From 4b00f44e8e68ae7e73b7a5eb6eaeef09aa6fc42a Mon Sep 17 00:00:00 2001 From: Stanislas Date: Thu, 11 Dec 2025 20:22:00 +0100 Subject: [PATCH] feat: add version 10 support for RHEL-based distributions (#1346) ## Summary - Add version 10 support for CentOS Stream, Rocky Linux, AlmaLinux, and Oracle Linux - Consolidate version check logic into a single check for all RHEL-based distributions - Fix Rocky Linux Docker image names to `rockylinux/rockylinux:tag` - Increase Easy-RSA download curl retry from 3 to 5 - Fail early if EPEL/Copr repository setup fails - Fix Oracle Linux EPEL package name (`oracle-epel-release-el*` instead of `epel-release`) ## Changes ### `openvpn-install.sh` - Combine version checks for CentOS/Rocky/AlmaLinux and Oracle Linux into one - Update error message to list supported distributions - Change Easy-RSA download `--retry 3` to `--retry 5` - Add `|| log_fatal` to EPEL and Copr setup commands to fail early on errors - Use `oracle-epel-release-el{8,9,10}` for Oracle Linux instead of `epel-release` ### `.github/workflows/docker-test.yml` - Add CentOS Stream 10 (`quay.io/centos/centos:stream10`) - Add Rocky Linux 10 (`rockylinux/rockylinux:10`) - Add AlmaLinux 10 (`almalinux:10`) - Add Oracle Linux 10 (`oraclelinux:10`) - Fix Rocky Linux image names from `rockylinux:X` to `rockylinux/rockylinux:X` ## Test plan - [ ] CI passes for existing distributions - [ ] CI passes for new version 10 distributions (where images are available) --- .github/workflows/docker-test.yml | 12 ++++++++-- openvpn-install.sh | 37 +++++++++++++++++-------------- 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml index 2ac72d6..a2d2b5f 100644 --- a/.github/workflows/docker-test.yml +++ b/.github/workflows/docker-test.yml @@ -36,24 +36,32 @@ jobs: image: debian:12 - name: centos-stream-9 image: quay.io/centos/centos:stream9 + - name: centos-stream-10 + image: quay.io/centos/centos:stream10 - name: fedora-42 image: fedora:42 - name: fedora-43 image: fedora:43 - name: rocky-8 - image: rockylinux:8 + image: rockylinux/rockylinux:8 - name: rocky-9 - image: rockylinux:9 + image: rockylinux/rockylinux:9 + - name: rocky-10 + image: rockylinux/rockylinux:10 - name: almalinux-8 image: almalinux:8 - name: almalinux-9 image: almalinux:9 + - name: almalinux-10 + image: almalinux:10 - name: archlinux image: archlinux:latest - name: oraclelinux-8 image: oraclelinux:8 - name: oraclelinux-9 image: oraclelinux:9 + - name: oraclelinux-10 + image: oraclelinux:10 - name: amazonlinux-2023 image: amazonlinux:2023 diff --git a/openvpn-install.sh b/openvpn-install.sh index 5e0eeaa..8a22e93 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -196,17 +196,13 @@ function checkOS() { fi if [[ $ID == "centos" || $ID == "rocky" || $ID == "almalinux" ]]; then OS="centos" - if [[ ${VERSION_ID%.*} -lt 8 ]]; then - log_info "The script only supports CentOS Stream 8+ / Rocky Linux 8+ / AlmaLinux 8+." - log_fatal "Your version of CentOS is not supported." - fi fi if [[ $ID == "ol" ]]; then OS="oracle" - if [[ ! $VERSION_ID =~ ^(8|9) ]]; then - log_info "The script only supports Oracle Linux 8 and 9." - log_fatal "Your version of Oracle Linux is not supported." - fi + fi + if [[ $OS =~ (centos|oracle) ]] && [[ ${VERSION_ID%.*} -lt 8 ]]; then + log_info "The script only supports CentOS Stream / Rocky Linux / AlmaLinux / Oracle Linux version 8+." + log_fatal "Your version is not supported." fi if [[ $ID == "amzn" ]]; then if [[ "$(echo "$PRETTY_NAME" | cut -c 1-18)" == "Amazon Linux 2023." ]] && [[ "$(echo "$PRETTY_NAME" | cut -c 19)" -ge 6 ]]; then @@ -220,7 +216,7 @@ function checkOS() { elif [[ -e /etc/arch-release ]]; then OS=arch else - log_fatal "It looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, Amazon Linux 2023, Oracle Linux or Arch Linux system." + log_fatal "It looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, Amazon Linux 2023, Oracle Linux, Arch Linux, Rocky Linux or AlmaLinux system." fi } @@ -324,14 +320,21 @@ function installOpenVPNRepo() { # EPEL is required for pkcs11-helper dependency log_info "Configuring OpenVPN Copr repository for RHEL-based system..." - if ! command -v dnf &>/dev/null; then - run_cmd "Installing EPEL repository" yum install -y epel-release - run_cmd "Installing yum-plugin-copr" yum install -y yum-plugin-copr - run_cmd "Enabling OpenVPN Copr repo" yum copr enable -y @OpenVPN/openvpn-release-2.6 + # Oracle Linux uses oracle-epel-release-el* instead of epel-release + if [[ $OS == "oracle" ]]; then + EPEL_PACKAGE="oracle-epel-release-el${VERSION_ID%.*}" else - run_cmd "Installing EPEL repository" dnf install -y epel-release - run_cmd "Installing dnf-plugins-core" dnf install -y dnf-plugins-core - run_cmd "Enabling OpenVPN Copr repo" dnf copr enable -y @OpenVPN/openvpn-release-2.6 + EPEL_PACKAGE="epel-release" + fi + + if ! command -v dnf &>/dev/null; then + run_cmd "Installing EPEL repository" yum install -y "$EPEL_PACKAGE" || log_fatal "Failed to install EPEL repository" + run_cmd "Installing yum-plugin-copr" yum install -y yum-plugin-copr || log_fatal "Failed to install yum-plugin-copr" + run_cmd "Enabling OpenVPN Copr repo" yum copr enable -y @OpenVPN/openvpn-release-2.6 || log_fatal "Failed to enable OpenVPN Copr repo" + else + run_cmd "Installing EPEL repository" dnf install -y "$EPEL_PACKAGE" || log_fatal "Failed to install EPEL repository" + run_cmd "Installing dnf-plugins-core" dnf install -y dnf-plugins-core || log_fatal "Failed to install dnf-plugins-core" + run_cmd "Enabling OpenVPN Copr repo" dnf copr enable -y @OpenVPN/openvpn-release-2.6 || log_fatal "Failed to enable OpenVPN Copr repo" fi log_info "OpenVPN Copr repository configured" @@ -1002,7 +1005,7 @@ function installOpenVPN() { # Install the latest version of easy-rsa from source, if not already installed. if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then - run_cmd "Downloading Easy-RSA v${EASYRSA_VERSION}" curl -fL --retry 3 -o ~/easy-rsa.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_VERSION}/EasyRSA-${EASYRSA_VERSION}.tgz" + run_cmd "Downloading Easy-RSA v${EASYRSA_VERSION}" curl -fL --retry 5 -o ~/easy-rsa.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_VERSION}/EasyRSA-${EASYRSA_VERSION}.tgz" log_info "Verifying Easy-RSA checksum..." CHECKSUM_OUTPUT=$(echo "${EASYRSA_SHA256} $HOME/easy-rsa.tgz" | sha256sum -c 2>&1) || { _log_to_file "[CHECKSUM] $CHECKSUM_OUTPUT"