else - toml_nvars_replace "} ]" "}, { server_name='$SERVER', via=[$RELAYS] } ]" "$TOML_FILE" - fi - return - fi - fi - local ITEM - ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/relays.md")" - if PTXT "$RELAYS" | grep -qoF "'$ITEM'"; then - PTXT "$INFO $ITEM is already set." - else - if [ "$RELAYS" ]; then - RELAYS="${RELAYS%?}', '$ITEM'" - else - RELAYS="'$ITEM'" - fi - fi - choose_relays_manual "$INDEX" -} - -choose_relays_manual_odoh () { - local INDEX - INDEX="$1" - if [ -z "$INDEX" ]; then - local RELAYS - PTXT "$INFO Available Relay servers: " - INDEX="$(awk -v PATT="odoh-" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/odoh-relays.md" | wc -l)" - awk -v PATT="odoh-" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/odoh-relays.md" - read_input_num "Please choose RELAY server" 1 "$INDEX" - else - if ! read_input_num "Please choose next RELAY server or press n to stop" 1 "$INDEX" n; then - if read_yesno "Do you want to add any static relays?"; then ADD_STATIC="YES"; else ADD_STATIC="NO"; fi - if [ "$ADD_STATIC" = "YES" ]; then static_chosen_relays 0; fi - if [ "$COUNT" -eq 0 ]; then - toml_avars_prep routes "\"[ { server_name='$SERVER', via=[$RELAYS] } ]\"" - else - toml_nvars_replace "} ]" "}, { server_name='$SERVER', via=[$RELAYS] } ]" "$TOML_FILE" - fi - return - fi - fi - local ITEM - ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="odoh-" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/odoh-relays.md")" - if PTXT "$RELAYS" | grep -qoF "'$ITEM'"; then - PTXT "$INFO $ITEM is already set." - else - if [ "$RELAYS" ]; then - RELAYS="${RELAYS%?}', '$ITEM'" - else - RELAYS="'$ITEM'" - fi - fi - choose_relays_manual_odoh "$INDEX" -} - -choose_relays_manual_wildcard () { - if [ "$COUNT" -eq 0 ]; then - toml_avars_prep routes "\"[ { server_name='$SERVER', via=['*'] } ]\"" - else - toml_nvars_replace "} ]" "}, { server_name='$SERVER', via=['*'] } ]" "$TOML_FILE" - fi -} - -cleanup () { - rm -rf "${TARG_DIR}/dnscrypt-fw-rules" "${TARG_DIR}/dnscrypt-start" "${TARG_DIR}/dnsmasq-dnscrypt-reconfig" "${TARG_DIR}/fake-hwclock*" "${TARG_DIR}/init-start" "${TARG_DIR}/services-stop" - del_jffs_script /jffs/scripts/wan-start dnscrypt-start - del_jffs_script /jffs/scripts/openvpn-event - del_jffs_script /jffs/scripts/firewall-start - del_jffs_script /jffs/scripts/wan-start -} - -create_dir () { - if ! mkdir -p "$1"; then - PTXT "$ERROR Unable to create $1!" - return 1 - fi -} - -del_between_magic () { - local TARG MAGIC BOUNDS - TARG="$1" - MAGIC="$2" - [ -f "$TARG" ] || return - BOUNDS="$(awk -v PATT="$MAGIC" '($0 ~ PATT) {printf NR","}' "$TARG")" - if [ "$BOUNDS" ]; then - sed -i "${BOUNDS%,}d" "$TARG" - fi -} - -del_conf () { - [ ! -f "$CONF_FILE" ] && return - local KEY - for KEY in "$@"; do - sed -i "/^$KEY=.*$/d" $CONF_FILE - done -} - -del_jffs_script () { - local TARG LINE_NUM LINE_ABOVE - TARG="$1" - [ -f "$TARG" ] || return - if [ "$2" ]; then - local OP - OP="${2:0:1}" - if [ "$OP" = "!" ]; then - LINE_NUM="$(grep -n -F "[ -x $TARG_DIR/" "$TARG" | grep -v "$(_quote "$2")" | cut -d':' -f1)" - else - LINE_NUM="$(grep -n -F "[ -x $TARG_DIR/" "$TARG" | grep "$(_quote "$2")" | cut -d':' -f1)" - fi - else - LINE_NUM="$(grep -n -F "[ -x $TARG_DIR/" "$TARG" | cut -d':' -f1)" - fi - [ -z "$LINE_NUM" ] && return - sed -i "${LINE_NUM}d" "$TARG" - if [ "$LINE_NUM" -gt 1 ]; then - LINE_NUM="$((LINE_NUM-1))" - LINE_ABOVE="$(sed "${LINE_NUM}q;d" "$TARG")" - [ -z "$LINE_ABOVE" ] && sed -i "${LINE_NUM}d" "$TARG" - fi - [ "$(awk '{ print }' "$TARG")" = "#!/bin/sh" ] && rm -f "$TARG" -} - -download_file () { - local TARG PERM URL RET FILENAME MD5SUM_OLD MD5SUM_CURR - TARG="$1"; shift - PERM="$1"; shift - for URL in "$@"; do - FILENAME="$(basename "$URL")" - MD5SUM_OLD="$([ -f "${TARG}/${FILENAME}" ] && md5sum "${TARG}/${FILENAME}" | cut -d' ' -f1)" - MD5SUM_CURR="$(curl -fsL "$URL" | md5sum | awk '{print $1}')" - if [ "$(PTXT -n "$MD5SUM_CURR" | wc -c)" -eq 32 ] && [ "$MD5SUM_CURR" = "$MD5SUM_OLD" ]; then - PTXT "$INFO $FILENAME is up to date. Skipping..." - else - local COUNT - COUNT="0" - while [ "$COUNT" -lt 3 ]; do - PTXT "$INFO Downloading $FILENAME" - if curl -L -k -s "$URL" -o "${TARG}/${FILENAME}"; then - chmod "$PERM" "${TARG}/${FILENAME}" - break - fi - COUNT="$((COUNT+1))" - done - if [ "$COUNT" -eq 3 ]; then - PTXT "$ERROR Unable to download ${BOLD}${URL}${NORM}" - if [ -z "$RET" ]; then RET="1"; else RET="$((RET+1))"; fi - fi - fi - done - if [ -z "$RET" ]; then RET="0"; else PTXT "$ERROR One or more download failures has occured." "$ERROR It is recommended to rerun the installer, or restore from a backup!"; fi - return $RET -} - -end_op_message () { - [ "$1" = "0" ] && PTXT "$INFO Operation completed. You can quit or continue" - [ "$1" = "1" ] && PTXT "$INFO Operation aborted. You can quit or continue" - [ "$1" = "2" ] && PTXT "$INFO Abnormal operations, returning to Main Menu. You can quit or continue." - PTXT "=====================================================" - PTXT " " - PTXT " " - sleep 3 && clear - if [ -f "${TARG_DIR}/installer" ]; then chmod 755 "${TARG_DIR}/installer" >/dev/null 2>&1; exec "${TARG_DIR}/installer" "$BRANCH" && exit; elif [ ! -f "${TARG_DIR}/installer" ] && [ -f "$SCRIPT_LOC" ]; then chmod 755 "$SCRIPT_LOC" >/dev/null 2>&1; exec "$SCRIPT_LOC" "$BRANCH" && exit; elif [ -f "${HOME}/installer" ]; then chmod 755 "${HOME}/installer" && exec "${HOME}/installer" "$BRANCH" && exit; else clear && end_op_header && exit; fi -} - -end_op_header () { - sed -n -e "1,$(($(grep -wn 'menu () {' "$0" | cut -d':' -f1)-1))p" "$0" > "${0}".tmp && sh "${0}".tmp && menu && rm -rf "${0}".tmp -} - -inst_dnscrypt () { - local DNSCRYPT_TAR RESOLVERS_URL_PREFIX CRYPT_RESOLVERS - DNSCRYPT_TAR=dnscrypt-proxy-${DNSCRYPT_ARCH}-${DNSCRYPT_VER}.tar.gz - RESOLVERS_URL_PREFIX="https://download.dnscrypt.info/resolvers-list/v3/" - CRYPT_RESOLVERS="https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v1/" - if [ -z "$1" ]; then - if [ ! -d "$TARG_DIR" ] && [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then - PTXT "$INFO Backup is detected." - local USE_OLD - if read_yesno "Do you want Restore instead?"; then USE_OLD="YES"; else USE_OLD="NO"; fi - if [ "$USE_OLD" = "YES" ]; then - PTXT "$INFO Installing from an old backup!" - backup_restore RESTORE - elif [ "$USE_OLD" = "NO" ]; then - PTXT "$INFO Continuing without restoring from backup!" - fi - elif [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ] && [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then - if read_yesno "Do you want create a backup before updating?"; then backup_restore BACKUP 0; else PTXT "$INFO continuing without making a backup."; fi - fi - local NW_STATE RES_STATE - NW_STATE="$(ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1; printf "%s" "$?")" - RES_STATE="$(nslookup google.com 127.0.0.1 >/dev/null 2>&1; printf "%s" "$?")" - if [ -z "$DNSCRYPT_VER" ] || { [ "$NW_STATE" = "0" ] && [ "$RES_STATE" != "0" ]; }; then - PTXT "$ERROR Unable to detect the Internet!" - end_op_message 1 - return - fi - if ! create_dir "$TARG_DIR"; then - end_op_message 1 - return - fi - if ! download_file "$TARG_DIR" 755 "${RURL}/installer" || ! awk '{ print }' "${TARG_DIR}/installer" | grep -m1 "^DI_VERSION=" | grep -qoE '[0-9]{1,2}([.][0-9]{1,2})([.][0-9]{1,2})'; then - PTXT "$ERROR Failed to download installer." - end_op_message 1 - return - fi - if [ "$AUTO_UPDATE" = "update" ]; then exec "${TARG_DIR}/installer" "$BRANCH" "$AUTO_UPDATE" && exit; fi - fi - download_file "$TARG_DIR" 755 "${URL_GEN}/manager" - if [ -f "${TARG_DIR}/dnscrypt-proxy" ]; then - local LVERSION - LVERSION="$("${TARG_DIR}/dnscrypt-proxy" -version)" - [ -z "$LVERSION" ] && exit 1 - [ -z "$DNSCRYPT_VER" ] && exit 1 - if [ "$DNSCRYPT_VER" != "$LVERSION" ]; then - PTXT "$INFO New DNSCRYPT_VER=${DNSCRYPT_VER} Available!" \ - "$INFO Updating DNSCRYPT_VER=${LVERSION} to $DNSCRYPT_VER ." - if ! download_file "$TARG_DIR" 644 "https://github.com/jedisct1/dnscrypt-proxy/releases/download/${DNSCRYPT_VER}/${DNSCRYPT_TAR}"; then - PTXT "$ERROR Unable to download dnscrypt-proxy package for your router" - end_op_message 1 - return - fi - tar xzv -C "$TARG_DIR" -f "${TARG_DIR}/${DNSCRYPT_TAR}" - chown "$(nvram get http_username)":root ${TARG_DIR}/"${DNSCRYPT_ARCH_TAR}"/* - mv ${TARG_DIR}/"${DNSCRYPT_ARCH_TAR}"/* "$TARG_DIR" - rm -r "${TARG_DIR:?}/${DNSCRYPT_ARCH_TAR}" "${TARG_DIR:?}/${DNSCRYPT_TAR}" - if ! chmod 755 "${TARG_DIR}/dnscrypt-proxy" && [ -z "$("${TARG_DIR}/dnscrypt-proxy" -version)" ]; then - PTXT "$ERROR Failed to download dnscrypt-proxy package for your router" - end_op_message 1 - return - fi - else - PTXT "$INFO DNSCRYPT_VER=${LVERSION}" - fi - else - if ! download_file "$TARG_DIR" 644 "https://github.com/jedisct1/dnscrypt-proxy/releases/download/${DNSCRYPT_VER}/${DNSCRYPT_TAR}"; then - PTXT "$ERROR Unable to download dnscrypt-proxy package for your router" - end_op_message 1 - return - fi - tar xzv -C "$TARG_DIR" -f "${TARG_DIR}/${DNSCRYPT_TAR}" - chown "$(nvram get http_username)":root ${TARG_DIR}/"${DNSCRYPT_ARCH_TAR}"/* - mv ${TARG_DIR}/"${DNSCRYPT_ARCH_TAR}"/* "$TARG_DIR" - rm -r "${TARG_DIR:?}/${DNSCRYPT_ARCH_TAR}" "${TARG_DIR:?}/${DNSCRYPT_TAR}" - if ! chmod 755 "${TARG_DIR}/dnscrypt-proxy" && [ -z "$("${TARG_DIR}/dnscrypt-proxy" -version)" ]; then - PTXT "$ERROR Failed to download dnscrypt-proxy package for your router" - end_op_message 1 - return - fi - fi - download_file "$TARG_DIR" 644 "${RESOLVERS_URL_PREFIX}/public-resolvers.md" \ - "${RESOLVERS_URL_PREFIX}/public-resolvers.md.minisig" \ - "${RESOLVERS_URL_PREFIX}/relays.md" \ - "${RESOLVERS_URL_PREFIX}/relays.md.minisig" \ - "${RESOLVERS_URL_PREFIX}/odoh-servers.md" \ - "${RESOLVERS_URL_PREFIX}/odoh-servers.md.minisig" \ - "${RESOLVERS_URL_PREFIX}/odoh-relays.md" \ - "${RESOLVERS_URL_PREFIX}/odoh-relays.md.minisig" - download_file "$TARG_DIR" 644 "${CRYPT_RESOLVERS}/dnscrypt-resolvers.csv" \ - "${CRYPT_RESOLVERS}/dnscrypt-resolvers.csv.minisig" - chown nobody:nobody "${TARG_DIR}/public-resolvers.md" \ - "${TARG_DIR}/public-resolvers.md.minisig" \ - "${TARG_DIR}/relays.md" \ - "${TARG_DIR}/relays.md.minisig" \ - "${TARG_DIR}/odoh-servers.md" \ - "${TARG_DIR}/odoh-servers.md.minisig" \ - "${TARG_DIR}/odoh-relays.md" \ - "${TARG_DIR}/odoh-relays.md.minisig" \ - "${TARG_DIR}/dnscrypt-resolvers.csv" \ - "${TARG_DIR}/dnscrypt-resolvers.csv.minisig" - for i in init-start services-stop; do if { ! grep -q "${TARG_DIR}/manager $i &" "/jffs/scripts/${i}" && grep -q "${TARG_DIR}/manager $i" "/jffs/scripts/${i}"; }; then del_jffs_script "/jffs/scripts/${i}"; fi; done - write_manager_script /jffs/scripts/init-start "init-start &" - write_manager_script /jffs/scripts/services-stop "services-stop &" - write_manager_script /jffs/scripts/dnsmasq.postconf dnsmasq - del_between_magic /jffs/scripts/service-event-end '# Asuswrt-Merlin-Dnscrypt-Proxy-Installer' - write_command_script /jffs/scripts/service-event-end 'if printf "%s" "$@" | /bin/grep -qE "^(((((dnscrypt-)?(start|stop)|restart|kill))_?.*dnscrypt-proxy)$)"; then { sh /jffs/dnscrypt/manager "$(printf "%s" "$@" | /bin/grep -oE "^(((dnscrypt-)?(start|stop)|restart|kill))")" x & }; fi # Asuswrt-Merlin-Dnscrypt-Proxy-Installer' - if ! setup_dnscrypt; then - end_op_message 1 - return - fi - PTXT "$INFO Starting dnscrypt-proxy..." - service start_dnscrypt-proxy >/dev/null 2>&1 - sleep 1 - if [ -z "$(pidof dnscrypt-proxy)" ]; then - PTXT "$ERROR Couldn't start dnscrypt-proxy" \ - "$ERROR Please send WebUI System Log to dev" - end_op_message 1 - return - fi - service restart_dnscrypt-proxy >/dev/null 2>&1 - PTXT "$INFO For dnscrypt-proxy version 2 to work reliably, you might also want to:" \ - "$INFO - Add swap" \ - "$INFO - Add a RNG" \ - "$INFO - Set your timezone" - end_op_message 0 -} - -manager_monitor_restart () { - local MAN_PID PID - MAN_PID="$(pidof manager)" - if [ "$MAN_PID" ]; then - for PID in $MAN_PID; do - if awk '{ print }' "/proc/${PID}/cmdline" | grep -q dnscrypt; then - { kill -s 10 "$PID" 2>/dev/null || kill -s 9 "$PID" 2>/dev/null; }; - break - fi - done - fi - ${TARG_DIR}/manager monitor-start -} - -opendns_authen () { - if [ "$1" -eq 0 ]; then - del_conf OPENDNS_USER OPENDNS_PASSWORD - return - fi - if [ -z "$PW1" ] || [ -z "$PW2" ]; then - local USERNAME - PTXT -n "$INPUT Please enter OpenDNS username${NORM}: " - read -r USERNAME - fi - local PW1 PW2 - PTXT -n "$INPUT Please enter OpenDNS password${NORM}: " - read -rs PW1 - PTXT " " - PTXT -n "$INPUT Please reenter OpenDNS password${NORM}: " - read -rs PW2 - PTXT " " - if [ -z "$PW1" ] || [ -z "$PW2" ] || [ "$PW1" != "$PW2" ]; then - PTXT "$ERROR Password entered incorrectly!" - opendns_authen "$1" - fi - write_conf OPENDNS_USER "\"$USERNAME\"" - write_conf OPENDNS_PASSWORD "\"$PW1\"" -} - -inst_random () { - create_dir "$TARG_DIR" - PTXT "$INFO Install a (P)RNG for better cryptographic operations" \ - "$INFO Available random number generator providers:" \ - " 1) HAVEGED (Preferred if you do not have a HW RNG)" \ - " 2) RNGD (Preferred if you have a HW RNG)" \ - "$INFO If you choose a HW RNG, please have it plugged in now before" \ - "$INFO proceeding with your selection." - read_input_num "Please enter the number designates your selection" 1 2 - case "$CHOSEN" in - 1) - rm -f "${TARG_DIR}/rngd" "${TARG_DIR}/stty" - { kill -s 9 "$(pidof haveged jitterentropy-rngd rngd stty)" 2>/dev/null || killall -q -9 haveged jitterentropy-rngd rngd stty 2>/dev/null; }; - download_file "$TARG_DIR" 755 "${URL_ARCH}/haveged" "${URL_GEN}/manager" - write_conf RAN_PRV haveged - ${TARG_DIR}/haveged -w 1024 -d 32 -i 32 -v 1 - ;; - 2) - local RNG_DEV - { kill -s 9 "$(pidof haveged jitterentropy-rngd rngd stty)" 2>/dev/null || killall -q -9 haveged jitterentropy-rngd rngd stty 2>/dev/null; }; - download_file "$TARG_DIR" 755 "${URL_ARCH}/haveged" "${URL_ARCH}/rngd" "${URL_ARCH}/stty" "${URL_GEN}/manager" - inst_ran_dev || return - write_conf RAN_PRV rngd - ${TARG_DIR}/stty raw -echo -ixoff -F "/dev/${RNG_DEV}" speed 115200 - ${TARG_DIR}/rngd -r "/dev/${RNG_DEV}" - ;; - esac - write_manager_script /jffs/scripts/init-start init-start - end_op_message 0 -} - -inst_ran_dev () { - if [ -c "/dev/ttyACM0" ]; then - local PRODSTR VID PID - PRODSTR="$(awk '{ print }' "/sys/class/tty/ttyACM0/device/uevent" | grep "^PRODUCT\=")" - VID="$(PTXT "$PRODSTR" | cut -d '=' -f 2 | cut -d '/' -f 1)" - PID="$(PTXT "$PRODSTR" | cut -d '=' -f 2 | cut -d '/' -f 2)" - if [ "$VID" = "4d8" ] && [ "$PID" = "f5fe" ]; then - PTXT "$INFO Found TrueRNG USB HW RNG" - RNG_DEV="ttyACM0" - fi - if [ "$VID" = "16d0" ] && [ "$PID" = "aa0" ]; then - PTXT "$INFO Found TrueRNGpro USB HW RNG" - RNG_DEV="ttyACM0" - fi - if [ "$VID" = "1d50" ] && [ "$PID" = "6086" ]; then - PTXT "$INFO Found OneRNG USB HW RNG" - RNG_DEV="ttyACM0" - fi - if [ "$VID" = "20df" ] && [ "$PID" = "1" ]; then - PTXT "$INFO Found EntropyKey USB HW RNG" - RNG_DEV="ttyACM0" - fi - fi - if [ -z "$RNG_DEV" ]; then - PTXT "$ERROR Unable to find any HW RNG device! Retrying..." - inst_random - return 1 - fi - write_conf RNG_DEV "/dev/$RNG_DEV" -} - -inst_swap () { - local SWAP_SIZE USB_COUNT - SWAP_SIZE="524288" - USB_COUNT="$(df | awk -v SWS=$((SWAP_SIZE * 2)) '/\/tmp\/mnt\// {if ($4 > SWS){print $6}}' | wc -l)" - if [ "$USB_COUNT" -lt 1 ]; then - PTXT "$ERROR Unable to find any external USB storage" \ - "$ERROR Or no suitable external USB storage found" \ - "$ERROR Please connect a USB storage with at least" \ - "$ERROR $((SWAP_SIZE * 2 / 1024))MB of free space." - end_op_message 1 - return - fi - PTXT "$INFO Available partition to install swap file:${NORM}" - df | awk -v SWS=$((SWAP_SIZE * 2)) '/\/tmp\/mnt\// {if ($4 > SWS){++i; print " " i ") " $6 " (" $4/1024 "MB free)"}}' - read_input_num "Please select the partition to install swap file" 1 "$USB_COUNT" - local MOUNT - MOUNT="$(df | awk -v IDX="$CHOSEN" -v SWS=$((SWAP_SIZE * 2)) '/\/tmp\/mnt\// {if ($4 > SWS){++i; if (i==IDX){print $6}}}')" - PTXT "$INFO Please wait..." - dd if=/dev/zero of="${MOUNT}/swap" bs=1024 count="$SWAP_SIZE" - local MOUNT_FS - MOUNT_FS="$(df -T "$MOUNT"|awk 'FNR==2 {print $2}')" - [ "${MOUNT_FS%?}" = "ext" ] && chmod 600 "${MOUNT}/swap" - mkswap "${MOUNT}/swap" - if ! swapon "${MOUNT}/swap"; then - sed -i "/^$(_quote '[ -f $1/swap ] && swapon $1/swap')$/d" /jffs/scripts/post-mount - sed -i "/^$(_quote '[ -f $1/swap ] && swapoff $1/swap')$/d" /jffs/scripts/unmount - write_command_script /jffs/scripts/post-mount '[ -f "$1/swap" ] && swapon "$1/swap"' - write_command_script /jffs/scripts/unmount '[ -f "$1/swap" ] && swapoff "$1/swap"' - end_op_message 0 - else - PTXT "$ERROR Unable to create swap. Get the command log to dev" - end_op_message 1 - fi -} - -read_input_dns () { - PTXT -n "$INPUT $1 ${BOLD}${2}: ${NORM}" - local DNS_SERVER - read -r DNS_SERVER - [ -z "$DNS_SERVER" ] && DNS_SERVER="$2" - if ! PTXT "$DNS_SERVER" | grep -qoE "\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"; then - PTXT "$ERROR Invalid DNS server address entered" - read_input_dns "$@" - fi - if [ "$DNS_SERVER1" = "$DNS_SERVER" ]; then PTXT "$ERROR $DNS_SERVER DNS server address already entered, please try again!"; read_input_dns "$@"; fi - case "$1" in - "Default is") - BOOTSTRAP="'${DNS_SERVER}:53'" - PROBE="${DNS_SERVER}:53" - DNS_SERVER1="$DNS_SERVER" - ;; - "2nd Default is") - BOOTSTRAP2="${BOOTSTRAP}, '${DNS_SERVER}:53'" - ;; - esac -} - -read_input_num () { - local RANGE - [ -z "$4" ] && [ -z "$5" ] && [ -z "$6" ] && RANGE="[${2}-${3}]" - [ -n "$4" ] && [ -z "$5" ] && [ -z "$6" ] && RANGE="[${2}-${3}/${4}]" - [ -n "$4" ] && [ -n "$5" ] && [ -z "$6" ] && RANGE="[${2}-${3}/${4}/${5}]" - [ -n "$4" ] && [ -n "$5" ] && [ -n "$6" ] && RANGE="[${2}-${3}/${4}/${5}/${6}]" - PTXT -n "$INPUT $1, ${BOLD}${RANGE}${NORM}: " - read -r CHOSEN - case "$1" in - "Set log level, default is 2, 0 is the most verbose") - if [ -z "$CHOSEN" ]; then CHOSEN="2"; fi - ;; - "Select your strategy"|"Select your mode") - if [ -z "$CHOSEN" ]; then CHOSEN="1"; fi - ;; - *) - if [ -z "$CHOSEN" ]; then PTXT "$ERROR Invalid character(s) entered! Retrying..."; read_input_num "$@"; return; fi - ;; - esac - case "$CHOSEN" in - "$4"|"$5"|"$6") - return 1 - ;; - "$2"|"$3"|*) - if ! PTXT "$CHOSEN" | grep -qE '^[0-9]+$'; then - PTXT "$ERROR Invalid character(s) entered! Retrying..." - read_input_num "$@" - return - fi - if [ "$CHOSEN" -lt "$2" ] || [ "$CHOSEN" -gt "$3" ] ; then - PTXT "$ERROR Chosen number is not in range! Retrying..." - read_input_num "$@" - return - fi - ;; - esac -} - -read_yesno () { - PTXT -n "$INPUT $1 ${BOLD}[y/n]${NORM}: " - local YESNO - read -r YESNO - case "$YESNO" in - y|Y) - return 0 - ;; - n|N) - return 1 - ;; - *) - PTXT "$ERROR Invalid input!" - read_yesno "$@" - ;; - esac -} - -static_chosen () { - local SDNSSTAMP STATICNAME - if [ "$1" -eq 0 ]; then - local STATICRESOLVERS - [ -z "$ADD_STATIC" ] && toml_avars_prep dnscrypt_servers true doh_servers true odoh_servers false require_dnssec false require_nolog false require_nofilter false - PTXT -n "$INPUT Please choose Static Server Name${NORM}: " - read -r STATICNAME - PTXT -n "$INPUT Please enter Static Server SDNS stamp${NORM}: " - read -r SDNSSTAMP - else - if read_yesno "Do you want to set up another Static Server?"; then ANOTHER="YES"; else ANOTHER="NO"; fi - if [ "$ANOTHER" = "YES" ]; then - PTXT -n "$INPUT $INFO Please choose Static Server Name${NORM}: " - read -r STATICNAME - PTXT -n "$INPUT Please enter Static Server SDNS stamp${NORM}: " - read -r SDNSSTAMP - elif [ "$ANOTHER" = "NO" ]; then - PTXT "$INFO finished static setup." - [ "$ADD_STATIC" = "YES" ] && RESOLVERS="${STATICRESOLVERS}, $RESOLVERS" - [ -z "$ADD_STATIC" ] && toml_avars_prep server_names "\"[$STATICRESOLVERS]\"" - return - fi - fi - local STATIC - STATIC="${STATICNAME}-Static" - if PTXT "$STATICRESOLVERS" | grep -qoF "$STATIC"; then - PTXT "$INFO $STATIC is already set" - else - toml_nvars_insert "[static]" "[static.'${STATICNAME}-Static']" "$TOML_FILE" - toml_nvars_insert "[static.'${STATICNAME}-Static']" "stamp = '$SDNSSTAMP'" "$TOML_FILE" - if [ "$STATICRESOLVERS" ]; then - STATICRESOLVERS="${STATICRESOLVERS%?}', '$STATIC'" - else - STATICRESOLVERS="'$STATIC'" - fi - fi - if read_yesno "Is $STATIC a DNSCrypt Server?"; then DNSCRYPT_STATIC="true"; else DNSCRYPT_STATIC="false"; fi - if [ "$DNSCRYPT_STATIC" = "true" ]; then - if [ -z "$STAT_CRYPT" ]; then - STAT_CRYPT="${STATIC}" - else - STAT_CRYPT="${STAT_CRYPT}|${STATIC}" - fi - else - if read_yesno "Is $STATIC an Oblivious DNS-over-HTTPS Server?"; then ODOH_ENABLE="true"; else ODOH_ENABLE="false"; fi - if [ "$ODOH_ENABLE" = "true" ]; then - if [ -z "$STAT_ODOH" ]; then - if grep -q '^odoh_servers = .*false.*' "$TOML_FILE"; then toml_avars_prep odoh_servers true; fi - STAT_ODOH="${STATIC}" - else - STAT_ODOH="${STAT_ODOH}|${STATIC}" - fi - fi - fi - static_chosen 1 -} - -static_chosen_relays () { - local SDNSSTAMP STATICNAME - if [ "$1" -eq 0 ]; then - local STATICRELAYS - PTXT -n "$INPUT Please choose Static Relay Name${NORM}: " - read -r STATICNAME - PTXT -n "$INPUT Please enter Static Relay SDNS stamp${NORM}: " - read -r SDNSSTAMP - else - if read_yesno "Do you want to set up another Static Relay?"; then ANOTHER="YES"; else ANOTHER="NO"; fi - if [ "$ANOTHER" = "YES" ]; then - PTXT -n "$INPUT Please choose Static Relay Name${NORM}: " - read -r STATICNAME - PTXT -n "$INPUT Please enter Static Relay SDNS stamp${NORM}: " - read -r SDNSSTAMP - elif [ "$ANOTHER" = "NO" ]; then - PTXT "$INFO finished static setup." - RELAYS="${STATICRELAYS}, $RELAYS" - return - fi - fi - - local STATIC - STATIC="${STATICNAME}-Static" - if PTXT "$STATICRELAYS" | grep -qoF "$STATIC"; then - PTXT "$INFO $STATIC is already set" - else - toml_nvars_insert "[static]" "[static.'${STATICNAME}-Static']" "$TOML_FILE" - toml_nvars_insert "[static.'${STATICNAME}-Static']" "stamp = '$SDNSSTAMP'" "$TOML_FILE" - if [ "$STATICRELAYS" ]; then - STATICRELAYS="${STATICRELAYS%?}', '$STATIC'" - else - STATICRELAYS="'$STATIC'" - fi - fi - static_chosen_relays 1 -} - -setup_dnscrypt () { - if [ ! -f "$TOML_ORI" ] || [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; then - PTXT "$ERROR dnscrypt-proxy is not installed. Aborting..." - end_op_message 1 - return - fi - PTXT "$INFO Configuring dnscrypt-proxy..." - setup_dnscrypt_impl "$@" - local RET="$?" - check_opendns - if [ "$1" = "reconfig" ]; then - if [ "$RET" -eq 0 ]; then - PTXT "$INFO Restarting dnscrypt-proxy with new config..." - service restart_dnscrypt-proxy >/dev/null 2>&1 - end_op_message 0 - else - end_op_message 0 - fi - fi - return "$RET" -} - -setup_dnscrypt_impl () { - if [ -z "$1" ] && [ -f "$TOML_FILE" ]; then - if ! check_dnscrypt_toml; then - setup_dnscrypt_impl x - return - fi - PTXT "$INFO Found previous dnscrypt-proxy config file" - if read_yesno "Do you want to use this file without reconfiguring?"; then PTXT "$INFO Use previous settings file"; else setup_dnscrypt_impl x; fi - else - if [ -f "$TOML_FILE" ]; then - if [ "$1" = "reconfig" ]; then - if ! check_dnscrypt_toml; then - setup_dnscrypt_impl x - return - fi - PTXT "$INFO Found previous dnscrypt-proxy config file" - fi - PTXT "$INFO How do you want to reconfigure:" \ - "$INFO 1) Start from previous settings file" \ - "$INFO 2) Start from default config" - read_input_num "Your selection" 1 2 - case "$CHOSEN" in - 1) - PTXT "$INFO Use previous settings file" - ;; - 2) - PTXT "$INFO Backing up previous settings file..." - mv "$TOML_FILE" "$TOML_BAK" - cp -f "$TOML_ORI" "$TOML_FILE" - ;; - esac - else - cp -f "$TOML_ORI" "$TOML_FILE" - fi - if read_yesno "Do you want to redirect all DNS resolutions on your network through to Dnscrypt-Proxy?"; then check_dns_filter 1; else check_dns_filter 0; fi - if [ "$(nvram get dns_local_cache)" != "1" ]; then { if read_yesno "Do you want to run Dnsmasq as a local caching DNS service which includes sending the routers traffic to Dnscrypt-Proxy?"; then check_dns_local 1; else check_dns_local 0; fi; }; else { check_dns_local 0; }; fi - toml_avar_enable disabled_server_names - local PHX NXT - PHX="$(grep -wn "sources.odoh-servers" "$TOML_FILE" | cut -f1 -d:)" - NXT="$((PHX+11))" - sed -i "$PHX,$NXT s/#//g" "$TOML_FILE" - choose_dnscrypt_server - PTXT "$INFO Evaluating the possibilities for other dnscrypt-proxy configurations such as relay support..." - check_relays - PTXT "$INFO Set the DNS server(s) for initializing dnscrypt-proxy" \ - "$INFO and router services (e.g. ntp) at boot" - read_input_dns "Default is" 9.9.9.9 - read_input_dns "2nd Default is" 8.8.8.8 - read_input_num "Set log level, default is 2, 0 is the most verbose" 0 6 - toml_nvars_replace "fallback_resolvers =" "bootstrap_resolvers = [$BOOTSTRAP2]" "$TOML_FILE" - if read_yesno "Do you want to use TLSv1.3 (http3)?"; then toml_avar_disable tls_cipher_suite; toml_avars_prep http3 true; else toml_avar_enable tls_cipher_suite; toml_avars_prep http3 false tls_cipher_suite "\"[52393, 52392, 49199, 49195, 4867, 4865]\""; fi - toml_avars_prep bootstrap_resolvers "\"[$BOOTSTRAP2]\"" log_level "$CHOSEN" ignore_system_dns true listen_addresses "[\'127.0.1.1:53\']" cache false cert_ignore_timestamp true max_clients 25000 keepalive 120 netprobe_timeout 120 netprobe_address "\'$PROBE\'" tls_disable_session_tickets true dnscrypt_ephemeral_keys true - case "$ROUTER_MODEL" in - RT-AX56U|RT-AX58U|RT-AX3000) - toml_avar_disable user_name - ;; - *) - toml_avars_prep user_name "\'nobody\'" - ;; - esac - PTXT "$INFO Writing dnscrypt-proxy configuration..." - if ! check_dnscrypt_toml; then - PTXT "$INFO Writing dnscrypt-proxy configuration failed " \ - "$INFO Please send $TOML_ERR file and screen log of " \ - "$INFO all operations you have made to this script dev" - return 1 - fi - fi -} - -set_timezone () { - local TMP TZ_DATA INDEX TZ_ARCH - TMP="/root" - TZ_ARCH="$(uname -m)" - case $TZ_ARCH in - "aarch64"|"arm64") - TZ_ARCH="aarch64" - ;; - "armv7l") - TZ_ARCH="arm" - ;; - esac - TZ_DATA="tzdata-2021e-1-${TZ_ARCH}.pkg.tar.bz2" - download_file "$TARG_DIR" 755 "${URL_GEN}/manager" - download_file "$TMP" 644 "${URL_GEN}/${TZ_DATA}" - local INDEX - INDEX="$(tar tjf "${TMP}/${TZ_DATA}" | awk -F'/' '!/\/$/ && /\/posix\//' | wc -l)" - PTXT "$INFO Available timezones/locations:" - tar tjf "${TMP}/${TZ_DATA}" | awk -F'/' '!/\/$/ && /\/posix\//' | sort | cut -d'/' -f2- | awk -v INDEX=0 -F'/' '!/\/$/ {++INDEX;printf " " INDEX") ";for (i=5; i/dev/null 2>&1; }; - rm -r "${TMP:?}/${TZ_DATA}" "${TMP:?}/usr" - end_op_message 0 -} - -toml_avar_disable () { - local VAR IDX_NX_AVAR - VAR="$1" - IDX_NX_AVAR="$(awk 'END {print NR}' "$TOML_FILE")" - sed -i "1,${IDX_NX_AVAR}{s/\(^$VAR = .*\)/# \1/}" "$TOML_FILE" -} - -toml_avar_enable () { - local VAR IDX_NX_AVAR - VAR="$1" - IDX_NX_AVAR="$(awk 'END {print NR}' "$TOML_FILE")" - sed -i "1,${IDX_NX_AVAR}{/^#.*$VAR = .*$/s/^#\ //}" "$TOML_FILE" -} - -toml_avars_prep () { - local AVARS_ARGS - AVARS_ARGS="" - AVARS_ARGS="$AVARS_ARGS $@" - eval toml_avars_write "$AVARS_ARGS" -} - -toml_avars_write () { - local IDX_NX_AVAR IDX_GLB_INS VAR VALUE TO INDEX HAS_GLB_INS SED_CMD - IDX_NX_AVAR="$(awk 'END {print NR}' "$TOML_FILE")" - IDX_GLB_INS="$(awk -v VAR="#.*Global settings.*" '($0 ~ VAR) {while (getline) {if ($0 ~ "^$") break} print NR;exit}' "$TOML_FILE")" - while [ "$#" -gt 0 ]; do - VAR="$1"; shift - VALUE="$1"; shift - TO="$(_quote "$VAR = $VALUE")" - INDEX="$(awk -v IDX="$IDX_NX_AVAR" -v VAR="^$VAR = " '($0 ~ VAR) && (NR < IDX) {print NR; exit}' "$TOML_FILE")" - if [ "$INDEX" ]; then - SED_CMD="${INDEX}{s/.*/${TO}/};${SED_CMD}" - continue - fi - INDEX="$(awk -v IDX="$IDX_NX_AVAR" -v VAR="#.*$VAR = " '($0 ~ VAR) && (NR < IDX) {print NR; exit}' "$TOML_FILE")" - if [ "$INDEX" ]; then - SED_CMD="${INDEX}{s/.*/${TO}/};${SED_CMD}" - continue - fi - [ -z "$HAS_GLB_INS" ] && SED_CMD="${SED_CMD}${IDX_GLB_INS}{s/^/\n${TO}\n" || SED_CMD="${SED_CMD}${TO}\n" - HAS_GLB_INS="1" - done - [ "$HAS_GLB_INS" ] && SED_CMD="${SED_CMD}/}" - sed -i "${SED_CMD%;}" "$TOML_FILE" -} - -toml_nvars_insert () { - PATTERN="$(_quote "$1")" - CONTENT="$(_quote "$2")" - sed -i "/${PATTERN}/a${CONTENT}" "$3" -} - -toml_nvars_replace () { - PATTERN="$(_quote "$1")" - CONTENT="$(_quote "$2")" - sed -i "s/${PATTERN}/${CONTENT}/" "$3" -} - -toml_nvars_append () { - echo "$1" >> "$2" -} - -toml_nvars_delete () { - PATTERN="$(_quote "$1")" - sed -i "/${PATTERN}/d" "$2" -} - -toml_static_removal () { - PTXT "$INFO Removing any static server configuration." - toml_nvars_delete "[static.'" "$TOML_FILE" - toml_nvars_delete "stamp =" "$TOML_FILE" -} - -uninst_all () { - if [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then - PTXT "$INFO Old Backup Detected!" - if read_yesno "Do you want to remove backup?(this will prevent restoring from backups later)"; then rm -rf "${BASE_DIR}/backup_dnscrypt.tar.gz"; else PTXT "$INFO Keeping backup instead."; fi - fi - service stop_dnscrypt-proxy >/dev/null 2>&1 - mv "${TARG_DIR}/installer" "${HOME}/installer" - rm -rf "$TARG_DIR" - del_jffs_script /jffs/scripts/dnsmasq.postconf - del_jffs_script /jffs/scripts/init-start - del_jffs_script /jffs/scripts/services-stop - { kill -s 9 "$(pidof haveged rngd stty dnscrypt-proxy)" 2>/dev/null || killall -q -9 haveged rngd stty dnscrypt-proxy 2>/dev/null; }; - del_between_magic /jffs/scripts/service-event-end '# Asuswrt-Merlin-Dnscrypt-Proxy-Installer' - local MAN_PID PID - MAN_PID="$(pidof manager)" - if [ "$MAN_PID" ]; then - for PID in $MAN_PID; do - if awk '{ print }' "/proc/${PID}/cmdline" | grep -q dnscrypt; then - { kill -s 10 "$PID" 2>/dev/null || kill -s 9 "$PID" 2>/dev/null; }; - break - fi - done - fi - service restart_dnsmasq >/dev/null 2>&1 - end_op_message 0 -} - -uninst_dnscrypt () { - service stop_dnscrypt-proxy >/dev/null 2>&1 - PTXT "$INFO Uninstalling dnscrypt-proxy..." - rm -f "${TARG_DIR}/dnscrypt-proxy" "${TARG_DIR}/nonroot" - del_jffs_script /jffs/scripts/dnsmasq.postconf - { kill -s 9 "$(pidof dnscrypt-proxy)" 2>/dev/null || killall -q -9 dnscrypt-proxy 2>/dev/null; }; - service restart_dnsmasq >/dev/null 2>&1 - PTXT "$INFO Some configuration files are not removed in case you want to reinstall" - end_op_message 0 -} - -uninst_random () { - PTXT "$INFO Uninstalling (P)RNG..." - rm -f "${TARG_DIR}/haveged" "${TARG_DIR}/rngd" "${TARG_DIR}/stty" - { kill -s 9 "$(pidof haveged rngd stty)" 2>/dev/null || killall -q -9 haveged rngd stty 2>/dev/null; }; - del_conf RAN_PRV RNG_DEV - if [ ! -f "${TARG_DIR}/localtime" ] && [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; then del_jffs_script /jffs/scripts/init-start; del_jffs_script /jffs/scripts/services-stop; fi - end_op_message 0 -} - -unset_timezone () { - rm -f "${TARG_DIR}/localtime" - if ! grep -q "^RAN_PRV=.*$" "${TARG_DIR}/.config" && [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; then del_jffs_script /jffs/scripts/init-start; del_jffs_script /jffs/scripts/services-stop; fi - end_op_message 0 -} - -write_conf () { - local VAR VALUE - VAR="$1" - VALUE="$2" - if [ -f "${TARG_DIR}/.opendns-auth" ]; then mv "${TARG_DIR}/.opendns-auth" "$CONF_FILE"; chmod 644 "$CONF_FILE"; fi - if [ ! -f "$CONF_FILE" ]; then - touch "$CONF_FILE" && chmod 644 "$CONF_FILE" - fi - if grep -q "$VAR" "$CONF_FILE"; then - VALUE=$(_quote "$VALUE") - sed -i "/^$VAR=/s/=.*/=$VALUE/" "$CONF_FILE" - else - PTXT "$VAR=$VALUE" >> "$CONF_FILE" - fi -} - -write_command_script () { - local TARG COMMAND FILENAME - TARG="$1" - COMMAND="$2" - FILENAME="$(basename "$TARG")" - if [ ! -f "$TARG" ]; then - PTXT "$INFO Creating $FILENAME file" - PTXT "#!/bin/sh" > "$TARG" - fi - chmod 755 "$TARG" - if [ "$(grep -c -F "$COMMAND" "$TARG")" -gt 0 ]; then - PTXT "$INFO $FILENAME file already configured" - else - PTXT "$INFO Configure $FILENAME file" - PTXT "$COMMAND" >> "$TARG" - fi -} - -write_manager_script () { - local TARG OP FILENAME COMMAND - TARG="$1" - OP="$2" - FILENAME="$(basename "$TARG")" - COMMAND="${TARG_DIR}/manager" - if [ ! -f "$TARG" ]; then - PTXT "$INFO Creating $FILENAME file" - PTXT "#!/bin/sh" > "$TARG" - fi - chmod 755 "$TARG" "$COMMAND" - del_between_magic "$TARG" dnscrypt-asuswrt-installer - if [ "$(grep -c -F "[ -x $COMMAND ] && $COMMAND $OP" "$TARG")" -gt 0 ]; then - PTXT "$INFO $FILENAME file already configured" - else - PTXT "$INFO Configure $FILENAME file" - if grep -q "^$COMMAND" "$TARG"; then - sed -i "s~^$COMMAND~[ -x $COMMAND ] \&\& $COMMAND $OP~" "$TARG" - else - del_jffs_script "$TARG" !manager - [ "$(tail -1 "$TARG" | grep -c '^$')" -eq 0 ] && PTXT "" >> "$TARG" - PTXT "[ -x $COMMAND ] && $COMMAND $OP" >> "$TARG" - fi - fi + case "$1" in + -n) + shift + while [ $# -gt 0 ]; do + printf "%s" "$1" + shift + done + ;; + *) + while [ $# -gt 0 ]; do + printf "%s\n" "$1" + shift + done + ;; + esac +} + +backup_restore() { + if [ "$1" = "BACKUP" ] && [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ]; then + if [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then + PTXT "$INFO There is an old backup detected." + local USE_OLD + if read_yesno "Do you want to continue?(this will remove the old backup)"; then USE_OLD="NO"; else USE_OLD="YES"; fi + if [ "$USE_OLD" = "YES" ]; then + PTXT "$INFO Leaving Old Backup." + end_op_message 1 + elif [ "$USE_OLD" = "NO" ]; then + PTXT "$INFO Removing Old Backup." + rm -rf "${BASE_DIR}/backup_dnscrypt.tar.gz" + fi + fi + PTXT "$INFO This operation will backup dnscrypt-proxy(<4MB)to jffs partition." \ + "$INFO Please wait a moment." + tar -czvf "${BASE_DIR}/backup_dnscrypt.tar.gz" -C "$TARG_DIR" ../dnscrypt/ >/dev/null 2>&1 + PTXT "$INFO Backup complete" + [ -z "$2" ] && end_op_message 0 + elif [ "$1" = "BACKUP" ] && [ ! -d "$TARG_DIR" ] && [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; then + PTXT "$ERROR No ${TARG_DIR}/dnscrypt-proxy to Backup!" + end_op_message 1 + fi + if [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ] && [ "$1" = "RESTORE" ]; then + PTXT "$INFO Please wait a moment." + tar -xzvf "${BASE_DIR}/backup_dnscrypt.tar.gz" -C "$BASE_DIR" >/dev/null 2>&1 + chown "$(nvram get http_username)":root ${TARG_DIR}/* + chmod 755 "${TARG_DIR}/dnscrypt-proxy" + chmod 644 "${TARG_DIR}/public-resolvers.md" \ + "${TARG_DIR}/public-resolvers.md.minisig" \ + "${TARG_DIR}/relays.md" \ + "${TARG_DIR}/relays.md.minisig" \ + "${TARG_DIR}/odoh-servers.md" \ + "${TARG_DIR}/odoh-servers.md.minisig" \ + "${TARG_DIR}/odoh-relays.md" \ + "${TARG_DIR}/odoh-relays.md.minisig" \ + "${TARG_DIR}/dnscrypt-resolvers.csv" \ + "${TARG_DIR}/dnscrypt-resolvers.csv.minisig" + chown nobody:nobody "${TARG_DIR}/public-resolvers.md" \ + "${TARG_DIR}/public-resolvers.md.minisig" \ + "${TARG_DIR}/relays.md" \ + "${TARG_DIR}/relays.md.minisig" \ + "${TARG_DIR}/odoh-servers.md" \ + "${TARG_DIR}/odoh-servers.md.minisig" \ + "${TARG_DIR}/odoh-relays.md" \ + "${TARG_DIR}/odoh-relays.md.minisig" \ + "${TARG_DIR}/dnscrypt-resolvers.csv" \ + "${TARG_DIR}/dnscrypt-resolvers.csv.minisig" + for i in init-start services-stop; do if { ! grep -q "${TARG_DIR}/manager $i &" "/jffs/scripts/${i}" && grep -q "${TARG_DIR}/manager $i" "/jffs/scripts/${i}"; }; then del_jffs_script "/jffs/scripts/${i}"; fi; done + write_manager_script /jffs/scripts/init-start "init-start &" + write_manager_script /jffs/scripts/services-stop "services-stop &" + write_manager_script /jffs/scripts/dnsmasq.postconf dnsmasq + del_between_magic /jffs/scripts/service-event-end '# Asuswrt-Merlin-Dnscrypt-Proxy-Installer' + write_command_script /jffs/scripts/service-event-end 'if printf "%s" "$@" | /bin/grep -qE "^(((((dnscrypt-)?(start|stop)|restart|kill))_?.*dnscrypt-proxy)$)"; then { sh /jffs/dnscrypt/manager "$(printf "%s" "$@" | /bin/grep -oE "^(((dnscrypt-)?(start|stop)|restart|kill))")" x & }; fi # Asuswrt-Merlin-Dnscrypt-Proxy-Installer' + if ! setup_dnscrypt "" "$1"; then + end_op_message 1 + return + fi + + PTXT "$INFO Starting dnscrypt-proxy..." + service start_dnscrypt-proxy >/dev/null 2>&1 + sleep 1 + if [ -z "$(pidof dnscrypt-proxy)" ]; then + PTXT "$ERROR Couldn't start dnscrypt-proxy" \ + "$ERROR Please send WebUI System Log to dev" + end_op_message 1 + return + fi + service restart_dnscrypt-proxy >/dev/null 2>&1 + PTXT "$INFO Backup restored!" \ + "$INFO - Add swap" \ + "$INFO - Add a RNG" \ + "$INFO - Set your timezone" + end_op_message 0 + elif [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ] && [ "$1" = "RESTORE" ]; then + PTXT "$ERROR No Backup found!" \ + "$ERROR Please make sure Backup Resides in $BASE_DIR" + end_op_message 1 + return + fi +} + +check_dnscrypt_toml() { + [ ! -f "$TOML_FILE" ] && return + PTXT "$INFO Checking dnscrypt-proxy configuration..." + if ! ${TARG_DIR}/dnscrypt-proxy -check -config "$TOML_FILE"; then + PTXT "$INFO Move invalid configuration file to $TOML_ERR" \ + "$INFO Operation will continue with clean config file." + mv "$TOML_FILE" "$TOML_ERR" + return 1 + fi +} + +check_dns_environment() { + if [ -f "/opt/etc/init.d/S61stubby" ] || [ -f "/opt/sbin/stubby" ] || [ -f "/opt/bin/install_stubby" ] || [ -f "/jffs/scripts/install_stubby.sh" ] || [ -d "/jffs/addons/AdGuardHome.d" ]; then + PTXT "$ERROR Potential stubby or adguardhome installation detected." \ + "$ERROR Please remove before attempting to continue." \ + "$ERROR Exiting..." + exit 1 + fi + local NVCHECK + NVCHECK="0" + if [ "$(nvram get dnspriv_enable)" != "0" ]; then + { nvram set dnspriv_enable="0"; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(pidof stubby)" ]; then + { killall -q -9 stubby 2>/dev/null; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcp_dns1_x)" ] && [ "$NVCHECK" != "0" ]; then + { nvram set dhcp_dns1_x=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcp_dns2_x)" ] && [ "$NVCHECK" != "0" ]; then + { nvram set dhcp_dns2_x=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcpd_dns_router)" != "1" ] && [ "$NVCHECK" != "0" ]; then + { nvram set dhcpd_dns_router="1"; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$NVCHECK" != "0" ]; then + { nvram commit; } + { service restart_dnsmasq >/dev/null 2>&1; } + (while { [ "$( + ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1 + printf "%s" "$?" + )" = "0" ] && [ "$( + nslookup google.com 127.0.0.1 >/dev/null 2>&1 + printf "%s" "$?" + )" != "0" ]; }; do sleep 1; done) & + local PID="$!" + wait $PID 2>/dev/null + fi + PTXT "$INFO DNS Environment is Ready." +} + +check_dns_filter() { + local NVCHECK USE_SOME + NVCHECK="0" + if [ "$1" -eq 0 ]; then + if [ "$(nvram get dnsfilter_enable_x)" -ne 0 ]; then + { nvram set dnsfilter_enable_x="0"; } + NVCHECK="$((NVCHECK + 1))" + fi + PTXT "$INFO DNS will not be forced through to Dnscrypt-Proxy." + fi + if [ "$1" -eq 1 ]; then + if [ "$(nvram get dnsfilter_enable_x)" -ne 1 ]; then + { nvram set dnsfilter_enable_x="1"; } + NVCHECK="$((NVCHECK + 1))" + fi + PTXT "$INFO You can choose to keep any custom dnsfilter values by only redirect non-custom traffic or send all traffic through to Dnscrypt-Proxy." + if read_yesno "Do you want to redirect only NON-CUSTOM DNS resolutions on your network through to Dnscrypt-Proxy?"; then USE_SOME="0"; else USE_SOME="1"; fi + if [ "$USE_SOME" -eq 0 ]; then + if [ "$(nvram get dnsfilter_mode)" != "11" ]; then + { nvram set dnsfilter_mode="11"; } + NVCHECK="$((NVCHECK + 1))" + fi + PTXT "$INFO DNSFilter is set to control DNS through to Dnscrypt-Proxy, while leaving any Custom Rules and Values." + fi + if [ "$USE_SOME" -eq 1 ]; then + if [ "$(nvram get dnsfilter_custom1)" ]; then + { nvram set dnsfilter_custom1=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_custom2)" ]; then + { nvram set dnsfilter_custom2=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_custom3)" ]; then + { nvram set dnsfilter_custom3=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_mode)" != "11" ]; then + { nvram set dnsfilter_mode="11"; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_rulelist)" ]; then + { nvram set dnsfilter_rulelist=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_rulelist1)" ]; then + { nvram set dnsfilter_rulelist1=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_rulelist2)" ]; then + { nvram set dnsfilter_rulelist2=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_rulelist3)" ]; then + { nvram set dnsfilter_rulelist3=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_rulelist4)" ]; then + { nvram set dnsfilter_rulelist4=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dnsfilter_rulelist5)" ]; then + { nvram set dnsfilter_rulelist5=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcp_dns1_x)" ]; then + { nvram set dhcp_dns1_x=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcp_dns2_x)" ]; then + { nvram set dhcp_dns2_x=""; } + NVCHECK="$((NVCHECK + 1))" + fi + if [ "$(nvram get dhcpd_dns_router)" != "1" ]; then + { nvram set dhcpd_dns_router="1"; } + NVCHECK="$((NVCHECK + 1))" + fi + PTXT "$INFO DNS is set to redirect All DNS resolutions through to Dnscrypt-Proxy." + fi + fi + if [ "$NVCHECK" != "0" ]; then + { nvram commit; } + { service "restart_firewall;restart_dnsmasq" >/dev/null 2>&1; } + (while { [ "$( + ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1 + printf "%s" "$?" + )" = "0" ] && [ "$( + nslookup google.com 127.0.0.1 >/dev/null 2>&1 + printf "%s" "$?" + )" != "0" ]; }; do sleep 1; done) & + local PID="$!" + wait $PID 2>/dev/null + fi +} + +check_dns_local() { + local LOCAL_CACHE + case "$1" in + 0) + LOCAL_CACHE="NO" + write_conf DNSCRYPT_LOCAL "\"$LOCAL_CACHE\"" + ;; + 1) + LOCAL_CACHE="YES" + write_conf DNSCRYPT_LOCAL "\"$LOCAL_CACHE\"" + ;; + esac +} + +check_jffs_enabled() { + if [ "$(nvram get jffs2_format)" = "1" ]; then + PTXT "$ERROR JFFS partition is scheduled to be reformatted." \ + "$ERROR Please reboot to format or disable that setting and try again." \ + "$ERROR Exiting..." + exit 1 + fi + local JFFS2_SCRIPTS JFFS2_ENABLED jffs2_on + JFFS2_SCRIPTS="$(nvram get jffs2_scripts)" + [ -z "$(nvram get jffs2_enable)" ] && JFFS2_ENABLED="$(nvram get jffs2_on)" || JFFS2_ENABLED="$(nvram get jffs2_enable)" + [ -z "$(nvram get jffs2_enable)" ] && jffs2_on="jffs2_on" || jffs2_on="jffs2_enable" + if [ "$JFFS2_ENABLED" -ne 1 ] || [ "$JFFS2_SCRIPTS" -ne 1 ]; then + PTXT "$INFO JFFS custom scripts and configs are not enabled." \ + "$INFO Enabling them now!" + nvram set ${jffs2_on}=1 + nvram set jffs2_scripts=1 + nvram commit + else + PTXT "$INFO JFFS custom scripts and configs are already enabled." + fi +} + +check_anonymized_automatic() { + if [ "$1" -eq 0 ] && grep -q '^server_names = .*Static.*' "$TOML_FILE"; then + PTXT "$INFO Custom servers that are potentially not compatible with relays are detected!" \ + "$WARNING These servers might not work with relays." \ + "$WARNING Use at your own risk." + fi + local USE_BROKEN USE_WILDCARD + PTXT "$INFO This allows for the use of server_name='*' as wildcard option for all servers compatible with relays." \ + "$INFO This will be the default route for all compatible servers." \ + "$INFO Additionally routes can be distinctly selected by using via=['*'] as relay wildcard." + if read_yesno "Do you want to use wildcard relay (via=['*']) option?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi + if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_automatic_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then + PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list." + choose_relays_automatic + fi + if read_yesno "Do you want to skip using resolvers that are incompatible with anonymization instead of using them directly?"; then USE_BROKEN="true"; else USE_BROKEN="false"; fi + toml_avars_prep skip_incompatible $USE_BROKEN +} + +check_anonymized_disabled() { + toml_avar_disable routes + toml_avars_prep skip_incompatible false + PTXT "$INFO Continue without Relays Support" +} + +check_opendns() { + if grep -q '^server_names = .*cisco.*' "$TOML_FILE"; then + if [ -f "$CONF_FILE" ]; then + local OPENDNS_USER OPENDNS_PASSWORD + OPENDNS_USER="$(awk -F'=' '/OPENDNS_USER/ {print $2}' "$CONF_FILE")" + OPENDNS_PASSWORD="$(awk -F'=' '/OPENDNS_PASSWORD/ {print $2}' "$CONF_FILE")" + if [ "$OPENDNS_USER" ] && [ "$OPENDNS_PASSWORD" ]; then + PTXT "$INFO Found OpenDNS account ${BOLD}${OPENDNS_USER}" \ + "$INFO What do you want to do:" \ + " 1) Use this account" \ + " 2) Setup new account" \ + " 3) Disable OpenDNS account authen" + read_input_num "Your choice" 1 3 + case "$CHOSEN" in + 1) + PTXT "$INFO Use previous account ${BOLD}${OPENDNS_USER}${NORM}" + ;; + 2) + opendns_authen 1 + ;; + 3) + opendns_authen 0 + ;; + esac + else + if read_yesno "Do you want to set up OpenDNS account ip update?"; then opendns_authen 1; else opendns_authen 0; fi + fi + else + if read_yesno "Do you want to set up OpenDNS account ip update?"; then opendns_authen 1; else opendns_authen 0; fi + fi + else + opendns_authen 0 + fi +} + +check_relays() { + local DNSCRYPT_ARGS DNSCRYPT ODOH_ARGS ODOH FRAGSBLOCKED_ARGS FRAGSBLOCKED VARSARGS SERVER COUNT NUMFRAG NUMCRYPT CRYPT + FRAGSBLOCKED_ARGS="$(grep '^fragments_blocked =' "$TOML_ORI" | cut -d'[' -f2- | sed "s/['\"\,]//g;s/]//g;s/^ [ t]*//;s/[ \t]*$//;s/ /|/g")" + NUMCRYPT="0" + while read -r CRYPT; do + CRYPT="$(PTXT "$CRYPT" | cut -d',' -f1)" + if [ "$NUMCRYPT" -eq 0 ]; then + NUMCRYPT="1" + continue + fi + if [ "$NUMCRYPT" -eq 1 ]; then + if ! PTXT "$FRAGSBLOCKED_ARGS" | grep -qoF "$CRYPT"; then DNSCRYPT_ARGS="$CRYPT"; fi + elif [ "$NUMCRYPT" -gt 1 ]; then + if ! PTXT "$FRAGSBLOCKED_ARGS" | grep -qoF "$CRYPT"; then DNSCRYPT_ARGS="${DNSCRYPT_ARGS}|${CRYPT}"; fi + fi + NUMCRYPT="$((NUMCRYPT + 1))" + done <$TARG_DIR/dnscrypt-resolvers.csv + ODOH_ARGS="$(awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {printf "";printf ""$2"";getline;print}' "${TARG_DIR}/odoh-servers.md" | tr '\n' ' ' | sed 's/[ \t]*$//' | sed 's/ /|/g')" + if [ -n "$STAT_CRYPT" ]; then + DNSCRYPT_ARGS="${DNSCRYPT_ARGS}|${STAT_CRYPT}" + fi + if [ -n "$STAT_ODOH" ]; then + ODOH_ARGS="${ODOH_ARGS}|${STAT_ODOH}" + fi + VARSARGS="${DNSCRYPT_ARGS}|${ODOH_ARGS}|${FRAGSBLOCKED_ARGS}" + COUNT="0" + NUMFRAG="0" + [ "$NUMFRAG" -eq 0 ] && toml_avars_prep skip_incompatible false + for SERVER in ${VARSARGS//|/ }; do + if [ "$(grep '^server_names = .*'"${SERVER}"'.*' "$TOML_FILE" | grep -cF "'${SERVER}'")" -ne 0 ]; then + if PTXT "$DNSCRYPT_ARGS" | grep -qoF "$SERVER"; then DNSCRYPT="$SERVER"; fi + if PTXT "$ODOH_ARGS" | grep -qoF "$SERVER"; then ODOH="$SERVER"; fi + if PTXT "$FRAGSBLOCKED_ARGS" | grep -qoF "$SERVER"; then FRAGSBLOCKED="$SERVER"; fi + case "$SERVER" in + "$DNSCRYPT") + if read_yesno "Do you want to add relays for $SERVER?"; then ADD_RELAYS="YES"; else ADD_RELAYS="NO"; fi + if [ "$ADD_RELAYS" = "YES" ]; then PTXT "$INFO You may manually choose relays for $SERVER or you may specify wildcard relay (via=['*'])."; fi + if [ "$COUNT" -eq 0 ] && [ "$ADD_RELAYS" = "YES" ]; then + toml_avar_enable routes + if read_yesno "Do you want to use wildcard relay (via=['*']) option for $SERVER?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi + if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_manual_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then + PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list." + choose_relays_manual + fi + COUNT="$((COUNT + 1))" + elif [ "$COUNT" -gt 0 ] && [ "$ADD_RELAYS" = "YES" ]; then + if read_yesno "Do you want to use wildcard relay (via=['*']) option for $SERVER?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi + if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_manual_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then + PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list." + choose_relays_manual + fi + elif [ "$ADD_RELAYS" = "NO" ]; then + PTXT "$INFO Skipping relays for $SERVER." + fi + ;; + "$ODOH") + PTXT "$INFO Found $SERVER, Oblivious DNS-over-HTTPS relays are required for Oblivious DNS-over-HTTPS servers." \ + "$INFO You may manually choose relays for $SERVER server or you may specify wildcard relay (via=['*'])." + if [ "$COUNT" -eq 0 ]; then + if read_yesno "Do you want to use wildcard relay (via=['*']) option for $SERVER?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi + if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_manual_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then + PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list." + choose_relays_manual_odoh + fi + COUNT="$((COUNT + 1))" + elif [ "$COUNT" -gt 0 ]; then + if read_yesno "Do you want to use wildcard relay (via=['*']) option for $SERVER?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi + if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_manual_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then + PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list." + choose_relays_manual_odoh + fi + fi + ;; + "$FRAGSBLOCKED") + if [ "$NUMFRAG" -eq 0 ] && [ "$COUNT" -gt 0 ]; then + local USE_BROKEN + if read_yesno "Do you want to skip using resolvers that are incompatible with anonymization instead of using them directly?"; then USE_BROKEN="true"; else USE_BROKEN="false"; fi + toml_avars_prep skip_incompatible $USE_BROKEN + NUMFRAG="$((NUMFRAG + 1))" + fi + ;; + esac + fi + done + if [ "$COUNT" -eq 0 ] && grep -q '^odoh_servers = .*false.*' "$TOML_FILE" && grep -q '^dnscrypt_servers = .*true.*' "$TOML_FILE"; then + if [ -n "$DNSCRYPT" ] || { grep -q '^dnscrypt_servers = .*true.*' "$TOML_FILE" && ! grep -q '^server_names' "$TOML_FILE"; }; then + PTXT "$INFO To continue, you may still define a default route for all compatible DNSCrypt servers and relays by selecting wildcard option for servers and relays." + if read_yesno "Do you still want to setup wildcard options for servers (server_name "*") and relays (via=['*']) for all compatible DNSCrypt servers and relays?"; then check_anonymized_automatic 0; else check_anonymized_disabled; fi + else + check_anonymized_disabled + fi + elif [ "$COUNT" -eq 0 ] && grep -q '^odoh_servers = .*true.*' "$TOML_FILE" && grep -q '^dnscrypt_servers = .*true.*' "$TOML_FILE"; then + PTXT "$INFO This option allows you to setup wildcard options for servers (server_name "*") and relays (via=['*']) for all compatible servers and relays." + if read_yesno "Do you only want to skip this option for Dnscrypt Servers (still required for ODOH)?"; then choose_relays_automatic_odoh; else COUNT="$((COUNT + 1))"; fi + if [ "$COUNT" -gt 0 ]; then check_anonymized_automatic 0; fi + elif [ "$COUNT" -eq 0 ] && grep -q '^odoh_servers = .*true.*' "$TOML_FILE" && grep -q '^dnscrypt_servers = .*false.*' "$TOML_FILE"; then + PTXT "$INFO This option allows you to setup wildcard options for both servers (server_name "*") and relays (via=['*']) required for Oblivious DNS-over-HTTPS servers." + if read_yesno "Do you want to use wildcard relay (via=['*']) option for (server_name "*")?"; then USE_WILDCARD="YES"; else USE_WILDCARD="NO"; fi + if [ "$USE_WILDCARD" = "YES" ]; then choose_relays_automatic_wildcard; elif [ "$USE_WILDCARD" = "NO" ]; then + PTXT "$INFO You chose not to use wildcard for relay selection." "$INFO Instead you will manually choose relays from a list." + choose_relays_automatic_odoh + fi + elif [ "$COUNT" -eq 0 ] && grep -q '^odoh_servers = .*false.*' "$TOML_FILE" && grep -q '^dnscrypt_servers = .*false.*' "$TOML_FILE"; then + check_anonymized_disabled + fi +} + +check_swap() { + local SWAP_SIZE + SWAP_SIZE="$(awk '/SwapTotal/ {print $2}' /proc/meminfo)" + if [ "$SWAP_SIZE" -gt 0 ]; then + PTXT "$INFO Swap file is already setup" + end_op_message 0 + return + fi + inst_swap +} + +check_version() { + if [ -f "${TARG_DIR}/installer" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ] && [ -z "$2" ]; then + local RMNSTALL LINSTALL MD5SUM_L MD5SUM_R NW_STATE RES_STATE + [ -z "$1" ] && NW_STATE="$( + ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1 + printf "%s" "$?" + )" + [ -z "$1" ] && RES_STATE="$( + nslookup google.com 127.0.0.1 >/dev/null 2>&1 + printf "%s" "$?" + )" + LINSTALL="$(awk '{ print }' "${TARG_DIR}/installer" | grep -m1 "^DI_VERSION=" | grep -oE '[0-9]{1,2}([.][0-9]{1,2})([.][0-9]{1,2})')" + RMNSTALL="$(curl -sL "${RURL}/installer" | grep -m1 "^DI_VERSION=" | grep -oE '[0-9]{1,2}([.][0-9]{1,2})([.][0-9]{1,2})')" + MD5SUM_L="$(md5sum "${TARG_DIR}/installer" | cut -d' ' -f1)" + MD5SUM_R="$(curl -fsL "${RURL}/installer" | md5sum | awk '{print $1}')" + if { [ -n "$LINSTALL" ] && [ -n "$RMNSTALL" ]; } || { [ "$NW_STATE" = "0" ] && [ "$RES_STATE" = "0" ]; }; then + [ -z "$LINSTALL" ] && exit 1 + [ -z "$RMNSTALL" ] && exit 1 + if [ "$RMNSTALL" != "$LINSTALL" ]; then + PTXT "$INFO New DI_VERSION=v${RMNSTALL} Available!" \ + "$INFO Run Option 1 of the Installer to upgrade DNScrypt Asuswrt Installer." + AUTO_UPDATE="update" + elif [ "$MD5SUM_R" = "$MD5SUM_L" ]; then + PTXT "$INFO DI_VERSION=v${LINSTALL}" + else + PTXT "$INFO DI_VERSION=v${LINSTALL}, but a New Minor Update is Available!" \ + "$INFO Run Option 1 of the Installer to upgrade DNScrypt Asuswrt Installer." + AUTO_UPDATE="update" + fi + local LVERSION + LVERSION="$("${TARG_DIR}/dnscrypt-proxy" -version)" + [ -z "$LVERSION" ] && exit 1 + [ -z "$DNSCRYPT_VER" ] && exit 1 + if [ "$DNSCRYPT_VER" != "$LVERSION" ]; then + PTXT "$INFO New DNSCRYPT_VER=${DNSCRYPT_VER} Available!" \ + "$INFO Run Option 1 of the Installer to upgrade DNScrypt Proxy." + AUTO_UPDATE="update" + else + PTXT "$INFO DNSCRYPT_VER=${LVERSION}" + fi + if [ -f "${TARG_DIR}/manager" ]; then + local MD5SUM_LM MD5SUM_M + MD5SUM_LM="$(md5sum "${TARG_DIR}/manager" | cut -d' ' -f1)" + MURL="${URL_GEN}/manager" + MD5SUM_M="$(curl -fsL "$MURL" | md5sum | awk '{print $1}')" + if [ "$MD5SUM_M" = "$MD5SUM_LM" ]; then + PTXT "$INFO Manager file is Up-To-Date!" + else + PTXT "$INFO New Manager file is Available!" \ + "$INFO Run Option 1 of the Installer to upgrade the Manager File." + AUTO_UPDATE="update" + fi + fi + elif { [ -z "$LINSTALL" ] && [ -z "$RMNSTALL" ]; } || { [ "$NW_STATE" = "0" ] && [ "$RES_STATE" != "0" ]; }; then + [ -z "$1" ] && while { [ "$NW_STATE" = "0" ] && [ "$RES_STATE" != "0" ]; }; do + sleep 1 + NW_STATE="$( + ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1 + printf "%s" "$?" + )" + RES_STATE="$( + nslookup google.com 127.0.0.1 >/dev/null 2>&1 + printf "%s" "$?" + )" + done && check_version x + [ -n "$1" ] && check_version x x + fi + fi +} + +choose_dnscrypt_server() { + local USE_IPV6 + if [ "$(nvram get ipv6_service)" != "disabled" ]; then { if read_yesno "Do you want to use DNS server over IPv6 (yes only if your connection has IPv6)?"; then USE_IPV6="true"; else USE_IPV6="false"; fi; }; else USE_IPV6="false"; fi + toml_avars_prep ipv6_servers $USE_IPV6 + PTXT "$INFO Choose DNS resolving load balancing strategy:" \ + " 1) p2 (default)" \ + " 2) ph" \ + " 3) first" \ + " 4) random" + read_input_num "Select your strategy" 1 4 + case "$CHOSEN" in + 1) + toml_avars_prep lb_strategy "\'p2\'" + ;; + 2) + toml_avars_prep lb_strategy "\'ph\'" + ;; + 3) + toml_avars_prep lb_strategy "\'first\'" + ;; + 4) + toml_avars_prep lb_strategy "\'random\'" + ;; + esac + if read_yesno "Do you want to use load balance estimator to adjust resolvers based on latency calculations?"; then USE_LBE="true"; else USE_LBE="false"; fi + toml_avars_prep lb_estimator $USE_LBE + PTXT "$INFO Choose how your DNS servers are selected:" \ + " 1) Automatically (default)" \ + " 2) Manually" \ + " 3) Static" + read_input_num "Select your mode" 1 3 + case "$CHOSEN" in + 1) + choose_dnscrypt_server_auto + if grep -q '^dnscrypt_servers = .*true.*' "$TOML_FILE" && [ -z "$CRYPT_COUNT" ]; then CRYPT_COUNT="1"; fi + if read_yesno "Do you want to choose which servers to disable (this can be a long process)?"; then CHOOSE_DISABLED="true"; else CHOOSE_DISABLED="false"; fi + if [ "$CHOOSE_DISABLED" = "true" ]; then choose_dnscrypt_server_disabled; elif [ "$CHOOSE_DISABLED" = "false" ]; then toml_avar_disable disabled_server_names; fi + ;; + 2) + toml_avar_disable disabled_server_names + if read_yesno "Do you only want to use the Oblivious DNS-over-HTTPS protocol?"; then ODOH_ONLY="true"; else ODOH_ONLY="false"; fi + if [ "$ODOH_ONLY" = "true" ]; then choose_dnscrypt_server_odoh; elif [ "$ODOH_ONLY" = "false" ]; then choose_dnscrypt_server_manual; fi + ;; + 3) + toml_avar_disable disabled_server_names + static_chosen 0 + ;; + esac +} + +choose_dnscrypt_server_auto() { + toml_avar_disable server_names + if read_yesno "Use servers that support the DNSCrypt protocol"; then toml_avars_prep dnscrypt_servers true; else toml_avars_prep dnscrypt_servers false; fi + if read_yesno "Use servers that support the DNS-over-HTTPS protocol"; then toml_avars_prep doh_servers true; else toml_avars_prep doh_servers false; fi + if read_yesno "Use servers that support the Oblivious DNS-over-HTTPS protocol"; then toml_avars_prep odoh_servers true; else toml_avars_prep odoh_servers false; fi + if read_yesno "Use only servers that support DNSSEC"; then toml_avars_prep require_dnssec true; else toml_avars_prep require_dnssec false; fi + if read_yesno "Use only servers that do not log user's queries"; then toml_avars_prep require_nolog true; else toml_avars_prep require_nolog false; fi + if read_yesno "Use only servers that do not filter result"; then toml_avars_prep require_nofilter true; else toml_avars_prep require_nofilter false; fi +} + +choose_dnscrypt_server_disabled() { + local INDEX + INDEX="$1" + if [ -z "$INDEX" ]; then + if [ "$USE_IPV6" = "true" ]; then USE_IPV6="NOMATCH"; else USE_IPV6="6"; fi + local RESOLVERS + PTXT "$INFO Available DNS servers to disable: " + INDEX="$(awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/public-resolvers.md" | wc -l)" + awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/public-resolvers.md" + read_input_num "Please choose DNS server to disable" 1 "$INDEX" + else + if ! read_input_num "Please choose next DNS server to disable or press n to stop" 1 "$INDEX" n; then + if grep -q '^odoh_servers = .*true.*' "$TOML_FILE"; then + if read_yesno "Do you want to choose which Oblivious DNS-over-HTTPS DNS servers to disable?"; then ODOH_DISABLED="true"; else ODOH_DISABLED="false"; fi + if [ "$ODOH_DISABLED" = "true" ]; then choose_dnscrypt_server_disabled_odoh; fi + fi + toml_avars_prep disabled_server_names "\"[${RESOLVERS}]\"" + return + fi + fi + local ITEM + ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/public-resolvers.md")" + if PTXT "$RESOLVERS" | grep -qoF "'$ITEM'"; then + PTXT "$INFO $ITEM is already set." + else + if [ "$RESOLVERS" ]; then + RESOLVERS="${RESOLVERS%?}', '$ITEM'" + else + RESOLVERS="'$ITEM'" + fi + fi + choose_dnscrypt_server_disabled "$INDEX" +} + +choose_dnscrypt_server_disabled_odoh() { + local INDEX + INDEX="$1" + if [ -z "$INDEX" ]; then + local ORESOLVERS + PTXT "$INFO Available DNS servers to disable: " + INDEX="$(awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/odoh-servers.md" | wc -l)" + awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/odoh-servers.md" + read_input_num "Please choose DNS server to disable" 1 "$INDEX" + else + if ! read_input_num "Please choose next DNS server to disable or press n to stop" 1 "$INDEX" n; then + RESOLVERS="${ORESOLVERS}, $RESOLVERS" + return + fi + fi + local OITEM + OITEM="$(awk -v INDEX="$CHOSEN" -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/odoh-servers.md")" + if PTXT "$ORESOLVERS" | grep -qoF "'$OITEM'"; then + PTXT "$INFO $OITEM is already set." + else + if [ "$ORESOLVERS" ]; then + ORESOLVERS="${ORESOLVERS%?}', '$OITEM'" + else + ORESOLVERS="'$OITEM'" + fi + fi + choose_dnscrypt_server_disabled_odoh "$INDEX" +} + +choose_dnscrypt_server_manual() { + local INDEX + INDEX="$1" + if [ -z "$INDEX" ]; then + [ "$USE_IPV6" = "true" ] && USE_IPV6="NOMATCH" || USE_IPV6="6" + local RESOLVERS + toml_avars_prep dnscrypt_servers true doh_servers true require_dnssec false require_nolog false require_nofilter false + PTXT "$INFO Available DNS servers: " + INDEX="$(awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/public-resolvers.md" | wc -l)" + awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/public-resolvers.md" + read_input_num "Please choose DNS server." 1 "$INDEX" + else + if ! read_input_num "Please choose next DNS server or press n to stop." 1 "$INDEX" n; then + if read_yesno "Do you want to choose which Oblivious DNS-over-HTTPS DNS servers to enable?"; then ODOH_ENABLE="true"; else ODOH_ENABLE="false"; fi + if [ "$ODOH_ENABLE" = "true" ]; then choose_dnscrypt_server_odoh; elif [ "$ODOH_ENABLE" = "false" ]; then toml_avars_prep odoh_servers "$ODOH_ENABLE"; fi + if read_yesno "Do you want to add any static servers?"; then ADD_STATIC="YES"; else ADD_STATIC="NO"; fi + if [ "$ADD_STATIC" = "YES" ]; then static_chosen 0; fi + toml_avars_prep server_names "\"[${RESOLVERS}]\"" + return + fi + fi + local ITEM + ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/public-resolvers.md")" + if PTXT "$RESOLVERS" | grep -qoF "'$ITEM'"; then + PTXT "$INFO $ITEM is already set" + else + if [ "$RESOLVERS" ]; then + RESOLVERS="${RESOLVERS%?}', '$ITEM'" + else + RESOLVERS="'$ITEM'" + fi + fi + choose_dnscrypt_server_manual "$INDEX" +} + +choose_dnscrypt_server_odoh() { + local INDEX + INDEX="$1" + if [ -z "$INDEX" ]; then + local ORESOLVERS + toml_avars_prep odoh_servers true + PTXT "$INFO Available DNS servers: " + INDEX="$(awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/odoh-servers.md" | wc -l)" + awk -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/odoh-servers.md" + read_input_num "Please choose DNS server." 1 "$INDEX" + else + if ! read_input_num "Please choose next DNS server or press n to stop." 1 "$INDEX" n; then + if [ "$ODOH_ONLY" = "true" ]; then toml_avars_prep server_names "\"[${ORESOLVERS}]\"" dnscrypt_servers false doh_servers false require_dnssec false require_nolog false require_nofilter false; elif [ "$ODOH_ONLY" = "false" ]; then RESOLVERS="${ORESOLVERS}, $RESOLVERS"; fi + return + fi + fi + local OITEM + OITEM="$(awk -v INDEX="$CHOSEN" -v PATT="odohrelay" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/odoh-servers.md")" + if PTXT "$ORESOLVERS" | grep -qoF "'$OITEM'"; then + PTXT "$INFO $OITEM is already set" + else + if [ "$ORESOLVERS" ]; then + ORESOLVERS="${ORESOLVERS%?}', '$OITEM'" + else + ORESOLVERS="'$OITEM'" + fi + fi + choose_dnscrypt_server_odoh "$INDEX" +} + +choose_relays_automatic() { + local INDEX + INDEX="$1" + if [ -z "$INDEX" ]; then + if [ "$USE_IPV6" = "true" ]; then USE_IPV6="NOMATCH"; else USE_IPV6="6"; fi + local RELAYS + PTXT "$INFO Available Relay servers: " + INDEX="$(awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/relays.md" | wc -l)" + awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/relays.md" + read_input_num "Please choose RELAY server" 1 "$INDEX" + else + if ! read_input_num "Please choose next RELAY server or press n to stop" 1 "$INDEX" n; then + if grep -q '^odoh_servers = .*true.*' "$TOML_FILE"; then + PTXT "$INFO Now to pick relays for Oblivious DNS-over-HTTPS DNS servers." + choose_relays_automatic_odoh + fi + if read_yesno "Do you want to add any static relays?"; then ADD_STATIC="YES"; else ADD_STATIC="NO"; fi + if [ "$ADD_STATIC" = "YES" ]; then static_chosen_relays 0; fi + toml_avars_prep routes "\"[ { server_name='*', via=[$RELAYS] } ]\"" + return + fi + fi + local ITEM + ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/relays.md")" + if PTXT "$RELAYS" | grep -qoF "'$ITEM'"; then + PTXT "$INFO $ITEM is already set." + else + if [ "$RELAYS" ]; then + RELAYS="${RELAYS%?}', '$ITEM'" + else + RELAYS="'$ITEM'" + fi + fi + choose_relays_automatic "$INDEX" +} + +choose_relays_automatic_odoh() { + local INDEX + INDEX="$1" + if [ -z "$INDEX" ]; then + local ORELAYS + PTXT "$INFO Available Relay servers: " + INDEX="$(awk -v PATT="odoh-" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/odoh-relays.md" | wc -l)" + awk -v PATT="odoh-" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/odoh-relays.md" + read_input_num "Please choose RELAY server" 1 "$INDEX" + else + if ! read_input_num "Please choose next RELAY server or press n to stop" 1 "$INDEX" n; then + if grep -q '^dnscrypt_servers = .*false.*' "$TOML_FILE" || [ "$COUNT" -eq 0 ]; then toml_avars_prep routes "\"[ { server_name='*', via=[$ORELAYS] } ]\""; else RELAYS="${ORELAYS}, $RELAYS"; fi + return + fi + fi + local OITEM + OITEM="$(awk -v INDEX="$CHOSEN" -v PATT="odoh-" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/odoh-relays.md")" + if PTXT "$ORELAYS" | grep -qoF "'$OITEM'"; then + PTXT "$INFO $OITEM is already set." + else + if [ "$ORELAYS" ]; then + ORELAYS="${ORELAYS%?}', '$OITEM'" + else + ORELAYS="'$OITEM'" + fi + fi + choose_relays_automatic_odoh "$INDEX" +} + +choose_relays_automatic_wildcard() { + toml_avars_prep routes "\"[ { server_name='*', via=['*'] } ]\"" +} + +choose_relays_manual() { + local INDEX + INDEX="$1" + if [ -z "$INDEX" ]; then + if [ "$USE_IPV6" = "true" ]; then USE_IPV6="NOMATCH"; else USE_IPV6="6"; fi + local RELAYS + PTXT "$INFO Available Relay servers: " + INDEX="$(awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/relays.md" | wc -l)" + awk -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/relays.md" + read_input_num "Please choose RELAY server" 1 "$INDEX" + else + if ! read_input_num "Please choose next RELAY server or press n to stop" 1 "$INDEX" n; then + if read_yesno "Do you want to add any static relays?"; then ADD_STATIC="YES"; else ADD_STATIC="NO"; fi + if [ "$ADD_STATIC" = "YES" ]; then static_chosen_relays 0; fi + if [ "$COUNT" -eq 0 ]; then + toml_avars_prep routes "\"[ { server_name='$SERVER', via=[$RELAYS] } ]\"" + else + toml_nvars_replace "} ]" "}, { server_name='$SERVER', via=[$RELAYS] } ]" "$TOML_FILE" + fi + return + fi + fi + local ITEM + ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="$USE_IPV6" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/relays.md")" + if PTXT "$RELAYS" | grep -qoF "'$ITEM'"; then + PTXT "$INFO $ITEM is already set." + else + if [ "$RELAYS" ]; then + RELAYS="${RELAYS%?}', '$ITEM'" + else + RELAYS="'$ITEM'" + fi + fi + choose_relays_manual "$INDEX" +} + +choose_relays_manual_odoh() { + local INDEX + INDEX="$1" + if [ -z "$INDEX" ]; then + local RELAYS + PTXT "$INFO Available Relay servers: " + INDEX="$(awk -v PATT="odoh-" '/^## / && ($0 !~ PATT)' "${TARG_DIR}/odoh-relays.md" | wc -l)" + awk -v PATT="odoh-" '/^## / && ($0 !~ PATT) {printf " "; printf ++i") "$2": "; getline; getline; print}' "${TARG_DIR}/odoh-relays.md" + read_input_num "Please choose RELAY server" 1 "$INDEX" + else + if ! read_input_num "Please choose next RELAY server or press n to stop" 1 "$INDEX" n; then + if read_yesno "Do you want to add any static relays?"; then ADD_STATIC="YES"; else ADD_STATIC="NO"; fi + if [ "$ADD_STATIC" = "YES" ]; then static_chosen_relays 0; fi + if [ "$COUNT" -eq 0 ]; then + toml_avars_prep routes "\"[ { server_name='$SERVER', via=[$RELAYS] } ]\"" + else + toml_nvars_replace "} ]" "}, { server_name='$SERVER', via=[$RELAYS] } ]" "$TOML_FILE" + fi + return + fi + fi + local ITEM + ITEM="$(awk -v INDEX="$CHOSEN" -v PATT="odoh-" '/^## / && ($0 !~ PATT) {i++} i==INDEX {print $2;exit}' "${TARG_DIR}/odoh-relays.md")" + if PTXT "$RELAYS" | grep -qoF "'$ITEM'"; then + PTXT "$INFO $ITEM is already set." + else + if [ "$RELAYS" ]; then + RELAYS="${RELAYS%?}', '$ITEM'" + else + RELAYS="'$ITEM'" + fi + fi + choose_relays_manual_odoh "$INDEX" +} + +choose_relays_manual_wildcard() { + if [ "$COUNT" -eq 0 ]; then + toml_avars_prep routes "\"[ { server_name='$SERVER', via=['*'] } ]\"" + else + toml_nvars_replace "} ]" "}, { server_name='$SERVER', via=['*'] } ]" "$TOML_FILE" + fi +} + +cleanup() { + rm -rf "${TARG_DIR}/dnscrypt-fw-rules" "${TARG_DIR}/dnscrypt-start" "${TARG_DIR}/dnsmasq-dnscrypt-reconfig" "${TARG_DIR}/fake-hwclock*" "${TARG_DIR}/init-start" "${TARG_DIR}/services-stop" + del_jffs_script /jffs/scripts/wan-start dnscrypt-start + del_jffs_script /jffs/scripts/openvpn-event + del_jffs_script /jffs/scripts/firewall-start + del_jffs_script /jffs/scripts/wan-start +} + +create_dir() { + if ! mkdir -p "$1"; then + PTXT "$ERROR Unable to create $1!" + return 1 + fi +} + +del_between_magic() { + local TARG MAGIC BOUNDS + TARG="$1" + MAGIC="$2" + [ -f "$TARG" ] || return + BOUNDS="$(awk -v PATT="$MAGIC" '($0 ~ PATT) {printf NR","}' "$TARG")" + if [ "$BOUNDS" ]; then + sed -i "${BOUNDS%,}d" "$TARG" + fi +} + +del_conf() { + [ ! -f "$CONF_FILE" ] && return + local KEY + for KEY in "$@"; do + sed -i "/^$KEY=.*$/d" $CONF_FILE + done +} + +del_jffs_script() { + local TARG LINE_NUM LINE_ABOVE OP + TARG="$1" + [ -f "$TARG" ] || return + if [ "$2" ]; then + OP="${2:0:1}" + if [ "$OP" = "!" ]; then + LINE_NUM="$(grep -n -F "[ -x $TARG_DIR/" "$TARG" | grep -v "$(_quote "$2")" | cut -d':' -f1)" + else + LINE_NUM="$(grep -n -F "[ -x $TARG_DIR/" "$TARG" | grep "$(_quote "$2")" | cut -d':' -f1)" + fi + else + LINE_NUM="$(grep -n -F "[ -x $TARG_DIR/" "$TARG" | cut -d':' -f1)" + fi + [ -z "$LINE_NUM" ] && return + sed -i "${LINE_NUM}d" "$TARG" + if [ "$LINE_NUM" -gt 1 ]; then + LINE_NUM="$((LINE_NUM - 1))" + LINE_ABOVE="$(sed "${LINE_NUM}q;d" "$TARG")" + [ -z "$LINE_ABOVE" ] && sed -i "${LINE_NUM}d" "$TARG" + fi + [ "$(awk '{ print }' "$TARG")" = "#!/bin/sh" ] && rm -f "$TARG" +} + +download_file() { + local TARG PERM URL RET FILENAME MD5SUM_OLD MD5SUM_CURR + TARG="$1" + shift + PERM="$1" + shift + for URL in "$@"; do + FILENAME="$(basename "$URL")" + MD5SUM_OLD="$([ -f "${TARG}/${FILENAME}" ] && md5sum "${TARG}/${FILENAME}" | cut -d' ' -f1)" + MD5SUM_CURR="$(curl -fsL "$URL" | md5sum | awk '{print $1}')" + if [ "$(PTXT -n "$MD5SUM_CURR" | wc -c)" -eq 32 ] && [ "$MD5SUM_CURR" = "$MD5SUM_OLD" ]; then + PTXT "$INFO $FILENAME is up to date. Skipping..." + else + local COUNT + COUNT="0" + while [ "$COUNT" -lt 3 ]; do + PTXT "$INFO Downloading $FILENAME" + if curl -L -k -s "$URL" -o "${TARG}/${FILENAME}"; then + chmod "$PERM" "${TARG}/${FILENAME}" + break + fi + COUNT="$((COUNT + 1))" + done + if [ "$COUNT" -eq 3 ]; then + PTXT "$ERROR Unable to download ${BOLD}${URL}${NORM}" + if [ -z "$RET" ]; then RET="1"; else RET="$((RET + 1))"; fi + fi + fi + done + if [ -z "$RET" ]; then RET="0"; else PTXT "$ERROR One or more download failures has occured." "$ERROR It is recommended to rerun the installer, or restore from a backup!"; fi + return $RET +} + +end_op_message() { + case "${1:-0}" in + 0) + PTXT "$INFO Operation completed, returning to Main Menu. You can quit or continue." + ;; + 1) + PTXT "$INFO Operation aborted, returning to Main Menu. You can quit or continue." + ;; + 2) + PTXT "$INFO Abnormal operations, returning to Main Menu. You can quit or continue." + ;; + esac + PTXT "=====================================================" + PTXT " " + PTXT " " + sleep 3 && clear + if [ -f "${TARG_DIR}/installer" ]; then + chmod 755 "${TARG_DIR}/installer" >/dev/null 2>&1 + exec "${TARG_DIR}/installer" "$BRANCH" && exit + elif [ ! -f "${TARG_DIR}/installer" ] && [ -f "$SCRIPT_LOC" ]; then + chmod 755 "$SCRIPT_LOC" >/dev/null 2>&1 + exec "$SCRIPT_LOC" "$BRANCH" && exit + elif [ -f "${HOME}/installer" ]; then chmod 755 "${HOME}/installer" && exec "${HOME}/installer" "$BRANCH" && exit; else clear && end_op_header && exit; fi +} + +end_op_header() { + sed -n -e "1,$(($(grep -wn 'menu () {' "$0" | cut -d':' -f1) - 1))p" "$0" >"${0}".tmp && sh "${0}".tmp && menu && rm -rf "${0}".tmp +} + +inst_dnscrypt() { + local DNSCRYPT_TAR RESOLVERS_URL_PREFIX CRYPT_RESOLVERS + DNSCRYPT_TAR=dnscrypt-proxy-${DNSCRYPT_ARCH}-${DNSCRYPT_VER}.tar.gz + RESOLVERS_URL_PREFIX="https://download.dnscrypt.info/resolvers-list/v3/" + CRYPT_RESOLVERS="https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v1/" + if [ "${1:-install}" = "install" ]; then + if [ ! -d "$TARG_DIR" ] && [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then + PTXT "$INFO Backup is detected." + local USE_OLD + if read_yesno "Do you want Restore instead?"; then USE_OLD="YES"; else USE_OLD="NO"; fi + if [ "$USE_OLD" = "YES" ]; then + PTXT "$INFO Installing from an old backup!" + backup_restore RESTORE + elif [ "$USE_OLD" = "NO" ]; then + PTXT "$INFO Continuing without restoring from backup!" + fi + elif [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ] && [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then + if read_yesno "Do you want create a backup before updating?"; then backup_restore BACKUP 0; else PTXT "$INFO continuing without making a backup."; fi + fi + local NW_STATE RES_STATE + NW_STATE="$( + ping 1.1.1.1 -c1 -W2 >/dev/null 2>&1 + printf "%s" "$?" + )" + RES_STATE="$( + nslookup google.com 127.0.0.1 >/dev/null 2>&1 + printf "%s" "$?" + )" + if [ -z "$DNSCRYPT_VER" ] || { [ "$NW_STATE" = "0" ] && [ "$RES_STATE" != "0" ]; }; then + PTXT "$ERROR Unable to detect the Internet!" + end_op_message 1 + return + fi + if ! create_dir "$TARG_DIR"; then + end_op_message 1 + return + fi + if ! download_file "$TARG_DIR" 755 "${RURL}/installer" || ! awk '{ print }' "${TARG_DIR}/installer" | grep -m1 "^DI_VERSION=" | grep -qoE '[0-9]{1,2}([.][0-9]{1,2})([.][0-9]{1,2})'; then + PTXT "$ERROR Failed to download installer." + end_op_message 1 + return + fi + if [ "$AUTO_UPDATE" = "update" ]; then exec "${TARG_DIR}/installer" "$BRANCH" "$AUTO_UPDATE" && exit; fi + fi + download_file "$TARG_DIR" 755 "${URL_GEN}/manager" + if [ -f "${TARG_DIR}/dnscrypt-proxy" ]; then + local LVERSION + LVERSION="$("${TARG_DIR}/dnscrypt-proxy" -version)" + [ -z "$LVERSION" ] && exit 1 + [ -z "$DNSCRYPT_VER" ] && exit 1 + if [ "$DNSCRYPT_VER" != "$LVERSION" ]; then + PTXT "$INFO New DNSCRYPT_VER=${DNSCRYPT_VER} Available!" \ + "$INFO Updating DNSCRYPT_VER=${LVERSION} to $DNSCRYPT_VER ." + if ! download_file "$TARG_DIR" 644 "https://github.com/jedisct1/dnscrypt-proxy/releases/download/${DNSCRYPT_VER}/${DNSCRYPT_TAR}"; then + PTXT "$ERROR Unable to download dnscrypt-proxy package for your router" + end_op_message 1 + return + fi + tar xzv -C "$TARG_DIR" -f "${TARG_DIR}/${DNSCRYPT_TAR}" + chown "$(nvram get http_username)":root ${TARG_DIR}/"${DNSCRYPT_ARCH_TAR}"/* + mv ${TARG_DIR}/"${DNSCRYPT_ARCH_TAR}"/* "$TARG_DIR" + rm -r "${TARG_DIR:?}/${DNSCRYPT_ARCH_TAR}" "${TARG_DIR:?}/${DNSCRYPT_TAR}" + if ! chmod 755 "${TARG_DIR}/dnscrypt-proxy" && [ -z "$("${TARG_DIR}/dnscrypt-proxy" -version)" ]; then + PTXT "$ERROR Failed to download dnscrypt-proxy package for your router" + end_op_message 1 + return + fi + else + PTXT "$INFO DNSCRYPT_VER=${LVERSION}" + fi + else + if ! download_file "$TARG_DIR" 644 "https://github.com/jedisct1/dnscrypt-proxy/releases/download/${DNSCRYPT_VER}/${DNSCRYPT_TAR}"; then + PTXT "$ERROR Unable to download dnscrypt-proxy package for your router" + end_op_message 1 + return + fi + tar xzv -C "$TARG_DIR" -f "${TARG_DIR}/${DNSCRYPT_TAR}" + chown "$(nvram get http_username)":root ${TARG_DIR}/"${DNSCRYPT_ARCH_TAR}"/* + mv ${TARG_DIR}/"${DNSCRYPT_ARCH_TAR}"/* "$TARG_DIR" + rm -r "${TARG_DIR:?}/${DNSCRYPT_ARCH_TAR}" "${TARG_DIR:?}/${DNSCRYPT_TAR}" + if ! chmod 755 "${TARG_DIR}/dnscrypt-proxy" && [ -z "$("${TARG_DIR}/dnscrypt-proxy" -version)" ]; then + PTXT "$ERROR Failed to download dnscrypt-proxy package for your router" + end_op_message 1 + return + fi + fi + download_file "$TARG_DIR" 644 "${RESOLVERS_URL_PREFIX}/public-resolvers.md" \ + "${RESOLVERS_URL_PREFIX}/public-resolvers.md.minisig" \ + "${RESOLVERS_URL_PREFIX}/relays.md" \ + "${RESOLVERS_URL_PREFIX}/relays.md.minisig" \ + "${RESOLVERS_URL_PREFIX}/odoh-servers.md" \ + "${RESOLVERS_URL_PREFIX}/odoh-servers.md.minisig" \ + "${RESOLVERS_URL_PREFIX}/odoh-relays.md" \ + "${RESOLVERS_URL_PREFIX}/odoh-relays.md.minisig" + download_file "$TARG_DIR" 644 "${CRYPT_RESOLVERS}/dnscrypt-resolvers.csv" \ + "${CRYPT_RESOLVERS}/dnscrypt-resolvers.csv.minisig" + chown nobody:nobody "${TARG_DIR}/public-resolvers.md" \ + "${TARG_DIR}/public-resolvers.md.minisig" \ + "${TARG_DIR}/relays.md" \ + "${TARG_DIR}/relays.md.minisig" \ + "${TARG_DIR}/odoh-servers.md" \ + "${TARG_DIR}/odoh-servers.md.minisig" \ + "${TARG_DIR}/odoh-relays.md" \ + "${TARG_DIR}/odoh-relays.md.minisig" \ + "${TARG_DIR}/dnscrypt-resolvers.csv" \ + "${TARG_DIR}/dnscrypt-resolvers.csv.minisig" + for i in init-start services-stop; do if { ! grep -q "${TARG_DIR}/manager $i &" "/jffs/scripts/${i}" && grep -q "${TARG_DIR}/manager $i" "/jffs/scripts/${i}"; }; then del_jffs_script "/jffs/scripts/${i}"; fi; done + write_manager_script /jffs/scripts/init-start "init-start &" + write_manager_script /jffs/scripts/services-stop "services-stop &" + write_manager_script /jffs/scripts/dnsmasq.postconf dnsmasq + del_between_magic /jffs/scripts/service-event-end '# Asuswrt-Merlin-Dnscrypt-Proxy-Installer' + write_command_script /jffs/scripts/service-event-end 'if printf "%s" "$@" | /bin/grep -qE "^(((((dnscrypt-)?(start|stop)|restart|kill))_?.*dnscrypt-proxy)$)"; then { sh /jffs/dnscrypt/manager "$(printf "%s" "$@" | /bin/grep -oE "^(((dnscrypt-)?(start|stop)|restart|kill))")" x & }; fi # Asuswrt-Merlin-Dnscrypt-Proxy-Installer' + if ! setup_dnscrypt "" "${1:-install}"; then + end_op_message 1 + return + fi + PTXT "$INFO Starting dnscrypt-proxy..." + service start_dnscrypt-proxy >/dev/null 2>&1 + sleep 1 + if [ -z "$(pidof dnscrypt-proxy)" ]; then + PTXT "$ERROR Couldn't start dnscrypt-proxy" \ + "$ERROR Please send WebUI System Log to dev" + end_op_message 1 + return + fi + service restart_dnscrypt-proxy >/dev/null 2>&1 + PTXT "$INFO For dnscrypt-proxy version 2 to work reliably, you might also want to:" \ + "$INFO - Add swap" \ + "$INFO - Add a RNG" \ + "$INFO - Set your timezone" + end_op_message 0 +} + +manager_monitor_restart() { + local MAN_PID PID + MAN_PID="$(pidof manager)" + if [ "$MAN_PID" ]; then + for PID in $MAN_PID; do + if awk '{ print }' "/proc/${PID}/cmdline" | grep -q dnscrypt; then + { kill -s 10 "$PID" 2>/dev/null || kill -s 9 "$PID" 2>/dev/null; } + break + fi + done + fi + ${TARG_DIR}/manager monitor-start +} + +opendns_authen() { + if [ "$1" -eq 0 ]; then + del_conf OPENDNS_USER OPENDNS_PASSWORD + return + fi + if [ -z "$PW1" ] || [ -z "$PW2" ]; then + local USERNAME + PTXT -n "$INPUT Please enter OpenDNS username${NORM}: " + read -r USERNAME + fi + local PW1 PW2 + PTXT -n "$INPUT Please enter OpenDNS password${NORM}: " + read -rs PW1 + PTXT " " + PTXT -n "$INPUT Please reenter OpenDNS password${NORM}: " + read -rs PW2 + PTXT " " + if [ -z "$PW1" ] || [ -z "$PW2" ] || [ "$PW1" != "$PW2" ]; then + PTXT "$ERROR Password entered incorrectly!" + opendns_authen "$1" + fi + write_conf OPENDNS_USER "\"$USERNAME\"" + write_conf OPENDNS_PASSWORD "\"$PW1\"" +} + +inst_random() { + create_dir "$TARG_DIR" + PTXT "$INFO Install a (P)RNG for better cryptographic operations" \ + "$INFO Available random number generator providers:" \ + " 1) HAVEGED (Preferred if you do not have a HW RNG)" \ + " 2) RNGD (Preferred if you have a HW RNG)" \ + "$INFO If you choose a HW RNG, please have it plugged in now before" \ + "$INFO proceeding with your selection." + read_input_num "Please enter the number designates your selection" 1 2 + case "$CHOSEN" in + 1) + rm -f "${TARG_DIR}/rngd" "${TARG_DIR}/stty" + { kill -s 9 "$(pidof haveged jitterentropy-rngd rngd stty)" 2>/dev/null || killall -q -9 haveged jitterentropy-rngd rngd stty 2>/dev/null; } + download_file "$TARG_DIR" 755 "${URL_ARCH}/haveged" "${URL_GEN}/manager" + write_conf RAN_PRV haveged + ${TARG_DIR}/haveged -w 1024 -d 32 -i 32 -v 1 + ;; + 2) + local RNG_DEV + { kill -s 9 "$(pidof haveged jitterentropy-rngd rngd stty)" 2>/dev/null || killall -q -9 haveged jitterentropy-rngd rngd stty 2>/dev/null; } + download_file "$TARG_DIR" 755 "${URL_ARCH}/haveged" "${URL_ARCH}/rngd" "${URL_ARCH}/stty" "${URL_GEN}/manager" + inst_ran_dev || return + write_conf RAN_PRV rngd + ${TARG_DIR}/stty raw -echo -ixoff -F "/dev/${RNG_DEV}" speed 115200 + ${TARG_DIR}/rngd -r "/dev/${RNG_DEV}" + ;; + esac + write_manager_script /jffs/scripts/init-start init-start + end_op_message 0 +} + +inst_ran_dev() { + if [ -c "/dev/ttyACM0" ]; then + local PRODSTR VID PID + PRODSTR="$(awk '{ print }' "/sys/class/tty/ttyACM0/device/uevent" | grep "^PRODUCT\=")" + VID="$(PTXT "$PRODSTR" | cut -d '=' -f 2 | cut -d '/' -f 1)" + PID="$(PTXT "$PRODSTR" | cut -d '=' -f 2 | cut -d '/' -f 2)" + if [ "$VID" = "4d8" ] && [ "$PID" = "f5fe" ]; then + PTXT "$INFO Found TrueRNG USB HW RNG" + RNG_DEV="ttyACM0" + fi + if [ "$VID" = "16d0" ] && [ "$PID" = "aa0" ]; then + PTXT "$INFO Found TrueRNGpro USB HW RNG" + RNG_DEV="ttyACM0" + fi + if [ "$VID" = "1d50" ] && [ "$PID" = "6086" ]; then + PTXT "$INFO Found OneRNG USB HW RNG" + RNG_DEV="ttyACM0" + fi + if [ "$VID" = "20df" ] && [ "$PID" = "1" ]; then + PTXT "$INFO Found EntropyKey USB HW RNG" + RNG_DEV="ttyACM0" + fi + fi + if [ -z "$RNG_DEV" ]; then + PTXT "$ERROR Unable to find any HW RNG device! Retrying..." + inst_random + return 1 + fi + write_conf RNG_DEV "/dev/$RNG_DEV" +} + +inst_swap() { + local SWAP_SIZE USB_COUNT + SWAP_SIZE="524288" + USB_COUNT="$(df | awk -v SWS=$((SWAP_SIZE * 2)) '/\/tmp\/mnt\// {if ($4 > SWS){print $6}}' | wc -l)" + if [ "$USB_COUNT" -lt 1 ]; then + PTXT "$ERROR Unable to find any external USB storage" \ + "$ERROR Or no suitable external USB storage found" \ + "$ERROR Please connect a USB storage with at least" \ + "$ERROR $((SWAP_SIZE * 2 / 1024))MB of free space." + end_op_message 1 + return + fi + PTXT "$INFO Available partition to install swap file:${NORM}" + df | awk -v SWS=$((SWAP_SIZE * 2)) '/\/tmp\/mnt\// {if ($4 > SWS){++i; print " " i ") " $6 " (" $4/1024 "MB free)"}}' + read_input_num "Please select the partition to install swap file" 1 "$USB_COUNT" + local MOUNT + MOUNT="$(df | awk -v IDX="$CHOSEN" -v SWS=$((SWAP_SIZE * 2)) '/\/tmp\/mnt\// {if ($4 > SWS){++i; if (i==IDX){print $6}}}')" + PTXT "$INFO Please wait..." + dd if=/dev/zero of="${MOUNT}/swap" bs=1024 count="$SWAP_SIZE" + local MOUNT_FS + MOUNT_FS="$(df -T "$MOUNT" | awk 'FNR==2 {print $2}')" + [ "${MOUNT_FS%?}" = "ext" ] && chmod 600 "${MOUNT}/swap" + mkswap "${MOUNT}/swap" + if ! swapon "${MOUNT}/swap"; then + sed -i "/^$(_quote '[ -f $1/swap ] && swapon $1/swap')$/d" /jffs/scripts/post-mount + sed -i "/^$(_quote '[ -f $1/swap ] && swapoff $1/swap')$/d" /jffs/scripts/unmount + write_command_script /jffs/scripts/post-mount '[ -f "$1/swap" ] && swapon "$1/swap"' + write_command_script /jffs/scripts/unmount '[ -f "$1/swap" ] && swapoff "$1/swap"' + end_op_message 0 + else + PTXT "$ERROR Unable to create swap. Get the command log to dev" + end_op_message 1 + fi +} + +read_input_dns() { + PTXT -n "$INPUT $1 ${BOLD}${2}: ${NORM}" + local DNS_SERVER + read -r DNS_SERVER + [ -z "$DNS_SERVER" ] && DNS_SERVER="$2" + if ! PTXT "$DNS_SERVER" | grep -qoE "\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"; then + PTXT "$ERROR Invalid DNS server address entered" + read_input_dns "$@" + fi + if [ "$DNS_SERVER1" = "$DNS_SERVER" ]; then + PTXT "$ERROR $DNS_SERVER DNS server address already entered, please try again!" + read_input_dns "$@" + fi + case "$1" in + "Default is") + BOOTSTRAP="'${DNS_SERVER}:53'" + PROBE="${DNS_SERVER}:53" + DNS_SERVER1="$DNS_SERVER" + ;; + "2nd Default is") + BOOTSTRAP2="${BOOTSTRAP}, '${DNS_SERVER}:53'" + ;; + esac +} + +read_input_num() { + local RANGE + [ -z "$4" ] && [ -z "$5" ] && [ -z "$6" ] && RANGE="[${2}-${3}]" + [ -n "$4" ] && [ -z "$5" ] && [ -z "$6" ] && RANGE="[${2}-${3}/${4}]" + [ -n "$4" ] && [ -n "$5" ] && [ -z "$6" ] && RANGE="[${2}-${3}/${4}/${5}]" + [ -n "$4" ] && [ -n "$5" ] && [ -n "$6" ] && RANGE="[${2}-${3}/${4}/${5}/${6}]" + PTXT -n "$INPUT $1, ${BOLD}${RANGE}${NORM}: " + read -r CHOSEN + case "$1" in + "Set log level, default is 2, 0 is the most verbose") + if [ -z "$CHOSEN" ]; then CHOSEN="2"; fi + ;; + "Select your strategy" | "Select your mode") + if [ -z "$CHOSEN" ]; then CHOSEN="1"; fi + ;; + *) + if [ -z "$CHOSEN" ]; then + PTXT "$ERROR Invalid character(s) entered! Retrying..." + read_input_num "$@" + return + fi + ;; + esac + case "$CHOSEN" in + "$4" | "$5" | "$6") + return 1 + ;; + "$2" | "$3" | *) + if ! PTXT "$CHOSEN" | grep -qE '^[0-9]+$'; then + PTXT "$ERROR Invalid character(s) entered! Retrying..." + read_input_num "$@" + return + fi + if [ "$CHOSEN" -lt "$2" ] || [ "$CHOSEN" -gt "$3" ]; then + PTXT "$ERROR Chosen number is not in range! Retrying..." + read_input_num "$@" + return + fi + ;; + esac +} + +read_yesno() { + PTXT -n "$INPUT $1 ${BOLD}[y/n]${NORM}: " + local YESNO + read -r YESNO + case "$YESNO" in + y | Y) + return 0 + ;; + n | N) + return 1 + ;; + *) + PTXT "$ERROR Invalid input!" + read_yesno "$@" + ;; + esac +} + +static_chosen() { + local SDNSSTAMP STATICNAME + if [ "$1" -eq 0 ]; then + local STATICRESOLVERS + [ -z "$ADD_STATIC" ] && toml_avars_prep dnscrypt_servers true doh_servers true odoh_servers false require_dnssec false require_nolog false require_nofilter false + PTXT -n "$INPUT Please choose Static Server Name${NORM}: " + read -r STATICNAME + PTXT -n "$INPUT Please enter Static Server SDNS stamp${NORM}: " + read -r SDNSSTAMP + else + if read_yesno "Do you want to set up another Static Server?"; then ANOTHER="YES"; else ANOTHER="NO"; fi + if [ "$ANOTHER" = "YES" ]; then + PTXT -n "$INPUT $INFO Please choose Static Server Name${NORM}: " + read -r STATICNAME + PTXT -n "$INPUT Please enter Static Server SDNS stamp${NORM}: " + read -r SDNSSTAMP + elif [ "$ANOTHER" = "NO" ]; then + PTXT "$INFO finished static setup." + [ "$ADD_STATIC" = "YES" ] && RESOLVERS="${STATICRESOLVERS}, $RESOLVERS" + [ -z "$ADD_STATIC" ] && toml_avars_prep server_names "\"[$STATICRESOLVERS]\"" + return + fi + fi + local STATIC + STATIC="${STATICNAME}-Static" + if PTXT "$STATICRESOLVERS" | grep -qoF "$STATIC"; then + PTXT "$INFO $STATIC is already set" + else + toml_nvars_insert "[static]" "[static.'${STATICNAME}-Static']" "$TOML_FILE" + toml_nvars_insert "[static.'${STATICNAME}-Static']" "stamp = '$SDNSSTAMP'" "$TOML_FILE" + if [ "$STATICRESOLVERS" ]; then + STATICRESOLVERS="${STATICRESOLVERS%?}', '$STATIC'" + else + STATICRESOLVERS="'$STATIC'" + fi + fi + if read_yesno "Is $STATIC a DNSCrypt Server?"; then DNSCRYPT_STATIC="true"; else DNSCRYPT_STATIC="false"; fi + if [ "$DNSCRYPT_STATIC" = "true" ]; then + if [ -z "$STAT_CRYPT" ]; then + STAT_CRYPT="${STATIC}" + else + STAT_CRYPT="${STAT_CRYPT}|${STATIC}" + fi + else + if read_yesno "Is $STATIC an Oblivious DNS-over-HTTPS Server?"; then ODOH_ENABLE="true"; else ODOH_ENABLE="false"; fi + if [ "$ODOH_ENABLE" = "true" ]; then + if [ -z "$STAT_ODOH" ]; then + if grep -q '^odoh_servers = .*false.*' "$TOML_FILE"; then toml_avars_prep odoh_servers true; fi + STAT_ODOH="${STATIC}" + else + STAT_ODOH="${STAT_ODOH}|${STATIC}" + fi + fi + fi + static_chosen 1 +} + +static_chosen_relays() { + local SDNSSTAMP STATICNAME + if [ "$1" -eq 0 ]; then + local STATICRELAYS + PTXT -n "$INPUT Please choose Static Relay Name${NORM}: " + read -r STATICNAME + PTXT -n "$INPUT Please enter Static Relay SDNS stamp${NORM}: " + read -r SDNSSTAMP + else + if read_yesno "Do you want to set up another Static Relay?"; then ANOTHER="YES"; else ANOTHER="NO"; fi + if [ "$ANOTHER" = "YES" ]; then + PTXT -n "$INPUT Please choose Static Relay Name${NORM}: " + read -r STATICNAME + PTXT -n "$INPUT Please enter Static Relay SDNS stamp${NORM}: " + read -r SDNSSTAMP + elif [ "$ANOTHER" = "NO" ]; then + PTXT "$INFO finished static setup." + RELAYS="${STATICRELAYS}, $RELAYS" + return + fi + fi + + local STATIC + STATIC="${STATICNAME}-Static" + if PTXT "$STATICRELAYS" | grep -qoF "$STATIC"; then + PTXT "$INFO $STATIC is already set" + else + toml_nvars_insert "[static]" "[static.'${STATICNAME}-Static']" "$TOML_FILE" + toml_nvars_insert "[static.'${STATICNAME}-Static']" "stamp = '$SDNSSTAMP'" "$TOML_FILE" + if [ "$STATICRELAYS" ]; then + STATICRELAYS="${STATICRELAYS%?}', '$STATIC'" + else + STATICRELAYS="'$STATIC'" + fi + fi + static_chosen_relays 1 +} + +setup_dnscrypt() { + if [ ! -f "$TOML_ORI" ] || [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; then + PTXT "$ERROR dnscrypt-proxy is not installed. Aborting..." + end_op_message 1 + return + fi + PTXT "$INFO Configuring dnscrypt-proxy..." + setup_dnscrypt_impl "$@" + local RET="$?" + check_opendns + if [ "$1" = "reconfig" ]; then + if [ "$RET" -eq 0 ]; then + PTXT "$INFO Restarting dnscrypt-proxy with new config..." + service restart_dnscrypt-proxy >/dev/null 2>&1 + end_op_message 0 + else + end_op_message 0 + fi + fi + return "$RET" +} + +setup_dnscrypt_impl() { + if [ -z "$1" ] && [ -f "$TOML_FILE" ]; then + if ! check_dnscrypt_toml; then + setup_dnscrypt_impl x + return + fi + PTXT "$INFO Found previous dnscrypt-proxy config file" + if read_yesno "Do you want to use this file without reconfiguring?"; then PTXT "$INFO Use previous settings file"; else setup_dnscrypt_impl x; fi + else + if [ -f "$TOML_FILE" ]; then + if [ "$1" = "reconfig" ]; then + if ! check_dnscrypt_toml; then + setup_dnscrypt_impl x + return + fi + PTXT "$INFO Found previous dnscrypt-proxy config file" + fi + PTXT "$INFO How do you want to reconfigure:" \ + "$INFO 1) Start from previous settings file" \ + "$INFO 2) Start from default config" + read_input_num "Your selection" 1 2 + case "$CHOSEN" in + 1) + PTXT "$INFO Use previous settings file" + ;; + 2) + PTXT "$INFO Backing up previous settings file..." + mv "$TOML_FILE" "$TOML_BAK" + cp -f "$TOML_ORI" "$TOML_FILE" + ;; + esac + else + cp -f "$TOML_ORI" "$TOML_FILE" + fi + case "${2:-reconfig}" in + "install" | "reconfig") + if read_yesno "Do you want to redirect all DNS resolutions on your network through to Dnscrypt-Proxy?"; then check_dns_filter 1; else check_dns_filter 0; fi + if [ "$(nvram get dns_local_cache)" != "1" ]; then { if read_yesno "Do you want to run Dnsmasq as a local caching DNS service which includes sending the routers traffic to Dnscrypt-Proxy?"; then check_dns_local 1; else check_dns_local 0; fi; }; else { check_dns_local 0; }; fi + toml_avar_enable disabled_server_names + local PHX NXT + PHX="$(grep -wn "sources.odoh-servers" "$TOML_FILE" | cut -f1 -d:)" + NXT="$((PHX + 11))" + sed -i "$PHX,$NXT s/#//g" "$TOML_FILE" + choose_dnscrypt_server + PTXT "$INFO Evaluating the possibilities for other dnscrypt-proxy configurations such as relay support..." + check_relays + PTXT "$INFO Set the DNS server(s) for initializing dnscrypt-proxy" \ + "$INFO and router services (e.g. ntp) at boot" + read_input_dns "Default is" 9.9.9.9 + read_input_dns "2nd Default is" 8.8.8.8 + read_input_num "Set log level, default is 2, 0 is the most verbose" 0 6 + toml_nvars_replace "fallback_resolvers =" "bootstrap_resolvers = [$BOOTSTRAP2]" "$TOML_FILE" + if read_yesno "Do you want to use TLSv1.3 (http3)?"; then + toml_avar_disable tls_cipher_suite + toml_avars_prep http3 true + else + toml_avar_enable tls_cipher_suite + toml_avars_prep http3 false tls_cipher_suite "\"[52393, 52392, 49199, 49195, 4867, 4865]\"" + fi + toml_avars_prep bootstrap_resolvers "\"[$BOOTSTRAP2]\"" log_level "$CHOSEN" ignore_system_dns true listen_addresses "[\'127.0.1.1:53\']" cache false cert_ignore_timestamp true max_clients 25000 keepalive 120 netprobe_timeout 120 netprobe_address "\'$PROBE\'" tls_disable_session_tickets true dnscrypt_ephemeral_keys true + case "$ROUTER_MODEL" in + RT-AX56U | RT-AX58U | RT-AX3000) + toml_avar_disable user_name + ;; + *) + toml_avars_prep user_name "\'nobody\'" + ;; + esac + PTXT "$INFO Writing dnscrypt-proxy configuration..." + if ! check_dnscrypt_toml; then + PTXT "$INFO Writing dnscrypt-proxy configuration failed " \ + "$INFO Please send $TOML_ERR file and screen log of " \ + "$INFO all operations you have made to this script dev" + return 1 + fi + ;; + esac + fi +} + +set_timezone() { + local TMP TZ_DATA INDEX TZ_ARCH + TMP="/root" + TZ_ARCH="$(uname -m)" + case $TZ_ARCH in + "aarch64" | "arm64") + TZ_ARCH="aarch64" + ;; + "armv7l") + TZ_ARCH="arm" + ;; + esac + TZ_DATA="tzdata-2021e-1-${TZ_ARCH}.pkg.tar.bz2" + download_file "$TARG_DIR" 755 "${URL_GEN}/manager" + download_file "$TMP" 644 "${URL_GEN}/${TZ_DATA}" + local INDEX + INDEX="$(tar tjf "${TMP}/${TZ_DATA}" | awk -F'/' '!/\/$/ && /\/posix\//' | wc -l)" + PTXT "$INFO Available timezones/locations:" + tar tjf "${TMP}/${TZ_DATA}" | awk -F'/' '!/\/$/ && /\/posix\//' | sort | cut -d'/' -f2- | awk -v INDEX=0 -F'/' '!/\/$/ {++INDEX;printf " " INDEX") ";for (i=5; i/dev/null 2>&1; } + rm -r "${TMP:?}/${TZ_DATA}" "${TMP:?}/usr" + end_op_message 0 +} + +toml_avar_disable() { + local VAR IDX_NX_AVAR + VAR="$1" + IDX_NX_AVAR="$(awk 'END {print NR}' "$TOML_FILE")" + sed -i "1,${IDX_NX_AVAR}{s/\(^$VAR = .*\)/# \1/}" "$TOML_FILE" +} + +toml_avar_enable() { + local VAR IDX_NX_AVAR + VAR="$1" + IDX_NX_AVAR="$(awk 'END {print NR}' "$TOML_FILE")" + sed -i "1,${IDX_NX_AVAR}{/^#.*$VAR = .*$/s/^#\ //}" "$TOML_FILE" +} + +toml_avars_prep() { + local AVARS_ARGS + AVARS_ARGS="" + AVARS_ARGS="$AVARS_ARGS $@" + eval toml_avars_write "$AVARS_ARGS" +} + +toml_avars_write() { + local IDX_NX_AVAR IDX_GLB_INS VAR VALUE TO INDEX HAS_GLB_INS SED_CMD + IDX_NX_AVAR="$(awk 'END {print NR}' "$TOML_FILE")" + IDX_GLB_INS="$(awk -v VAR="#.*Global settings.*" '($0 ~ VAR) {while (getline) {if ($0 ~ "^$") break} print NR;exit}' "$TOML_FILE")" + while [ "$#" -gt 0 ]; do + VAR="$1" + shift + VALUE="$1" + shift + TO="$(_quote "$VAR = $VALUE")" + INDEX="$(awk -v IDX="$IDX_NX_AVAR" -v VAR="^$VAR = " '($0 ~ VAR) && (NR < IDX) {print NR; exit}' "$TOML_FILE")" + if [ "$INDEX" ]; then + SED_CMD="${INDEX}{s/.*/${TO}/};${SED_CMD}" + continue + fi + INDEX="$(awk -v IDX="$IDX_NX_AVAR" -v VAR="#.*$VAR = " '($0 ~ VAR) && (NR < IDX) {print NR; exit}' "$TOML_FILE")" + if [ "$INDEX" ]; then + SED_CMD="${INDEX}{s/.*/${TO}/};${SED_CMD}" + continue + fi + [ -z "$HAS_GLB_INS" ] && SED_CMD="${SED_CMD}${IDX_GLB_INS}{s/^/\n${TO}\n" || SED_CMD="${SED_CMD}${TO}\n" + HAS_GLB_INS="1" + done + [ "$HAS_GLB_INS" ] && SED_CMD="${SED_CMD}/}" + sed -i "${SED_CMD%;}" "$TOML_FILE" +} + +toml_nvars_insert() { + PATTERN="$(_quote "$1")" + CONTENT="$(_quote "$2")" + sed -i "/${PATTERN}/a${CONTENT}" "$3" +} + +toml_nvars_replace() { + PATTERN="$(_quote "$1")" + CONTENT="$(_quote "$2")" + sed -i "s/${PATTERN}/${CONTENT}/" "$3" +} + +toml_nvars_append() { + echo "$1" >>"$2" +} + +toml_nvars_delete() { + PATTERN="$(_quote "$1")" + sed -i "/${PATTERN}/d" "$2" +} + +toml_static_removal() { + PTXT "$INFO Removing any static server configuration." + toml_nvars_delete "[static.'" "$TOML_FILE" + toml_nvars_delete "stamp =" "$TOML_FILE" +} + +uninst_all() { + if [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then + PTXT "$INFO Old Backup Detected!" + if read_yesno "Do you want to remove backup?(this will prevent restoring from backups later)"; then rm -rf "${BASE_DIR}/backup_dnscrypt.tar.gz"; else PTXT "$INFO Keeping backup instead."; fi + fi + service stop_dnscrypt-proxy >/dev/null 2>&1 + mv "${TARG_DIR}/installer" "${HOME}/installer" + rm -rf "$TARG_DIR" + del_jffs_script /jffs/scripts/dnsmasq.postconf + del_jffs_script /jffs/scripts/init-start + del_jffs_script /jffs/scripts/services-stop + { kill -s 9 "$(pidof haveged rngd stty dnscrypt-proxy)" 2>/dev/null || killall -q -9 haveged rngd stty dnscrypt-proxy 2>/dev/null; } + del_between_magic /jffs/scripts/service-event-end '# Asuswrt-Merlin-Dnscrypt-Proxy-Installer' + local MAN_PID PID + MAN_PID="$(pidof manager)" + if [ "$MAN_PID" ]; then + for PID in $MAN_PID; do + if awk '{ print }' "/proc/${PID}/cmdline" | grep -q dnscrypt; then + { kill -s 10 "$PID" 2>/dev/null || kill -s 9 "$PID" 2>/dev/null; } + break + fi + done + fi + service restart_dnsmasq >/dev/null 2>&1 + end_op_message 0 +} + +uninst_dnscrypt() { + service stop_dnscrypt-proxy >/dev/null 2>&1 + PTXT "$INFO Uninstalling dnscrypt-proxy..." + rm -f "${TARG_DIR}/dnscrypt-proxy" "${TARG_DIR}/nonroot" + del_jffs_script /jffs/scripts/dnsmasq.postconf + { kill -s 9 "$(pidof dnscrypt-proxy)" 2>/dev/null || killall -q -9 dnscrypt-proxy 2>/dev/null; } + service restart_dnsmasq >/dev/null 2>&1 + PTXT "$INFO Some configuration files are not removed in case you want to reinstall" + end_op_message 0 +} + +uninst_random() { + PTXT "$INFO Uninstalling (P)RNG..." + rm -f "${TARG_DIR}/haveged" "${TARG_DIR}/rngd" "${TARG_DIR}/stty" + { kill -s 9 "$(pidof haveged rngd stty)" 2>/dev/null || killall -q -9 haveged rngd stty 2>/dev/null; } + del_conf RAN_PRV RNG_DEV + if [ ! -f "${TARG_DIR}/localtime" ] && [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; then + del_jffs_script /jffs/scripts/init-start + del_jffs_script /jffs/scripts/services-stop + fi + end_op_message 0 +} + +unset_timezone() { + rm -f "${TARG_DIR}/localtime" + if ! grep -q "^RAN_PRV=.*$" "${TARG_DIR}/.config" && [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; then + del_jffs_script /jffs/scripts/init-start + del_jffs_script /jffs/scripts/services-stop + fi + end_op_message 0 +} + +write_conf() { + local VAR VALUE + VAR="$1" + VALUE="$2" + if [ -f "${TARG_DIR}/.opendns-auth" ]; then + mv "${TARG_DIR}/.opendns-auth" "$CONF_FILE" + chmod 644 "$CONF_FILE" + fi + if [ ! -f "$CONF_FILE" ]; then + touch "$CONF_FILE" && chmod 644 "$CONF_FILE" + fi + if grep -q "$VAR" "$CONF_FILE"; then + VALUE=$(_quote "$VALUE") + sed -i "/^$VAR=/s/=.*/=$VALUE/" "$CONF_FILE" + else + PTXT "$VAR=$VALUE" >>"$CONF_FILE" + fi +} + +write_command_script() { + local TARG COMMAND FILENAME + TARG="$1" + COMMAND="$2" + FILENAME="$(basename "$TARG")" + if [ ! -f "$TARG" ]; then + PTXT "$INFO Creating $FILENAME file" + PTXT "#!/bin/sh" >"$TARG" + fi + chmod 755 "$TARG" + if [ "$(grep -c -F "$COMMAND" "$TARG")" -gt 0 ]; then + PTXT "$INFO $FILENAME file already configured" + else + PTXT "$INFO Configure $FILENAME file" + PTXT "$COMMAND" >>"$TARG" + fi +} + +write_manager_script() { + local TARG OP FILENAME COMMAND + TARG="$1" + OP="$2" + FILENAME="$(basename "$TARG")" + COMMAND="${TARG_DIR}/manager" + if [ ! -f "$TARG" ]; then + PTXT "$INFO Creating $FILENAME file" + PTXT "#!/bin/sh" >"$TARG" + fi + chmod 755 "$TARG" "$COMMAND" + del_between_magic "$TARG" dnscrypt-asuswrt-installer + if [ "$(grep -c -F "[ -x $COMMAND ] && $COMMAND $OP" "$TARG")" -gt 0 ]; then + PTXT "$INFO $FILENAME file already configured" + else + PTXT "$INFO Configure $FILENAME file" + if grep -q "^$COMMAND" "$TARG"; then + sed -i "s~^$COMMAND~[ -x $COMMAND ] \&\& $COMMAND $OP~" "$TARG" + else + del_jffs_script "$TARG" !manager + [ "$(tail -1 "$TARG" | grep -c '^$')" -eq 0 ] && PTXT "" >>"$TARG" + PTXT "[ -x $COMMAND ] && $COMMAND $OP" >>"$TARG" + fi + fi } [ "$1" ] && BRANCH="$1" || BRANCH="master" @@ -1673,148 +1851,172 @@ ROUTER_ARCH="$(uname -m)" [ "$(nvram get sw_mode)" != "1" ] && PTXT "$ERROR You are not running in router mode, sorry." && sleep 3 && exit 1 if [ -z "$2" ]; then - printf '\e[8;50;125t' - printf '\033[?7l' - clear - sed -n '2,21p' "$0" - printf '\033[?7h' + printf '\e[8;50;125t' + printf '\033[?7l' + clear + sed -n '2,21p' "$0" + printf '\033[?7h' fi case "$ROUTER_MODEL" in - #RT-AX56U|RT-AX58U|RT-AX3000) - # PTXT "$ERROR This is an unsupported router, sorry." - # exit 1 - # ;; - *) - [ -z "$2" ] && PTXT "$INFO Detected $ROUTER_MODEL router." - ;; +#RT-AX56U|RT-AX58U|RT-AX3000) +# PTXT "$ERROR This is an unsupported router, sorry." +# exit 1 +# ;; +*) + [ -z "$2" ] && PTXT "$INFO Detected $ROUTER_MODEL router." + ;; esac case "$ROUTER_OS" in - "Linux") - [ -z "$2" ] && PTXT "$INFO Detected $ROUTER_OS platform." - ROUTER_OS="linux" - ;; - *) - PTXT "$ERROR This is an unsupported platform, sorry." - exit 1 - ;; +"Linux") + [ -z "$2" ] && PTXT "$INFO Detected $ROUTER_OS platform." + ROUTER_OS="linux" + ;; +*) + PTXT "$ERROR This is an unsupported platform, sorry." + exit 1 + ;; esac case "$ROUTER_ARCH" in - "aarch64"|"arm64") - ROUTER_ARCH="arm64" - URL_ARCH="${RURL}/armv8" - DNSCRYPT_ARCH="${ROUTER_OS}_${ROUTER_ARCH}" - DNSCRYPT_ARCH_TAR="${ROUTER_OS}-${ROUTER_ARCH}" - [ -z "$2" ] && PTXT "$INFO Detected ARMv8 architecture." - ;; - "armv7l") - ROUTER_ARCH="arm" - URL_ARCH="${RURL}/armv7" - DNSCRYPT_ARCH="${ROUTER_OS}_${ROUTER_ARCH}" - DNSCRYPT_ARCH_TAR="${ROUTER_OS}-${ROUTER_ARCH}" - [ -z "$2" ] && PTXT "$INFO Detected ARMv7 architecture." - ;; - *) - PTXT "$ERROR This is an unsupported architecture, sorry." - exit 1 - ;; +"aarch64" | "arm64") + ROUTER_ARCH="arm64" + URL_ARCH="${RURL}/armv8" + DNSCRYPT_ARCH="${ROUTER_OS}_${ROUTER_ARCH}" + DNSCRYPT_ARCH_TAR="${ROUTER_OS}-${ROUTER_ARCH}" + [ -z "$2" ] && PTXT "$INFO Detected ARMv8 architecture." + ;; +"armv7l") + ROUTER_ARCH="arm" + URL_ARCH="${RURL}/armv7" + DNSCRYPT_ARCH="${ROUTER_OS}_${ROUTER_ARCH}" + DNSCRYPT_ARCH_TAR="${ROUTER_OS}-${ROUTER_ARCH}" + [ -z "$2" ] && PTXT "$INFO Detected ARMv7 architecture." + ;; +*) + PTXT "$ERROR This is an unsupported architecture, sorry." + exit 1 + ;; esac case "$2" in - "update") - inst_dnscrypt "$2" - ;; - *) - cleanup - check_jffs_enabled - check_dns_environment - check_version - ;; +"install" | "update") + if [ ! -d "$TARG_DIR" ] && [ "$2" = "update" ]; then exit 1; fi + inst_dnscrypt "$2" + ;; +"uninstall") + if [ ! -d "$TARG_DIR" ]; then exit 1; fi + case "${3:-all}" in + all) + uninst_all + ;; + proxy) + uninst_dnscrypt + ;; + rng) + uninst_random + ;; + esac + ;; +"set" | "unset") + if [ ! -d "$TARG_DIR" ]; then exit 1; fi + ${2}_timezone + ;; +"BACKUP" | "RESTORE") + if { [ ! -d "$TARG_DIR" ] && [ ! -f "${TARG_DIR}/dnscrypt-proxy" ] && [ "$2" = "BACKUP" ]; }; then exit 1; fi + if { [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ] && [ "$2" = "RESTORE" ]; }; then exit 1; fi + backup_restore "$2" + ;; +*) + cleanup + check_jffs_enabled + check_dns_environment + check_version + ;; esac -menu () { - trap - HUP INT QUIT ABRT TERM - PTXT "$INFO Choose what you want to do:" \ - " 1) Install/Update dnscrypt-proxy" \ - " 2) Uninstall dnscrypt-proxy" \ - " 3) Configure dnscrypt-proxy" \ - " 4) Set timezone" \ - " 5) Unset timezone" \ - " 6) Install (P)RNG" \ - " 7) Uninstall (P)RNG" \ - " 8) Install swap file" \ - " 9) Uninstall ALL" - if { [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ]; }; then { PTXT " b) Backup"; }; fi - if { [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; }; then { PTXT " r) Restore"; }; fi - PTXT " q) Quit" - if { [ ! -d "$TARG_DIR" ] || [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; } && [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then { read_input_num "Please enter the number that designates your selection:" 1 9 q; }; fi - if { [ ! -d "$TARG_DIR" ] || [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; } && [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then { read_input_num "Please enter the number that designates your selection:" 1 9 r q; }; fi - if { [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ] && [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; }; then { read_input_num "Please enter the number that designates your selection:" 1 9 b q; }; fi - if { [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ] && [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; }; then { read_input_num "Please enter the number that designates your selection:" 1 9 b r q; }; fi - [ -n "$CHOSEN" ] && trap 'clear; end_op_message 2' HUP INT QUIT ABRT TERM - case "$CHOSEN" in - 1) - PTXT "$INFO This operation will install dnscrypt-proxy and related files (<6MB)" \ - "$INFO to jffs, no other data will be changed." \ - "$INFO Also some start scripts will be installed/modified as required." - if read_yesno "Do you want to install dnscrypt-proxy to /jffs?"; then inst_dnscrypt; else end_op_message 1; fi - ;; - 2) - PTXT "$INFO This operation will uninstall dnscrypt-proxy and related files" \ - "$INFO from jffs, no other data will be changed." \ - "$INFO Also some start scripts will be modified as required." - if read_yesno "Do you want to uninstall dnscrypt-proxy from /jffs?"; then uninst_dnscrypt; else end_op_message 1; fi - ;; - 3) - PTXT "$INFO This operation allows you to configure dnscrypt-proxy" - if read_yesno "Do you want to proceed?"; then setup_dnscrypt reconfig; else end_op_message 1; fi - ;; - 4) - PTXT "$INFO This operation allows you to set your router timezone for background services and processes." - if read_yesno "Do you want to proceed?"; then set_timezone; else end_op_message 1; fi - ;; - 5) - PTXT "$INFO This operation allows you to unset your router timezone for background services and processes." - if read_yesno "Do you want to proceed?"; then unset_timezone; else end_op_message 1; fi - ;; - 6) - PTXT "$INFO This operation will install a (P)RNG (<0.5MB) to jffs, no other data will be changed." \ - "$INFO Also some start scripts will be installed/modified as required." - if read_yesno "Do you want to install (P)RNG to /jffs?"; then inst_random; else end_op_message 1; fi - ;; - 7) - PTXT "$INFO This operation will uninstall (P)RNG" \ - "$INFO from jffs, no other data will be changed." \ - "$INFO Also some start scripts will be installed/modified as required." - if read_yesno "Do you want to uninstall (P)RNG from /jffs?"; then uninst_random; else end_op_message 1; fi - ;; - 8) - PTXT "$INFO This operation will install a swap file for your device." \ - "$INFO You need an external USB storage to host this file." - if read_yesno "Do you want to install a swap file (512MB on ext filesystem partition)?"; then check_swap; else end_op_message 1; fi - ;; - 9) - PTXT "$INFO This operation will cleanup everything installed by this script (except swap)." - if read_yesno "Do you want to continue?"; then uninst_all; else end_op_message 1; fi - ;; - b|B) - PTXT "$INFO This operation will backup everything!" - if read_yesno "Do you want to continue?"; then backup_restore BACKUP; else end_op_message 1; fi - ;; - r|R) - PTXT "$INFO This operation will restore everything!" - if read_yesno "Do you want to continue?"; then backup_restore RESTORE; else end_op_message 1; fi - ;; - q|Q) - PTXT "$INFO Operations have been applied if any has been made" \ - "$INFO In case of anomaly, please reboot your router!" - if [ -f "${HOME}/installer" ]; then rm -rf "${HOME}/installer"; fi - sleep 3 - clear - ;; - esac +menu() { + trap - HUP INT QUIT ABRT TERM + PTXT "$INFO Choose what you want to do:" \ + " 1) Install/Update dnscrypt-proxy" \ + " 2) Uninstall dnscrypt-proxy" \ + " 3) Configure dnscrypt-proxy" \ + " 4) Set timezone" \ + " 5) Unset timezone" \ + " 6) Install (P)RNG" \ + " 7) Uninstall (P)RNG" \ + " 8) Install swap file" \ + " 9) Uninstall ALL" + if { [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ]; }; then { PTXT " b) Backup"; }; fi + if { [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; }; then { PTXT " r) Restore"; }; fi + PTXT " q) Quit" + if { [ ! -d "$TARG_DIR" ] || [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; } && [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then { read_input_num "Please enter the number that designates your selection:" 1 9 q; }; fi + if { [ ! -d "$TARG_DIR" ] || [ ! -f "${TARG_DIR}/dnscrypt-proxy" ]; } && [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; then { read_input_num "Please enter the number that designates your selection:" 1 9 r q; }; fi + if { [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ] && [ ! -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; }; then { read_input_num "Please enter the number that designates your selection:" 1 9 b q; }; fi + if { [ -d "$TARG_DIR" ] && [ -f "${TARG_DIR}/dnscrypt-proxy" ] && [ -f "${BASE_DIR}/backup_dnscrypt.tar.gz" ]; }; then { read_input_num "Please enter the number that designates your selection:" 1 9 b r q; }; fi + [ -n "$CHOSEN" ] && trap 'clear; end_op_message 2' HUP INT QUIT ABRT TERM + case "$CHOSEN" in + 1) + PTXT "$INFO This operation will install dnscrypt-proxy and related files (<6MB)" \ + "$INFO to jffs, no other data will be changed." \ + "$INFO Also some start scripts will be installed/modified as required." + if read_yesno "Do you want to install dnscrypt-proxy to /jffs?"; then inst_dnscrypt; else end_op_message 1; fi + ;; + 2) + PTXT "$INFO This operation will uninstall dnscrypt-proxy and related files" \ + "$INFO from jffs, no other data will be changed." \ + "$INFO Also some start scripts will be modified as required." + if read_yesno "Do you want to uninstall dnscrypt-proxy from /jffs?"; then uninst_dnscrypt; else end_op_message 1; fi + ;; + 3) + PTXT "$INFO This operation allows you to configure dnscrypt-proxy" + if read_yesno "Do you want to proceed?"; then setup_dnscrypt reconfig; else end_op_message 1; fi + ;; + 4) + PTXT "$INFO This operation allows you to set your router timezone for background services and processes." + if read_yesno "Do you want to proceed?"; then set_timezone; else end_op_message 1; fi + ;; + 5) + PTXT "$INFO This operation allows you to unset your router timezone for background services and processes." + if read_yesno "Do you want to proceed?"; then unset_timezone; else end_op_message 1; fi + ;; + 6) + PTXT "$INFO This operation will install a (P)RNG (<0.5MB) to jffs, no other data will be changed." \ + "$INFO Also some start scripts will be installed/modified as required." + if read_yesno "Do you want to install (P)RNG to /jffs?"; then inst_random; else end_op_message 1; fi + ;; + 7) + PTXT "$INFO This operation will uninstall (P)RNG" \ + "$INFO from jffs, no other data will be changed." \ + "$INFO Also some start scripts will be installed/modified as required." + if read_yesno "Do you want to uninstall (P)RNG from /jffs?"; then uninst_random; else end_op_message 1; fi + ;; + 8) + PTXT "$INFO This operation will install a swap file for your device." \ + "$INFO You need an external USB storage to host this file." + if read_yesno "Do you want to install a swap file (512MB on ext filesystem partition)?"; then check_swap; else end_op_message 1; fi + ;; + 9) + PTXT "$INFO This operation will cleanup everything installed by this script (except swap)." + if read_yesno "Do you want to continue?"; then uninst_all; else end_op_message 1; fi + ;; + b | B) + PTXT "$INFO This operation will backup everything!" + if read_yesno "Do you want to continue?"; then backup_restore BACKUP; else end_op_message 1; fi + ;; + r | R) + PTXT "$INFO This operation will restore everything!" + if read_yesno "Do you want to continue?"; then backup_restore RESTORE; else end_op_message 1; fi + ;; + q | Q) + PTXT "$INFO Operations have been applied if any has been made" \ + "$INFO In case of anomaly, please reboot your router!" + if [ -f "${HOME}/installer" ]; then rm -rf "${HOME}/installer"; fi + sleep 3 + clear + ;; + esac } menu diff --git a/installer.md5sum b/installer.md5sum index 7d4a511..46240ba 100644 --- a/installer.md5sum +++ b/installer.md5sum @@ -1 +1 @@ -90a81d26625dac59641bbf4bfa9159b5 +83efd84470e36a153b175999cff1c4d7