From 603b198613882c59451f1630f0f5d9b50bad0fd3 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Wed, 29 Dec 2021 23:12:24 -0600
Subject: [PATCH] Add Alpine 3.15

- Add support for Alpine Linux 3.15
- Install nss, nss-tools and nss-dev packages from edge for CVE-2021-43527
  Ref: https://lists.libreswan.org/pipermail/swan-announce/2021/000044.html
---
 extras/quickstart.sh        |  4 ++--
 extras/vpnupgrade.sh        |  4 ++--
 extras/vpnupgrade_alpine.sh | 14 ++++++++++----
 vpnsetup.sh                 |  4 ++--
 vpnsetup_alpine.sh          | 14 ++++++++++----
 5 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/extras/quickstart.sh b/extras/quickstart.sh
index 6da005c..8a6b652 100755
--- a/extras/quickstart.sh
+++ b/extras/quickstart.sh
@@ -87,8 +87,8 @@ EOF
     esac
     if [ "$os_type" = "alpine" ]; then
       os_ver=$(. /etc/os-release && printf '%s' "$VERSION_ID" | cut -d '.' -f 1,2)
-      if [ "$os_ver" != "3.14" ]; then
-        exiterr "This script only supports Alpine Linux 3.14."
+      if [ "$os_ver" != "3.14" ] && [ "$os_ver" != "3.15" ]; then
+        exiterr "This script only supports Alpine Linux 3.14/3.15."
       fi
     else
       os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index 336b417..168fbfd 100755
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -78,8 +78,8 @@ EOF
     esac
     if [ "$os_type" = "alpine" ]; then
       os_ver=$(. /etc/os-release && printf '%s' "$VERSION_ID" | cut -d '.' -f 1,2)
-      if [ "$os_ver" != "3.14" ]; then
-        exiterr "This script only supports Alpine Linux 3.14."
+      if [ "$os_ver" != "3.14" ] && [ "$os_ver" != "3.15" ]; then
+        exiterr "This script only supports Alpine Linux 3.14/3.15."
       fi
     else
       os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
diff --git a/extras/vpnupgrade_alpine.sh b/extras/vpnupgrade_alpine.sh
index 40346fc..feb111e 100755
--- a/extras/vpnupgrade_alpine.sh
+++ b/extras/vpnupgrade_alpine.sh
@@ -50,8 +50,8 @@ check_os() {
       ;;
   esac
   os_ver=$(. /etc/os-release && printf '%s' "$VERSION_ID" | cut -d '.' -f 1,2)
-  if [ "$os_ver" != "3.14" ]; then
-    exiterr "This script only supports Alpine Linux 3.14."
+  if [ "$os_ver" != "3.14" ] && [ "$os_ver" != "3.15" ]; then
+    exiterr "This script only supports Alpine Linux 3.14/3.15."
   fi
 }
 
@@ -149,10 +149,16 @@ install_pkgs() {
   (
     set -x
     apk add -U -q bash bind-tools coreutils openssl wget iproute2 sed grep \
-    libcap-ng libcurl libevent linux-pam musl nspr nss nss-tools \
-    bison flex gcc make libc-dev bsd-compat-headers linux-pam-dev nss-dev \
+    libcap-ng libcurl libevent linux-pam musl nspr \
+    bison flex gcc make libc-dev bsd-compat-headers linux-pam-dev \
     libcap-ng-dev libevent-dev curl-dev nspr-dev uuidgen openrc
   ) || exiterr2
+  (
+    set -x
+    apk add -q --no-cache \
+    --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \
+    nss nss-tools nss-dev
+  ) || exiterr2
 }
 
 get_libreswan() {
diff --git a/vpnsetup.sh b/vpnsetup.sh
index b6d00c5..cbeb29e 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -109,8 +109,8 @@ EOF
     esac
     if [ "$os_type" = "alpine" ]; then
       os_ver=$(. /etc/os-release && printf '%s' "$VERSION_ID" | cut -d '.' -f 1,2)
-      if [ "$os_ver" != "3.14" ]; then
-        exiterr "This script only supports Alpine Linux 3.14."
+      if [ "$os_ver" != "3.14" ] && [ "$os_ver" != "3.15" ]; then
+        exiterr "This script only supports Alpine Linux 3.14/3.15."
       fi
     else
       os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh
index e830ac1..7297586 100755
--- a/vpnsetup_alpine.sh
+++ b/vpnsetup_alpine.sh
@@ -71,8 +71,8 @@ check_os() {
       ;;
   esac
   os_ver=$(. /etc/os-release && printf '%s' "$VERSION_ID" | cut -d '.' -f 1,2)
-  if [ "$os_ver" != "3.14" ]; then
-    exiterr "This script only supports Alpine Linux 3.14."
+  if [ "$os_ver" != "3.14" ] && [ "$os_ver" != "3.15" ]; then
+    exiterr "This script only supports Alpine Linux 3.14/3.15."
   fi
 }
 
@@ -160,10 +160,16 @@ install_vpn_pkgs() {
   bigecho "Installing packages required for the VPN..."
   (
     set -x
-    apk add -U -q libcap-ng libcurl libevent linux-pam musl nspr nss nss-tools \
-      bison flex gcc make libc-dev bsd-compat-headers linux-pam-dev nss-dev \
+    apk add -U -q libcap-ng libcurl libevent linux-pam musl nspr \
+      bison flex gcc make libc-dev bsd-compat-headers linux-pam-dev \
       libcap-ng-dev libevent-dev curl-dev nspr-dev uuidgen openrc xl2tpd
   ) || exiterr2
+  (
+    set -x
+    apk add -q --no-cache \
+    --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \
+    nss nss-tools nss-dev
+  ) || exiterr2
 }
 
 install_fail2ban() {