DietPi-Software | frp (#7292)

- DietPi-Software | frp - switch from ini to toml configuration file
- DietPi-Software | frp - add a separation for ARMv6 and ARMv7
- DietPi-Software | frp: Fix parsing client input, allow any characters for the token (as we do not know any limitations), and make use of the native G_WHIP_INPUTBOX input validation. Also expose the server bind address in our default config, which might be more commonly changed to limit access to particular networks.
- DietPi-Software | frp: Inform about new toml config file and leave old ini as backup in place. Do not offer client inputs, if the config exists already (and is hence not generated anyway). Allow an empty token input, which is generally possible. Allow unattended installs, using both server and client as default, and applying default values to all inputs and menus.
- DietPi-Globals | G_WHIP: Return default value for inputbox, checkbox and menu, if not interactive, but keep returning error code, so that it can be handled in parent script. Minor coding enhancements.
- CI | DietPi-Software: Enable frp checks now that it can be installed unattended

Co-authored-by: MichaIng <[email protected]>

.github/workflows/dietpi-software.bash

@@ -204,7 +204,7 @@ Process_Software()
 			167) (( $arch < 3 )) || aSERVICES[i]='raspotify';; # 32-bit ARM fails with: "arm-binfmt-P: /usr/bin/librespot: Unable to find a guest_base to satisfy all guest address mapping requirements"
 			#169) aSERVICES[i]='voice-recognizer';; "RuntimeError: This module can only be run on a Raspberry Pi!"
 			170) aCOMMANDS[i]='unrar -V';;
-			#171) aSERVICES[i]='frps frpc' aTCP[i]='7000 7400 7500';; Interactive install with service and ports depending on server/client/both choice
+			171) aSERVICES[i]='frps frpc' aTCP[i]='7000 7400 7500';;
 			172) aSERVICES[i]='wg-quick@wg0' aUDP[i]='51820';;
 			174) aCOMMANDS[i]='gimp -v';;
 			176) aSERVICES[i]='mycroft';;

CHANGELOG.txt

@@ -10,6 +10,8 @@ Enhancements:
 - DietPi-Software | NFS Server: The "fsid=0" option has been removed from the /mnt/dietpi_userdata default export. As it is uncommon and not respected in "showmount -e" export lists, it caused confusion and issues.
 - DietPi-Software | YaCy: The latest YaCy version will now be installed, and the global software password will be set as default admin password on fresh installs.
 - DietPi-Software | MineOS: As a security enhancement and workaround for a web UI login issue, a dedicated "mineos" user is created again. For new MineOS installs or after reinstall, one can login with this user, and the global software password. It has permissions to install and manage Minecraft instances.
+- DietPi-Software | frp: It is now possible to connect the client to a server which has no (an empty) authentication token configured. frp can now be installed non-interactively, where client + server daemons are both installed and configured to work with each other, with respective defaults for all inputs.
+- DietPi-Software | frp: Since the ini format for config files has been deprecated, and support will be removed in a future frp release, new installs and reinstalls/updates will generated toml format config files from now on. As of the large amount of config keys, which all changed between those formats, an automated conversion is sadly not possible. When doing a reinstall with existing ini configs, you will be informed about it, the old config(s) will be kept as backup in place, for a manual migration. All config keys for the toml format can be found here: https://github.com/fatedier/frp/tree/dev/conf
 
 Bug fixes:
 - NanoPi M1 Plus | Resolved an issue where Ethernet did not work because of a faulty kernel patch. Many thanks to @InnovoMagicCube and @InnovoDeveloper for reporting this issue: https://github.com/MichaIng/DietPi/issues/6974
@@ -21,6 +23,7 @@ Bug fixes:
 - DietPi-Software | MineOS: Worked around an issue where the install failed on Bookworm systems, as one of the Node.js modules failed to compile for unknown reasons. Many thanks to @mikedebian for reporting this issue: https://github.com/MichaIng/DietPi/issues/7265
 - DietPi-Software | MineOS: Worked around an issue where login into the web interface failed since Bullseye, as MineOS does not support the new default yescrypt password hash algorithm for UNIX users. A new dedicated "mineos" user is now created, and its password set explicitly with SHA512 hash algorithm. Many thanks to @maybaxstv for reporting this issue: https://github.com/MichaIng/DietPi/issues/5759
 - DietPi-Software | Node.js: Resolved an issue where node failed on ARMv7 Bullseye systems, since the latest version for this architecture requires a newer C++ standard library than provided on Bullseye.
+- DietPi-Software | frp: Resolved an issue where server address and port inputs for the client config generation were parsed incorrectly.
 
 As always, many smaller code performance and stability improvements, visual and spelling fixes have been done, too much to list all of them here. Check out all code changes of this release on GitHub: https://github.com/MichaIng/DietPi/pull/ADDME
 

dietpi/dietpi-software

@@ -1509,7 +1509,6 @@ Available commands:
 		aSOFTWARE_DESC[$software_id]='reverse proxy'
 		aSOFTWARE_CATX[$software_id]=16
 		aSOFTWARE_DOCS[$software_id]='https://dietpi.com/docs/software/advanced_networking/#frp'
-		aSOFTWARE_INTERACTIVE[$software_id]=1
 
 		# Home Automation
 		#--------------------------------------------------------------------------------
@@ -6525,10 +6524,11 @@ _EOF_
 		if To_Install 171 # frp
 		then
 			case $G_HW_ARCH in
+				1) local arch='arm';;
+				2) local arch='arm_hf';;
 				3) local arch='arm64';;
 				10) local arch='amd64';;
-				11) local arch='riscv64';;
-				*) local arch='arm_hf';;
+				*) local arch='riscv64';;
 			esac
 
 			# Download
@@ -6537,19 +6537,17 @@ _EOF_
 
 			G_EXEC cd frp_*
 
-			local choice_required=
-			while :
-			do
-				G_WHIP_MENU_ARRAY=(
-					'Server' ': Use this machine as a server, with a public IP'
-					'Client' ': Use this machine as a client, without a public IP'
-					'Both' ': Run the reverse proxy only on this machine'
-				)
+			# Mode choice
+			G_WHIP_MENU_ARRAY=(
+				'Server' ': Use this machine as a server, with a public IP'
+				'Client' ': Use this machine as a client, without a public IP'
+				'Both' ': Run the reverse proxy only on this machine'
+			)
 
-				G_WHIP_MENU "${choice_required}Please choose how you are going to run frp." && break
-				choice_required='[ERROR] A choice is required to finish the frp install.\n\n'
-			done
-			local mode=$G_WHIP_RETURNED_VALUE
+			G_WHIP_NOCANCEL=1
+			G_WHIP_DEFAULT_ITEM='Both'
+			G_WHIP_MENU 'Please choose how you are going to run frp:'
+			local mode=${G_WHIP_RETURNED_VALUE:-Both}
 
 			G_EXEC mkdir -p /etc/frp
 			Create_User frp -d /etc/frp
@@ -6569,28 +6567,41 @@ StartLimitBurst=3
 [Service]
 User=frp
 AmbientCapabilities=CAP_NET_BIND_SERVICE
-ExecStart=/usr/local/bin/frps -c /etc/frp/frps.ini
+ExecStart=/usr/local/bin/frps -c /etc/frp/frps.toml
 Restart=on-failure
 RestartSec=5s
 
 [Install]
 WantedBy=multi-user.target
 _EOF_
+				# Pre-v9.9: Inform about config file migration
+				if [[ -f '/etc/frp/frps.ini' ]]
+				then
+					G_WHIP_MSG '[WARNING] New toml config file will be generated
+\nfrp deprecated the ini format for its config files, hence /etc/frp/frps.toml will be generated and used from now on.
+\nAn automated conversion is not possible and hence need to be done manually, if you did changes. A backup of the ini config it kept in place:
+- /etc/frp/frps.ini.bak
+\nA full overview of all config keys can be found here:
+- https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml'
+					G_EXEC mv /etc/frp/frps.ini{,.bak}
+				fi
+
 				# Pre-create config file to turn on dashboard
 				token=$(openssl rand -hex 15)
-				[[ -f '/etc/frp/frps.ini' ]] || cat << _EOF_ > /etc/frp/frps.ini
-[common]
-bind_port = 7000
+				[[ -f '/etc/frp/frps.toml' ]] || cat << _EOF_ > /etc/frp/frps.toml
+bindAddr = "0.0.0.0"
+bindPort = 7000
 
-dashboard_port = 7500
-dashboard_user = admin
-dashboard_pwd = $GLOBAL_PW
+webServer.addr = "0.0.0.0"
+webServer.port = 7500
+webServer.user = "admin"
+webServer.password = "$GLOBAL_PW"
 
-authentication_method = token
-token = $token
+auth.method = "token"
+auth.token = "$token"
 _EOF_
-				G_EXEC chmod 0640 /etc/frp/frps.ini
-				G_EXEC chown root:frp /etc/frp/frps.ini
+				G_EXEC chmod 0640 /etc/frp/frps.toml
+				G_EXEC chown root:frp /etc/frp/frps.toml
 				aENABLE_SERVICES+=('frps')
 			fi
 
@@ -6607,58 +6618,62 @@ StartLimitBurst=3
 
 [Service]
 User=frp
-ExecStart=/usr/local/bin/frpc -c /etc/frp/frpc.ini
-ExecReload=/usr/local/bin/frpc reload -c /etc/frp/frpc.ini
+ExecStart=/usr/local/bin/frpc -c /etc/frp/frpc.toml
+ExecReload=/usr/local/bin/frpc reload -c /etc/frp/frpc.toml
 Restart=on-failure
 RestartSec=5s
 
 [Install]
 WantedBy=multi-user.target
 _EOF_
-				local server_addr=127.0.0.1 server_port=7000
-				if [[ $G_WHIP_RETURNED_VALUE == 'Client' ]]
+				# Pre-v9.9: Inform about config file migration
+				if [[ -f '/etc/frp/frpc.ini' ]]
 				then
-					local invalid_entry=
-					while :
-					do
-						if G_WHIP_INPUTBOX "${invalid_entry}Please enter the IP address of your frp server, including port (default 7000)" && [[ $G_WHIP_RETURNED_VALUE =~ ^[0-9.:]+$ ]]
-						then
-							server_addr=${G_WHIP_RETURNED_VALUE#*:}
-							[[ $G_WHIP_RETURNED_VALUE =~ : ]] && server_port=${G_WHIP_RETURNED_VALUE%:*}
-							invalid_entry=
-							break
-						else
-							invalid_entry='[FAILED] Please enter a valid IP address\n\n'
-						fi
-					done
-
-					while :
-					do
-						if G_WHIP_INPUTBOX "${invalid_entry}Please enter the authentication token of your frp server" && [[ $G_WHIP_RETURNED_VALUE =~ ^[0-9.]+$ ]]
-						then
-							token=$G_WHIP_RETURNED_VALUE
-							break
-						else
-							invalid_entry='[FAILED] Please enter a token\n\n'
-						fi
-					done
+					G_WHIP_MSG '[WARNING] New toml config file will be generated
+\nfrp deprecated the ini format for its config files, hence /etc/frp/frpc.toml will be generated and used from now on.
+\nAn automated conversion is not possible and hence need to be done manually, if you did changes. A backup of the ini config it kept in place:
+- /etc/frp/frpc.ini.bak
+\nA full overview of all config keys can be found here:
+- https://github.com/fatedier/frp/blob/dev/conf/frpc_full_example.toml'
+					G_EXEC mv /etc/frp/frpc.ini{,.bak}
 				fi
 
 				# Pre-create config file to turn on admin UI
-				[[ -f '/etc/frp/frpc.ini' ]] || cat << _EOF_ > /etc/frp/frpc.ini
-[common]
-server_addr = $server_addr
-server_port = $server_port
+				if [[ ! -f '/etc/frp/frpc.toml' ]]
+				then
+					local server_addr='127.0.0.1' server_port=7000
+					if [[ $G_WHIP_RETURNED_VALUE == 'Client' ]]
+					then
+						G_WHIP_NOCANCEL=1
+						G_WHIP_DEFAULT_ITEM="$server_addr:$server_port"
+						G_WHIP_INPUTBOX_REGEX='^[0-9.:]+$'
+						G_WHIP_INPUTBOX_REGEX_TEXT='be a valid IP address, optionally with appended network port number, like "192.168.1.100:7000"'
+						G_WHIP_INPUTBOX 'Please enter the IP address of your frp server, optionally including port (default 7000):'
+						[[ $G_WHIP_RETURNED_VALUE ]] && server_addr=${G_WHIP_RETURNED_VALUE%:*}
+						[[ $G_WHIP_RETURNED_VALUE =~ : ]] && server_port=${G_WHIP_RETURNED_VALUE##*:}
+
+						G_WHIP_NOCANCEL=1
+						G_WHIP_INPUTBOX_REGEX='*'
+						G_WHIP_INPUTBOX 'Please enter the authentication token of your frp server:'
+						token=$G_WHIP_RETURNED_VALUE
+					fi
 
-admin_addr = 0.0.0.0
-admin_port = 7400
-admin_user = admin
-admin_pwd = $GLOBAL_PW
+					cat << _EOF_ > /etc/frp/frpc.toml
+serverAddr = "$server_addr"
+serverPort = $server_port
 
-token = $token
+webServer.addr = "0.0.0.0"
+webServer.port = 7400
+webServer.user = "admin"
+webServer.password = "$GLOBAL_PW"
+
+auth.method = "token"
+auth.token = "$token"
 _EOF_
-				G_EXEC chmod 0660 /etc/frp/frpc.ini
-				G_EXEC chown root:frp /etc/frp/frpc.ini
+				fi
+
+				G_EXEC chmod 0660 /etc/frp/frpc.toml
+				G_EXEC chown root:frp /etc/frp/frpc.toml
 				aENABLE_SERVICES+=('frpc')
 			fi