blob: dab883db15777be51532dd555fd25e2409da29de (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
#!/bin/bash
# https://gitlab.archlinux.org/pacman/pacman/raw/master/proto/proto.install
service=awsvpnclient
tput_reset="$(tput sgr0)"
tput_bold="${all_off}$(tput bold)"
tput_blue="${bold}$(tput setaf 4)"
tput_yellow="${bold}$(tput setaf 3)"
note() {
printf "${tput_blue}==>${tput_yellow} NOTE:${tput_bold} %s${tput_reset}\n" "$1"
}
update_openssl_fips() {
# this has been adopted from the original debian install script
local OPENVPN_PATH=/opt/awsvpnclient/Service/Resources/openvpn
echo "Installing openssl FIPS module..."
pushd $OPENVPN_PATH
LD_LIBRARY_PATH="$OPENVPN_PATH" $OPENVPN_PATH/openssl \
fipsinstall \
-out "${OPENVPN_PATH}/fipsmodule.cnf" \
-module $OPENVPN_PATH/fips.so
popd
}
# pre_install() {}
post_install() {
update_openssl_fips
systemctl daemon-reload
note "The AWS VPN Client requires the ${service}.service and systemd-resolved.service to be running!"
note "Please enable ${service} with 'sudo systemctl enable ${service} && sudo systemctl start ${service}'"
}
# pre_upgrade() {}
post_upgrade() {
update_openssl_fips
systemctl daemon-reload
note "You may need to restart the ${service} service with 'sudo systemctl restart ${service}'"
note "Restarting the service ${service} will interrupt your current connections!"
}
pre_remove() {
systemctl stop awsvpnclient
systemctl disable awsvpnclient
rm -f /opt/awsvpnclient/Service/Resources/openvpn/fipsmodule.cnf
}
# post_remove() {}
|