From 884accaa98b40036923f99366742fba06f533760 Mon Sep 17 00:00:00 2001
From: Boubik <cboubik@gmail.com>
Date: Wed, 1 Oct 2025 08:20:17 +0200
Subject: [PATCH 1/4] Add optional insecure flag for self-signed certificates
 in installation script

---
 README.md         |  3 +++
 rmmagent-linux.sh | 52 ++++++++++++++++++++++++++++++++++++++++-------
 2 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 90ac863..3812bc6 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,9 @@ The system architecture is now detected automatically using the following logic:
 
 This ensures the script adapts to different system types automatically without needing manual input.
 
+## Optional insecure flag
+
+If you are using a self-signed certificate on your mesh server, you can add the argument `--insecure` to the command to avoid certificate issues.
 
 ## Install
 To install the agent, launch the script with this argument:
diff --git a/rmmagent-linux.sh b/rmmagent-linux.sh
index 8b7b39f..9ac7e9d 100644
--- a/rmmagent-linux.sh
+++ b/rmmagent-linux.sh
@@ -1,4 +1,15 @@
 #!/bin/bash
+insecure_flag=false
+filtered_args=()
+for arg in "$@"; do
+    if [[ $arg == "--insecure" ]]; then
+        insecure_flag=true
+    else
+        filtered_args+=("$arg")
+    fi
+done
+set -- "${filtered_args[@]}"
+
 if [[ $1 == "" ]]; then
         echo "First argument is empty !"
         echo "Type help for more information"
@@ -25,6 +36,8 @@ if [[ $1 == "help" ]]; then
         echo "Arg 2: Mesh agent FQDN (i.e. mesh.example.com)"
         echo "Arg 3: Mesh agent id (The id needs to have single quotes around it)"
         echo ""
+        echo "Optional: Add '--insecure' to bypass certificate checks for Tactical RMM and Mesh connections"
+        echo ""
         exit 0
 fi
 
@@ -65,6 +78,16 @@ rmm_agent_type=$7
 mesh_fqdn=$2
 mesh_id=$3
 
+agent_service_args="-m svc"
+agent_install_insecure="false"
+mesh_wget_opts=()
+
+if [[ $insecure_flag == true ]]; then
+        agent_service_args="-insecure -m svc"
+        agent_install_insecure="true"
+        mesh_wget_opts+=(--no-check-certificate)
+fi
+
 go_version="1.21.6"
 go_url_amd64="https://go.dev/dl/go$go_version.linux-amd64.tar.gz"
 go_url_x86="https://go.dev/dl/go$go_version.linux-386.tar.gz"
@@ -114,14 +137,22 @@ function update_agent() {
 
 function install_agent() {
         cp /tmp/temp_rmmagent /usr/local/bin/rmmagent
-        /tmp/temp_rmmagent -m install -api $rmm_url -client-id $rmm_client_id -site-id $rmm_site_id -agent-type $rmm_agent_type -auth $rmm_auth
+        local -a install_cmd=(/tmp/temp_rmmagent)
+
+        if [[ $agent_install_insecure == "true" ]]; then
+                install_cmd+=(-insecure)
+        fi
+
+        install_cmd+=(-m install -api "$rmm_url" -client-id "$rmm_client_id" -site-id "$rmm_site_id" -agent-type "$rmm_agent_type" -auth "$rmm_auth")
+
+        "${install_cmd[@]}"
         rm /tmp/temp_rmmagent
         cat << "EOF" > /etc/systemd/system/tacticalagent.service
 [Unit]
 Description=Tactical RMM Linux Agent
 [Service]
 Type=simple
-ExecStart=/usr/local/bin/rmmagent -m svc
+ExecStart=/usr/local/bin/rmmagent $agent_service_args
 User=root
 Group=root
 Restart=always
@@ -137,12 +168,12 @@ EOF
 }
 
 function install_mesh() {
-        wget -O /tmp/meshagent $mesh_url
+        wget "${mesh_wget_opts[@]}" -O /tmp/meshagent "$mesh_url"
         chmod +x /tmp/meshagent
-        mkdir /opt/tacticalmesh
+        mkdir -p /opt/tacticalmesh
         /tmp/meshagent -install --installPath="/opt/tacticalmesh"
         rm /tmp/meshagent
-        rm /tmp/meshagent.msh
+        rm -f /tmp/meshagent.msh
 }
 
 function uninstall_agent() {
@@ -155,9 +186,16 @@ function uninstall_agent() {
 }
 
 function uninstall_mesh() {
-        wget "https://$mesh_fqdn/meshagents?script=1" -O /tmp/meshinstall.sh || wget "https://$mesh_fqdn/meshagents?script=1" --no-proxy -O /tmp/meshinstall.sh
+        local url="https://$mesh_fqdn/meshagents?script=1"
+        local -a wget_opts=("${mesh_wget_opts[@]}")
+
+        if ! wget "${wget_opts[@]}" -O /tmp/meshinstall.sh "$url"; then
+                wget "${wget_opts[@]}" --no-proxy -O /tmp/meshinstall.sh "$url"
+        fi
         chmod 755 /tmp/meshinstall.sh
-        /tmp/meshinstall.sh uninstall https://$mesh_fqdn $mesh_id || /tmp/meshinstall.sh uninstall uninstall uninstall https://$mesh_fqdn $mesh_id
+        if ! /tmp/meshinstall.sh uninstall "https://$mesh_fqdn" "$mesh_id"; then
+                /tmp/meshinstall.sh uninstall uninstall uninstall "https://$mesh_fqdn" "$mesh_id"
+        fi
         rm /tmp/meshinstall.sh
 }
 

From 0478e1e9370573c97a8efdb1ccebb97f1b583e74 Mon Sep 17 00:00:00 2001
From: Boubik <cboubik@gmail.com>
Date: Wed, 1 Oct 2025 09:00:39 +0200
Subject: [PATCH 2/4] Fix install_agent function to use dynamic ExecStart
 command in systemd service file

---
 rmmagent-linux.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rmmagent-linux.sh b/rmmagent-linux.sh
index 9ac7e9d..d118fe5 100644
--- a/rmmagent-linux.sh
+++ b/rmmagent-linux.sh
@@ -147,12 +147,12 @@ function install_agent() {
 
         "${install_cmd[@]}"
         rm /tmp/temp_rmmagent
-        cat << "EOF" > /etc/systemd/system/tacticalagent.service
+        cat <<EOF > /etc/systemd/system/tacticalagent.service
 [Unit]
 Description=Tactical RMM Linux Agent
 [Service]
 Type=simple
-ExecStart=/usr/local/bin/rmmagent $agent_service_args
+$service_exec_line
 User=root
 Group=root
 Restart=always

From b77cbf9c4353fcd1df8009cc1c8e8f1b016ac60a Mon Sep 17 00:00:00 2001
From: Boubik <cboubik@gmail.com>
Date: Wed, 1 Oct 2025 09:06:57 +0200
Subject: [PATCH 3/4] Update install_agent function to use agent_service_args
 for systemd service configuration

---
 rmmagent-linux.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rmmagent-linux.sh b/rmmagent-linux.sh
index d118fe5..c2d41f0 100644
--- a/rmmagent-linux.sh
+++ b/rmmagent-linux.sh
@@ -152,7 +152,7 @@ function install_agent() {
 Description=Tactical RMM Linux Agent
 [Service]
 Type=simple
-$service_exec_line
+$agent_service_args
 User=root
 Group=root
 Restart=always

From fd855b77463bb4a1f4d151231905ac3758ed6c63 Mon Sep 17 00:00:00 2001
From: Boubik <cboubik@gmail.com>
Date: Wed, 1 Oct 2025 09:08:07 +0200
Subject: [PATCH 4/4] Fix install_agent function to correctly set ExecStart
 command in systemd service file

---
 rmmagent-linux.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rmmagent-linux.sh b/rmmagent-linux.sh
index c2d41f0..a2bf678 100644
--- a/rmmagent-linux.sh
+++ b/rmmagent-linux.sh
@@ -152,7 +152,7 @@ function install_agent() {
 Description=Tactical RMM Linux Agent
 [Service]
 Type=simple
-$agent_service_args
+ExecStart=/usr/local/bin/rmmagent $agent_service_args
 User=root
 Group=root
 Restart=always