feat: add version 10 support for RHEL-based distributions (#1346)

## Summary

- Add version 10 support for CentOS Stream, Rocky Linux, AlmaLinux, and
Oracle Linux
- Consolidate version check logic into a single check for all RHEL-based
distributions
- Fix Rocky Linux Docker image names to `rockylinux/rockylinux:tag`
- Increase Easy-RSA download curl retry from 3 to 5
- Fail early if EPEL/Copr repository setup fails
- Fix Oracle Linux EPEL package name (`oracle-epel-release-el*` instead
of `epel-release`)

## Changes

### `openvpn-install.sh`
- Combine version checks for CentOS/Rocky/AlmaLinux and Oracle Linux
into one
- Update error message to list supported distributions
- Change Easy-RSA download `--retry 3` to `--retry 5`
- Add `|| log_fatal` to EPEL and Copr setup commands to fail early on
errors
- Use `oracle-epel-release-el{8,9,10}` for Oracle Linux instead of
`epel-release`

### `.github/workflows/docker-test.yml`
- Add CentOS Stream 10 (`quay.io/centos/centos:stream10`)
- Add Rocky Linux 10 (`rockylinux/rockylinux:10`)
- Add AlmaLinux 10 (`almalinux:10`)
- Add Oracle Linux 10 (`oraclelinux:10`)
- Fix Rocky Linux image names from `rockylinux:X` to
`rockylinux/rockylinux:X`

## Test plan

- [ ] CI passes for existing distributions
- [ ] CI passes for new version 10 distributions (where images are
available)

.github/workflows/docker-test.yml

@@ -36,24 +36,32 @@ jobs:
             image: debian:12
           - name: centos-stream-9
             image: quay.io/centos/centos:stream9
+          - name: centos-stream-10
+            image: quay.io/centos/centos:stream10
           - name: fedora-42
             image: fedora:42
           - name: fedora-43
             image: fedora:43
           - name: rocky-8
-            image: rockylinux:8
+            image: rockylinux/rockylinux:8
           - name: rocky-9
-            image: rockylinux:9
+            image: rockylinux/rockylinux:9
+          - name: rocky-10
+            image: rockylinux/rockylinux:10
           - name: almalinux-8
             image: almalinux:8
           - name: almalinux-9
             image: almalinux:9
+          - name: almalinux-10
+            image: almalinux:10
           - name: archlinux
             image: archlinux:latest
           - name: oraclelinux-8
             image: oraclelinux:8
           - name: oraclelinux-9
             image: oraclelinux:9
+          - name: oraclelinux-10
+            image: oraclelinux:10
           - name: amazonlinux-2023
             image: amazonlinux:2023
 

openvpn-install.sh

@@ -196,17 +196,13 @@ function checkOS() {
 		fi
 		if [[ $ID == "centos" || $ID == "rocky" || $ID == "almalinux" ]]; then
 			OS="centos"
-			if [[ ${VERSION_ID%.*} -lt 8 ]]; then
-				log_info "The script only supports CentOS Stream 8+ / Rocky Linux 8+ / AlmaLinux 8+."
-				log_fatal "Your version of CentOS is not supported."
-			fi
 		fi
 		if [[ $ID == "ol" ]]; then
 			OS="oracle"
-			if [[ ! $VERSION_ID =~ ^(8|9) ]]; then
-				log_info "The script only supports Oracle Linux 8 and 9."
-				log_fatal "Your version of Oracle Linux is not supported."
-			fi
+		fi
+		if [[ $OS =~ (centos|oracle) ]] && [[ ${VERSION_ID%.*} -lt 8 ]]; then
+			log_info "The script only supports CentOS Stream / Rocky Linux / AlmaLinux / Oracle Linux version 8+."
+			log_fatal "Your version is not supported."
 		fi
 		if [[ $ID == "amzn" ]]; then
 			if [[ "$(echo "$PRETTY_NAME" | cut -c 1-18)" == "Amazon Linux 2023." ]] && [[ "$(echo "$PRETTY_NAME" | cut -c 19)" -ge 6 ]]; then
@@ -220,7 +216,7 @@ function checkOS() {
 	elif [[ -e /etc/arch-release ]]; then
 		OS=arch
 	else
-		log_fatal "It looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, Amazon Linux 2023, Oracle Linux or Arch Linux system."
+		log_fatal "It looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, Amazon Linux 2023, Oracle Linux, Arch Linux, Rocky Linux or AlmaLinux system."
 	fi
 }
 
@@ -324,14 +320,21 @@ function installOpenVPNRepo() {
 		# EPEL is required for pkcs11-helper dependency
 		log_info "Configuring OpenVPN Copr repository for RHEL-based system..."
 
-		if ! command -v dnf &>/dev/null; then
-			run_cmd "Installing EPEL repository" yum install -y epel-release
-			run_cmd "Installing yum-plugin-copr" yum install -y yum-plugin-copr
-			run_cmd "Enabling OpenVPN Copr repo" yum copr enable -y @OpenVPN/openvpn-release-2.6
+		# Oracle Linux uses oracle-epel-release-el* instead of epel-release
+		if [[ $OS == "oracle" ]]; then
+			EPEL_PACKAGE="oracle-epel-release-el${VERSION_ID%.*}"
 		else
-			run_cmd "Installing EPEL repository" dnf install -y epel-release
-			run_cmd "Installing dnf-plugins-core" dnf install -y dnf-plugins-core
-			run_cmd "Enabling OpenVPN Copr repo" dnf copr enable -y @OpenVPN/openvpn-release-2.6
+			EPEL_PACKAGE="epel-release"
+		fi
+
+		if ! command -v dnf &>/dev/null; then
+			run_cmd "Installing EPEL repository" yum install -y "$EPEL_PACKAGE" || log_fatal "Failed to install EPEL repository"
+			run_cmd "Installing yum-plugin-copr" yum install -y yum-plugin-copr || log_fatal "Failed to install yum-plugin-copr"
+			run_cmd "Enabling OpenVPN Copr repo" yum copr enable -y @OpenVPN/openvpn-release-2.6 || log_fatal "Failed to enable OpenVPN Copr repo"
+		else
+			run_cmd "Installing EPEL repository" dnf install -y "$EPEL_PACKAGE" || log_fatal "Failed to install EPEL repository"
+			run_cmd "Installing dnf-plugins-core" dnf install -y dnf-plugins-core || log_fatal "Failed to install dnf-plugins-core"
+			run_cmd "Enabling OpenVPN Copr repo" dnf copr enable -y @OpenVPN/openvpn-release-2.6 || log_fatal "Failed to enable OpenVPN Copr repo"
 		fi
 
 		log_info "OpenVPN Copr repository configured"
@@ -1002,7 +1005,7 @@ function installOpenVPN() {
 
 	# Install the latest version of easy-rsa from source, if not already installed.
 	if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then
-		run_cmd "Downloading Easy-RSA v${EASYRSA_VERSION}" curl -fL --retry 3 -o ~/easy-rsa.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_VERSION}/EasyRSA-${EASYRSA_VERSION}.tgz"
+		run_cmd "Downloading Easy-RSA v${EASYRSA_VERSION}" curl -fL --retry 5 -o ~/easy-rsa.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_VERSION}/EasyRSA-${EASYRSA_VERSION}.tgz"
 		log_info "Verifying Easy-RSA checksum..."
 		CHECKSUM_OUTPUT=$(echo "${EASYRSA_SHA256}  $HOME/easy-rsa.tgz" | sha256sum -c 2>&1) || {
 			_log_to_file "[CHECKSUM] $CHECKSUM_OUTPUT"