v5.11.4: hotfix — vpn:// psk_key + PPA outage retry#69
Merged
Conversation
added 2 commits
May 4, 2026 12:03
Two bug fixes on top of v5.11.3, no architectural changes. Issue #67 (haritos90): manage add --psk wrote PresharedKey to server [Peer] and client .conf correctly, but generate_vpn_uri did not include the psk_key field in the inner JSON awg block. AmneziaVPN parser reads psk_key directly (amnezia-client awgProtocolConfig.cpp), so vpn:// import silently came up without PSK and the handshake failed. awg_common.sh / _en.sh: extract PSK via awk (pipefail-safe; trailing CR + trailing whitespace stripped); pass as 19th positional arg to perl; emit psk_key into inner JSON only when non-empty. Also tightened tr -d ' \r' on AllowedIPs so CRLF configs don't leak \r into JSON. Issue #68 (saligin / baikov): ppa.launchpadcontent.net briefly went down; apt update at step 2 returned non-zero and the script died. install_amneziawg.sh / _en.sh: new apt_update_with_retry helper near apt_update_tolerant — 3 attempts with 30 s and 60 s sleeps between them (~1.5 min total wait), 1800 s delay cap to guard against arithmetic overflow. After three failures: friendly log lines explaining Launchpad outage with link to issue #68. Tests: +16 new bats (312 total). - test_v5114_psk_uri.bats (+5): PSK present / absent / indented / CRLF / empty PresharedKey =. - test_v5114_ppa_retry.bats (+11): success on first / retry until success / max attempts / exponential backoff / 1800 s cap / RU+EN parity / issue #68 link in both installers. SHA256 pins refreshed for awg_common.sh + manage_amneziawg.sh in both RU and EN installers. bash -n + shellcheck -S warning clean for 6 scripts. bats 312/312 PASS.
The first round of the PPA retry helper (apt_update_with_retry) gated on the rc of apt_update_tolerant. That turned out to never trigger in practice: Debian apt-get update returns 0 tolerantly even when an InRelease did not download — exactly the saligin / #68 scenario. Real fix has to detect that the PPA package itself is missing from the cache. apt_wait_for_ppa_package <pkg> [max] [delay] now polls apt-cache show for the canonical package, with apt_update_tolerant re-runs between retries. Same backoff math (30 s → 60 s, 1800 s cap), same friendly final error pointing to issue #68. Test rewrites stub apt-cache plus apt_update_tolerant separately and verify the helper drives apt update only between retries (not before the first attempt). VPS test (Debian 13 trixie 150.241.230.21) verified Test 1 (PSK fix): server [Peer], client .conf, and decoded vpn:// inner JSON all carry the same psk_key. Test 2 (PPA retry) re-runs after this redesign push. Bats: 312/312 PASS. shellcheck clean. CHANGELOG entries updated to explain the apt-cache-based check (RU + EN).
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0e83a8c922
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hotfix patch addressing two reported user bugs after v5.11.3, no architectural changes.
Issue Подключение не работает в Shadowrocket iOS #67 (@haritos90) —
manage add --pskcorrectly wrote PSK to server[Peer]and client.conf, butgenerate_vpn_uridid not include thepsk_keyfield in inner JSON. AmneziaVPN parser readspsk_keydirectly (amnezia-clientawgProtocolConfig.cpp), sovpn://import silently came up without PSK and the handshake failed at "never". Also tightened CR / trailing-whitespace stripping forPresharedKey =andAllowedIPs =so CRLF configs edited on Windows do not leak\rinto the JSON.Issue ppa amnezia не доступны #68 (@saligin / @baikov) —
ppa.launchpadcontent.netbriefly went down on May 3rd;apt-get updatereturns 0 tolerantly even when an InRelease did not download, soapt-get install amneziawg-dkmsfailed with "Unable to locate package" and the script died. Newapt_wait_for_ppa_packagehelper pollsapt-cachefor the canonical package across 3 attempts with 30 s and 60 s backoff (and a freshapt updatebetween retries). On final failure: friendly message pointing at ppa amnezia не доступны #68 explaining this is a Launchpad infrastructure outage, not a script bug.Test plan
bash -non all 6 scripts — cleanshellcheck -S warningon all 6 scripts — cleanbats tests/— 312/312 PASS (was 296, +16 new bats: 5 intest_v5114_psk_uri.bats, 11 intest_v5114_ppa_retry.bats)manage add testpsk --psk→ server [Peer] PSK = client.confPSK = decodedvpn://inner JSONpsk_key(all three match)rc=0, 0 s, 0 warningsawg_common.sh+manage_amneziawg.shin both RU and EN installersSCRIPT_VERSION+# Версия/# Version+# Дата/# Datebumped in 6 scripts## [5.11.4] — 2026-05-04(release.yml awk parser format)