Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-06 20:52:42 +01:00
Code Issues Projects Releases Wiki Activity

security: add SHA256 checksum verification for easy-rsa download

Browse Source 
Adds integrity verification to prevent supply chain attacks when
downloading easy-rsa from GitHub releases.
This commit is contained in:
Stanislas Lange
2025-12-04 18:07:44 +01:00
committed by Stanislas
parent 1c5381cc03
commit 94f0967878
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
openvpn-install.sh
View File

@@ -746,7 +746,14 @@ function installOpenVPN() {
# Install the latest version of easy-rsa from source, if not already installed. # Install the latest version of easy-rsa from source, if not already installed.
if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then
local version="3.1.2" local version="3.1.2"
local easy_rsa_sha256="d63cf129490ffd6d8792ede7344806c506c82c32428b5bb609ad97ca6a6e4499"
wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz
echo "${easy_rsa_sha256} ~/easy-rsa.tgz" | sha256sum -c
if [[ $? -ne 0 ]]; then
echo "SHA256 checksum verification failed for easy-rsa download!"
rm -f ~/easy-rsa.tgz
exit 1
fi
mkdir -p /etc/openvpn/easy-rsa mkdir -p /etc/openvpn/easy-rsa
tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/easy-rsa tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/easy-rsa
rm -f ~/easy-rsa.tgz rm -f ~/easy-rsa.tgz