From d30d9630b6465982ee1ee2eba325f48f65fb5079 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 31 Oct 2017 11:38:09 +0100 Subject: [PATCH] wg-quick: allow for the hatchet, but not by default Signed-off-by: Jason A. Donenfeld --- contrib/dns-hatchet/README | 8 +++++++ contrib/dns-hatchet/apply.sh | 6 +++++ contrib/dns-hatchet/hatchet.bash | 39 ++++++++++++++++++++++++++++++++ src/wg-quick.bash | 2 ++ 4 files changed, 55 insertions(+) create mode 100644 contrib/dns-hatchet/README create mode 100755 contrib/dns-hatchet/apply.sh create mode 100644 contrib/dns-hatchet/hatchet.bash diff --git a/contrib/dns-hatchet/README b/contrib/dns-hatchet/README new file mode 100644 index 0000000..edb60ce --- /dev/null +++ b/contrib/dns-hatchet/README @@ -0,0 +1,8 @@ +The DNS Hatchet +=============== + +This is a workaround for distributions without resolvconf or any proper +mechanism of setting the DNS. Running 'apply.sh` in this directory will +insert 'hatchet.bash` into the right place in 'wg-quick.bash`. It is +recommended that distributions without any resolvconf available run this +before calling 'make install` in their packaging scripts. diff --git a/contrib/dns-hatchet/apply.sh b/contrib/dns-hatchet/apply.sh new file mode 100755 index 0000000..ce35ecd --- /dev/null +++ b/contrib/dns-hatchet/apply.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ME="$(readlink -f "$(dirname "$(readlink -f "$0")")")" +TOOLS="$ME/../../../src/tools" + +sed -i "/~~ function override insertion point ~~/r $ME/hatchet.bash" "$TOOLS/wg-quick.bash" diff --git a/contrib/dns-hatchet/hatchet.bash b/contrib/dns-hatchet/hatchet.bash new file mode 100644 index 0000000..793684c --- /dev/null +++ b/contrib/dns-hatchet/hatchet.bash @@ -0,0 +1,39 @@ +set_dns() { + [[ ${#DNS[@]} -gt 0 ]] || return 0 + + if [[ $(resolvconf --version 2>/dev/null) == openresolv\ * ]]; then + printf 'nameserver %s\n' "${DNS[@]}" | cmd resolvconf -a "$INTERFACE" -m 0 -x + else + echo "[#] mount \`${DNS[*]}' /etc/resolv.conf" >&2 + [[ -e /etc/resolv.conf ]] || touch /etc/resolv.conf + { cat <<-_EOF + # This file was generated by wg-quick(8) for use with + # the WireGuard interface $INTERFACE. It cannot be + # removed or altered directly. You may remove this file + # by running \`wg-quick down $INTERFACE', or if that + # poses problems, run \`umount /etc/resolv.conf'. + + _EOF + printf 'nameserver %s\n' "${DNS[@]}" + } | unshare -m --propagation shared bash -c "$(cat <<-_EOF + set -e + mount --make-private /dev/shm + mount -t tmpfs none /dev/shm + cat > /dev/shm/resolv.conf + mount -o remount,ro /dev/shm + mount -o bind,ro /dev/shm/resolv.conf /etc/resolv.conf + _EOF + )" + fi + HAVE_SET_DNS=1 +} + +unset_dns() { + [[ ${#DNS[@]} -gt 0 ]] || return 0 + + if [[ $(resolvconf --version 2>/dev/null) == openresolv\ * ]]; then + cmd resolvconf -d "$INTERFACE" + else + cmd umount /etc/resolv.conf + fi +} diff --git a/src/wg-quick.bash b/src/wg-quick.bash index b98a18b..17fe672 100755 --- a/src/wg-quick.bash +++ b/src/wg-quick.bash @@ -264,6 +264,8 @@ cmd_down() { execute_hooks "${POST_DOWN[@]}" } +# ~~ function override insertion point ~~ + if [[ $# -eq 1 && ( $1 == --help || $1 == -h || $1 == help ) ]]; then cmd_usage elif [[ $# -eq 2 && $1 == up ]]; then