-
Notifications
You must be signed in to change notification settings - Fork 625
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert some minor changes #882
Conversation
Thank you. |
Without
I changed uninstall.sh to get started. Will do all other scripts that have /24 hardcoded later.
Line 1401 in ca11f79
Line 1403 in ca11f79
Line 1268 in ca11f79
If we delete those three directories as well as Lol, wanted to say "Use ${subnetClass} variable, create openvpn home, add shellcheck reminder" as commit message but the shell expanded the variable, should have used single quotes. |
Well then, OK.
So, keep them alltogether. Most likely, we should ask what the user wants us to with them, anyway: Keep || do them away. This is true for any such stuff as |
Perfect.
Ideally, pivpn would verify identity between settings in |
I mean, take the openvpn server. If we remove the easy-rsa folder, which contains the public key infrastructure, the .ovpn files simply can’t be used because the certificates inside refer to the cerificates in the pki. Same with wireguard. If you delete the server config, which contains public/private keys, then client configs are useless. So why keep them anyways?
In my opinion, the uninstall script should undo all changes to the system the install script did. What do you think an uninstall script should do?
Apart from subnetClass, all of the above variables can just be derived from the VPN variable. However if we decide not to hardcode CIDRs inside the script it makes sense to me to derive them once and source them in all script that use them (look at the openvpn and wireguard folder).
Good idea |
I mean, at least ask and double-check whether the user really intents us to unlink her certs and stuff. I personally prefer having the "old" certs around in a versioned/dated backup-directory for some time longer. It happens that someone only realises the need after days/weeks passed by.
:-D Take for example a fw rule: we should verify user doesn't really need it any longer. Ask. Verify it's really the rule we installed etc. Same with files. If in doubt, leave the cruft and tell the user we leave it on purpose because it seems like it's something she might need (maybe).
Yes, that's a way. If we verify stuff anyway, we can dump all config in |
OK
Yes delete stuff but make sure that it's actually what pivpn added. We could "watermark" files and configs (for example specific file name, disclaimer inside config files, iptables rule comment). |
That's a good point! |
debconf-apt-progress
's exit code is NOT 100 (which is the case when no errors occur, exit code 0).vpnGw="${pivpnNET/.0/.1}"
turns 10.8.0.0 into 10.8.1.0 however we need 10.8.0.1 sovpnGw="${pivpnNET/.0.0/.0.1}"
is used.@corbolais what do you think?