From c6810a012406f4cc944f6123484c764c7da27df2 Mon Sep 17 00:00:00 2001 From: bcambl Date: Tue, 19 Jan 2021 22:58:05 -0600 Subject: [PATCH 001/141] touch sysconfig network script when absent sysconfig network scripts are missing on pure NetworkManager installs. This commit touches a placeholder to allow the network configuration to be generated and loaded via NetworkManager. Signed-off-by: bcambl --- automated install/basic-install.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4ab5c0e2..d9f41a3d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -997,9 +997,14 @@ setStaticIPv4() { # if an ifcfg config does not exists for the interface name, try the connection name via network manager if is_command nmcli && nmcli general status &> /dev/null; then CONNECTION_NAME=$(nmcli dev show "${PIHOLE_INTERFACE}" | grep 'GENERAL.CONNECTION' | cut -d: -f2 | sed 's/^System//' | xargs | tr ' ' '_') - if [[ -f "/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME}" ]];then + IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME} + if [[ -f "${IFCFG_FILE}" ]];then # If it exists, - IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME} + setIFCFG "${IFCFG_FILE}" + return 0 + else + printf " %b Warning: sysconfig network script not found. Creating ${IFCFG_FILE}\\n" "${INFO}" + touch "${IFCFG_FILE}" setIFCFG "${IFCFG_FILE}" return 0 fi From b62495d89e4632f5118880b912c0de57254114cf Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 21 Jan 2021 20:20:07 -0600 Subject: [PATCH 002/141] update tests to fedora 33 Signed-off-by: bcambl --- .github/workflows/test.yml | 2 +- supportedos.txt | 2 +- test/{_fedora_31.Dockerfile => _fedora_33.Dockerfile} | 2 +- test/{tox.fedora_31.ini => tox.fedora_33.ini} | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) rename test/{_fedora_31.Dockerfile => _fedora_33.Dockerfile} (96%) rename test/{tox.fedora_31.ini => tox.fedora_33.ini} (78%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8e19e550..d19df5ab 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_31, fedora_32] + distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: diff --git a/supportedos.txt b/supportedos.txt index 1eb1fde6..6d579132 100644 --- a/supportedos.txt +++ b/supportedos.txt @@ -1,5 +1,5 @@ Raspbian=9,10 Ubuntu=16,18,20 Debian=9,10 -Fedora=31,32 +Fedora=32,33 CentOS=7,8 \ No newline at end of file diff --git a/test/_fedora_31.Dockerfile b/test/_fedora_33.Dockerfile similarity index 96% rename from test/_fedora_31.Dockerfile rename to test/_fedora_33.Dockerfile index 02dcb733..0a1ac59c 100644 --- a/test/_fedora_31.Dockerfile +++ b/test/_fedora_33.Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:31 +FROM fedora:33 ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/tox.fedora_31.ini b/test/tox.fedora_33.ini similarity index 78% rename from test/tox.fedora_31.ini rename to test/tox.fedora_33.ini index 36ab10ad..00ea732a 100644 --- a/test/tox.fedora_31.ini +++ b/test/tox.fedora_33.ini @@ -4,5 +4,5 @@ envlist = py37 [testenv] whitelist_externals = docker deps = -rrequirements.txt -commands = docker build -f _fedora_31.Dockerfile -t pytest_pihole:test_container ../ +commands = docker build -f _fedora_33.Dockerfile -t pytest_pihole:test_container ../ pytest {posargs:-vv -n auto} ./test_automated_install.py ./test_centos_fedora_common_support.py ./test_fedora_support.py From d25240fe9fff05ce633c8029ac74f953c511824e Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 18 Mar 2021 08:57:03 +0100 Subject: [PATCH 003/141] pihole -g should respose GRAVITYDB in pihole-FTL.conf Signed-off-by: DL6ER --- gravity.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index abed28b4..d07d558d 100755 --- a/gravity.sh +++ b/gravity.sh @@ -35,8 +35,9 @@ localList="${piholeDir}/local.list" VPNList="/etc/openvpn/ipp.txt" piholeGitDir="/etc/.pihole" -gravityDBfile="${piholeDir}/gravity.db" -gravityTEMPfile="${piholeDir}/gravity_temp.db" +gravityDBfile_default="${piholeDir}/gravity.db" +# GRAVITYDB may be overwritten by source pihole-FTL.conf below +GRAVITYDB="${gravityDBfile_default}" gravityDBschema="${piholeGitDir}/advanced/Templates/gravity.db.sql" gravityDBcopy="${piholeGitDir}/advanced/Templates/gravity_copy.sql" @@ -68,6 +69,11 @@ if [[ -f "${pihole_FTL}" ]]; then source "${pihole_FTL}" fi +# Set this only after sourcing pihole-FTL.conf as the gravity database path may +# have changed +gravityDBfile="${GRAVITYDB}" +gravityTEMPfile="${GRAVITYDB}_temp" + if [[ -z "${BLOCKINGMODE}" ]] ; then BLOCKINGMODE="NULL" fi @@ -359,6 +365,10 @@ gravity_CheckDNSResolutionAvailable() { gravity_DownloadBlocklists() { echo -e " ${INFO} ${COL_BOLD}Neutrino emissions detected${COL_NC}..." + if [[ "${gravityDBfile}" != "${gravityDBfile_default}" ]]; then + echo -e " ${INFO} Storing gravity database in ${COL_BOLD}${gravityDBfile}${COL_NC}" + fi + # Retrieve source URLs from gravity database # We source only enabled adlists, sqlite3 stores boolean values as 0 (false) or 1 (true) mapfile -t sources <<< "$(sqlite3 "${gravityDBfile}" "SELECT address FROM vw_adlist;" 2> /dev/null)" From 9bdbe88a661aaeed9d775b7d266032005ff388f3 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 18 Mar 2021 09:01:22 +0100 Subject: [PATCH 004/141] Update gravity path in list.sh Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index fde46552..975738b1 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -11,7 +11,16 @@ # Globals basename=pihole piholeDir=/etc/"${basename}" -gravityDBfile="${piholeDir}/gravity.db" +GRAVITYDB="${piholeDir}/gravity.db" +# Source pihole-FTL from install script +pihole_FTL="${piholeDir}/pihole-FTL.conf" +if [[ -f "${pihole_FTL}" ]]; then + source "${pihole_FTL}" +fi + +# Set this only after sourcing pihole-FTL.conf as the gravity database path may +# have changed +gravityDBfile="${GRAVITYDB}" reload=false addmode=true From f1740da9ffcbabc58b56107d2e1131aae380dd90 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 18 Mar 2021 09:02:20 +0100 Subject: [PATCH 005/141] Update gravity path in query.sh Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 3 +-- advanced/Scripts/query.sh | 11 ++++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 975738b1..062c52be 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -9,8 +9,7 @@ # Please see LICENSE file for your rights under this license. # Globals -basename=pihole -piholeDir=/etc/"${basename}" +piholeDir="/etc/pihole" GRAVITYDB="${piholeDir}/gravity.db" # Source pihole-FTL from install script pihole_FTL="${piholeDir}/pihole-FTL.conf" diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index fe9b8ebf..0872f060 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -11,12 +11,21 @@ # Globals piholeDir="/etc/pihole" -gravityDBfile="${piholeDir}/gravity.db" +GRAVITYDB="${piholeDir}/gravity.db" options="$*" all="" exact="" blockpage="" matchType="match" +# Source pihole-FTL from install script +pihole_FTL="${piholeDir}/pihole-FTL.conf" +if [[ -f "${pihole_FTL}" ]]; then + source "${pihole_FTL}" +fi + +# Set this only after sourcing pihole-FTL.conf as the gravity database path may +# have changed +gravityDBfile="${GRAVITYDB}" colfile="/opt/pihole/COL_TABLE" source "${colfile}" From f536718aaab7fd4ed1d22a9b0e5f3357cc1f9efb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 18 Mar 2021 09:04:09 +0100 Subject: [PATCH 006/141] Use possibly custom gravity.db location in the copying SQL script Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 2 ++ advanced/Scripts/query.sh | 1 + gravity.sh | 11 +++++++++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 062c52be..e213b014 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -1,4 +1,6 @@ #!/usr/bin/env bash +# shellcheck disable=SC1090 + # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 0872f060..26b4508e 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash # shellcheck disable=SC1090 + # Pi-hole: A black hole for Internet advertisements # (c) 2018 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. diff --git a/gravity.sh b/gravity.sh index d07d558d..24a41c48 100755 --- a/gravity.sh +++ b/gravity.sh @@ -90,7 +90,7 @@ generate_gravity_database() { # Copy data from old to new database file and swap them gravity_swap_databases() { - local str + local str copyGravity str="Building tree" echo -ne " ${INFO} ${str}..." @@ -107,7 +107,14 @@ gravity_swap_databases() { str="Swapping databases" echo -ne " ${INFO} ${str}..." - output=$( { sqlite3 "${gravityTEMPfile}" < "${gravityDBcopy}"; } 2>&1 ) + # Gravity copying SQL script + copyGravity="$(cat "${gravityDBcopy}")" + if [[ "${gravityDBfile}" != "${gravityDBfile_default}" ]]; then + # Replace default gravity script location by custom location + copyGravity="${copyGravity//"${gravityDBfile_default}"/"${gravityDBfile}"}" + fi + + output=$( { sqlite3 "${gravityTEMPfile}" <<< "${copyGravity}"; } 2>&1 ) status="$?" if [[ "${status}" -ne 0 ]]; then From 45d4ab4c22ca9edee1544648e3327a12a7e69e41 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 19 Mar 2021 18:39:43 +0000 Subject: [PATCH 007/141] Add some validation to passed arguments before running the values through `sed` Signed-off-by: Adam Warner --- advanced/Scripts/webpage.sh | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 53f815c5..8ef4d940 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -564,7 +564,13 @@ AddDHCPStaticAddress() { RemoveDHCPStaticAddress() { mac="${args[2]}" - sed -i "/dhcp-host=${mac}.*/d" "${dhcpstaticconfig}" + if [[ "$mac" =~ ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ ]]; then + sed -i "/dhcp-host=${mac}.*/d" "${dhcpstaticconfig}" + else + echo " ${CROSS} Invalid Mac Passed!" + exit 1 + fi + } SetAdminEmail() { @@ -708,7 +714,13 @@ RemoveCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" - sed -i "/${ip} ${host}/d" "${dnscustomfile}" + + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + sed -i "/${ip} ${host}/d" "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi # Restart dnsmasq to update removed custom DNS entries RestartDNS @@ -719,6 +731,7 @@ AddCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" + echo "cname=${domain},${target}" >> "${dnscustomcnamefile}" # Restart dnsmasq to load new custom CNAME records @@ -730,7 +743,20 @@ RemoveCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" - sed -i "/cname=${domain},${target}/d" "${dnscustomcnamefile}" + + validDomain="$(checkDomain "${domain}")" + if [[ -n "${validDomain}" ]]; then + validTarget="$(checkDomain "${target}")" + if [[ -n "${validDomain}" ]]; then + sed -i "/cname=${validDomain},${validTarget}/d" "${dnscustomcnamefile}" + else + echo " ${CROSS} Invalid Target Passed!" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 + fi # Restart dnsmasq to update removed custom CNAME records RestartDNS From 89c80947df964b6853ce22dba1f20e246bdcf48d Mon Sep 17 00:00:00 2001 From: Joseph Blackman Date: Wed, 17 Mar 2021 03:09:13 -0700 Subject: [PATCH 008/141] Improve regexes for ipv4 matching Signed-off-by: jbzdarkid --- automated install/basic-install.sh | 4 +-- test/test_automated_install.py | 58 ++++++++++++++---------------- 2 files changed, 28 insertions(+), 34 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 762ee110..4c9352b8 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1018,9 +1018,9 @@ valid_ip() { local stat=1 # Regex matching one IPv4 component, i.e. an integer from 0 to 255. - local ipv4elem="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)"; + local ipv4elem="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[0-9]{1,2})"; # Regex matching an optional port beginning with # matching optional port number starting '#' with range of 1 to 65536 - local portelem="(#([1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-6]))?" + local portelem="(:(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4}))?"; # Build a full IPv4 regex from the above subexpressions local regex="^${ipv4elem}\.${ipv4elem}\.${ipv4elem}\.${ipv4elem}${portelem}$" diff --git a/test/test_automated_install.py b/test/test_automated_install.py index f6b5a87e..20dadc26 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -524,43 +524,37 @@ def test_IPv6_ULA_GUA_test(Pihole): assert expected_stdout in detectPlatform.stdout -def test_validate_ip_valid(Pihole): +def test_validate_ip(Pihole): ''' - Given a valid IP address, valid_ip returns success + Tests valid_ip for various IP addresses ''' - output = Pihole.run(''' - source /opt/pihole/basic-install.sh - valid_ip "192.168.1.1" - ''') + def test_address(addr, success=True): + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + valid_ip "{addr}" + '''.format(addr=addr)) - assert output.rc == 0 + assert output.rc == 0 if success else 1 - -def test_validate_ip_invalid_octet(Pihole): - ''' - Given an invalid IP address (large octet), valid_ip returns an error - ''' - - output = Pihole.run(''' - source /opt/pihole/basic-install.sh - valid_ip "1092.168.1.1" - ''') - - assert output.rc == 1 - - -def test_validate_ip_invalid_letters(Pihole): - ''' - Given an invalid IP address (contains letters), valid_ip returns an error - ''' - - output = Pihole.run(''' - source /opt/pihole/basic-install.sh - valid_ip "not an IP" - ''') - - assert output.rc == 1 + test_address('192.168.1.1') + test_address('127.0.0.1') + test_address('255.255.255.255') + test_address('255.255.255.256', False) + test_address('255.255.256.255', False) + test_address('255.256.255.255', False) + test_address('256.255.255.255', False) + test_address('1092.168.1.1', False) + test_address('not an IP', False) + test_address('8.8.8.8:', False) + test_address('8.8.8.8:0') + test_address('8.8.8.8:1') + test_address('8.8.8.8:42') + test_address('8.8.8.8:888') + test_address('8.8.8.8:1337') + test_address('8.8.8.8:65535') + test_address('8.8.8.8:65536', False) + test_address('8.8.8.8:-1', False) def test_os_check_fails(Pihole): From 8090071effa7534ed6c985e8ebee666a4aae1f6d Mon Sep 17 00:00:00 2001 From: jbzdarkid Date: Wed, 17 Mar 2021 18:09:03 -0700 Subject: [PATCH 009/141] Update regex to disallow leading zeros Also updated a comment to point to a non-experimental RFC. Signed-off-by: jbzdarkid --- automated install/basic-install.sh | 8 +++++--- test/test_automated_install.py | 8 ++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4c9352b8..78bc0882 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1018,9 +1018,11 @@ valid_ip() { local stat=1 # Regex matching one IPv4 component, i.e. an integer from 0 to 255. - local ipv4elem="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[0-9]{1,2})"; - # Regex matching an optional port beginning with # matching optional port number starting '#' with range of 1 to 65536 - local portelem="(:(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4}))?"; + # See https://tools.ietf.org/html/rfc1340 + local ipv4elem="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)"; + # Regex matching an optional port beginning with : from 0 to 65535 + # See https://tools.ietf.org/html/rfc1340#page-33 + local portelem="(:(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}|0))?"; # Build a full IPv4 regex from the above subexpressions local regex="^${ipv4elem}\.${ipv4elem}\.${ipv4elem}\.${ipv4elem}${portelem}$" diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 20dadc26..1266f46b 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -555,6 +555,14 @@ def test_validate_ip(Pihole): test_address('8.8.8.8:65535') test_address('8.8.8.8:65536', False) test_address('8.8.8.8:-1', False) + test_address('00.0.0.0', False) + test_address('010.0.0.0', False) + test_address('001.0.0.0', False) + test_address('0.0.0.0:00', False) + test_address('0.0.0.0:01', False) + test_address('0.0.0.0:001', False) + test_address('0.0.0.0:0001', False) + test_address('0.0.0.0:00001', False) def test_os_check_fails(Pihole): From 6198165df8d3231187dc7301bcafb2cf0655565f Mon Sep 17 00:00:00 2001 From: Jaime Baez Date: Fri, 26 Mar 2021 20:24:38 +0100 Subject: [PATCH 010/141] Fix error trying to access undefined variables on splash page. Signed-off-by: Jaime Baez --- advanced/index.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index eea44462..8f33cf5d 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -58,20 +58,20 @@ if ($serverName === "pi.hole" // When directly browsing via IP or authorized hostname // Render splash/landing page based off presence of $landPage file // Unset variables so as to not be included in $landPage or $splashPage - unset($serverName, $svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt, $viewPort); + unset($svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt); // If $landPage file is present if (is_file(getcwd()."/$landPage")) { + unset($serverName, $viewPort); // unset extra variables not to be included in $landpage include $landPage; exit(); } // If $landPage file was not present, Set Splash Page output - $splashPage = " + $splashPage = << $viewPort - ● $serverName @@ -84,7 +84,7 @@ if ($serverName === "pi.hole" - "; +EOT; exit($splashPage); } elseif ($currentUrlExt === "js") { // Serve Pi-hole JavaScript for blocked domains requesting JS From 25ded7919005d9164a0dab08292835bdde4b630f Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Wed, 14 Apr 2021 09:26:52 -0700 Subject: [PATCH 011/141] Update README --- README.md | 57 ++++++++++++++++++++++++++----------------------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 6d7e5b5e..57dee16d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ +# +

Pi-hole @@ -9,8 +11,6 @@

-# - The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software. - **Easy-to-install**: our versatile installer walks you through the process, and takes less than ten minutes @@ -26,8 +26,6 @@ The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) th ----- -Master [![Build Status](https://travis-ci.com/pi-hole/pi-hole.svg?branch=master)](https://travis-ci.com/pi-hole/pi-hole) Development [![Build Status](https://travis-ci.com/pi-hole/pi-hole.svg?branch=development)](https://travis-ci.com/pi-hole/pi-hole) - ## One-Step Automated Install Those who want to get started quickly and conveniently may install Pi-hole using the following command: @@ -71,16 +69,18 @@ Make no mistake: **your support is absolutely vital to help keep us innovating!* ### [Donations](https://pi-hole.net/donate) -Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses: +Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses and rewarding our dedicated development team: ### Alternative support If you'd rather not donate (_which is okay!_), there are other ways you can help support us: -- [Patreon](https://patreon.com/pihole) _Become a patron for rewards_ +- [GitHub Sponsors](https://github.com/sponsors/pi-hole/) +- [Patreon](https://patreon.com/pihole) +- [Hetzner Cloud](https://hetzner.cloud/?ref=7aceisRX3AzA) _affiliate link_ - [Digital Ocean](https://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_ - [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_ -- [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ +- [Amazon US](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ - Spreading the word about our software, and how you have benefited from it ### Contributing via GitHub @@ -95,7 +95,9 @@ You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/ma ## Getting in touch with us -While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets. **Please be sure to check the FAQ's** before starting a new discussion, as we do not have the spare time to reply to every request for assistance. +While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets. + +**Please be sure to check the FAQ's** before starting a new discussion. Many user questions already have answers and can be solved without any additional assistance. - [Frequently Asked Questions](https://discourse.pi-hole.net/c/faqs) - [Feature Requests](https://discourse.pi-hole.net/c/feature-requests?order=votes) @@ -106,12 +108,27 @@ While we are primarily reachable on our [Discourse User Forum](https://discourse ## Breakdown of Features +### [Faster-than-light Engine](https://github.com/pi-hole/ftl) + +[FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! + +Some of the statistics you can integrate include: + +- Total number of domains being blocked +- Total number of DNS queries today +- Total number of ads blocked today +- Percentage of ads blocked +- Unique domains +- Queries forwarded (to your chosen upstream DNS server) +- Queries cached +- Unique clients + +The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). + ### The Command Line Interface The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`. -![Pi-hole Blacklist Demo](https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif) - Some notable features include: - [Whitelisting, Blacklisting and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex) @@ -128,8 +145,6 @@ You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-c This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve! -![Pi-hole Dashboard](https://pi-hole.github.io/graphics/Screenshots/pihole-dashboard.png) - Some notable features include: - Mobile friendly interface @@ -145,21 +160,3 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t 1. `http://pi.hole/admin/` (when using Pi-hole as your DNS server) 2. `http:///admin/` -3. `http://pi.hole/` (when using Pi-hole as your DNS server) - -## Faster-than-light Engine - -FTLDNS is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! - -Some of the statistics you can integrate include: - -- Total number of domains being blocked -- Total number of DNS queries today -- Total number of ads blocked today -- Percentage of ads blocked -- Unique domains -- Queries forwarded (to your chosen upstream DNS server) -- Queries cached -- Unique clients - -The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). From 5df7ed2f3229908267e75cc30630b6393339c73f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 14 Apr 2021 18:33:10 +0200 Subject: [PATCH 012/141] Obtain FTL's PID from the PID file (#4103) * Try to obtain FTL's PID from the PID file. If this fails, try to identify the main process using pgrep --oldest (instead of relying on pkill finding the right one by itself). This allows the script to work in even when FTL is running inside the memory checker valgrind. * Rename FTL_PID -> FTL_PID_FILE * Remove the pgrep fallback after discussions about that it should be more obvious to users if something strange happened to their PID file. Also, simplify the routine using a bashism in the end. * Shorten if [[ regex ]] * Use unset instead of emptying the PID variable Signed-off-by: DL6ER Co-authored-by: Dan Schaper --- pihole | 47 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/pihole b/pihole index 2b2b7bc2..f8085c8e 100755 --- a/pihole +++ b/pihole @@ -16,6 +16,7 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" # error due to modifying a readonly variable. setupVars="/etc/pihole/setupVars.conf" PI_HOLE_BIN_DIR="/usr/local/bin" +readonly FTL_PID_FILE="/run/pihole-FTL.pid" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" source "${colfile}" @@ -98,8 +99,25 @@ versionFunc() { exit 0 } +# Get PID of main pihole-FTL process +getFTLPID() { + local pid + + if [ -s "${FTL_PID_FILE}" ]; then + # -s: FILE exists and has a size greater than zero + pid="$(<"$FTL_PID_FILE")" + # Exploit prevention: unset the variable if there is malicious content + # Verify that the value read from the file is numeric + [[ "$pid" =~ [^[:digit:]] ]] && unset pid + fi + + # If FTL is not running, or the PID file contains malicious stuff, substitute + # negative PID to signal this to the caller + echo "${pid:=-1}" +} + restartDNS() { - local svcOption svc str output status + local svcOption svc str output status pid icon svcOption="${1:-restart}" # Determine if we should reload or restart @@ -108,17 +126,34 @@ restartDNS() { # Note 1: This will NOT re-read any *.conf files # Note 2: We cannot use killall here as it does # not know about real-time signals - svc="pkill -RTMIN pihole-FTL" - str="Reloading DNS lists" + pid="$(getFTLPID)" + if [[ "$pid" -eq "-1" ]]; then + svc="true" + str="FTL is not running" + icon="${INFO}" + else + svc="kill -RTMIN ${pid}" + str="Reloading DNS lists" + icon="${TICK}" + fi elif [[ "${svcOption}" =~ "reload" ]]; then # Reloading of the DNS cache has been requested # Note: This will NOT re-read any *.conf files - svc="pkill -HUP pihole-FTL" - str="Flushing DNS cache" + pid="$(getFTLPID)" + if [[ "$pid" -eq "-1" ]]; then + svc="true" + str="FTL is not running" + icon="${INFO}" + else + svc="kill -HUP ${pid}" + str="Flushing DNS cache" + icon="${TICK}" + fi else # A full restart has been requested svc="service pihole-FTL restart" str="Restarting DNS server" + icon="${TICK}" fi # Print output to Terminal, but not to Web Admin @@ -128,7 +163,7 @@ restartDNS() { status="$?" if [[ "${status}" -eq 0 ]]; then - [[ -t 1 ]] && echo -e "${OVER} ${TICK} ${str}" + [[ -t 1 ]] && echo -e "${OVER} ${icon} ${str}" return 0 else [[ ! -t 1 ]] && local OVER="" From 866045968d8f7b7b08287a6e614bcafd241f7c48 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Wed, 14 Apr 2021 12:27:36 -0700 Subject: [PATCH 013/141] Add missing closing single quote Signed-off-by: Dan Schaper --- advanced/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/index.php b/advanced/index.php index 8f33cf5d..a38cd365 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -78,7 +78,7 @@ if ($serverName === "pi.hole" From 74948ae5c1315388ac02856e4f723d5d6fdbe486 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 14 Apr 2021 22:50:04 +0200 Subject: [PATCH 014/141] The correct port separator is '#' not ':' in dnsmasq style. This should not have been changed in #4083 in the first place. Signed-off-by: DL6ER --- automated install/basic-install.sh | 9 ++++----- test/test_automated_install.py | 28 ++++++++++++++-------------- 2 files changed, 18 insertions(+), 19 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 07683204..eb52aea3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1025,9 +1025,8 @@ valid_ip() { # Regex matching one IPv4 component, i.e. an integer from 0 to 255. # See https://tools.ietf.org/html/rfc1340 local ipv4elem="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)"; - # Regex matching an optional port beginning with : from 0 to 65535 - # See https://tools.ietf.org/html/rfc1340#page-33 - local portelem="(:(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}|0))?"; + # Regex matching an optional port (starting with '#') range of 1-65536 + local portelem="(#(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}|0))?"; # Build a full IPv4 regex from the above subexpressions local regex="^${ipv4elem}\.${ipv4elem}\.${ipv4elem}\.${ipv4elem}${portelem}$" @@ -1046,8 +1045,8 @@ valid_ip6() { local ipv6elem="[0-9a-fA-F]{1,4}" # Regex matching an IPv6 CIDR, i.e. 1 to 128 local v6cidr="(\\/([1-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])){0,1}" - # Regex matching an optional port beginning with # matching optional port number starting '#' with range of 1-65536 - local portelem="(#([1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-6]))?" + # Regex matching an optional port (starting with '#') range of 1-65536 + local portelem="(#(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}|0))?"; # Build a full IPv6 regex from the above subexpressions local regex="^(((${ipv6elem}))*((:${ipv6elem}))*::((${ipv6elem}))*((:${ipv6elem}))*|((${ipv6elem}))((:${ipv6elem})){7})${v6cidr}${portelem}$" diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 1266f46b..44624082 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -546,23 +546,23 @@ def test_validate_ip(Pihole): test_address('256.255.255.255', False) test_address('1092.168.1.1', False) test_address('not an IP', False) - test_address('8.8.8.8:', False) - test_address('8.8.8.8:0') - test_address('8.8.8.8:1') - test_address('8.8.8.8:42') - test_address('8.8.8.8:888') - test_address('8.8.8.8:1337') - test_address('8.8.8.8:65535') - test_address('8.8.8.8:65536', False) - test_address('8.8.8.8:-1', False) + test_address('8.8.8.8#', False) + test_address('8.8.8.8#0') + test_address('8.8.8.8#1') + test_address('8.8.8.8#42') + test_address('8.8.8.8#888') + test_address('8.8.8.8#1337') + test_address('8.8.8.8#65535') + test_address('8.8.8.8#65536', False) + test_address('8.8.8.8#-1', False) test_address('00.0.0.0', False) test_address('010.0.0.0', False) test_address('001.0.0.0', False) - test_address('0.0.0.0:00', False) - test_address('0.0.0.0:01', False) - test_address('0.0.0.0:001', False) - test_address('0.0.0.0:0001', False) - test_address('0.0.0.0:00001', False) + test_address('0.0.0.0#00', False) + test_address('0.0.0.0#01', False) + test_address('0.0.0.0#001', False) + test_address('0.0.0.0#0001', False) + test_address('0.0.0.0#00001', False) def test_os_check_fails(Pihole): From f90dffbf1a79a3da90526da2b7ed8e37946d36d1 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Apr 2021 11:41:26 +0200 Subject: [PATCH 015/141] Do not put hostname and pi.hole into local.list - this will be handled by FTL after FTL#1111 has been merged Signed-off-by: DL6ER --- gravity.sh | 50 ++++++-------------------------------------------- 1 file changed, 6 insertions(+), 44 deletions(-) diff --git a/gravity.sh b/gravity.sh index 24a41c48..bfe45b55 100755 --- a/gravity.sh +++ b/gravity.sh @@ -47,16 +47,6 @@ domainsExtension="domains" setupVars="${piholeDir}/setupVars.conf" if [[ -f "${setupVars}" ]];then source "${setupVars}" - - # Remove CIDR mask from IPv4/6 addresses - IPV4_ADDRESS="${IPV4_ADDRESS%/*}" - IPV6_ADDRESS="${IPV6_ADDRESS%/*}" - - # Determine if IPv4/6 addresses exist - if [[ -z "${IPV4_ADDRESS}" ]] && [[ -z "${IPV6_ADDRESS}" ]]; then - echo -e " ${COL_LIGHT_RED}No IP addresses found! Please run 'pihole -r' to reconfigure${COL_NC}" - exit 1 - fi else echo -e " ${COL_LIGHT_RED}Installation Failure: ${setupVars} does not exist! ${COL_NC} Please run 'pihole -r', and choose the 'reconfigure' option to fix." @@ -564,7 +554,7 @@ compareLists() { # Download specified URL and perform checks on HTTP status and file content gravity_DownloadBlocklistFromUrl() { local url="${1}" cmd_ext="${2}" agent="${3}" adlistID="${4}" saveLocation="${5}" target="${6}" compression="${7}" - local heisenbergCompensator="" patternBuffer str httpCode success="" + local heisenbergCompensator="" patternBuffer str httpCode success="" ip # Create temp file to store content on disk instead of RAM patternBuffer=$(mktemp -p "/tmp" --suffix=".phgpb") @@ -582,7 +572,10 @@ gravity_DownloadBlocklistFromUrl() { blocked=false case $BLOCKINGMODE in "IP-NODATA-AAAA"|"IP") - if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then + # Get IP address of this domain + ip="$(dig "${domain}" +short)" + # Check if this IP matches any IP of the system + if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then blocked=true fi;; "NXDOMAIN") @@ -785,43 +778,12 @@ gravity_ShowCount() { gravity_Table_Count "vw_regex_whitelist" "regex whitelist filters" } -# Parse list of domains into hosts format -gravity_ParseDomainsIntoHosts() { - awk -v ipv4="$IPV4_ADDRESS" -v ipv6="$IPV6_ADDRESS" '{ - # Remove windows CR line endings - sub(/\r$/, "") - # Parse each line as "ipaddr domain" - if(ipv6 && ipv4) { - print ipv4" "$0"\n"ipv6" "$0 - } else if(!ipv6) { - print ipv4" "$0 - } else { - print ipv6" "$0 - } - }' >> "${2}" < "${1}" -} - # Create "localhost" entries into hosts format gravity_generateLocalList() { - local hostname - - if [[ -s "/etc/hostname" ]]; then - hostname=$(< "/etc/hostname") - elif command -v hostname &> /dev/null; then - hostname=$(hostname -f) - else - echo -e " ${CROSS} Unable to determine fully qualified domain name of host" - return 0 - fi - - echo -e "${hostname}\\npi.hole" > "${localList}.tmp" - # Empty $localList if it already exists, otherwise, create it - : > "${localList}" + echo "### Do not modify this file, it will be overwritten by pihole -g" > "${localList}" chmod 644 "${localList}" - gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}" - # Add additional LAN hosts provided by OpenVPN (if available) if [[ -f "${VPNList}" ]]; then awk -F, '{printf $2"\t"$1".vpn\n"}' "${VPNList}" >> "${localList}" From aa88be335e602a57e5c8cc70dea6db06454ebf93 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Apr 2021 11:44:54 +0200 Subject: [PATCH 016/141] Acknowledge that IPV{4,6}_ADDRESS may not exist Signed-off-by: DL6ER --- pihole | 5 +---- test/test_automated_install.py | 2 -- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/pihole b/pihole index f8085c8e..4fe80fc7 100755 --- a/pihole +++ b/pihole @@ -363,16 +363,13 @@ tailFunc() { fi echo -e " ${INFO} Press Ctrl-C to exit" - # Retrieve IPv4/6 addresses - source /etc/pihole/setupVars.conf - # Strip date from each line # Color blocklist/blacklist/wildcard entries as red # Color A/AAAA/DHCP strings as white # Color everything else as gray tail -f /var/log/pihole.log | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ - -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 44624082..ba1781aa 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -45,8 +45,6 @@ def test_setupVars_are_sourced_to_global_scope(Pihole): # Currently debug test function only echo "Outputting sourced variables" echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}" - echo "IPV4_ADDRESS=${IPV4_ADDRESS}" - echo "IPV6_ADDRESS=${IPV6_ADDRESS}" echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}" echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}" } From 58905a1188b9d46e97e6dec975fbb90a22101258 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Apr 2021 12:14:05 +0200 Subject: [PATCH 017/141] Modify debugger to test name resolution on all available interfaces Signed-off-by: DL6ER --- advanced/Scripts/chronometer.sh | 4 --- advanced/Scripts/piholeDebug.sh | 63 ++++++++++++++++++++++----------- 2 files changed, 43 insertions(+), 24 deletions(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 4f9ea59a..3f85bdfc 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -498,10 +498,6 @@ chronoFunc() { printFunc " RAM usage: " "$ram_perc%" "$ram_info" printFunc " HDD usage: " "$disk_perc" "$disk_info" - if [[ "$scr_lines" -gt 17 ]] && [[ "$chrono_width" != "small" ]]; then - printFunc " LAN addr: " "${IPV4_ADDRESS/\/*/}" "$lan_info" - fi - if [[ "$DHCP_ACTIVE" == "true" ]]; then printFunc "DHCP usage: " "$ph_dhcp_percent%" "$dhcp_info" fi diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 13a886f1..c6294e6e 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -859,7 +859,6 @@ dig_at() { # Store the arguments as variables with names local protocol="${1}" - local IP="${2}" echo_current_diagnostic "Name resolution (IPv${protocol}) using a random blocked domain and a known ad-serving domain" # Set more local variables # We need to test name resolution locally, via Pi-hole, and via a public resolver @@ -874,15 +873,15 @@ dig_at() { if [[ ${protocol} == "6" ]]; then # Set the IPv6 variables and record type local local_address="::1" - local pihole_address="${IP}" local remote_address="2001:4860:4860::8888" + local sed_selector="inet6" local record_type="AAAA" # Otherwise, it should be 4 else # so use the IPv4 values local local_address="127.0.0.1" - local pihole_address="${IP}" local remote_address="8.8.8.8" + local sed_selector="inet" local record_type="A" fi @@ -895,25 +894,53 @@ dig_at() { # First, do a dig on localhost to see if Pi-hole can use itself to block a domain if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then # If it can, show success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})" + log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC at ${COL_CYAN}${local_address}${CON_NC}" else # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} (${local_address})" + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} at ${COL_CYAN}${local_address}${CON_NC}" fi # Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address # This better emulates how clients will interact with Pi-hole as opposed to above where Pi-hole is # just asing itself locally - # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't waiting for too long + # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't + # waiting for too long + # + # Turn off history expansion such that the "!" in the sed command cannot do silly things + set +H + # Get interfaces + # sed logic breakdown: + # / master /d; + # Removes all interfaces that are slaves of others (e.g. virtual docker interfaces) + # /UP/!d; + # Removes all interfaces which are not UP + # s/^[0-9]*: //g; + # Removes interface index + # s/: <.*//g; + # Removes everything after the interface name + local interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")" - # If Pi-hole can dig itself from it's IP (not the loopback address) - if pihole_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${pihole_address}" +short "${record_type}"); then - # show a success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${pihole_dig}${COL_NC} via ${COL_CYAN}Pi-hole${COL_NC} (${pihole_address})" - else - # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}Pi-hole${COL_NC} (${pihole_address})" - fi + while IFS= read -r iface ; do + # Get addresses of current interface + # sed logic breakdown: + # /inet(|6) /!d; + # Removes all lines from ip a that do not contain either "inet " or "inet6 " + # s/^.*inet(|6) //g; + # Removes all leading whitespace as well as the "inet " or "inet6 " string + # s/\/.*$//g; + # Removes CIDR and everything thereafter (e.g., scope properties) + local addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" + while IFS= read -r local_address ; do + # Check if Pi-hole can use itself to block a domain + if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then + # If it can, show success + log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" + else + # Otherwise, show a failure + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})" + fi + done <<< "${addresses}" + done <<< "${interfaces}" # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server # We are using the static remote_url here instead of a random one because we know it works with IPv4 and IPv6 @@ -1046,12 +1073,8 @@ parse_file() { check_name_resolution() { # Check name resolution from localhost, Pi-hole's IP, and Google's name severs # using the function we created earlier - dig_at 4 "${IPV4_ADDRESS%/*}" - # If IPv6 enabled, - if [[ "${IPV6_ADDRESS}" ]]; then - # check resolution - dig_at 6 "${IPV6_ADDRESS%/*}" - fi + dig_at 4 + dig_at 6 } # This function can check a directory exists From 3b574096b80a44b2366c8bdbb9df8cfea14091b0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Apr 2021 12:24:46 +0200 Subject: [PATCH 018/141] Remove duplicated lo test Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index c6294e6e..02363b60 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -863,8 +863,9 @@ dig_at() { # Set more local variables # We need to test name resolution locally, via Pi-hole, and via a public resolver local local_dig - local pihole_dig local remote_dig + local interfaces + local addresses # Use a static domain that we know has IPv4 and IPv6 to avoid false positives # Sometimes the randomly chosen domains don't use IPv6, or something else is wrong with them local remote_url="doubleclick.com" @@ -891,15 +892,6 @@ dig_at() { local random_url random_url=$(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity ORDER BY RANDOM() LIMIT 1") - # First, do a dig on localhost to see if Pi-hole can use itself to block a domain - if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then - # If it can, show success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC at ${COL_CYAN}${local_address}${CON_NC}" - else - # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} at ${COL_CYAN}${local_address}${CON_NC}" - fi - # Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address # This better emulates how clients will interact with Pi-hole as opposed to above where Pi-hole is # just asing itself locally @@ -918,7 +910,7 @@ dig_at() { # Removes interface index # s/: <.*//g; # Removes everything after the interface name - local interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")" + interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")" while IFS= read -r iface ; do # Get addresses of current interface @@ -929,10 +921,10 @@ dig_at() { # Removes all leading whitespace as well as the "inet " or "inet6 " string # s/\/.*$//g; # Removes CIDR and everything thereafter (e.g., scope properties) - local addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" + addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" while IFS= read -r local_address ; do # Check if Pi-hole can use itself to block a domain - if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then + if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then # If it can, show success log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" else @@ -944,7 +936,7 @@ dig_at() { # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server # We are using the static remote_url here instead of a random one because we know it works with IPv4 and IPv6 - if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @${remote_address} +short "${record_type}" | head -n1); then + if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @"${remote_address}" +short "${record_type}" | head -n1); then # If successful, the real IP of the domain will be returned instead of Pi-hole's IP log_write "${TICK} ${remote_url} ${COL_GREEN}is ${remote_dig}${COL_NC} via ${COL_CYAN}a remote, public DNS server${COL_NC} (${remote_address})" else @@ -1059,7 +1051,7 @@ parse_file() { local file_lines # For each line in the file, for file_lines in "${file_info[@]}"; do - if [[ ! -z "${file_lines}" ]]; then + if [[ -n "${file_lines}" ]]; then # don't include the Web password hash [[ "${file_lines}" =~ ^\#.*$ || ! "${file_lines}" || "${file_lines}" == "WEBPASSWORD="* ]] && continue # otherwise, display the lines of the file From 60513f93a3f239bf503372972c9e3c3b312cf9be Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 18 Apr 2021 09:26:23 +0200 Subject: [PATCH 019/141] Don't set IPV{4,6}_ADDRESS in conftest.py Signed-off-by: DL6ER --- test/conftest.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/conftest.py b/test/conftest.py index 07166ec5..13731eb8 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -8,8 +8,6 @@ check_output = testinfra.get_backend( SETUPVARS = { 'PIHOLE_INTERFACE': 'eth99', - 'IPV4_ADDRESS': '1.1.1.1', - 'IPV6_ADDRESS': 'FE80::240:D0FF:FE48:4672', 'PIHOLE_DNS_1': '4.2.2.1', 'PIHOLE_DNS_2': '4.2.2.2' } From 2ba350984f19165b2f224d4d9d7e9bc3bf655850 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Sun, 18 Apr 2021 15:12:01 +0200 Subject: [PATCH 020/141] Enable PHP8 support for Debian/Ubuntu Since PHP8.0, the JSON extension is a core PHP extension and hence the php8.0-json package does not exist and is not required: - https://www.php.net/manual/json.installation.php - https://packages.debian.org/php8.0-json Solves: https://discourse.pi-hole.net/t/php-8-packages-not-found/46286 Signed-off-by: MichaIng --- automated install/basic-install.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index eb52aea3..1d6253a0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -360,7 +360,11 @@ if is_command apt-get ; then PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-json" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php + if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then + PIHOLE_WEB_DEPS+=("${phpVer}-json") + fi # The Web server user, LIGHTTPD_USER="www-data" # group, From 5895690b588e0c26efe509f36e455b430fbe3db3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 24 Apr 2021 15:38:27 +0100 Subject: [PATCH 021/141] this has been annoying me for months Signed-off-by: Adam Warner --- advanced/Scripts/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index f77ee635..86ac45bc 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -153,7 +153,7 @@ versionOutput() { if [[ -n "$current" ]] && [[ -n "$latest" ]]; then output="${1^} version is $branch$current (Latest: $latest)" elif [[ -n "$current" ]] && [[ -z "$latest" ]]; then - output="Current ${1^} version is $branch$current." + output="Current ${1^} version is $branch$current" elif [[ -z "$current" ]] && [[ -n "$latest" ]]; then output="Latest ${1^} version is $latest" elif [[ "$curHash" == "N/A" ]] || [[ "$latHash" == "N/A" ]]; then From f3ceebbe06217cac68720d3668b210a0a35f900b Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 30 Apr 2021 20:48:12 +0200 Subject: [PATCH 022/141] Re-remove wget from dependencies The dependency has been removed here: https://github.com/pi-hole/pi-hole/pull/3185 But accidentally re-added here: https://github.com/pi-hole/pi-hole/commit/982c1b0059723e92fa6d6bc92d466d4f2b4f8b8d#diff-595630a29a855f6d667a84ca0662042e826bf3ec56322ef61d4a6ef149147d23 wget is still not used in any Pi-hole script, hence it can be removed safely from dependencies. Signed-off-by: MichaIng --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 1d6253a0..454daee4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -357,7 +357,7 @@ if is_command apt-get ; then # Packages required to run this install script (stored as an array) INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail dnsutils) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") From c9014436767251bd3b67558561afae60d78ee9b3 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Sun, 2 May 2021 13:27:35 +0200 Subject: [PATCH 023/141] Remove false statement about dependency removal on Raspbian The statement "All dependencies are safe to remove on Raspbian" has been added at a time where a much smaller list of dependencies were installed, all indeed relatively safe to purge. Nowadays this list has grown and includes important system packages, like iproute2, psmisc, sudo, curl and others, which are often again dependencies of other packages, like network stacks (ifupdown) and others, so that inexperienced users, following that statement, may break their systems network capabilities and more. This message has hence been removed. Signed-off-by: MichaIng --- automated install/uninstall.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index a0d3b108..543ca07a 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -206,11 +206,7 @@ removeNoPurge() { } ######### SCRIPT ########### -if command -v vcgencmd &> /dev/null; then - echo -e " ${INFO} All dependencies are safe to remove on Raspbian" -else - echo -e " ${INFO} Be sure to confirm if any dependencies should not be removed" -fi +echo -e " ${INFO} Be sure to confirm if any dependencies should not be removed" while true; do echo -e " ${INFO} ${COL_YELLOW}The following dependencies may have been added by the Pi-hole install:" echo -n " " From 6f60555f7994c0e33e5156f8eeadf3469338de25 Mon Sep 17 00:00:00 2001 From: Ashutosh Verma Date: Thu, 20 May 2021 22:34:19 +0530 Subject: [PATCH 024/141] Added install Method 3 Signed-off-by: Ashutosh Verma --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 57dee16d..06f541f4 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,8 @@ sudo bash basic-install.sh wget -O basic-install.sh https://install.pi-hole.net sudo bash basic-install.sh ``` +### Method 3: Using Docker to deploy Pi-hole +Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-hole) to use the Official Docker Images. ## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/) From a9e761ec1336284108baf12e908a2124059cef9f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 23 May 2021 12:11:04 +0200 Subject: [PATCH 025/141] Add missing sed anchors when deleting lines. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 8ef4d940..315236a3 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -716,7 +716,7 @@ RemoveCustomDNSAddress() { host="${args[3]}" if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - sed -i "/${ip} ${host}/d" "${dnscustomfile}" + sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" else echo -e " ${CROSS} Invalid IP has been passed" exit 1 @@ -748,7 +748,7 @@ RemoveCustomCNAMERecord() { if [[ -n "${validDomain}" ]]; then validTarget="$(checkDomain "${target}")" if [[ -n "${validDomain}" ]]; then - sed -i "/cname=${validDomain},${validTarget}/d" "${dnscustomcnamefile}" + sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" else echo " ${CROSS} Invalid Target Passed!" exit 1 From 01c310a78f41b84e77283daae87244cb47f5ff4a Mon Sep 17 00:00:00 2001 From: William Horning Date: Thu, 10 Jun 2021 19:23:58 -0400 Subject: [PATCH 026/141] Fix typo Signed-off-by: William Horning --- manpages/pihole.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manpages/pihole.8 b/manpages/pihole.8 index 4ba0e0f7..aaaa8d7e 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -56,7 +56,7 @@ Available commands and options: \fB-w, whitelist\fR [options] [ ] .br - Adds or removes specified domain or domains tho the Whitelist + Adds or removes specified domain or domains to the Whitelist .br \fB-b, blacklist\fR [options] [ ] From a2d5b8050af46b7f28eff0dfb6b3b81b2c499db9 Mon Sep 17 00:00:00 2001 From: jpgpi250 Date: Mon, 14 Jun 2021 20:27:10 +0200 Subject: [PATCH 027/141] Update gravity.sh Signed-off-by: jpgpi250 --- gravity.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index 24a41c48..7ba443d8 100755 --- a/gravity.sh +++ b/gravity.sh @@ -73,6 +73,8 @@ fi # have changed gravityDBfile="${GRAVITYDB}" gravityTEMPfile="${GRAVITYDB}_temp" +gravityDIR="$(dirname -- "${gravityDBfile}")" +gravityOLDfile="${gravityDIR}/gravity_old.db" if [[ -z "${BLOCKINGMODE}" ]] ; then BLOCKINGMODE="NULL" @@ -123,8 +125,19 @@ gravity_swap_databases() { fi echo -e "${OVER} ${TICK} ${str}" - # Swap databases and remove old database - rm "${gravityDBfile}" + # Swap databases and remove or conditionally rename old database + # Number of available blocks on disk + availableBlocks=$(stat -f --format "%a" "${gravityDIR}") + # Number of blocks, used by gravity.db + gravityBlocks=$(stat --format "%b" ${gravityDBfile}) + # Only keep the old database if available disk space is at least twice the size of the existing gravity.db. + # Better be safe than sorry... + if [ "${availableBlocks}" -gt "$(("${gravityBlocks}" * 2))" ] && [ -f "${gravityDBfile}" ]; then + echo -e " ${TICK} The old database remains available." + mv "${gravityDBfile}" "${gravityOLDfile}" + else + rm "${gravityDBfile}" + fi mv "${gravityTEMPfile}" "${gravityDBfile}" } @@ -890,6 +903,11 @@ for var in "$@"; do esac done +# Remove OLD (backup) gravity file, if it exists +if [[ -f "${gravityOLDfile}" ]]; then + rm "${gravityOLDfile}" +fi + # Trap Ctrl-C gravity_Trap From df3c46349ab0f32cf420ba26105c85bbe1a0814c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 3 May 2021 21:23:41 +0200 Subject: [PATCH 028/141] Add tail of pihole.log to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 85 +++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 37 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 13a886f1..36efe77f 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1281,53 +1281,64 @@ analyze_gravity_list() { IFS="$OLD_IFS" } +obfuscated_pihole_log() { + local pihole_log=("$@") + local line + local error_to_check_for + local line_to_obfuscate + local obfuscated_line + for line in "${pihole_log[@]}"; do + # A common error in the pihole.log is when there is a non-hosts formatted file + # that the DNS server is attempting to read. Since it's not formatted + # correctly, there will be an entry for "bad address at line n" + # So we can check for that here and highlight it in red so the user can see it easily + error_to_check_for=$(echo "${line}" | grep 'bad address at') + # Some users may not want to have the domains they visit sent to us + # To that end, we check for lines in the log that would contain a domain name + line_to_obfuscate=$(echo "${line}" | grep ': query\|: forwarded\|: reply') + # If the variable contains a value, it found an error in the log + if [[ -n ${error_to_check_for} ]]; then + # So we can print it in red to make it visible to the user + log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" + else + # If the variable does not a value (the current default behavior), so do not obfuscate anything + if [[ -z ${OBFUSCATE} ]]; then + log_write " ${line}" + # Othwerise, a flag was passed to this command to obfuscate domains in the log + else + # So first check if there are domains in the log that should be obfuscated + if [[ -n ${line_to_obfuscate} ]]; then + # If there are, we need to use awk to replace only the domain name (the 6th field in the log) + # so we substitute the domain for the placeholder value + obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}') + log_write " ${obfuscated_line}" + else + log_write " ${line}" + fi + fi + fi + done +} + analyze_pihole_log() { echo_current_diagnostic "Pi-hole log" - local head_line + local pihole_log_head=() + local pihole_log_tail=() + local pihole_log_permissions + # Put the current Internal Field Separator into another variable so it can be restored later OLD_IFS="$IFS" # Get the lines that are in the file(s) and store them in an array for parsing later IFS=$'\r\n' - local pihole_log_permissions pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" - local pihole_log_head=() mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" - local error_to_check_for - local line_to_obfuscate - local obfuscated_line - for head_line in "${pihole_log_head[@]}"; do - # A common error in the pihole.log is when there is a non-hosts formatted file - # that the DNS server is attempting to read. Since it's not formatted - # correctly, there will be an entry for "bad address at line n" - # So we can check for that here and highlight it in red so the user can see it easily - error_to_check_for=$(echo "${head_line}" | grep 'bad address at') - # Some users may not want to have the domains they visit sent to us - # To that end, we check for lines in the log that would contain a domain name - line_to_obfuscate=$(echo "${head_line}" | grep ': query\|: forwarded\|: reply') - # If the variable contains a value, it found an error in the log - if [[ -n ${error_to_check_for} ]]; then - # So we can print it in red to make it visible to the user - log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" - else - # If the variable does not a value (the current default behavior), so do not obfuscate anything - if [[ -z ${OBFUSCATE} ]]; then - log_write " ${head_line}" - # Othwerise, a flag was passed to this command to obfuscate domains in the log - else - # So first check if there are domains in the log that should be obfuscated - if [[ -n ${line_to_obfuscate} ]]; then - # If there are, we need to use awk to replace only the domain name (the 6th field in the log) - # so we substitute the domain for the placeholder value - obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}') - log_write " ${obfuscated_line}" - else - log_write " ${head_line}" - fi - fi - fi - done + obfuscated_pihole_log "${pihole_log_head[@]}" + log_write "" + mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_tail[@]}" log_write "" # Set the IFS back to what it was IFS="$OLD_IFS" From f2cba6cad1b8893757c69975e8b984c1bc8eda7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 3 Jun 2021 13:15:44 +0200 Subject: [PATCH 029/141] Skip analyze_pihole_log if query logging has been disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 47 +++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 36efe77f..859ac3d3 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1321,27 +1321,34 @@ obfuscated_pihole_log() { } analyze_pihole_log() { - echo_current_diagnostic "Pi-hole log" - local pihole_log_head=() - local pihole_log_tail=() - local pihole_log_permissions + echo_current_diagnostic "Pi-hole log" + local pihole_log_head=() + local pihole_log_tail=() + local pihole_log_permissions - # Put the current Internal Field Separator into another variable so it can be restored later - OLD_IFS="$IFS" - # Get the lines that are in the file(s) and store them in an array for parsing later - IFS=$'\r\n' - pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") - log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" - mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" - obfuscated_pihole_log "${pihole_log_head[@]}" - log_write "" - mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" - obfuscated_pihole_log "${pihole_log_tail[@]}" - log_write "" - # Set the IFS back to what it was - IFS="$OLD_IFS" + local logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) + if [[ "${logging_enabled}" == "0" ]]; then + # No "log-queries" lines are found. + # Commented out lines (such as "#log-queries") are ignored + log_write "${INFO} Query logging is disabled" + else + # Put the current Internal Field Separator into another variable so it can be restored later + OLD_IFS="$IFS" + # Get the lines that are in the file(s) and store them in an array for parsing later + IFS=$'\r\n' + pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") + log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" + mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_head[@]}" + log_write "" + mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_tail[@]}" + log_write "" + # Set the IFS back to what it was + IFS="$OLD_IFS" + fi } tricorder_use_nc_or_curl() { From 1ae67e1de8677341b0f9af70008dfa8973c87d95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 4 Jun 2021 21:19:07 +0200 Subject: [PATCH 030/141] Only inform user about disabled logging, don't skipp printing pihole.log MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 35 ++++++++++++++++----------------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 859ac3d3..8b6a5c24 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1328,27 +1328,26 @@ analyze_pihole_log() { local logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) if [[ "${logging_enabled}" == "0" ]]; then - # No "log-queries" lines are found. - # Commented out lines (such as "#log-queries") are ignored + # Inform user that logging has been disabled and pihole.log does not contain queries log_write "${INFO} Query logging is disabled" - else - # Put the current Internal Field Separator into another variable so it can be restored later - OLD_IFS="$IFS" - # Get the lines that are in the file(s) and store them in an array for parsing later - IFS=$'\r\n' - pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") - log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" - mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" - obfuscated_pihole_log "${pihole_log_head[@]}" log_write "" - mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" - obfuscated_pihole_log "${pihole_log_tail[@]}" - log_write "" - # Set the IFS back to what it was - IFS="$OLD_IFS" fi + # Put the current Internal Field Separator into another variable so it can be restored later + OLD_IFS="$IFS" + # Get the lines that are in the file(s) and store them in an array for parsing later + IFS=$'\r\n' + pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") + log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" + mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_head[@]}" + log_write "" + mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_tail[@]}" + log_write "" + # Set the IFS back to what it was + IFS="$OLD_IFS" } tricorder_use_nc_or_curl() { From 08cf9aa5a7a5698c7c968b6dd003910875c9279d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 4 Jun 2021 21:30:41 +0200 Subject: [PATCH 031/141] Declare and assign 'logging_enabled' separately MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 8b6a5c24..62ba9aba 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1325,8 +1325,9 @@ analyze_pihole_log() { local pihole_log_head=() local pihole_log_tail=() local pihole_log_permissions + local logging_enabled - local logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) + logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) if [[ "${logging_enabled}" == "0" ]]; then # Inform user that logging has been disabled and pihole.log does not contain queries log_write "${INFO} Query logging is disabled" From 01764cc581220fb1751ebcb8808d5ca59ec7d2d6 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 20 Jun 2021 10:28:25 -0700 Subject: [PATCH 032/141] Explicity declare values for the RA packet. Signed-off-by: Dan Schaper --- advanced/Scripts/webpage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 8ef4d940..32719eb2 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -426,7 +426,7 @@ dhcp-leasefile=/etc/pihole/dhcp.leases echo "#quiet-dhcp6 #enable-ra dhcp-option=option6:dns-server,[::] -dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime} +dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600 ra-param=*,0,0 " >> "${dhcpconfig}" fi From 7df22cd8e035d64bf6d46397dbf3680395222776 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 20 Jun 2021 11:18:33 -0700 Subject: [PATCH 033/141] Check for logroate script existing first. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 454daee4..73b456ca 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1944,9 +1944,17 @@ finalExports() { # Install the logrotate script installLogrotate() { local str="Installing latest logrotate script" + local target=/etc/pihole/logrotate + printf "\\n %b %s..." "${INFO}" "${str}" + if [[ -f ${target} ]]; then + printf "\\n\\t%b Existing logrotate file found. No changes made.\\n" "${INFO}" + # Return value isn't that important, using 2 to indicate that it's not a fatal error but + # the function did not complete. + return 2 + fi # Copy the file over from the local repo - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate /etc/pihole/logrotate + install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate ${target} # Different operating systems have different user / group # settings for logrotate that makes it impossible to create # a static logrotate file that will work with e.g. @@ -1957,7 +1965,7 @@ installLogrotate() { # If there is a usergroup for log rotation, if [[ ! -z "${logusergroup}" ]]; then # replace the line in the logrotate script with that usergroup. - sed -i "s/# su #/su ${logusergroup}/g;" /etc/pihole/logrotate + sed -i "s/# su #/su ${logusergroup}/g;" ${target} fi printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" } From 4f660966d036a562d1fbbadbe0d56b52fa6cbf5b Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 20 Jun 2021 11:19:19 -0700 Subject: [PATCH 034/141] Shellchecker Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 73b456ca..96ca8c92 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1954,7 +1954,7 @@ installLogrotate() { return 2 fi # Copy the file over from the local repo - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate ${target} + install -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target} # Different operating systems have different user / group # settings for logrotate that makes it impossible to create # a static logrotate file that will work with e.g. @@ -1963,7 +1963,7 @@ installLogrotate() { # the local properties of the /var/log directory logusergroup="$(stat -c '%U %G' /var/log)" # If there is a usergroup for log rotation, - if [[ ! -z "${logusergroup}" ]]; then + if [[ -n "${logusergroup}" ]]; then # replace the line in the logrotate script with that usergroup. sed -i "s/# su #/su ${logusergroup}/g;" ${target} fi From 2b499880133c2869313d1a8ce971d3be86c6ae81 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 1 Jul 2021 02:19:00 +0000 Subject: [PATCH 035/141] Include lighttpd-mod-deflate in the PIHOLE_WEB_DEPS list since it is no longer provided by default in Debian Bullseye Signed-off-by: Daniel --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 96ca8c92..17462c73 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -360,7 +360,7 @@ if is_command apt-get ; then PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd lighttpd-mod-deflate "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then PIHOLE_WEB_DEPS+=("${phpVer}-json") From c120f8a8d88a20dd9bb5905ae3cf5a5f3ddb9466 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 2 Jul 2021 22:09:41 +0100 Subject: [PATCH 036/141] Revert "Include lighttpd-mod-deflate since it is no longer provided by default in Bullsye" --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 17462c73..96ca8c92 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -360,7 +360,7 @@ if is_command apt-get ; then PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd lighttpd-mod-deflate "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then PIHOLE_WEB_DEPS+=("${phpVer}-json") From 469b71544262f8473cc1e22142ee01a4016785fc Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 3 Jul 2021 00:00:54 +0100 Subject: [PATCH 037/141] Add three new tests (one for each dependecy array) to check packages are available in supported OS package repos Signed-off-by: Adam Warner --- test/test_automated_install.py | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 44624082..891fc185 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -597,3 +597,43 @@ def test_os_check_passes(Pihole): ''') expected_stdout = 'Supported OS detected' assert expected_stdout in detectOS.stdout + + +def test_package_manager_has_installer_deps(Pihole): + ''' Confirms OS is able to install the required packages for the installer''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + distro_check + install_dependent_packages ${INSTALLER_DEPS[@]} + ''') + + assert 'No package' not in output.stdout #centos7 still exits 0... + assert output.rc == 0 + + +def test_package_manager_has_pihole_deps(Pihole): + ''' Confirms OS is able to install the required packages for Pi-hole ''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + distro_check + install_dependent_packages ${PIHOLE_DEPS[@]} + ''') + + assert 'No package' not in output.stdout #centos7 still exits 0... + assert output.rc == 0 + + +def test_package_manager_has_web_deps(Pihole): + ''' Confirms OS is able to install the required packages for web ''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + distro_check + install_dependent_packages ${PIHOLE_WEB_DEPS[@]} + ''') + + assert 'No package' not in output.stdout #centos7 still exits 0... + assert output.rc == 0 + From 87f2ae82cd16473886c4bf9da1d9d19fb909aa1a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 3 Jul 2021 00:07:37 +0100 Subject: [PATCH 038/141] Stickler gonna stickle... Signed-off-by: Adam Warner --- test/test_automated_install.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 891fc185..0849aa9a 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -608,7 +608,7 @@ def test_package_manager_has_installer_deps(Pihole): install_dependent_packages ${INSTALLER_DEPS[@]} ''') - assert 'No package' not in output.stdout #centos7 still exits 0... + assert 'No package' not in output.stdout # centos7 still exits 0... assert output.rc == 0 @@ -621,7 +621,7 @@ def test_package_manager_has_pihole_deps(Pihole): install_dependent_packages ${PIHOLE_DEPS[@]} ''') - assert 'No package' not in output.stdout #centos7 still exits 0... + assert 'No package' not in output.stdout # centos7 still exits 0... assert output.rc == 0 @@ -634,6 +634,5 @@ def test_package_manager_has_web_deps(Pihole): install_dependent_packages ${PIHOLE_WEB_DEPS[@]} ''') - assert 'No package' not in output.stdout #centos7 still exits 0... + assert 'No package' not in output.stdout # centos7 still exits 0... assert output.rc == 0 - From 4fb5157719f3f8c74e9dfb9e8167673c96947532 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 4 Jun 2021 21:59:17 +0200 Subject: [PATCH 039/141] Squashed commits MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add simple grep function to pihole -t Signed-off-by: Christian König Add help info Signed-off-by: Christian König Improve help info Signed-off-by: Christian König Fix details Signed-off-by: Christian König --- pihole | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pihole b/pihole index f8085c8e..58ec385a 100755 --- a/pihole +++ b/pihole @@ -370,7 +370,7 @@ tailFunc() { # Color blocklist/blacklist/wildcard entries as red # Color A/AAAA/DHCP strings as white # Color everything else as gray - tail -f /var/log/pihole.log | sed -E \ + tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ @@ -456,7 +456,10 @@ Debugging Options: Add '-a' to automatically upload the log to tricorder.pi-hole.net -f, flush Flush the Pi-hole log -r, reconfigure Reconfigure or Repair Pi-hole subsystems - -t, tail View the live output of the Pi-hole log + -t, tail [arg] View the live output of the Pi-hole log. + Add an optional argument to filter the log + (regular expressions are supported) + Options: -a, admin Web interface options @@ -530,7 +533,7 @@ case "${1}" in "status" ) statusFunc "$2";; "restartdns" ) restartDNS "$2";; "-a" | "admin" ) webpageFunc "$@";; - "-t" | "tail" ) tailFunc;; + "-t" | "tail" ) tailFunc "$2";; "checkout" ) piholeCheckoutFunc "$@";; "tricorder" ) tricorderFunc;; "updatechecker" ) updateCheckFunc "$@";; From e80e54a61a4942320391770d939e370fb3f996c5 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 4 Jul 2021 01:18:46 +0100 Subject: [PATCH 040/141] head_line -> line Signed-off-by: Adam Warner --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 62ba9aba..f0d6f799 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1299,7 +1299,7 @@ obfuscated_pihole_log() { # If the variable contains a value, it found an error in the log if [[ -n ${error_to_check_for} ]]; then # So we can print it in red to make it visible to the user - log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" + log_write " ${CROSS} ${COL_RED}${line}${COL_NC} (${FAQ_BAD_ADDRESS})" else # If the variable does not a value (the current default behavior), so do not obfuscate anything if [[ -z ${OBFUSCATE} ]]; then From a0d74d1e9d52fb0039b6c3f709216e4af2acb0d3 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 4 Jul 2021 13:55:47 +0200 Subject: [PATCH 041/141] Canary domain handling is now happening in FTL where we have much finer control over it. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index ec5f8e49..9f07b120 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -273,11 +273,6 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 fi fi - # Prevent Firefox from automatically switching over to DNS-over-HTTPS - # This follows https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https - # (sourced 7th September 2019) - add_dnsmasq_setting "server=/use-application-dns.net/" - # We need to process DHCP settings here as well to account for possible # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf # as we don't want to delete all local=/.../ lines so it's much safer to From 31a096dec279ad478632d9e1ec614fbae362a4b7 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 7 Jul 2021 13:31:59 +0000 Subject: [PATCH 042/141] Remove mod_compress (mod_deflate) from lighttpd to provide backwards compatible support for Debian Bullseye (11) Signed-off-by: Daniel --- advanced/lighttpd.conf.debian | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index cd6d7737..9c892fc0 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -20,7 +20,6 @@ server.modules = ( "mod_accesslog", "mod_auth", "mod_expire", - "mod_compress", "mod_redirect", "mod_setenv", "mod_rewrite" @@ -41,26 +40,6 @@ index-file.names = ( "index.php", "index.html", "index.lighttpd.html" url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) -compress.cache-dir = "/var/cache/lighttpd/compress/" -compress.filetype = ( - "application/json", - "application/vnd.ms-fontobject", - "application/xml", - "font/eot", - "font/opentype", - "font/otf", - "font/ttf", - "image/bmp", - "image/svg+xml", - "image/vnd.microsoft.icon", - "image/x-icon", - "text/css", - "text/html", - "text/javascript", - "text/plain", - "text/xml" -) - mimetype.assign = ( ".ico" => "image/x-icon", ".jpeg" => "image/jpeg", From c9e341b5d48b254cab5dadd0d24dbad8e0674783 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Jul 2021 19:20:14 +0100 Subject: [PATCH 043/141] Same change as with #4221, but on fedora config too Signed-off-by: Adam Warner --- advanced/lighttpd.conf.fedora | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 64428617..aae4a6a4 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -21,7 +21,6 @@ server.modules = ( "mod_expire", "mod_fastcgi", "mod_accesslog", - "mod_compress", "mod_redirect", "mod_setenv", "mod_rewrite" @@ -42,26 +41,6 @@ index-file.names = ( "index.php", "index.html", "index.lighttpd.html" url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) -compress.cache-dir = "/var/cache/lighttpd/compress/" -compress.filetype = ( - "application/json", - "application/vnd.ms-fontobject", - "application/xml", - "font/eot", - "font/opentype", - "font/otf", - "font/ttf", - "image/bmp", - "image/svg+xml", - "image/vnd.microsoft.icon", - "image/x-icon", - "text/css", - "text/html", - "text/javascript", - "text/plain", - "text/xml" -) - mimetype.assign = ( ".ico" => "image/x-icon", ".jpeg" => "image/jpeg", From fdca19e66d9f249b4fc5afbf6d4acd396d570fa9 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 15 Apr 2021 13:59:10 +0000 Subject: [PATCH 044/141] Support and test Debian Bullsye (11) Signed-off-by: Daniel --- .github/workflows/test.yml | 2 +- advanced/Scripts/piholeDebug.sh | 4 ++-- automated install/basic-install.sh | 4 ++-- supportedos.txt | 4 ++-- test/_debian_11.Dockerfile | 17 +++++++++++++++++ test/tox.debian_11.ini | 8 ++++++++ 6 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 test/_debian_11.Dockerfile create mode 100644 test/tox.debian_11.ini diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d19df5ab..a6fd1acc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] + distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f0a22b6d..8ea640c2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -410,12 +410,12 @@ os_check() { # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net # and determines whether or not the script is running on one of those systems local remote_os_domain valid_os valid_version detected_os detected_version cmdResult digReturnCode response - remote_os_domain="versions.pi-hole.net" + remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"} detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"') detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') - cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)" + cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)" #Get the return code of the previous command (last line) digReturnCode="${cmdResult##*$'\n'}" diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 96ca8c92..4212159e 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -186,12 +186,12 @@ os_check() { # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net # and determines whether or not the script is running on one of those systems local remote_os_domain valid_os valid_version valid_response detected_os detected_version display_warning cmdResult digReturnCode response - remote_os_domain="versions.pi-hole.net" + remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"} detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"') detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') - cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)" + cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)" # Gets the return code of the previous command (last line) digReturnCode="${cmdResult##*$'\n'}" diff --git a/supportedos.txt b/supportedos.txt index 6d579132..c9332deb 100644 --- a/supportedos.txt +++ b/supportedos.txt @@ -1,5 +1,5 @@ Raspbian=9,10 Ubuntu=16,18,20 -Debian=9,10 +Debian=9,10,11 Fedora=32,33 -CentOS=7,8 \ No newline at end of file +CentOS=7,8 diff --git a/test/_debian_11.Dockerfile b/test/_debian_11.Dockerfile new file mode 100644 index 00000000..39be027e --- /dev/null +++ b/test/_debian_11.Dockerfile @@ -0,0 +1,17 @@ +FROM buildpack-deps:bullseye-scm + +ENV GITDIR /etc/.pihole +ENV SCRIPTDIR /opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/ +ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/tox.debian_11.ini b/test/tox.debian_11.ini new file mode 100644 index 00000000..af3c6e36 --- /dev/null +++ b/test/tox.debian_11.ini @@ -0,0 +1,8 @@ +[tox] +envlist = py37 + +[testenv] +whitelist_externals = docker +deps = -rrequirements.txt +commands = docker build -f _debian_11.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_automated_install.py From aa5c15a72882c5c76103363553644f8ef005bd61 Mon Sep 17 00:00:00 2001 From: Faye Duxovni Date: Fri, 9 Jul 2021 01:06:10 -0400 Subject: [PATCH 045/141] give pihole its own logrotate state file Signed-off-by: Faye Duxovni Co-authored-by: Dan Schaper --- advanced/Scripts/piholeLogFlush.sh | 11 ++++++++--- advanced/Templates/pihole.cron | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 51e94d7c..5c6a2c68 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -11,6 +11,11 @@ colfile="/opt/pihole/COL_TABLE" source ${colfile} +# In case we're running at the same time as a system logrotate, use a +# separate logrotate state file to prevent stepping on each other's +# toes. +STATEFILE="/var/lib/logrotate/pihole" + # Determine database location # Obtain DBFILE=... setting from pihole-FTL.db # Constructed to return nothing when @@ -32,7 +37,7 @@ if [[ "$@" == *"once"* ]]; then # Nightly logrotation if command -v /usr/sbin/logrotate >/dev/null; then # Logrotate once - /usr/sbin/logrotate --force /etc/pihole/logrotate + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate else # Copy pihole.log over to pihole.log.1 # and empty out pihole.log @@ -47,8 +52,8 @@ else # Manual flushing if command -v /usr/sbin/logrotate >/dev/null; then # Logrotate twice to move all data out of sight of FTL - /usr/sbin/logrotate --force /etc/pihole/logrotate; sleep 3 - /usr/sbin/logrotate --force /etc/pihole/logrotate + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate; sleep 3 + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate else # Flush both pihole.log and pihole.log.1 (if existing) echo " " > /var/log/pihole.log diff --git a/advanced/Templates/pihole.cron b/advanced/Templates/pihole.cron index ecd1e808..37724d2e 100644 --- a/advanced/Templates/pihole.cron +++ b/advanced/Templates/pihole.cron @@ -26,7 +26,7 @@ # parameter "quiet": don't print messages 00 00 * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet -@reboot root /usr/sbin/logrotate /etc/pihole/logrotate +@reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate # Pi-hole: Grab local version and branch every 10 minutes */10 * * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local From e2e7d0a6aa19e99cd0521a0644eae9f507739671 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 14 Jul 2021 22:36:02 +0100 Subject: [PATCH 046/141] add tests for ubuntu 21 Signed-off-by: Adam Warner --- test/_ubuntu_21.Dockerfile | 18 ++++++++++++++++++ test/tox.ubuntu_21.ini | 8 ++++++++ 2 files changed, 26 insertions(+) create mode 100644 test/_ubuntu_21.Dockerfile create mode 100644 test/tox.ubuntu_21.ini diff --git a/test/_ubuntu_21.Dockerfile b/test/_ubuntu_21.Dockerfile new file mode 100644 index 00000000..afddbfa9 --- /dev/null +++ b/test/_ubuntu_21.Dockerfile @@ -0,0 +1,18 @@ +FROM buildpack-deps:hirsute-scm + +ENV GITDIR /etc/.pihole +ENV SCRIPTDIR /opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/ +ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR +ENV DEBIAN_FRONTEND=noninteractive + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/tox.ubuntu_21.ini b/test/tox.ubuntu_21.ini new file mode 100644 index 00000000..651f933b --- /dev/null +++ b/test/tox.ubuntu_21.ini @@ -0,0 +1,8 @@ +[tox] +envlist = py37 + +[testenv] +whitelist_externals = docker +deps = -rrequirements.txt +commands = docker build -f _ubuntu_21.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_automated_install.py From 38d4b2a88339fef06e88fbc2da65d5141ccf0feb Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 14 Jul 2021 22:41:17 +0100 Subject: [PATCH 047/141] add OS_CHECK_DOMAIN_NAME override to all the dockerfiles Signed-off-by: Adam Warner --- test/_centos_7.Dockerfile | 1 + test/_centos_8.Dockerfile | 1 + test/_debian_10.Dockerfile | 1 + test/_debian_9.Dockerfile | 1 + test/_fedora_32.Dockerfile | 1 + test/_fedora_33.Dockerfile | 1 + test/_ubuntu_16.Dockerfile | 1 + test/_ubuntu_18.Dockerfile | 1 + test/_ubuntu_20.Dockerfile | 1 + 9 files changed, 9 insertions(+) diff --git a/test/_centos_7.Dockerfile b/test/_centos_7.Dockerfile index 00543b67..434242bf 100644 --- a/test/_centos_7.Dockerfile +++ b/test/_centos_7.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_centos_8.Dockerfile b/test/_centos_8.Dockerfile index 7444551b..afd2dc8a 100644 --- a/test/_centos_8.Dockerfile +++ b/test/_centos_8.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_10.Dockerfile b/test/_debian_10.Dockerfile index 9b72fc6a..54800d3c 100644 --- a/test/_debian_10.Dockerfile +++ b/test/_debian_10.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_9.Dockerfile b/test/_debian_9.Dockerfile index d6609ba3..c590a657 100644 --- a/test/_debian_9.Dockerfile +++ b/test/_debian_9.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_fedora_32.Dockerfile b/test/_fedora_32.Dockerfile index 869efb2b..e9c2ff2a 100644 --- a/test/_fedora_32.Dockerfile +++ b/test/_fedora_32.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_fedora_33.Dockerfile b/test/_fedora_33.Dockerfile index 0a1ac59c..9ae94c70 100644 --- a/test/_fedora_33.Dockerfile +++ b/test/_fedora_33.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_16.Dockerfile b/test/_ubuntu_16.Dockerfile index a92bc6f6..e572efd1 100644 --- a/test/_ubuntu_16.Dockerfile +++ b/test/_ubuntu_16.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ \ No newline at end of file diff --git a/test/_ubuntu_18.Dockerfile b/test/_ubuntu_18.Dockerfile index 2f63ea89..592c5c3f 100644 --- a/test/_ubuntu_18.Dockerfile +++ b/test/_ubuntu_18.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_20.Dockerfile b/test/_ubuntu_20.Dockerfile index caa6261f..80e2e007 100644 --- a/test/_ubuntu_20.Dockerfile +++ b/test/_ubuntu_20.Dockerfile @@ -13,5 +13,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ From a9b5fcd9230ff1f15ed85cfb92512c94d42e3301 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 15 Jul 2021 13:48:18 +0000 Subject: [PATCH 048/141] Add Ubuntu 21 to supportedos.txt, and github actions tests Signed-off-by: Daniel --- .github/workflows/test.yml | 2 +- supportedos.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a6fd1acc..129caea4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] + distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: diff --git a/supportedos.txt b/supportedos.txt index c9332deb..1726cc93 100644 --- a/supportedos.txt +++ b/supportedos.txt @@ -1,5 +1,5 @@ Raspbian=9,10 -Ubuntu=16,18,20 +Ubuntu=16,18,20,21 Debian=9,10,11 Fedora=32,33 CentOS=7,8 From 9beb3a9b6c2d1e7c9a57278df538409afe1ee8aa Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 16 Jul 2021 09:17:23 +0100 Subject: [PATCH 049/141] Delete supportedos.txt - it is not actually used anywhere can can cause confusion --- supportedos.txt | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 supportedos.txt diff --git a/supportedos.txt b/supportedos.txt deleted file mode 100644 index 1726cc93..00000000 --- a/supportedos.txt +++ /dev/null @@ -1,5 +0,0 @@ -Raspbian=9,10 -Ubuntu=16,18,20,21 -Debian=9,10,11 -Fedora=32,33 -CentOS=7,8 From 6be647a85f56028d9548467a86df1c2cc5ff24d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 16 Jul 2021 21:52:12 +0200 Subject: [PATCH 050/141] Fix coloring of pihole -t MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 126a4b86..470c9dc7 100755 --- a/pihole +++ b/pihole @@ -369,7 +369,7 @@ tailFunc() { # Color everything else as gray tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ - -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 From 092e533a30dcdef6716b975bb4587f052e7ec6ed Mon Sep 17 00:00:00 2001 From: Kenneth Chew Date: Sun, 18 Jul 2021 14:31:37 -0400 Subject: [PATCH 051/141] Add `-t` option to Admin Console help dialog Signed-off-by: Kenneth Chew --- advanced/Scripts/webpage.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 9f07b120..744416e7 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -44,7 +44,8 @@ Options: -e, email Set an administrative contact address for the Block Page -h, --help Show this help dialog -i, interface Specify dnsmasq's interface listening behavior - -l, privacylevel Set privacy level (0 = lowest, 3 = highest)" + -l, privacylevel Set privacy level (0 = lowest, 3 = highest) + -t, teleporter Backup configuration as an archive" exit 0 } From 57c40cbd09b461882eac4dac63f8ce816e343f1f Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 23 Jul 2021 20:43:13 +0200 Subject: [PATCH 052/141] Update pihole-FTL.service Make this script a bourne shell script, which requires the removal of only a single bashism, the "{n..m}" expansion. Furthermore, since POSIX echo has no reliable command line options, switch to printf when line breaks shall be omitted. On most distros/setups "sh" calls a much lighter bourne shell like dash, which inits and runs much faster than bash. Remove unused PIDFILE variable, remove the single case of FTLUSER call and remove it as well. Using variables here might give the wrong impression that there is a change these can be varied. But both are hardcoded in many places throughout Pi-hole, so in this service script. Consolidate and merge the commands to pre-create and set permissions for required files and directories. The /var/log/pihole directory is and was never used, the touch, chmod and chown call can be merged into one each to reduce overhead. Use "-f" option to to fail on missing database files instead of redirecting STDERR, which is otherwise helpful to debug other possible errors, like missing or corrupted commands, filesystem errors and such. Do not use "which pihole-FTL" when setting capabilities when the hardcoded path /usr/bin/pihole-FTL is used for the actual daemon call. It makes sense to use the full path here, as the Pi-hole installer and updater installs it explicitly there, and so we prevent users from e.g. overriding it via /usr/local/bin/pihole-FTL too easily. On pgrep and pkill calls, add the "-x" flag to assure that only "pihole-FTL" is matched and not "foo-pihole-FTL" or "pihole-FTL-bar". Do not remove possible leftovers from previous pihole-FTL processes on start, but on stop instead. Since "start" includes a proceeding "stop" as well, on service start nothing changes, but on service stop, some resources are now freed. Remove leading "$" from usage message. In bash this was omitted, as $'...' is a special syntax for escape sequence expansion, which is not applicable here. In dash it would be printed literally. To keep previous behaviour, it is hence removed. Signed-off-by: MichaIng --- advanced/Templates/pihole-FTL.service | 44 +++++++++++---------------- 1 file changed, 17 insertions(+), 27 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index f0743b49..76ad697a 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh ### BEGIN INIT INFO # Provides: pihole-FTL # Required-Start: $remote_fs $syslog $network @@ -9,11 +9,8 @@ # Description: Enable service provided by pihole-FTL daemon ### END INIT INFO -FTLUSER=pihole -PIDFILE=/run/pihole-FTL.pid - is_running() { - pgrep -o "pihole-FTL" > /dev/null 2>&1 + pgrep -xo "pihole-FTL" > /dev/null } @@ -23,27 +20,18 @@ start() { echo "pihole-FTL is already running" else # Touch files to ensure they exist (create if non-existing, preserve if existing) - touch /var/log/pihole-FTL.log /var/log/pihole.log - touch /run/pihole-FTL.pid /run/pihole-FTL.port - touch /etc/pihole/dhcp.leases - mkdir -p /run/pihole - mkdir -p /var/log/pihole - chown pihole:pihole /run/pihole /var/log/pihole - # Remove possible leftovers from previous pihole-FTL processes - rm -f /dev/shm/FTL-* 2> /dev/null - rm /run/pihole/FTL.sock 2> /dev/null + mkdir -pm 0755 /run/pihole + touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit all necessary files - chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port - chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null - chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log - chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole + chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist - chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null - if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then - su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" + chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "/usr/bin/pihole-FTL"; then + su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" - pihole-FTL + /usr/bin/pihole-FTL fi echo fi @@ -52,20 +40,20 @@ start() { # Stop the service stop() { if is_running; then - pkill -o pihole-FTL - for i in {1..5}; do + pkill -xo "pihole-FTL" + for i in 1 2 3 4 5; do if ! is_running; then break fi - echo -n "." + printf "." sleep 1 done echo if is_running; then echo "Not stopped; may still be shutting down or shutdown may have failed, killing now" - pkill -o -9 pihole-FTL + pkill -xo -9 "pihole-FTL" exit 1 else echo "Stopped" @@ -73,6 +61,8 @@ stop() { else echo "Not running" fi + # Cleanup + rm -f /run/pihole/FTL.sock /dev/shm/FTL-* echo } @@ -101,7 +91,7 @@ case "$1" in start ;; *) - echo $"Usage: $0 {start|stop|restart|reload|status}" + echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 esac From b1ea60484ef5156900aa274b889a2deef430b592 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 26 Jul 2021 13:22:26 -0700 Subject: [PATCH 053/141] Guard for logrotate func non-zero return Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4212159e..4ce3003b 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2043,7 +2043,10 @@ installPihole() { # Install the cron file installCron # Install the logrotate file - installLogrotate + if ! installLogrotate; then + printf " %b Failure in logrotate installation function.\\n" "${CROSS}" + # This isn't fatal, no need to exit. + fi # Check if dnsmasq is present. If so, disable it and back up any possible # config file disable_dnsmasq From 0c125eba2cc3cd097f93965f9084c8bf88649a4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 27 Jul 2021 22:04:30 +0200 Subject: [PATCH 054/141] Make output of SHM dir human readable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 8ea640c2..4c75f246 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1109,7 +1109,7 @@ list_files_in_dir() { : elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then # SHM file - we do not want to see the content, but we want to see the files and their sizes - log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")" + log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do From fbfec961d5e9a47ffd2100e2f9647eabd7784421 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 28 Jul 2021 21:16:19 +0200 Subject: [PATCH 055/141] Remove comparison of IP addresses with setupVars.conf Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 42 +-------------------------------- 1 file changed, 1 insertion(+), 41 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f0a22b6d..895747b1 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -605,38 +605,6 @@ parse_locale() { parse_file "${pihole_locale}" } -does_ip_match_setup_vars() { - # Check for IPv4 or 6 - local protocol="${1}" - # IP address to check for - local ip_address="${2}" - # See what IP is in the setupVars.conf file - local setup_vars_ip - setup_vars_ip=$(< ${PIHOLE_SETUP_VARS_FILE} grep IPV"${protocol}"_ADDRESS | cut -d '=' -f2) - # If it's an IPv6 address - if [[ "${protocol}" == "6" ]]; then - # Strip off the / (CIDR notation) - if [[ "${ip_address%/*}" == "${setup_vars_ip%/*}" ]]; then - # if it matches, show it in green - log_write " ${COL_GREEN}${ip_address%/*}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" - else - # otherwise show it in red with an FAQ URL - log_write " ${COL_RED}${ip_address%/*}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" - fi - - else - # if the protocol isn't 6, it's 4 so no need to strip the CIDR notation - # since it exists in the setupVars.conf that way - if [[ "${ip_address}" == "${setup_vars_ip}" ]]; then - # show in green if it matches - log_write " ${COL_GREEN}${ip_address}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" - else - # otherwise show it in red - log_write " ${COL_RED}${ip_address}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" - fi - fi -} - detect_ip_addresses() { # First argument should be a 4 or a 6 local protocol=${1} @@ -653,8 +621,7 @@ detect_ip_addresses() { log_write "${TICK} IPv${protocol} address(es) bound to the ${PIHOLE_INTERFACE} interface:" # Since there may be more than one IP address, store them in an array for i in "${!ip_addr_list[@]}"; do - # For each one in the list, print it out - does_ip_match_setup_vars "${protocol}" "${ip_addr_list[$i]}" + log_write " ${ip_addr_list[$i]}" done # Print a blank line just for formatting log_write "" @@ -663,13 +630,6 @@ detect_ip_addresses() { log_write "${CROSS} ${COL_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interface.\\n" return 1 fi - # If the protocol is v6 - if [[ "${protocol}" == "6" ]]; then - # let the user know that as long as there is one green address, things should be ok - log_write " ^ Please note that you may have more than one IP address listed." - log_write " As long as one of them is green, and it matches what is in ${PIHOLE_SETUP_VARS_FILE}, there is no need for concern.\\n" - log_write " The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.\\n" - fi } ping_ipv4_or_ipv6() { From d0eb0d50376358eed7d34579fcfa32a89fc0d1ec Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 28 Jul 2021 21:18:02 +0200 Subject: [PATCH 056/141] Remove extra failure display when installation of logrotate file is skipped because the file already exists Signed-off-by: DL6ER --- automated install/basic-install.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4ce3003b..96d0b693 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2042,11 +2042,10 @@ installPihole() { fi # Install the cron file installCron + # Install the logrotate file - if ! installLogrotate; then - printf " %b Failure in logrotate installation function.\\n" "${CROSS}" - # This isn't fatal, no need to exit. - fi + installLogrotate || true + # Check if dnsmasq is present. If so, disable it and back up any possible # config file disable_dnsmasq From d02aa3ced18094e33705b7b3e0d748ec10548791 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 28 Jul 2021 21:38:36 +0200 Subject: [PATCH 057/141] Fix error on checking interfaces that are not dual-stack Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4c75f246..837e1778 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -922,16 +922,20 @@ dig_at() { # s/\/.*$//g; # Removes CIDR and everything thereafter (e.g., scope properties) addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" - while IFS= read -r local_address ; do - # Check if Pi-hole can use itself to block a domain - if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then - # If it can, show success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" - else - # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})" - fi - done <<< "${addresses}" + if [ -n "${addresses}" ]; then + while IFS= read -r local_address ; do + # Check if Pi-hole can use itself to block a domain + if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then + # If it can, show success + log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" + else + # Otherwise, show a failure + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})" + fi + done <<< "${addresses}" + else + log_write "${TICK} No IPv${protocol} address available on ${COL_CYAN}${iface}${COL_NC}" + fi done <<< "${interfaces}" # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server From f552173be37d5ce1d58b31fa1ef7a0f4824a85f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 22:51:04 +0200 Subject: [PATCH 058/141] Resolve merge conflict MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4c75f246..3e31a097 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1110,6 +1110,10 @@ list_files_in_dir() { elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then # SHM file - we do not want to see the content, but we want to see the files and their sizes log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" + elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then + # in case of the dnsmasq directory inlcuede all files in the debug output + log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do From c99c86af7f161910f16eb98b2fef6b3f580dc8b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 22:53:30 +0200 Subject: [PATCH 059/141] Make all dir list output human readable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 3e31a097..c222491d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1112,14 +1112,14 @@ list_files_in_dir() { log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then # in case of the dnsmasq directory inlcuede all files in the debug output - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then # display the filename - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" # Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing) case "${dir_to_parse}/${each_file}" in # If it's Web server error log, give the first and last 25 lines From b05fc5bb2b39a38c0dfef45c03db2b9a24205063 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 23:01:18 +0200 Subject: [PATCH 060/141] Remove specific dnsmasq config files from requiered files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index c222491d..d3fc4fec 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -165,9 +165,6 @@ PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" ) # Store the required directories in an array so it can be parsed through REQUIRED_FILES=("${PIHOLE_CRON_FILE}" -"${PIHOLE_DNS_CONFIG_FILE}" -"${PIHOLE_DHCP_CONFIG_FILE}" -"${PIHOLE_WILDCARD_CONFIG_FILE}" "${WEB_SERVER_CONFIG_FILE}" "${WEB_SERVER_CUSTOM_CONFIG_FILE}" "${PIHOLE_INSTALL_LOG_FILE}" From aa2da807686b153818da5f825bfbab88c96945a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 23:06:01 +0200 Subject: [PATCH 061/141] Remove traces of unused files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d3fc4fec..3bd86a29 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -83,10 +83,6 @@ SHM_DIRECTORY="/dev/shm" # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 PIHOLE_CRON_FILE="${CRON_D_DIRECTORY}/pihole" -PIHOLE_DNS_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/01-pihole.conf" -PIHOLE_DHCP_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/02-pihole-dhcp.conf" -PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf" - WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf" WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf" From d2c75a33d5c0fc4e75b466533a1e3f0a7c68498f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 4 Aug 2021 20:13:41 +0200 Subject: [PATCH 062/141] Increase width of ID column in adlist and domain table in debug script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 837e1778..e9b4be76 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1258,11 +1258,11 @@ show_groups() { } show_adlists() { - show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "4 7 12 100 19 19 50" + show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 100 19 19 50" } show_domainlist() { - show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "4 4 7 12 100 19 19 50" + show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 4 7 12 100 19 19 50" } show_clients() { From 075b3f64682d9025370ae696d3ec4534d9ee07cd Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Wed, 4 Aug 2021 20:57:09 -0700 Subject: [PATCH 063/141] Remove ports, nc option and fix wording. Signed-off-by: Dan Schaper --- advanced/Scripts/piholeDebug.sh | 42 ++++++++++----------------------- 1 file changed, 13 insertions(+), 29 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 8ea640c2..55c5739e 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -56,11 +56,6 @@ FAQ_BAD_ADDRESS="${COL_CYAN}https://discourse.pi-hole.net/t/why-do-i-see-bad-add # Other URLs we may use FORUMS_URL="${COL_CYAN}https://discourse.pi-hole.net${COL_NC}" -TRICORDER_CONTEST="${COL_CYAN}https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/${COL_NC}" - -# Port numbers used for uploading the debug log -TRICORDER_NC_PORT_NUMBER=9999 -TRICORDER_SSL_PORT_NUMBER=9998 # Directories required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -1366,25 +1361,14 @@ analyze_pihole_log() { IFS="$OLD_IFS" } -tricorder_use_nc_or_curl() { - # Users can submit their debug logs using nc (unencrypted) or curl (encrypted) if available - # Check for curl first since encryption is a good thing - if command -v curl &> /dev/null; then - # If the command exists, - log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." - # transmit he log via TLS and store the token returned in a variable - tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER}) - if [ -z "${tricorder_token}" ]; then - # curl failed, fallback to nc - log_write " * ${COL_GREEN}curl${COL_NC} failed, falling back to ${COL_YELLOW}netcat${COL_NC} for transmission." - tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER}) - fi - # Otherwise, - else - # use net cat - log_write "${INFO} Using ${COL_YELLOW}netcat${COL_NC} for transmission." - # Save the token returned by our server in a variable - tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER}) +curl_to_tricorder() { + # Users can submit their debug logs using curl (encrypted) + log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." + # transmit he log via TLS and store the token returned in a variable + tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) + if [ -z "${tricorder_token}" ]; then + # curl failed, fallback to nc + log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi } @@ -1403,14 +1387,13 @@ upload_to_tricorder() { # Provide information on what they should do with their token log_write " * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only." - log_write " * For more information, see: ${TRICORDER_CONTEST}" - log_write " * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat." + # If pihole -d is running automatically (usually through the dashboard) if [[ "${AUTOMATED}" ]]; then # let the user know log_write "${INFO} Debug script running in automated mode" # and then decide again which tool to use to submit it - tricorder_use_nc_or_curl + curl_to_tricorder # If we're not running in automated mode, else echo "" @@ -1419,7 +1402,7 @@ upload_to_tricorder() { read -r -p "[?] Would you like to upload the log? [y/N] " response case ${response} in # If they say yes, run our function for uploading the log - [yY][eE][sS]|[yY]) tricorder_use_nc_or_curl;; + [yY][eE][sS]|[yY]) curl_to_tricorder;; # If they choose no, just exit out of the script *) log_write " * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.\\n * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n";exit; esac @@ -1433,12 +1416,13 @@ upload_to_tricorder() { log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}" + log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}" log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "" log_write " * Provide the token above to the Pi-hole team for assistance at" log_write " * ${FORUMS_URL}" - log_write " * Your log will self-destruct on our server after ${COL_RED}48 hours${COL_NC}." + # If no token was generated else # Show an error and some help instructions From 1358209a9ae75eb09fefdd9d5032c914c7f9a4d3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 21:48:26 +0100 Subject: [PATCH 064/141] rename distro_check to package_manager_detect, as it is more in keeping with what the function actually does Signed-off-by: Adam Warner --- automated install/basic-install.sh | 6 ++--- automated install/uninstall.sh | 6 ++--- test/test_automated_install.py | 24 +++++++++---------- test/test_centos_7_support.py | 22 ++++++++--------- test/test_centos_8_support.py | 22 ++++++++--------- test/test_centos_common_support.py | 38 +++++++++++++++--------------- test/test_fedora_support.py | 6 ++--- 7 files changed, 62 insertions(+), 62 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 96d0b693..0d674b2f 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -276,7 +276,7 @@ os_check() { } # Compatibility -distro_check() { +package_manager_detect() { # If apt-get is installed, then we know it's part of the Debian family if is_command apt-get ; then # Set some global variables here @@ -1950,7 +1950,7 @@ installLogrotate() { if [[ -f ${target} ]]; then printf "\\n\\t%b Existing logrotate file found. No changes made.\\n" "${INFO}" # Return value isn't that important, using 2 to indicate that it's not a fatal error but - # the function did not complete. + # the function did not complete. return 2 fi # Copy the file over from the local repo @@ -2643,7 +2643,7 @@ main() { fi # Check for supported distribution - distro_check + package_manager_detect # If the setup variable file exists, if [[ -f "${setupVars}" ]]; then diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 543ca07a..0f4c4ca6 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -42,8 +42,8 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # setupVars set in basic-install.sh source "${setupVars}" -# distro_check() sourced from basic-install.sh -distro_check +# package_manager_detect() sourced from basic-install.sh +package_manager_detect # Install packages used by the Pi-hole DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}") @@ -113,7 +113,7 @@ removeNoPurge() { fi fi echo -e "${OVER} ${TICK} Removed Web Interface" - + # Attempt to preserve backwards compatibility with older versions # to guarantee no additional changes were made to /etc/crontab after # the installation of pihole, /etc/crontab.pihole should be permanently diff --git a/test/test_automated_install.py b/test/test_automated_install.py index b3078f5a..21468cd7 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -18,13 +18,13 @@ def test_supported_operating_system(Pihole): # break supported package managers to emulate an unsupported distribution Pihole.run('rm -rf /usr/bin/apt-get') Pihole.run('rm -rf /usr/bin/rpm') - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = cross_box + ' OS distribution not supported' - assert expected_stdout in distro_check.stdout - # assert distro_check.rc == 1 + assert expected_stdout in package_manager_detect.stdout + # assert package_manager_detect.rc == 1 def test_setupVars_are_sourced_to_global_scope(Pihole): @@ -135,7 +135,7 @@ def test_update_package_cache_success_no_errors(Pihole): ''' updateCache = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect update_package_cache ''') expected_stdout = tick_box + ' Update local cache of available packages' @@ -150,7 +150,7 @@ def test_update_package_cache_failure_no_errors(Pihole): mock_command('apt-get', {'update': ('', '1')}, Pihole) updateCache = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect update_package_cache ''') expected_stdout = cross_box + ' Update local cache of available packages' @@ -357,7 +357,7 @@ def test_FTL_download_aarch64_no_errors(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') download_binary = Pihole.run(''' @@ -567,7 +567,7 @@ def test_os_check_fails(Pihole): ''' Confirms install fails on unsupported OS ''' Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} cat < /etc/os-release ID=UnsupportedOS @@ -586,7 +586,7 @@ def test_os_check_passes(Pihole): ''' Confirms OS meets the requirements ''' Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') detectOS = Pihole.run(''' @@ -602,7 +602,7 @@ def test_package_manager_has_installer_deps(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) output = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') @@ -615,7 +615,7 @@ def test_package_manager_has_pihole_deps(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) output = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${PIHOLE_DEPS[@]} ''') @@ -628,7 +628,7 @@ def test_package_manager_has_web_deps(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) output = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${PIHOLE_WEB_DEPS[@]} ''') diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py index 2f744ab4..ed99231a 100644 --- a/test/test_centos_7_support.py +++ b/test/test_centos_7_support.py @@ -9,13 +9,13 @@ def test_php_upgrade_default_optout_centos_eq_7(Pihole): ''' confirms the default behavior to opt-out of installing PHP7 from REMI ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -27,13 +27,13 @@ def test_php_upgrade_user_optout_centos_eq_7(Pihole): ''' # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -45,16 +45,16 @@ def test_php_upgrade_user_optin_centos_eq_7(Pihole): ''' # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert 'opt-out' not in distro_check.stdout + assert 'opt-out' not in package_manager_detect.stdout expected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert remi_package.is_installed diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py index d3e83658..b8ad9607 100644 --- a/test/test_centos_8_support.py +++ b/test/test_centos_8_support.py @@ -10,13 +10,13 @@ def test_php_upgrade_default_continue_centos_gte_8(Pihole): confirms the latest version of CentOS continues / does not optout (should trigger on CentOS7 only) ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -30,13 +30,13 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): ''' # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -50,16 +50,16 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): ''' # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert 'opt-out' not in distro_check.stdout + assert 'opt-out' not in package_manager_detect.stdout unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout unexpected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py index fdf43cba..8412173d 100644 --- a/test/test_centos_common_support.py +++ b/test/test_centos_common_support.py @@ -13,29 +13,29 @@ def test_release_supported_version_check_centos(Pihole): ''' # modify /etc/redhat-release to mock an unsupported CentOS release Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release') - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = cross_box + (' CentOS 6 is not supported.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = 'Please update to CentOS release 7 or later' - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout def test_enable_epel_repository_centos(Pihole): ''' confirms the EPEL package repository is enabled when installed on CentOS ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' Enabling EPEL package repository ' '(https://fedoraproject.org/wiki/EPEL)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + ' Installed epel-release' - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout epel_package = Pihole.package('epel-release') assert epel_package.is_installed @@ -51,13 +51,13 @@ def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -75,13 +75,13 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -99,20 +99,20 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages PIHOLE_WEB_DEPS[@] ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout not in distro_check.stdout + assert expected_stdout not in package_manager_detect.stdout expected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert remi_package.is_installed updated_php_package = Pihole.package('php') diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py index 473b2e96..a2ac4c71 100644 --- a/test/test_fedora_support.py +++ b/test/test_fedora_support.py @@ -3,11 +3,11 @@ def test_epel_and_remi_not_installed_fedora(Pihole): confirms installer does not attempt to install EPEL/REMI repositories on Fedora ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert distro_check.stdout == '' + assert package_manager_detect.stdout == '' epel_package = Pihole.package('epel-release') assert not epel_package.is_installed From 913dcead7f2c154e63fa1a607c394a1d4e6ef93c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 22:39:33 +0100 Subject: [PATCH 065/141] move chmod/chown of macvendor.db to pihole-FTL.service Signed-off-by: Adam Warner --- advanced/Templates/pihole-FTL.service | 3 ++- automated install/basic-install.sh | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index f0743b49..88f50539 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -37,8 +37,9 @@ start() { chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + chmod 0644 /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist - chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null + chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db 2> /dev/null if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" else diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 0d674b2f..71aa8b49 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2336,8 +2336,6 @@ FTLinstall() { # Before stopping FTL, we download the macvendor database curl -sSL "https://ftl.pi-hole.net/macvendor.db" -o "${PI_HOLE_CONFIG_DIR}/macvendor.db" || true - chmod 644 "${PI_HOLE_CONFIG_DIR}/macvendor.db" - chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/macvendor.db" # Stop pihole-FTL service if available stop_service pihole-FTL &> /dev/null From d68a2ffaf312071c2d849689dab178c548b73628 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 22:48:03 +0100 Subject: [PATCH 066/141] Install only minimal requiered package before performing os_check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Christian König Signed-off-by: Adam Warner --- automated install/basic-install.sh | 16 +++++++++++----- test/test_automated_install.py | 2 ++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 71aa8b49..9cad94b3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -354,10 +354,12 @@ if is_command apt-get ; then printf " %b Aborting installation: No SQLite PHP module was found in APT repository.\\n" "${CROSS}" exit 1 fi + # Packages required to perfom the os_check (stored as an array) + OS_CHECK_DEPS=(grep dnsutils) # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail dnsutils) + INSTALLER_DEPS=(git "${iproute_pkg}" whiptail) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(dhcpcd5 cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") @@ -400,7 +402,8 @@ elif is_command rpm ; then # These variable names match the ones in the Debian family. See above for an explanation of what they are for. PKG_INSTALL=("${PKG_MANAGER}" install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" - INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig bind-utils) + OS_CHECK_DEPS=(grep bind-utils) + INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig) PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap lsof) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) LIGHTTPD_USER="lighttpd" @@ -2662,12 +2665,15 @@ main() { # Notify user of package availability notify_package_updates_available - # Install packages used by this installation script - install_dependent_packages "${INSTALLER_DEPS[@]}" + # Install packages necessary to perform os_check + install_dependent_packages "${OS_CHECK_DEPS[@]}" # Check that the installed OS is officially supported - display warning if not os_check + # Install packages used by this installation script + install_dependent_packages "${INSTALLER_DEPS[@]}" + # Check if SELinux is Enforcing checkSelinux diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 21468cd7..593c19d2 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -568,6 +568,7 @@ def test_os_check_fails(Pihole): Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} cat < /etc/os-release ID=UnsupportedOS @@ -587,6 +588,7 @@ def test_os_check_passes(Pihole): Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} ''') detectOS = Pihole.run(''' From 3ad5097b12ae1ee26967a0ac757c04078aee2218 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 22:53:29 +0100 Subject: [PATCH 067/141] Change initial install script order: 1. Ensure we have a compatible package manager 2. Install required packages for os_check to run (we need dnsutils and grep for this 3. Try to install FTL 4. FTL installed? Install installer dependencies and continue as normal - no other dependencies are installed until user has gone through all whiptails Signed-off-by: Adam Warner --- automated install/basic-install.sh | 57 +++++++++++++++--------------- 1 file changed, 28 insertions(+), 29 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9cad94b3..563b6bee 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2643,9 +2643,36 @@ main() { fi fi - # Check for supported distribution + # Check for supported package managers so that we may install dependencies package_manager_detect + # Notify user of package availability + notify_package_updates_available + + # Install packages necessary to perform os_check + install_dependent_packages "${OS_CHECK_DEPS[@]}" + + # Check that the installed OS is officially supported - display warning if not + os_check + + # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole + local funcOutput + funcOutput=$(get_binary_name) #Store output of get_binary_name here + local binary + binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL) + local theRest + theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL") + if ! FTLdetect "${binary}" "${theRest}"; then + printf " %b FTL Engine not installed\\n" "${CROSS}" + exit 1 + fi + + # Install packages used by this installation script + install_dependent_packages "${INSTALLER_DEPS[@]}" + + # Check if SELinux is Enforcing + checkSelinux + # If the setup variable file exists, if [[ -f "${setupVars}" ]]; then # if it's running unattended, @@ -2661,22 +2688,6 @@ main() { fi fi - # Start the installer - # Notify user of package availability - notify_package_updates_available - - # Install packages necessary to perform os_check - install_dependent_packages "${OS_CHECK_DEPS[@]}" - - # Check that the installed OS is officially supported - display warning if not - os_check - - # Install packages used by this installation script - install_dependent_packages "${INSTALLER_DEPS[@]}" - - # Check if SELinux is Enforcing - checkSelinux - if [[ "${useUpdateVars}" == false ]]; then # Display welcome dialogs welcomeDialogs @@ -2740,18 +2751,6 @@ main() { # Create the pihole user create_pihole_user - # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole - local funcOutput - funcOutput=$(get_binary_name) #Store output of get_binary_name here - local binary - binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL) - local theRest - theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL") - if ! FTLdetect "${binary}" "${theRest}"; then - printf " %b FTL Engine not installed\\n" "${CROSS}" - exit 1 - fi - # Install and log everything to a file installPihole | tee -a /proc/$$/fd/3 From 2ff3b951170eb8ba00d5b328f853efbe3f7c6df4 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 23:11:22 +0100 Subject: [PATCH 068/141] put FTL Install back to where it was Signed-off-by: Adam Warner --- automated install/basic-install.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 563b6bee..d38e94e1 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2655,18 +2655,6 @@ main() { # Check that the installed OS is officially supported - display warning if not os_check - # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole - local funcOutput - funcOutput=$(get_binary_name) #Store output of get_binary_name here - local binary - binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL) - local theRest - theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL") - if ! FTLdetect "${binary}" "${theRest}"; then - printf " %b FTL Engine not installed\\n" "${CROSS}" - exit 1 - fi - # Install packages used by this installation script install_dependent_packages "${INSTALLER_DEPS[@]}" @@ -2751,6 +2739,18 @@ main() { # Create the pihole user create_pihole_user + # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole + local funcOutput + funcOutput=$(get_binary_name) #Store output of get_binary_name here + local binary + binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL) + local theRest + theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL") + if ! FTLdetect "${binary}" "${theRest}"; then + printf " %b FTL Engine not installed\\n" "${CROSS}" + exit 1 + fi + # Install and log everything to a file installPihole | tee -a /proc/$$/fd/3 From 1ecb9165ee38e54149cc0cc1081577089dd6a7bc Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 23:26:59 +0100 Subject: [PATCH 069/141] Remove weird global counter Signed-off-by: Adam Warner --- automated install/basic-install.sh | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d38e94e1..01090285 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1696,20 +1696,7 @@ notify_package_updates_available() { fi } -# This counter is outside of install_dependent_packages so that it can count the number of times the function is called. -counter=0 - install_dependent_packages() { - # Local, named variables should be used here, especially for an iterator - # Add one to the counter - counter=$((counter+1)) - if [[ "${counter}" == 1 ]]; then - # On the first loop, print a special message - printf " %b Installer Dependency checks...\\n" "${INFO}" - else - # On all subsequent loops, print a generic message. - printf " %b Main Dependency checks...\\n" "${INFO}" - fi # Install packages passed in via argument array # No spinner - conflicts with set -e @@ -2650,12 +2637,14 @@ main() { notify_package_updates_available # Install packages necessary to perform os_check + printf " %b Checking for / installing Required dependencies for OS Check...\\n" "${INFO}" install_dependent_packages "${OS_CHECK_DEPS[@]}" # Check that the installed OS is officially supported - display warning if not os_check # Install packages used by this installation script + printf " %b Checking for / installing Required dependencies for this install script...\\n" "${INFO}" install_dependent_packages "${INSTALLER_DEPS[@]}" # Check if SELinux is Enforcing @@ -2722,6 +2711,8 @@ main() { dep_install_list+=("${PIHOLE_WEB_DEPS[@]}") fi + # Install packages used by the actual software + printf " %b Checking for / installing Required dependencies for Pi-hole software...\\n" "${INFO}" install_dependent_packages "${dep_install_list[@]}" unset dep_install_list From bdab7014702aaa207cddad7b9a2b9728585adc20 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 23:43:48 +0100 Subject: [PATCH 070/141] Remove dhcpcd5 dependency, however still help the user set the static IP if dhcpd5 is already installed (i.e on raspbian) Signed-off-by: Adam Warner --- automated install/basic-install.sh | 127 ++++------------------------- 1 file changed, 18 insertions(+), 109 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 01090285..5eda20ea 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -288,21 +288,6 @@ if is_command apt-get ; then PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" - # Some distros vary slightly so these fixes for dependencies may apply - # on Ubuntu 18.04.1 LTS we need to add the universe repository to gain access to dhcpcd5 - APT_SOURCES="/etc/apt/sources.list" - if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}' ${APT_SOURCES}; then - if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5" "${r}" "${c}"; then - printf " %b Aborting installation: Dependencies could not be installed.\\n" "${CROSS}" - exit 1 - else - printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}" - cp -p ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list - printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup" - add-apt-repository universe - printf " %b Enabled %s\\n" "${TICK}" "'universe' repository" - fi - fi # Update package cache. This is required already here to assure apt-cache calls have package lists available. update_package_cache || exit 1 # Debian 7 doesn't have iproute2 so check if it's available first @@ -359,7 +344,7 @@ if is_command apt-get ; then # Packages required to run this install script (stored as an array) INSTALLER_DEPS=(git "${iproute_pkg}" whiptail) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(dhcpcd5 cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") @@ -695,9 +680,17 @@ welcomeDialogs() { whiptail --msgbox --backtitle "Plea" --title "Free and open source" "\\n\\nThe Pi-hole is free, but powered by your donations: https://pi-hole.net/donate/" "${r}" "${c}" # Explain the need for a static address - whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly. + if whiptail --defaultno --backtitle "Initiating network interface" --title "Static IP Needed" --yesno "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly. -In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." "${r}" "${c}" +IMPORTANT: If you have not already done so, you must ensure that this device has a static IP. Either through DHCP reservation, or by manually assigning one. Depending on your operating system, there are many ways to achieve this. + +Choose yes to indicate that you have understood this message, and wish to continue" "${r}" "${c}"; then +#Nothing to do, continue + echo +else + printf " %b Installer exited at static IP message.\\n" "${INFO}" + exit 1 +fi } # A function that lets the user pick an interface to use with Pi-hole @@ -850,8 +843,11 @@ use4andor6() { if [[ "${useIPv4}" ]]; then # Run our function to get the information we need find_IPv4_information - getStaticIPv4Settings - setStaticIPv4 + if [[ -f "/etc/dhcpcd.conf" ]]; then + # configure networking via dhcpcd + getStaticIPv4Settings + setDHCPCD + fi fi # If IPv6 is to be used, if [[ "${useIPv6}" ]]; then @@ -936,93 +932,6 @@ setDHCPCD() { fi } -# Configure networking ifcfg-xxxx file found at /etc/sysconfig/network-scripts/ -# This function requires the full path of an ifcfg file passed as an argument -setIFCFG() { - # Local, named variables - local IFCFG_FILE - local IPADDR - local CIDR - IFCFG_FILE=$1 - printf -v IPADDR "%s" "${IPV4_ADDRESS%%/*}" - # Check if the desired IP is already set - if grep -Eq "${IPADDR}(\\b|\\/)" "${IFCFG_FILE}"; then - printf " %b Static IP already configured\\n" "${INFO}" - else - # Otherwise, put the IP in variables without the CIDR notation - printf -v CIDR "%s" "${IPV4_ADDRESS##*/}" - # Backup existing interface configuration: - cp -p "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig - # Build Interface configuration file using the GLOBAL variables we have - { - echo "# Configured via Pi-hole installer" - echo "DEVICE=$PIHOLE_INTERFACE" - echo "BOOTPROTO=none" - echo "ONBOOT=yes" - echo "IPADDR=$IPADDR" - echo "PREFIX=$CIDR" - echo "GATEWAY=$IPv4gw" - echo "DNS1=$PIHOLE_DNS_1" - echo "DNS2=$PIHOLE_DNS_2" - echo "USERCTL=no" - }> "${IFCFG_FILE}" - chmod 644 "${IFCFG_FILE}" - chown root:root "${IFCFG_FILE}" - # Use ip to immediately set the new address - ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}" - # If NetworkMangler command line interface exists and ready to mangle, - if is_command nmcli && nmcli general status &> /dev/null; then - # Tell NetworkManagler to read our new sysconfig file - nmcli con load "${IFCFG_FILE}" > /dev/null - fi - # Show a warning that the user may need to restart - printf " %b Set IP address to %s\\n You may need to restart after the install is complete\\n" "${TICK}" "${IPV4_ADDRESS%%/*}" - fi -} - -setStaticIPv4() { - # Local, named variables - local IFCFG_FILE - local CONNECTION_NAME - - # If a static interface is already configured, we are done. - if [[ -r "/etc/sysconfig/network/ifcfg-${PIHOLE_INTERFACE}" ]]; then - if grep -q '^BOOTPROTO=.static.' "/etc/sysconfig/network/ifcfg-${PIHOLE_INTERFACE}"; then - return 0 - fi - fi - # For the Debian family, if dhcpcd.conf exists then we can just configure using DHCPD. - if [[ -f "/etc/dhcpcd.conf" ]]; then - setDHCPCD - return 0 - fi - # If a DHCPCD config file was not found, check for an ifcfg config file based on the interface name - if [[ -f "/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE}" ]];then - # If it exists, then we can configure using IFCFG - IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE} - setIFCFG "${IFCFG_FILE}" - return 0 - fi - # If an ifcfg config does not exists for the interface name, search for one based on the connection name via network manager - if is_command nmcli && nmcli general status &> /dev/null; then - CONNECTION_NAME=$(nmcli dev show "${PIHOLE_INTERFACE}" | grep 'GENERAL.CONNECTION' | cut -d: -f2 | sed 's/^System//' | xargs | tr ' ' '_') - IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME} - if [[ -f "${IFCFG_FILE}" ]];then - # If it exists, - setIFCFG "${IFCFG_FILE}" - return 0 - else - printf " %b Warning: sysconfig network script not found. Creating ${IFCFG_FILE}\\n" "${INFO}" - touch "${IFCFG_FILE}" - setIFCFG "${IFCFG_FILE}" - return 0 - fi - fi - # If previous conditions failed, show an error and exit - printf " %b Warning: Unable to locate configuration file to set static IPv4 address\\n" "${INFO}" - exit 1 -} - # Check an IP address to see if it is a valid one valid_ip() { # Local, named variables @@ -2120,7 +2029,7 @@ Your Admin Webpage login password is ${pwstring}" IPv4: ${IPV4_ADDRESS%/*} IPv6: ${IPV6_ADDRESS:-"Not Configured"} -If you set a new IP address, you should restart the Pi. +If you have not done so already, the above IP should be set to static. The install log is in /etc/pihole. @@ -2817,7 +2726,7 @@ main() { printf " %b You may now configure your devices to use the Pi-hole as their DNS server\\n" "${INFO}" [[ -n "${IPV4_ADDRESS%/*}" ]] && printf " %b Pi-hole DNS (IPv4): %s\\n" "${INFO}" "${IPV4_ADDRESS%/*}" [[ -n "${IPV6_ADDRESS}" ]] && printf " %b Pi-hole DNS (IPv6): %s\\n" "${INFO}" "${IPV6_ADDRESS}" - printf " %b If you set a new IP address, please restart the server running the Pi-hole\\n" "${INFO}" + printf " %b If you have not done so already, the above IP should be set to static.\\n" "${INFO}" INSTALL_TYPE="Installation" else INSTALL_TYPE="Update" From ffe45e8b76b19ecc7db0b3f06d8c2027e20d1d56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 6 Aug 2021 20:51:48 +0200 Subject: [PATCH 071/141] On enabling/disabeling only reload-lists instead of reload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 470c9dc7..e8fa9317 100755 --- a/pihole +++ b/pihole @@ -242,7 +242,7 @@ Time: echo "BLOCKING_ENABLED=true" >> "${setupVars}" fi - restartDNS reload + restartDNS reload-lists echo -e "${OVER} ${TICK} ${str}" } From bb7c7cdf337ba0ddee21f83d99ae03c569b61bf5 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sat, 7 Aug 2021 20:07:14 +0200 Subject: [PATCH 072/141] Add uptime to debug log (#4265) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add uptime to debug log Signed-off-by: Christian König * Address github comments Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 0c4393cc..26ef61fa 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -230,6 +230,7 @@ copy_to_debug_log() { } initialize_debug() { + local system_uptime # Clear the screen so the debug log is readable clear show_disclaimer @@ -237,6 +238,10 @@ initialize_debug() { log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}" # Timestamp the start of the log log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initialized." + # Uptime of the system + # credits to https://stackoverflow.com/questions/28353409/bash-format-uptime-to-show-days-hours-minutes + system_uptime=$(uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/){if ($9=="min") {d=$6;m=$8} else {d=$6;h=$8;m=$9}} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes"}') + log_write "${INFO} System has been running for ${system_uptime}" } # This is a function for visually displaying the current test that is being run. From ee749f700fcaecb888093d6785f6140682b91f26 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sat, 7 Aug 2021 20:07:45 +0200 Subject: [PATCH 073/141] Add switching 'to...from' message to ftl checkout output (#4266) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add switching 'to...from' message to ftl checkout output Signed-off-by: Christian König * Add quotes Signed-off-by: Christian König --- advanced/Scripts/piholeCheckout.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 1c1b16a4..4c0a4f40 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -166,12 +166,15 @@ checkout() { checkout_pull_branch "${webInterfaceDir}" "${2}" elif [[ "${1}" == "ftl" ]] ; then local path + local oldbranch path="${2}/${binary}" + oldbranch="$(pihole-FTL -b)" if check_download_exists "$path"; then echo " ${TICK} Branch ${2} exists" echo "${2}" > /etc/pihole/ftlbranch chmod 644 /etc/pihole/ftlbranch + echo -e " ${INFO} Switching to branch: \"${2}\" from \"${oldbranch}\"" FTLinstall "${binary}" restart_service pihole-FTL enable_service pihole-FTL From 676b7e60f3dd3e0eee661f4e2638bf387440e118 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 12 Aug 2021 13:55:40 +0200 Subject: [PATCH 074/141] Fix Splashpage not appearing properly on non-root directories MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/index.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index a38cd365..d0c5fc5d 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -73,12 +73,12 @@ if ($serverName === "pi.hole" $viewPort ● $serverName - - + +
- Pi-hole logo + Pi-hole logo

Pi-hole: Your black hole for Internet advertisements

Did you mean to go to the admin panel?
From 3ef90a9e47f8af7595506818d83f706624b56ff4 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 13 Aug 2021 20:37:42 +0200 Subject: [PATCH 075/141] Remove ineffective Access-Control-Allow-Origin header The Access-Control-Allow-Origin header has only relevance, when a resource is loaded from an external host, so one that does not match the host of the primary loaded website. As the fonts are reasonably loaded via local URLs without hostname or scheme from the blocking page style sheet, they are never seen as external resources, regardless whether the blocking page is shown to the browser from a blocked domain or from the Pi-hole domain/IP. For reference: https://github.com/pi-hole/pi-hole/issues/3462 Signed-off-by: MichaIng --- advanced/lighttpd.conf.debian | 5 ----- advanced/lighttpd.conf.fedora | 5 ----- 2 files changed, 10 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 9c892fc0..3ecd7213 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -78,11 +78,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index aae4a6a4..5a99a9bf 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -86,11 +86,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore From ea5a3bf0b22c204198c99d09b788719c98ec6d96 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 15 Aug 2021 11:17:09 +0200 Subject: [PATCH 076/141] Install RFC6761 config file Signed-off-by: DL6ER --- advanced/06-rfc6761.conf | 41 ++++++++++++++++++++++++++++++ automated install/basic-install.sh | 8 +++++- automated install/uninstall.sh | 1 + 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 advanced/06-rfc6761.conf diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf new file mode 100644 index 00000000..7fb9be00 --- /dev/null +++ b/advanced/06-rfc6761.conf @@ -0,0 +1,41 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2021 Pi-hole, LLC (https://pi-hole.net) +# Network-wide ad blocking via your own hardware. +# +# RFC 6761 config file for Pi-hole +# +# This file is copyright under the latest version of the EUPL. +# Please see LICENSE file for your rights under this license. + +############################################################################### +# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # +# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # +# # +# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # +# WITHIN /etc/dnsmasq.d/yourname.conf # +############################################################################### + +# RFC 6761: Caching DNS servers SHOULD recognize +# test, localhost, invalid +# names as special and SHOULD NOT attempt to look up NS records for them, or +# otherwise query authoritative DNS servers in an attempt to resolve these +# names. +server=/test/ +server=/localhost/ +server=/invalid/ + +# The same RFC requests something similar for +# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 27.172.in-addr.arpa. +# 17.172.in-addr.arpa. 30.172.in-addr.arpa. 28.172.in-addr.arpa. +# 18.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. +# 19.172.in-addr.arpa. 24.172.in-addr.arpa. 31.172.in-addr.arpa. +# 20.172.in-addr.arpa. 25.172.in-addr.arpa. 168.192.in-addr.arpa. +# Pi-hole implements this via the dnsmasq option "bogus-priv" (see +# 01-pihole.conf) because this also covers IPv6. + +# OpenWRT furthermore blocks bind, local, onion domains, this seems meaningful +# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD +# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +server=/bind/ +server=/local/ +server=/onion/ diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..51ff5dcf 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1249,6 +1249,8 @@ version_check_dnsmasq() { local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_config="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_location="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1284,7 +1286,7 @@ version_check_dnsmasq() { fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + printf "%b %b Copied 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" @@ -1315,6 +1317,10 @@ version_check_dnsmasq() { # Otherwise, enable it by uncommenting the directive in the DNS config file sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" fi + + printf " %b Copying 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf..." "${INFO}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_config}" "${dnsmasq_rfc6761_06_location}" + printf "%b %b Copied 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf\\n" "${OVER}" "${TICK}" } # Clean an existing installation to prepare for upgrade/reinstall diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 0f4c4ca6..5e27514f 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -145,6 +145,7 @@ removeNoPurge() { ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null + ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null ${SUDO} rm -rf /var/log/*pihole* &> /dev/null ${SUDO} rm -rf /etc/pihole/ &> /dev/null ${SUDO} rm -rf /etc/.pihole/ &> /dev/null From e1dca46423a003cc2bf4b114547dc4779c688ee9 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 16 Jul 2021 19:58:49 +0200 Subject: [PATCH 077/141] Hardcode whiptail dimensions to 20 rows and 70 chars width With the suggested way to call the installer via "curl -sSL https://install.pi-hole.net | bash", STDIN is no terminal, but overridden by the curl output, hence in most cases, the minimum dimensions were applied, even on larger screens. All whiptail calls are hence assured to work fine with those dimensions, aside of one case, making the calculations obsolete. This commit hardcodes the whiptail dimensions to the prior minimum and removes the calculations. This also helps with testing, as it does not matter anymore how the script is called, and developers have a clearly defined space to make dialogs look nice, including line breaks, menu and list heights. The only case which does not fit the 70 character width, the second menu entry of the "pihole -r" dialog, has been shortened accordingly. This was not an issue before, as "pihole -r" does not override the scripts STDIN and hence did allow larger dimensions based on the now removed calculations. See the following discussions for reference: - https://github.com/pi-hole/pi-hole/issues/3323 - https://github.com/pi-hole/pi-hole/pull/4197#issuecomment-876702380 Signed-off-by: MichaIng --- automated install/basic-install.sh | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..e68ee1eb 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -94,24 +94,9 @@ if [ -z "${USER}" ]; then USER="$(id -un)" fi - -# Check if we are running on a real terminal and find the rows and columns -# If there is no real terminal, we will default to 80x24 -if [ -t 0 ] ; then - screen_size=$(stty size) -else - screen_size="24 80" -fi -# Determine terminal rows and columns by parsing screen_size -printf -v rows '%d' "${screen_size%% *}" -printf -v columns '%d' "${screen_size##* }" - -# Divide by two so the dialogs take up half of the screen, which looks nice. -r=$(( rows / 2 )) -c=$(( columns / 2 )) -# Unless the screen is tiny -r=$(( r < 20 ? 20 : r )) -c=$(( c < 70 ? 70 : c )) +# whiptail dialog dimensions: 20 rows and 70 chars width assures to fit on small screens and is known to hold all content. +r=20 +c=70 ######## Undocumented Flags. Shhh ######## # These are undocumented flags; some of which we can use when repairing an installation @@ -2050,7 +2035,7 @@ update_dialogs() { strAdd="You will be updated to the latest version." fi opt2a="Reconfigure" - opt2b="This will reset your Pi-hole and allow you to enter new settings." + opt2b="Resets Pi-hole and allows re-selecting settings." # Display the information to the user UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\\n\\nWe have detected an existing install.\\n\\nPlease choose from the following options: \\n($strAdd)" "${r}" "${c}" 2 \ From e8e8104b36913b07101a4b3180b6a42b6d0af0e8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 15 Aug 2021 18:37:12 +0200 Subject: [PATCH 078/141] Remove server=/local/ because of https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 Signed-off-by: DL6ER --- advanced/06-rfc6761.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf index 7fb9be00..e03569e8 100644 --- a/advanced/06-rfc6761.conf +++ b/advanced/06-rfc6761.conf @@ -33,9 +33,9 @@ server=/invalid/ # Pi-hole implements this via the dnsmasq option "bogus-priv" (see # 01-pihole.conf) because this also covers IPv6. -# OpenWRT furthermore blocks bind, local, onion domains, this seems meaningful +# OpenWRT furthermore blocks bind, local, onion domains # see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD # and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 server=/bind/ -server=/local/ server=/onion/ From ff64d8cf4d20871b105f228185bef9464ad083b8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 16 Aug 2021 09:57:12 +0200 Subject: [PATCH 079/141] Use variable in user output, too Signed-off-by: DL6ER --- automated install/basic-install.sh | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 51ff5dcf..f4d9edc0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1247,10 +1247,10 @@ version_check_dnsmasq() { local dnsmasq_pihole_id_string="addn-hosts=/etc/pihole/gravity.list" local dnsmasq_pihole_id_string2="# Dnsmasq config for Pi-hole's FTLDNS" local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" - local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" - local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" - local dnsmasq_rfc6761_06_config="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" - local dnsmasq_rfc6761_06_location="/etc/dnsmasq.d/06-rfc6761.conf" + local dnsmasq_pihole_01_source="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" + local dnsmasq_pihole_01_target="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_source="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_target="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1279,48 +1279,48 @@ version_check_dnsmasq() { printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" fi - printf " %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." "${INFO}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_pihole_01_target}" # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) if [[ ! -d "/etc/dnsmasq.d" ]];then install -d -m 755 "/etc/dnsmasq.d" fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory - install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copied 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + install -D -m 644 -T "${dnsmasq_pihole_01_source}" "${dnsmasq_pihole_01_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_pihole_01_target}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, - sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" + sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_target}" if [[ "${PIHOLE_DNS_1}" != "" ]]; then # then swap in the primary DNS server. - sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_target}" else # Otherwise, remove the line which sets DNS1. - sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_target}" fi # Ditto if DNS2 is not empty if [[ "${PIHOLE_DNS_2}" != "" ]]; then - sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_target}" else - sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}" fi # Set the cache size - sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" ${dnsmasq_pihole_01_location} + sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}" # If the user does not want to enable logging, if [[ "${QUERY_LOGGING}" == false ]] ; then # disable it by commenting out the directive in the DNS config file - sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_target}" else # Otherwise, enable it by uncommenting the directive in the DNS config file - sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_target}" fi - printf " %b Copying 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf..." "${INFO}" - install -D -m 644 -T "${dnsmasq_rfc6761_06_config}" "${dnsmasq_rfc6761_06_location}" - printf "%b %b Copied 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf\\n" "${OVER}" "${TICK}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_rfc6761_06_source}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_source}" "${dnsmasq_rfc6761_06_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_rfc6761_06_target}" } # Clean an existing installation to prepare for upgrade/reinstall From c2f3477a824bf26f551ff1cb8ce510713b1ac394 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 20 Aug 2021 14:04:50 +0200 Subject: [PATCH 080/141] Ensure conditional forwarding will forward unqualified host names if we have no local answer for them. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 744416e7..129bdb62 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -269,7 +269,10 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" + # Forward unqualified names to the CF target + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then + # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi fi From 06fd8123c3b3fd73d367fb1045e1a30c514f54e0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 20 Aug 2021 16:26:17 +0200 Subject: [PATCH 081/141] Also remove "rev-server" lines when rewriting 01-pihole.conf Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 129bdb62..fa2c044d 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -54,7 +54,7 @@ add_setting() { } delete_setting() { - sed -i "/${1}/d" "${setupVars}" + sed -i "/^${1}/d" "${setupVars}" } change_setting() { @@ -67,7 +67,7 @@ addFTLsetting() { } deleteFTLsetting() { - sed -i "/${1}/d" "${FTLconf}" + sed -i "/^${1}/d" "${FTLconf}" } changeFTLsetting() { @@ -84,7 +84,7 @@ add_dnsmasq_setting() { } delete_dnsmasq_setting() { - sed -i "/${1}/d" "${dnsmasqconfig}" + sed -i "/^${1}/d" "${dnsmasqconfig}" } SetTemperatureUnit() { @@ -267,6 +267,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 delete_setting "CONDITIONAL_FORWARDING_IP" fi + delete_dnsmasq_setting "rev-server" + if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" # Forward unqualified names to the CF target From 839a70cc3796731b075cb436f8fc400d71a90ad5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 27 Aug 2021 19:16:15 +0200 Subject: [PATCH 082/141] Add sudo to apt-get recommendation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..54397198 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1578,7 +1578,7 @@ update_package_cache() { else # Otherwise, show an error and exit printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "${UPDATE_PKG_CACHE}" "${COL_NC}" + printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" return 1 fi } From 31c7c019cb3c0678eeac4935cf770d7919587398 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 14:04:48 +0200 Subject: [PATCH 083/141] Fix piping to pihole tricorder Signed-off-by: DL6ER --- pihole | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/pihole b/pihole index e8fa9317..1fba6f4d 100755 --- a/pihole +++ b/pihole @@ -404,29 +404,10 @@ tricorderFunc() { exit 1 fi - if ! (echo > /dev/tcp/tricorder.pi-hole.net/9998) >/dev/null 2>&1; then - echo -e " ${CROSS} Unable to connect to Pi-hole's Tricorder server" - exit 1 - fi - - if command -v openssl &> /dev/null; then - openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin - exit "$?" - else - echo -e " ${INFO} ${COL_YELLOW}Security Notice${COL_NC}: ${COL_WHITE}openssl${COL_NC} is not installed - Your debug log will be transmitted unencrypted via plain-text - There is a possibility that this could be intercepted by a third party - If you wish to cancel, press Ctrl-C to exit within 10 seconds" - secs="10" - while [[ "$secs" -gt "0" ]]; do - echo -ne "." - sleep 1 - : $((secs--)) - done - echo " " - nc tricorder.pi-hole.net 9999 < /dev/stdin - exit "$?" - fi + curl --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin + ret=$? + echo "" + exit $ret } updateCheckFunc() { From 21897d7fbd1b7b9d2e3bab3fa94c29fd63625367 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 15:55:42 +0200 Subject: [PATCH 084/141] Add warning if curl failed Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 1 - pihole | 12 ++++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 26ef61fa..4e2a1ca8 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1336,7 +1336,6 @@ curl_to_tricorder() { # transmit he log via TLS and store the token returned in a variable tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) if [ -z "${tricorder_token}" ]; then - # curl failed, fallback to nc log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi } diff --git a/pihole b/pihole index 1fba6f4d..e7a6978b 100755 --- a/pihole +++ b/pihole @@ -399,15 +399,19 @@ Branches: } tricorderFunc() { + local tricorder_token if [[ ! -p "/dev/stdin" ]]; then echo -e " ${INFO} Please do not call Tricorder directly" exit 1 fi - curl --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin - ret=$? - echo "" - exit $ret + tricorder_token="$(curl --silent --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" + if [ -z "${tricorder_token}" ]; then + echo -e "${CROSS} uploading failed failed, contact Pi-hole support for assistance." + exit 1 + fi + echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" + exit 0 } updateCheckFunc() { From 115e3eeda9098e3d3499dfcedf6154b8ce77c78b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 20:20:45 +0200 Subject: [PATCH 085/141] Use --no-progress-meter instead of --silent so error reasons are printed Signed-off-by: DL6ER --- pihole | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pihole b/pihole index e7a6978b..7b1d5404 100755 --- a/pihole +++ b/pihole @@ -405,9 +405,9 @@ tricorderFunc() { exit 1 fi - tricorder_token="$(curl --silent --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" + tricorder_token="$(curl --no-progress-meter --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" if [ -z "${tricorder_token}" ]; then - echo -e "${CROSS} uploading failed failed, contact Pi-hole support for assistance." + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." exit 1 fi echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" From b241a19e8727c75e01c883136eb367d0550c9555 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 21:19:47 +0200 Subject: [PATCH 086/141] Use --no-progress-meter instead of --silent so error reasons are printed Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4e2a1ca8..5113615d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1334,7 +1334,7 @@ curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." # transmit he log via TLS and store the token returned in a variable - tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) + tricorder_token="$(curl --no-progress-meter --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net)" if [ -z "${tricorder_token}" ]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi From 6fec4acd827132936e27a5c2e20f3367ee9010a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 5 Sep 2021 20:44:39 +0200 Subject: [PATCH 087/141] Add content of /etc/resolv.conf to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4e2a1ca8..ab4b1515 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -73,6 +73,7 @@ HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" SHM_DIRECTORY="/dev/shm" +ETC="/etc" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -136,6 +137,8 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log" PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" +RESOLVCONF="${ETC}/resolv.conf" + # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS") @@ -180,7 +183,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_DEBUG_LOG}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" -"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") +"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" +"${RESOLVCONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. @@ -1118,6 +1122,7 @@ show_content_of_pihole_files() { show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}" show_content_of_files_in_dir "${LOG_DIRECTORY}" show_content_of_files_in_dir "${SHM_DIRECTORY}" + show_content_of_files_in_dir "${ETC}" } head_tail_log() { From 69411555721afb713defacb33d626ecd845f8b1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 6 Sep 2021 17:16:36 +0200 Subject: [PATCH 088/141] Add content of /etc/dnsmasq.conf to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index ab4b1515..a12a79b3 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -138,6 +138,7 @@ PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" RESOLVCONF="${ETC}/resolv.conf" +DNSMASQ_CONF="${ETC}/dnsmasq.conf" # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value @@ -184,7 +185,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" -"${RESOLVCONF}") +"${RESOLVCONF}" +"${DNSMASQ_CONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. From a1ee7d92a9b2c3535b228d7af88990a0bd84250c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 6 Sep 2021 22:38:16 +0200 Subject: [PATCH 089/141] Add possibly missing capabilities Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 88f50539..0f96c8bd 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -40,7 +40,7 @@ start() { chmod 0644 /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db 2> /dev/null - if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "$(which pihole-FTL)"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" From 606b05eec19da6e076179e80174178ef79f084fa Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:13:09 +0200 Subject: [PATCH 090/141] Ensure curl is either storing a valid token or a meaningful error message Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 5113615d..6172dae2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1334,9 +1334,14 @@ curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." # transmit he log via TLS and store the token returned in a variable - tricorder_token="$(curl --no-progress-meter --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net)" - if [ -z "${tricorder_token}" ]; then + tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ ! -z "${tricorder_token}" ]; then + log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi fi } From be68a5339ceb3e5d522f469fe2c71eb3678d57ed Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:15:36 +0200 Subject: [PATCH 091/141] Apply same improvement to pihole tricorder feature Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- pihole | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 6172dae2..02e253a9 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1333,7 +1333,7 @@ analyze_pihole_log() { curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." - # transmit he log via TLS and store the token returned in a variable + # transmit the log via TLS and store the token returned in a variable tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." diff --git a/pihole b/pihole index 7b1d5404..b30f6052 100755 --- a/pihole +++ b/pihole @@ -405,12 +405,17 @@ tricorderFunc() { exit 1 fi - tricorder_token="$(curl --no-progress-meter --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" - if [ -z "${tricorder_token}" ]; then - echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." - exit 1 + tricorder_token=$(curl --silent --fail --show-error --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ ! -z "${tricorder_token}" ]; then + echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi + exit 1 fi - echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" + echo "Upload successful, your token is: ${COL_GREEN}${tricorder_token}${COL_NC}" exit 0 } From cbc99d45c6a2ec243dc2e31e80d1681bd4b8e889 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:20:42 +0200 Subject: [PATCH 092/141] Small style change to finished debug upload display Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 15 +++++++-------- pihole | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 02e253a9..e2dba54a 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1338,7 +1338,7 @@ curl_to_tricorder() { if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." # Log curl error (if available) - if [ ! -z "${tricorder_token}" ]; then + if [ -n "${tricorder_token}" ]; then log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" tricorder_token="" fi @@ -1386,15 +1386,14 @@ upload_to_tricorder() { # Again, try to make this visually striking so the user realizes they need to do something with this information # Namely, provide the Pi-hole devs with the token log_write "" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}\\n" log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}" - log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}\\n" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" log_write "" - log_write " * Provide the token above to the Pi-hole team for assistance at" - log_write " * ${FORUMS_URL}" + log_write " * Provide the token above to the Pi-hole team for assistance at ${FORUMS_URL}" # If no token was generated else diff --git a/pihole b/pihole index b30f6052..31356671 100755 --- a/pihole +++ b/pihole @@ -409,7 +409,7 @@ tricorderFunc() { if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." # Log curl error (if available) - if [ ! -z "${tricorder_token}" ]; then + if [ -n "${tricorder_token}" ]; then echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" tricorder_token="" fi From d0e8b0c962bde2d538baa2f59111677176c04d55 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 9 Sep 2021 20:28:33 +0200 Subject: [PATCH 093/141] Forward unqualified names to the CF target only when the "Never forward non-FQDN" option is NOT ticked Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index fa2c044d..52c388f8 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -271,12 +271,17 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" - # Forward unqualified names to the CF target - add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi + + if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then + # Forward unqualified names to the CF target only when the "never + # forward non-FQDN" option is unticked + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" + fi + fi # We need to process DHCP settings here as well to account for possible From 343904522816623d420c761c103a8fea17292ae5 Mon Sep 17 00:00:00 2001 From: jpgpi250 Date: Sun, 12 Sep 2021 18:24:15 +0200 Subject: [PATCH 094/141] fix Pi-hole v5.4 update - syntax error #4322 Signed-off-by: jpgpi250 --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index ff02e9f3..99d1bcda 100755 --- a/gravity.sh +++ b/gravity.sh @@ -122,7 +122,7 @@ gravity_swap_databases() { gravityBlocks=$(stat --format "%b" ${gravityDBfile}) # Only keep the old database if available disk space is at least twice the size of the existing gravity.db. # Better be safe than sorry... - if [ "${availableBlocks}" -gt "$(("${gravityBlocks}" * 2))" ] && [ -f "${gravityDBfile}" ]; then + if [ "${availableBlocks}" -gt "$((gravityBlocks * 2))" ] && [ -f "${gravityDBfile}" ]; then echo -e " ${TICK} The old database remains available." mv "${gravityDBfile}" "${gravityOLDfile}" else From 6d670991c371478c66cc929109c93edede3ece71 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 12 Sep 2021 22:38:55 +0200 Subject: [PATCH 095/141] Perform a check of required packages befor updating pihole (#4326) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index f833fc2f..dae04861 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -95,6 +95,10 @@ main() { # shellcheck disable=1090,2154 source "${setupVars}" + # Install packages used by this installation script (necessary if users have removed e.g. git from their systems) + package_manager_detect + install_dependent_packages "${INSTALLER_DEPS[@]}" + # This is unlikely if ! is_repo "${PI_HOLE_FILES_DIR}" ; then echo -e "\\n ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!" From 1c286c7bc4458a10af65b88778724b96f9a96c57 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 12 Sep 2021 22:40:37 +0200 Subject: [PATCH 096/141] Select proper PHP version on RPM based OS after INSTALLER_DEPS have been installed (#4325) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Select proper PHP version on RPM based OS after INSTALLER_DEPS have been installed * Remove check for unsupported RPM distros as it is checked in os_check already * Add select_rpm_php function to tox tests Signed-off-by: Christian König --- automated install/basic-install.sh | 172 +++++++++++++++-------------- test/test_automated_install.py | 2 + test/test_centos_7_support.py | 3 + test/test_centos_8_support.py | 3 + test/test_centos_common_support.py | 5 + test/test_fedora_support.py | 1 + 6 files changed, 103 insertions(+), 83 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 34c0b4e7..697dd2e4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -379,89 +379,6 @@ elif is_command rpm ; then LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" LIGHTTPD_CFG="lighttpd.conf.fedora" - # If the host OS is Fedora, - if grep -qiE 'fedora|fedberry' /etc/redhat-release; then - # all required packages should be available by default with the latest fedora release - : # continue - # or if host OS is CentOS, - elif grep -qiE 'centos|scientific' /etc/redhat-release; then - # Pi-Hole currently supports CentOS 7+ with PHP7+ - SUPPORTED_CENTOS_VERSION=7 - SUPPORTED_CENTOS_PHP_VERSION=7 - # Check current CentOS major release version - CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release) - # Check if CentOS version is supported - if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then - printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" - printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" - # exit the installer - exit - fi - # php-json is not required on CentOS 7 as it is already compiled into php - # verifiy via `php -m | grep json` - if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then - # create a temporary array as arrays are not designed for use as mutable data structures - CENTOS7_PIHOLE_WEB_DEPS=() - for i in "${!PIHOLE_WEB_DEPS[@]}"; do - if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then - CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" ) - fi - done - # re-assign the clean dependency array back to PIHOLE_WEB_DEPS - PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}") - unset CENTOS7_PIHOLE_WEB_DEPS - fi - # CentOS requires the EPEL repository to gain access to Fedora packages - EPEL_PKG="epel-release" - rpm -q ${EPEL_PKG} &> /dev/null || rc=$? - if [[ $rc -ne 0 ]]; then - printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" - "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null - printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" - fi - - # The default php on CentOS 7.x is 5.4 which is EOL - # Check if the version of PHP available via installed repositories is >= to PHP 7 - AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1) - if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then - # Since PHP 7 is available by default, install via default PHP package names - : # do nothing as PHP is current - else - REMI_PKG="remi-release" - REMI_REPO="remi-php72" - rpm -q ${REMI_PKG} &> /dev/null || rc=$? - if [[ $rc -ne 0 ]]; then - # The PHP version available via default repositories is older than version 7 - if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then - # User decided to NOT update PHP from REMI, attempt to install the default available PHP version - printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" - : # continue with unsupported php version - else - printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" - "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null - # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) - "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null - yum-config-manager --enable ${REMI_REPO} &> /dev/null - printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" - # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI - if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then - printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" - else - printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" - exit 1 - fi - fi - fi - fi - else - # Warn user of unsupported version of Fedora or CentOS - if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then - printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" - exit - else - printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" - fi - fi # If neither apt-get or yum/dnf package managers were found else @@ -472,6 +389,90 @@ else fi } +select_rpm_php(){ +# If the host OS is Fedora, +if grep -qiE 'fedora|fedberry' /etc/redhat-release; then + # all required packages should be available by default with the latest fedora release + : # continue +# or if host OS is CentOS, +elif grep -qiE 'centos|scientific' /etc/redhat-release; then + # Pi-Hole currently supports CentOS 7+ with PHP7+ + SUPPORTED_CENTOS_VERSION=7 + SUPPORTED_CENTOS_PHP_VERSION=7 + # Check current CentOS major release version + CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release) + # Check if CentOS version is supported + if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then + printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" + printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" + # exit the installer + exit + fi + # php-json is not required on CentOS 7 as it is already compiled into php + # verifiy via `php -m | grep json` + if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then + # create a temporary array as arrays are not designed for use as mutable data structures + CENTOS7_PIHOLE_WEB_DEPS=() + for i in "${!PIHOLE_WEB_DEPS[@]}"; do + if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then + CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" ) + fi + done + # re-assign the clean dependency array back to PIHOLE_WEB_DEPS + PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}") + unset CENTOS7_PIHOLE_WEB_DEPS + fi + # CentOS requires the EPEL repository to gain access to Fedora packages + EPEL_PKG="epel-release" + rpm -q ${EPEL_PKG} &> /dev/null || rc=$? + if [[ $rc -ne 0 ]]; then + printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" + "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null + printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" + fi + + # The default php on CentOS 7.x is 5.4 which is EOL + # Check if the version of PHP available via installed repositories is >= to PHP 7 + AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1) + if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then + # Since PHP 7 is available by default, install via default PHP package names + : # do nothing as PHP is current + else + REMI_PKG="remi-release" + REMI_REPO="remi-php72" + rpm -q ${REMI_PKG} &> /dev/null || rc=$? + if [[ $rc -ne 0 ]]; then + # The PHP version available via default repositories is older than version 7 + if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then + # User decided to NOT update PHP from REMI, attempt to install the default available PHP version + printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" + : # continue with unsupported php version + else + printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" + "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null + # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) + "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null + yum-config-manager --enable ${REMI_REPO} &> /dev/null + printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" + # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI + if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then + printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" + else + printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" + exit 1 + fi + fi + fi # Warn user of unsupported version of Fedora or CentOS + if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then + printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" + exit + else + printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" + fi +fi +fi +} + # A function for checking if a directory is a git repository is_repo() { # Use a named, local variable instead of the vague $1, which is the first argument passed to this function @@ -2547,6 +2548,11 @@ main() { printf " %b Checking for / installing Required dependencies for this install script...\\n" "${INFO}" install_dependent_packages "${INSTALLER_DEPS[@]}" + #In case of RPM based distro, select the proper PHP version + if [[ "$PKG_MANAGER" == "yum" || "$PKG_MANAGER" == "dnf" ]] ; then + select_rpm_php + fi + # Check if SELinux is Enforcing checkSelinux diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 593c19d2..9938dd99 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -618,6 +618,7 @@ def test_package_manager_has_pihole_deps(Pihole): output = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php install_dependent_packages ${PIHOLE_DEPS[@]} ''') @@ -631,6 +632,7 @@ def test_package_manager_has_web_deps(Pihole): output = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php install_dependent_packages ${PIHOLE_WEB_DEPS[@]} ''') diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py index ed99231a..14f62637 100644 --- a/test/test_centos_7_support.py +++ b/test/test_centos_7_support.py @@ -12,6 +12,7 @@ def test_php_upgrade_default_optout_centos_eq_7(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') @@ -30,6 +31,7 @@ def test_php_upgrade_user_optout_centos_eq_7(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') @@ -48,6 +50,7 @@ def test_php_upgrade_user_optin_centos_eq_7(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') assert 'opt-out' not in package_manager_detect.stdout expected_stdout = info_box + (' Enabling Remi\'s RPM repository ' diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py index b8ad9607..bbdbb765 100644 --- a/test/test_centos_8_support.py +++ b/test/test_centos_8_support.py @@ -13,6 +13,7 @@ def test_php_upgrade_default_continue_centos_gte_8(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') @@ -33,6 +34,7 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') @@ -53,6 +55,7 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') assert 'opt-out' not in package_manager_detect.stdout unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository ' diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py index 8412173d..0b36cbae 100644 --- a/test/test_centos_common_support.py +++ b/test/test_centos_common_support.py @@ -16,6 +16,7 @@ def test_release_supported_version_check_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = cross_box + (' CentOS 6 is not supported.') assert expected_stdout in package_manager_detect.stdout @@ -30,6 +31,7 @@ def test_enable_epel_repository_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' Enabling EPEL package repository ' '(https://fedoraproject.org/wiki/EPEL)') @@ -54,6 +56,7 @@ def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') @@ -78,6 +81,7 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') @@ -102,6 +106,7 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php install_dependent_packages PIHOLE_WEB_DEPS[@] ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py index a2ac4c71..3ad84be5 100644 --- a/test/test_fedora_support.py +++ b/test/test_fedora_support.py @@ -6,6 +6,7 @@ def test_epel_and_remi_not_installed_fedora(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') assert package_manager_detect.stdout == '' From a88a94c4f1983d457d5ab713bcdc2effe806382b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 13 Sep 2021 08:06:19 +0200 Subject: [PATCH 097/141] Export DNS_FQDN_REQUIRED and DNS_BOGUS_PRIV to setupVars.conf during installation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 697dd2e4..7fb39b83 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1814,6 +1814,8 @@ finalExports() { echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" echo "CACHE_SIZE=${CACHE_SIZE}" + echo "DNS_FQDN_REQUIRED=true" + echo "DNS_BOGUS_PRIV=true" }>> "${setupVars}" chmod 644 "${setupVars}" From b755330f4cf988ba4d8eba09e88276f84ed67813 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 24 Sep 2021 11:34:05 +0200 Subject: [PATCH 098/141] Remove local-ttl from set of default dnsmasq options. Signed-off-by: DL6ER --- advanced/01-pihole.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index e243e91a..02bc93bf 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -39,6 +39,4 @@ cache-size=@CACHE_SIZE@ log-queries log-facility=/var/log/pihole.log -local-ttl=2 - log-async From 841222fa2107943939a6ae98e02f9b51147044d6 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 26 Sep 2021 19:50:03 +0200 Subject: [PATCH 099/141] Add to INSTALLER_DEPS (#4343) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 7fb39b83..e4c168ea 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -327,7 +327,7 @@ if is_command apt-get ; then # Packages required to perfom the os_check (stored as an array) OS_CHECK_DEPS=(grep dnsutils) # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(git "${iproute_pkg}" whiptail) + INSTALLER_DEPS=(git "${iproute_pkg}" whiptail ca-certificates) # Packages required to run Pi-hole (stored as an array) PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) @@ -373,7 +373,7 @@ elif is_command rpm ; then PKG_INSTALL=("${PKG_MANAGER}" install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" OS_CHECK_DEPS=(grep bind-utils) - INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig) + INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates) PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap lsof) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) LIGHTTPD_USER="lighttpd" From fd050693a27c62d7845eaf555686ed9a17648b80 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Wed, 7 Apr 2021 21:53:52 +0200 Subject: [PATCH 100/141] Remove obsolete DEB package name checks The installer contains three checks for specific DEB package names, which did change in past Debian/Ubuntu versions. These checks are obsolete with the current set of supported distro versions: iproute vs iproute2: All distro versions down to Debian Jessie and Ubuntu Xenial ship the iproute2 package: - https://packages.debian.org/search?keywords=iproute - https://packages.ubuntu.com/search?suite=all&keywords=iproute php5 vs php: None of the Ubuntu version down to Xenial and only Debian Jessie ships the php5 package: - https://packages.debian.org/search?keywords=php5 - https://packages.ubuntu.com/search?suite=all&keywords=php5 Moreover, installs with PHP5 would fail anyway for a longer time, due to the added php-xml module package, which became a dedicated package with PHP7.0 while being part of the core package with PHP5: - https://packages.debian.org/search?keywords=php5-xml php-sqlite vs php-sqlite3: With PHP7, the SQLite module package name changed to sqlite3 prefix: - https://packages.debian.org/search?keywords=php-sqlite - https://packages.ubuntu.com/search?suite=all&keywords=php-sqlite Additionally the code comment about minimal apt-get call output was moved to the actual apt-get install call section, as if refers to issues with package installs that require interactive action and hence output about it to the console. The package cache update as well requires an interactive confirmation when the underlying suite code name changes, e.g. when "buster" becomes "oldstable" and "bullseye" becomes "stable". But that is not what the referred issue was about. The comments around the installer and Pi-hole package dependencies have been aligned with the current v6 branch as attempt to resolve merge conflicts in the first place. Signed-off-by: MichaIng --- automated install/basic-install.sh | 54 ++++-------------------------- 1 file changed, 6 insertions(+), 48 deletions(-) mode change 100755 => 100644 automated install/basic-install.sh diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh old mode 100755 new mode 100644 index e4c168ea..bf9ab680 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -273,66 +273,25 @@ if is_command apt-get ; then PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" - # Update package cache. This is required already here to assure apt-cache calls have package lists available. + # Update package cache update_package_cache || exit 1 - # Debian 7 doesn't have iproute2 so check if it's available first - if apt-cache show iproute2 > /dev/null 2>&1; then - iproute_pkg="iproute2" - # Otherwise, check if iproute is available - elif apt-cache show iproute > /dev/null 2>&1; then - iproute_pkg="iproute" - # Else print error and exit - else - printf " %b Aborting installation: iproute2 and iproute packages were not found in APT repository.\\n" "${CROSS}" - exit 1 - fi # Check for and determine version number (major and minor) of current php install + local phpVer="php" if is_command php ; then printf " %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "$(php <<< "")" printf -v phpInsMajor "%d" "$(php <<< "")" printf -v phpInsMinor "%d" "$(php <<< "")" - # Is installed php version 7.0 or greater - if [ "${phpInsMajor}" -ge 7 ]; then - phpInsNewer=true - fi - fi - # Several other packages depend on the version of PHP. If PHP is not installed, or an insufficient version, - # those packages should fall back to the default (latest?) - if [[ "$phpInsNewer" != true ]]; then - # Prefer the php metapackage if it's there - if apt-cache show php > /dev/null 2>&1; then - phpVer="php" - # Else fall back on the php5 package if it's there - elif apt-cache show php5 > /dev/null 2>&1; then - phpVer="php5" - # Else print error and exit - else - printf " %b Aborting installation: No PHP packages were found in APT repository.\\n" "${CROSS}" - exit 1 - fi - else - # Else, PHP is already installed at a version beyond v7.0, so the additional packages - # should match version with the current PHP version. phpVer="php$phpInsMajor.$phpInsMinor" fi - # We also need the correct version for `php-sqlite` (which differs across distros) - if apt-cache show "${phpVer}-sqlite3" > /dev/null 2>&1; then - phpSqlite="sqlite3" - elif apt-cache show "${phpVer}-sqlite" > /dev/null 2>&1; then - phpSqlite="sqlite" - else - printf " %b Aborting installation: No SQLite PHP module was found in APT repository.\\n" "${CROSS}" - exit 1 - fi # Packages required to perfom the os_check (stored as an array) OS_CHECK_DEPS=(grep dnsutils) # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(git "${iproute_pkg}" whiptail ca-certificates) + INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) # Packages required to run Pi-hole (stored as an array) PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then PIHOLE_WEB_DEPS+=("${phpVer}-json") @@ -1555,9 +1514,6 @@ disable_resolved_stublistener() { } update_package_cache() { - # Running apt-get update/upgrade with minimal output can cause some issues with - # requiring user input (e.g password for phpmyadmin see #218) - # Update package cache on apt based OSes. Do this every time since # it's quick and packages can be updated at any time. @@ -1622,6 +1578,8 @@ install_dependent_packages() { # If there's anything to install, install everything in the list. if [[ "${#installArray[@]}" -gt 0 ]]; then test_dpkg_lock + # Running apt-get install with minimal output can cause some issues with + # requiring user input (e.g password for phpmyadmin see #218) printf " %b Processing %s install(s) for: %s, please wait...\\n" "${INFO}" "${PKG_MANAGER}" "${installArray[*]}" printf '%*s\n' "$columns" '' | tr " " -; "${PKG_INSTALL[@]}" "${installArray[@]}" From a9b9718ffad011232b171ef546ec127c9332d7cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 2 Oct 2021 23:29:23 +0200 Subject: [PATCH 101/141] Do not let the user select if they want to blocking via IPv4 and/or IPv6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 73 ++++++------------------------ 1 file changed, 15 insertions(+), 58 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index bf9ab680..f6eeca8b 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -717,9 +717,8 @@ testIPv6() { fi } -# A dialog for showing the user about IPv6 blocking -useIPv6dialog() { - # Determine the IPv6 address used for blocking +find_IPv6_information() { + # Detects IPv6 address used for communication to WAN addresses. IPV6_ADDRESSES=($(ip -6 address | grep 'scope global' | awk '{print $2}')) # For each address in the array above, determine the type of IPv6 address it is @@ -739,76 +738,34 @@ useIPv6dialog() { # set the IPv6 address to the ULA address IPV6_ADDRESS="${ULA_ADDRESS}" # Show this info to the user - printf " %b Found IPv6 ULA address, using it for blocking IPv6 ads\\n" "${INFO}" + printf " %b Found IPv6 ULA address\\n" "${INFO}" # Otherwise, if the GUA_ADDRESS has a value, elif [[ ! -z "${GUA_ADDRESS}" ]]; then # Let the user know - printf " %b Found IPv6 GUA address, using it for blocking IPv6 ads\\n" "${INFO}" + printf " %b Found IPv6 GUA address\\n" "${INFO}" # And assign it to the global variable IPV6_ADDRESS="${GUA_ADDRESS}" # If none of those work, else - # explain that IPv6 blocking will not be used - printf " %b Unable to find IPv6 ULA/GUA address, IPv6 adblocking will not be enabled\\n" "${INFO}" + printf " %b Unable to find IPv6 ULA/GUA address\\n" "${INFO}" # So set the variable to be empty IPV6_ADDRESS="" fi - - # If the IPV6_ADDRESS contains a value - if [[ ! -z "${IPV6_ADDRESS}" ]]; then - # Display that IPv6 is supported and will be used - whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported" "$IPV6_ADDRESS will be used to block ads." "${r}" "${c}" - fi } -# A function to check if we should use IPv4 and/or IPv6 for blocking ads -use4andor6() { - # Named local variables - local useIPv4 - local useIPv6 - # Let user choose IPv4 and/or IPv6 via a checklist - cmd=(whiptail --separate-output --checklist "Select Protocols (press space to toggle selection)" "${r}" "${c}" 2) - # In an array, show the options available: - # IPv4 (on by default) - options=(IPv4 "Block ads over IPv4" on - # or IPv6 (on by default if available) - IPv6 "Block ads over IPv6" on) - # In a variable, show the choices available; exit if Cancel is selected - choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) || { printf " %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; } - # For each choice available, - for choice in ${choices} - do - # Set the values to true - case ${choice} in - IPv4 ) useIPv4=true;; - IPv6 ) useIPv6=true;; - esac - done - # If IPv4 is to be used, - if [[ "${useIPv4}" ]]; then - # Run our function to get the information we need - find_IPv4_information - if [[ -f "/etc/dhcpcd.conf" ]]; then +# A function to collect IPv4 and IPv6 information of the device +collect_v4andv6_information() { + find_IPv4_information + # Echo the information to the user + printf " %b IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" + # if `dhcpcd` is used offer to set this as static IP for the device + if [[ -f "/etc/dhcpcd.conf" ]]; then # configure networking via dhcpcd getStaticIPv4Settings setDHCPCD - fi fi - # If IPv6 is to be used, - if [[ "${useIPv6}" ]]; then - # Run our function to get this information - useIPv6dialog - fi - # Echo the information to the user - printf " %b IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" + find_IPv6_information printf " %b IPv6 address: %s\\n" "${INFO}" "${IPV6_ADDRESS}" - # If neither protocol is selected, - if [[ ! "${useIPv4}" ]] && [[ ! "${useIPv6}" ]]; then - # Show an error in red - printf " %bError: Neither IPv4 or IPv6 selected%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" - # and exit with an error - exit 1 - fi } getStaticIPv4Settings() { @@ -2544,8 +2501,8 @@ main() { setDNS # Give the user a choice of blocklists to include in their install. Or not. chooseBlocklists - # Let the user decide if they want to block ads over IPv4 and/or IPv6 - use4andor6 + # find IPv4 and IPv6 information of the device + collect_v4andv6_information # Let the user decide if they want the web interface to be installed automatically setAdminFlag # Let the user decide if they want query logging enabled... From 9dbcbdbe666f2ea81f31b9ef77248473b50cb296 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 2 Oct 2021 23:43:08 +0200 Subject: [PATCH 102/141] Adjust tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/test_automated_install.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 9938dd99..faf67c92 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -421,10 +421,9 @@ def test_IPv6_only_link_local(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = ('Unable to find IPv6 ULA/GUA address, ' - 'IPv6 adblocking will not be enabled') + expected_stdout = ('Unable to find IPv6 ULA/GUA address') assert expected_stdout in detectPlatform.stdout @@ -468,9 +467,9 @@ def test_IPv6_only_GUA(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = 'Found IPv6 GUA address, using it for blocking IPv6 ads' + expected_stdout = 'Found IPv6 GUA address' assert expected_stdout in detectPlatform.stdout From 466520366d2825f6596675003da8468c485f2ea7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 2 Oct 2021 23:47:13 +0200 Subject: [PATCH 103/141] Fogot to save... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/test_automated_install.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index faf67c92..eb1bfd2c 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -444,9 +444,9 @@ def test_IPv6_only_ULA(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads' + expected_stdout = 'Found IPv6 ULA address' assert expected_stdout in detectPlatform.stdout @@ -491,9 +491,9 @@ def test_IPv6_GUA_ULA_test(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads' + expected_stdout = 'Found IPv6 ULA address' assert expected_stdout in detectPlatform.stdout @@ -515,9 +515,9 @@ def test_IPv6_ULA_GUA_test(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads' + expected_stdout = 'Found IPv6 ULA address' assert expected_stdout in detectPlatform.stdout From 5b03160295103aa38a7b2554fc057fea03b04d97 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 4 Oct 2021 11:40:53 +0100 Subject: [PATCH 104/141] Install script comment tweaks (#4361) --- automated install/basic-install.sh | 12 ++++++------ test/test_automated_install.py | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f6eeca8b..c1a1c613 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -262,10 +262,10 @@ os_check() { # Compatibility package_manager_detect() { -# If apt-get is installed, then we know it's part of the Debian family +# First check to see if apt-get is installed. if is_command apt-get ; then # Set some global variables here - # We don't set them earlier since the family might be Red Hat, so these values would be different + # We don't set them earlier since the installed package manager might be rpm, so these values would be different PKG_MANAGER="apt-get" # A variable to store the command used to update the package cache UPDATE_PKG_CACHE="${PKG_MANAGER} update" @@ -319,7 +319,7 @@ if is_command apt-get ; then return 0 } -# If apt-get is not found, check for rpm to see if it's a Red Hat family OS +# If apt-get is not found, check for rpm. elif is_command rpm ; then # Then check if dnf or yum is the package manager if is_command dnf ; then @@ -328,7 +328,7 @@ elif is_command rpm ; then PKG_MANAGER="yum" fi - # These variable names match the ones in the Debian family. See above for an explanation of what they are for. + # These variable names match the ones for apt-get. See above for an explanation of what they are for. PKG_INSTALL=("${PKG_MANAGER}" install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" OS_CHECK_DEPS=(grep bind-utils) @@ -341,8 +341,8 @@ elif is_command rpm ; then # If neither apt-get or yum/dnf package managers were found else - # it's not an OS we can support, - printf " %b OS distribution not supported\\n" "${CROSS}" + # we cannot install required packages + printf " %b No supported package manager found\\n" "${CROSS}" # so exit the installer exit fi diff --git a/test/test_automated_install.py b/test/test_automated_install.py index eb1bfd2c..37ebdad2 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -11,18 +11,18 @@ from .conftest import ( ) -def test_supported_operating_system(Pihole): +def test_supported_package_manager(Pihole): ''' - confirm installer exists on unsupported distribution + confirm installer exits when no supported package manager found ''' - # break supported package managers to emulate an unsupported distribution + # break supported package managers Pihole.run('rm -rf /usr/bin/apt-get') Pihole.run('rm -rf /usr/bin/rpm') package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect ''') - expected_stdout = cross_box + ' OS distribution not supported' + expected_stdout = cross_box + ' No supported package manager found' assert expected_stdout in package_manager_detect.stdout # assert package_manager_detect.rc == 1 From 0f246b8df522ce0eeccfd5ee47b5e714ba250b52 Mon Sep 17 00:00:00 2001 From: xanoni <77220130+xanoni@users.noreply.github.com> Date: Sun, 3 Oct 2021 23:16:19 -0400 Subject: [PATCH 105/141] Update upstream DNS server capability descriptions Mention that the below 3 upstream DNS support DNSSEC: - Cloudflare (see https://developers.cloudflare.com/1.1.1.1/faq#how-does-1111-work-with-dnssec) - DNS.WATCH (see https://dns.watch/index) - Google (see https://developers.google.com/speed/public-dns/faq#dnssec) - Quad9 (see https://www.quad9.net/support/faq/#dnssec) Other providers and capabilities (e.g., ECS) were not checked. Signed-off-by: xanoni <77220130+xanoni@users.noreply.github.com> --- automated install/basic-install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c1a1c613..63b060f2 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -34,15 +34,15 @@ export PATH+=':/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' # List of supported DNS servers DNS_SERVERS=$(cat << EOM -Google (ECS);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844 +Google (ECS, DNSSEC);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844 OpenDNS (ECS, DNSSEC);208.67.222.222;208.67.220.220;2620:119:35::35;2620:119:53::53 Level3;4.2.2.1;4.2.2.2;; Comodo;8.26.56.26;8.20.247.20;; -DNS.WATCH;84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b +DNS.WATCH (DNSSEC);84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b Quad9 (filtered, DNSSEC);9.9.9.9;149.112.112.112;2620:fe::fe;2620:fe::9 Quad9 (unfiltered, no DNSSEC);9.9.9.10;149.112.112.10;2620:fe::10;2620:fe::fe:10 -Quad9 (filtered + ECS);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11 -Cloudflare;1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001 +Quad9 (filtered, ECS, DNSSEC);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11 +Cloudflare (DNSSEC);1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001 EOM ) From 109340033eec06a89761914527d48a06f14e71cf Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 5 Oct 2021 02:22:27 +0200 Subject: [PATCH 106/141] Do not account for refactor anymore (#4355) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c1a1c613..5a036db9 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1778,27 +1778,6 @@ installLogrotate() { printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" } -# At some point in the future this list can be pruned, for now we'll need it to ensure updates don't break. -# Refactoring of install script has changed the name of a couple of variables. Sort them out here. -accountForRefactor() { - sed -i 's/piholeInterface/PIHOLE_INTERFACE/g' "${setupVars}" - sed -i 's/IPv4_address/IPV4_ADDRESS/g' "${setupVars}" - sed -i 's/IPv4addr/IPV4_ADDRESS/g' "${setupVars}" - sed -i 's/IPv6_address/IPV6_ADDRESS/g' "${setupVars}" - sed -i 's/piholeIPv6/IPV6_ADDRESS/g' "${setupVars}" - sed -i 's/piholeDNS1/PIHOLE_DNS_1/g' "${setupVars}" - sed -i 's/piholeDNS2/PIHOLE_DNS_2/g' "${setupVars}" - sed -i 's/^INSTALL_WEB=/INSTALL_WEB_INTERFACE=/' "${setupVars}" - # Add 'INSTALL_WEB_SERVER', if its not been applied already: https://github.com/pi-hole/pi-hole/pull/2115 - if ! grep -q '^INSTALL_WEB_SERVER=' ${setupVars}; then - local webserver_installed=false - if grep -q '^INSTALL_WEB_INTERFACE=true' ${setupVars}; then - webserver_installed=true - fi - echo -e "INSTALL_WEB_SERVER=$webserver_installed" >> "${setupVars}" - fi -} - # Install base files and web interface installPihole() { # If the user wants to install the Web interface, @@ -1829,10 +1808,6 @@ installPihole() { fi fi fi - # For updates and unattended install. - if [[ "${useUpdateVars}" == true ]]; then - accountForRefactor - fi # Install base files and web interface if ! installScripts; then printf " %b Failure in dependent script copy function.\\n" "${CROSS}" From 2b74b47b4a499f1838f098e95e10574ff80fe3df Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 5 Oct 2021 02:47:18 +0200 Subject: [PATCH 107/141] Remove netcat from dependencies (#4346) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5a036db9..98296e5e 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -288,7 +288,7 @@ if is_command apt-get ; then # Packages required to run this install script (stored as an array) INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(cron curl iputils-ping lsof psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") @@ -333,7 +333,7 @@ elif is_command rpm ; then PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" OS_CHECK_DEPS=(grep bind-utils) INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates) - PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap lsof) + PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc sqlite libcap lsof) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From 38bb4a49088febe3aa749ff197b30d5497f024f5 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 5 Oct 2021 14:09:16 +0200 Subject: [PATCH 108/141] Remove unused wildcard_regex_converter.sh (#4369) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove unused wildcard_regex_converter.sh Signed-off-by: Christian König * Remove regexconverter Signed-off-by: Christian König --- advanced/Scripts/wildcard_regex_converter.sh | 28 -------------------- gravity.sh | 2 -- 2 files changed, 30 deletions(-) delete mode 100644 advanced/Scripts/wildcard_regex_converter.sh diff --git a/advanced/Scripts/wildcard_regex_converter.sh b/advanced/Scripts/wildcard_regex_converter.sh deleted file mode 100644 index b4b6b4a1..00000000 --- a/advanced/Scripts/wildcard_regex_converter.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash -# Pi-hole: A black hole for Internet advertisements -# (c) 2017 Pi-hole, LLC (https://pi-hole.net) -# Network-wide ad blocking via your own hardware. -# -# Provides an automated migration subroutine to convert Pi-hole v3.x wildcard domains to Pi-hole v4.x regex filters -# -# This file is copyright under the latest version of the EUPL. -# Please see LICENSE file for your rights under this license. - -# regexFile set in gravity.sh - -wildcardFile="/etc/dnsmasq.d/03-pihole-wildcard.conf" - -convert_wildcard_to_regex() { - if [ ! -f "${wildcardFile}" ]; then - return - fi - local addrlines domains uniquedomains - # Obtain wildcard domains from old file - addrlines="$(grep -oE "/.*/" ${wildcardFile})" - # Strip "/" from domain names and convert "." to regex-compatible "\." - domains="$(sed 's/\///g;s/\./\\./g' <<< "${addrlines}")" - # Remove repeated domains (may have been inserted two times due to A and AAAA blocking) - uniquedomains="$(uniq <<< "${domains}")" - # Automatically generate regex filters and remove old wildcards file - awk '{print "(^|\\.)"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}" -} diff --git a/gravity.sh b/gravity.sh index 99d1bcda..dfaf4fea 100755 --- a/gravity.sh +++ b/gravity.sh @@ -15,8 +15,6 @@ export LC_ALL=C coltable="/opt/pihole/COL_TABLE" source "${coltable}" -regexconverter="/opt/pihole/wildcard_regex_converter.sh" -source "${regexconverter}" # shellcheck disable=SC1091 source "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" From 80560d4a4ace2db1389c78caab0971e397b4f476 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 5 Oct 2021 15:36:00 +0200 Subject: [PATCH 109/141] Do not export `DNS_FQDN_REQUIRED` and `DNS_BOGUS_PRIV` unconditionally (#4354) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Do not export unconditionally Signed-off-by: Christian König * Check if variable is unset instead of grep for it Signed-off-by: Christian König * Use bash's buld in word syntax Signed-off-by: Christian König * Move export back to their brothers Signed-off-by: Christian König --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 98296e5e..42e660a9 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1715,7 +1715,7 @@ finalExports() { # If the setup variable file exists, if [[ -e "${setupVars}" ]]; then # update the variables in the file - sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1\b/d;/PIHOLE_DNS_2\b/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;/CACHE_SIZE/d;' "${setupVars}" + sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1\b/d;/PIHOLE_DNS_2\b/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;/CACHE_SIZE/d;/DNS_FQDN_REQUIRED/d;/DNS_BOGUS_PRIV/d;' "${setupVars}" fi # echo the information to the user { @@ -1729,8 +1729,8 @@ finalExports() { echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" echo "CACHE_SIZE=${CACHE_SIZE}" - echo "DNS_FQDN_REQUIRED=true" - echo "DNS_BOGUS_PRIV=true" + echo "DNS_FQDN_REQUIRED=${DNS_FQDN_REQUIRED:-true}" + echo "DNS_BOGUS_PRIV=${DNS_BOGUS_PRIV:-true}" }>> "${setupVars}" chmod 644 "${setupVars}" From 541257849df1955c1de7c43f0ba1a537b17e00b5 Mon Sep 17 00:00:00 2001 From: Andras Tim Date: Tue, 5 Oct 2021 16:52:51 +0200 Subject: [PATCH 110/141] List fix: no reload (#3981) * scripts/list: Fixed --noreload options We should differentiate the ability and the needings. Signed-off-by: Andras Tim * scripts/list: Removed unnecessary tailing whitespaces Signed-off-by: Andras Tim * Update advanced/Scripts/list.sh Signed-off-by: Andras Tim * Merge bash conditions according to MichaIng suggestion Co-authored-by: micha@dietpi.com Signed-off-by: Andras Tim --- advanced/Scripts/list.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index e213b014..5bd42d55 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -23,7 +23,7 @@ fi # have changed gravityDBfile="${GRAVITYDB}" -reload=false +noReloadRequested=false addmode=true verbose=true wildcard=false @@ -35,6 +35,7 @@ typeId="" comment="" declare -i domaincount domaincount=0 +reload=false colfile="/opt/pihole/COL_TABLE" source ${colfile} @@ -242,13 +243,13 @@ Displaylist() { NukeList() { count=$(sqlite3 "${gravityDBfile}" "SELECT COUNT(1) FROM domainlist WHERE type = ${typeId};") - listname="$(GetListnameFromTypeId "${typeId}")" + listname="$(GetListnameFromTypeId "${typeId}")" if [ "$count" -gt 0 ];then sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};" echo " ${TICK} Removed ${count} domain(s) from the ${listname}" else echo " ${INFO} ${listname} already empty. Nothing to do!" - fi + fi exit 0; } @@ -268,7 +269,7 @@ while (( "$#" )); do "--white-wild" | "white-wild" ) typeId=2; wildcard=true;; "--wild" | "wildcard" ) typeId=3; wildcard=true;; "--regex" | "regex" ) typeId=3;; - "-nr"| "--noreload" ) reload=false;; + "-nr"| "--noreload" ) noReloadRequested=true;; "-d" | "--delmode" ) addmode=false;; "-q" | "--quiet" ) verbose=false;; "-h" | "--help" ) helpFunc;; @@ -294,6 +295,6 @@ if $web; then echo "DONE" fi -if [[ "${reload}" != false ]]; then +if [[ ${reload} == true && ${noReloadRequested} == false ]]; then pihole restartdns reload-lists fi From 77e322afa644e9c3a75182c263d92aaa722d874d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 5 Oct 2021 16:25:29 +0100 Subject: [PATCH 111/141] (docs) update README.md (#4371) - correct grammar - correct punctuation - correct pronoun usage Co-authored-by: Vladislav Doster Signed-off-by: Adam Warner Co-authored-by: Vladislav Doster --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 06f541f4..b993cfe9 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,9 @@

-The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software. +The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content without installing any client-side software. -- **Easy-to-install**: our versatile installer walks you through the process, and takes less than ten minutes +- **Easy-to-install**: our versatile installer walks you through the process and takes less than ten minutes - **Resolute**: content is blocked in _non-browser locations_, such as ad-laden mobile apps and smart TVs - **Responsive**: seamlessly speeds up the feel of everyday browsing by caching DNS queries - **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://docs.pi-hole.net/main/prerequisites/) @@ -22,7 +22,7 @@ The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) th - **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring *all* your devices are protected automatically - **Scalable**: [capable of handling hundreds of millions of queries](https://pi-hole.net/2017/05/24/how-much-traffic-can-pi-hole-handle/) when installed on server-grade hardware - **Modern**: blocks ads over both IPv4 and IPv6 -- **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy +- **Free**: open source software that helps ensure _you_ are the sole person in control of your privacy ----- @@ -57,21 +57,21 @@ Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-h Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention. -If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available). +If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); be sure to disable DHCP on your router first (if it has that feature available). -As a last resort, you can always manually set each device to use Pi-hole as their DNS server. +As a last resort, you can manually set each device to use Pi-hole as their DNS server. ----- -## Pi-hole is free, but powered by your support +## Pi-hole is free but powered by your support -There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. +There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software and the importance of keeping it maintained. Make no mistake: **your support is absolutely vital to help keep us innovating!** ### [Donations](https://pi-hole.net/donate) -Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses and rewarding our dedicated development team: +Donating using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses: ### Alternative support @@ -83,13 +83,13 @@ If you'd rather not donate (_which is okay!_), there are other ways you can help - [Digital Ocean](https://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_ - [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_ - [Amazon US](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ -- Spreading the word about our software, and how you have benefited from it +- Spreading the word about our software and how you have benefited from it ### Contributing via GitHub We welcome _everyone_ to contribute to issue reports, suggest new features, and create pull requests. -If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve. +If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions it asks will help the volunteers quickly understand what you're aiming to achieve. You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review. @@ -97,9 +97,9 @@ You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/ma ## Getting in touch with us -While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets. +While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on various social media outlets. -**Please be sure to check the FAQ's** before starting a new discussion. Many user questions already have answers and can be solved without any additional assistance. +**Please be sure to check the FAQs** before starting a new discussion, as we do not have the spare time to reply to every request for assistance. - [Frequently Asked Questions](https://discourse.pi-hole.net/c/faqs) - [Feature Requests](https://discourse.pi-hole.net/c/feature-requests?order=votes) @@ -125,15 +125,15 @@ Some of the statistics you can integrate include: - Queries cached - Unique clients -The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). +Access the API via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). ### The Command Line Interface -The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`. +The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`. Some notable features include: -- [Whitelisting, Blacklisting and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex) +- [Whitelisting, Blacklisting, and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex) - [Debugging utility](https://docs.pi-hole.net/core/pihole-command/#debugger) - [Viewing the live log file](https://docs.pi-hole.net/core/pihole-command/#tail) - [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity) @@ -149,7 +149,7 @@ This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to vie Some notable features include: -- Mobile friendly interface +- Mobile-friendly interface - Password protection - Detailed graphs and doughnut charts - Top lists of domains and clients From c5828df198cb54311ffdc1ecee1e17c3e3da9772 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Tue, 5 Oct 2021 17:40:12 +0200 Subject: [PATCH 112/141] Consequently use defined file path variables (#4105) The script defines variables for the most important file paths which are not always used to call the file paths. "lighttpdConfig" was never used in the script itself, so that a shellcheck exception needed to be used. With this change, the defined variables are consequently used, which makes the shellcheck exception obsolete as well. Additionally the assigned strings are quoted, which is not necessary here but aligns with the coding standard and highlights the strings in most editors and development platforms for developer convenience. Signed-off-by: MichaIng --- automated install/basic-install.sh | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 42e660a9..422c1904 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -47,14 +47,13 @@ EOM ) # Location for final installation log storage -installLogLoc=/etc/pihole/install.log +installLogLoc="/etc/pihole/install.log" # This is an important file as it contains information specific to the machine it's being installed on -setupVars=/etc/pihole/setupVars.conf +setupVars="/etc/pihole/setupVars.conf" # Pi-hole uses lighttpd as a Web server, and this is the config file for it -# shellcheck disable=SC2034 -lighttpdConfig=/etc/lighttpd/lighttpd.conf +lighttpdConfig="/etc/lighttpd/lighttpd.conf" # This is a file used for the colorized output -coltable=/opt/pihole/COL_TABLE +coltable="/opt/pihole/COL_TABLE" # Root of the web server webroot="/var/www/html" @@ -1313,18 +1312,18 @@ installConfigs() { # make it and set the owners install -d -m 755 -o "${USER}" -g root /etc/lighttpd # Otherwise, if the config file already exists - elif [[ -f "/etc/lighttpd/lighttpd.conf" ]]; then + elif [[ -f "${lighttpdConfig}" ]]; then # back up the original - mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig + mv "${lighttpdConfig}"{,.orig} fi # and copy in the config file Pi-hole needs - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf + install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" # Make sure the external.conf file exists, as lighttpd v1.4.50 crashes without it touch /etc/lighttpd/external.conf chmod 644 /etc/lighttpd/external.conf # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config if [[ -f "${PI_HOLE_BLOCKPAGE_DIR}/custom.php" ]]; then - sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' /etc/lighttpd/lighttpd.conf + sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' "${lighttpdConfig}" fi # Make the directories if they do not exist and set the owners mkdir -p /run/lighttpd @@ -1892,7 +1891,7 @@ displayFinalMessage() { if [[ "${#1}" -gt 0 ]] ; then # set the password to the first argument. pwstring="$1" - elif [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) -gt 0 ]]; then + elif [[ $(grep 'WEBPASSWORD' -c "${setupVars}") -gt 0 ]]; then # Else if the password exists from previous setup, we'll load it later pwstring="unchanged" else @@ -2550,7 +2549,7 @@ main() { # Add password to web UI if there is none pw="" # If no password is set, - if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then + if [[ $(grep 'WEBPASSWORD' -c "${setupVars}") == 0 ]] ; then # generate a random password pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8) # shellcheck disable=SC1091 From 5bf35dc687008b7a6aa15330d4bd03329c37282c Mon Sep 17 00:00:00 2001 From: Jauder Ho Date: Tue, 5 Oct 2021 17:22:46 +0000 Subject: [PATCH 113/141] Add Dependabot and CodeQL support (#4286) Signed-off-by: Jauder Ho Co-authored-by: Adam Warner --- .github/dependabot.yml | 17 ++++++++++++ .github/workflows/codeql-analysis.yml | 40 +++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..bc08634e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: saturday + time: "10:00" + open-pull-requests-limit: 10 + target-branch: development + versioning-strategy: increase diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..a4f67b81 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,40 @@ +name: "CodeQL" + +on: + push: + branches: + - master + - development + pull_request: + branches: + - master + - development + schedule: + - cron: '32 11 * * 6' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + permissions: + actions: read + contents: read + security-events: write + + steps: + - + name: Checkout repository + uses: actions/checkout@v2 + # Initializes the CodeQL tools for scanning. + - + name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: 'python' + - + name: Autobuild + uses: github/codeql-action/autobuild@v1 + - + name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From 55dce14655a0188998c6ce5603092c387d130565 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 5 Oct 2021 19:34:51 +0100 Subject: [PATCH 114/141] Add execution bit accidentally dropped in #4106 (#4368) Add some smoke tests for the repository. - Add x bit to piholeCheckout.sh. Possibly not needed, but consistency is no bad thing - Ensure all files in script directorys have executable bit set Signed-off-by: Adam Warner --- .github/workflows/test.yml | 31 ++++++++++++++++--- .../Scripts/database_migration/gravity-db.sh | 0 advanced/Scripts/piholeCheckout.sh | 0 automated install/basic-install.sh | 0 4 files changed, 27 insertions(+), 4 deletions(-) mode change 100644 => 100755 advanced/Scripts/database_migration/gravity-db.sh mode change 100644 => 100755 advanced/Scripts/piholeCheckout.sh mode change 100644 => 100755 automated install/basic-install.sh diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 129caea4..c2b4dbbc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,21 +5,44 @@ on: types: [opened, synchronize, reopened, ready_for_review] jobs: + smoke-test: + if: github.event.pull_request.draft == false + runs-on: ubuntu-latest + steps: + - + name: Checkout repository + uses: actions/checkout@v2 + - + name: Run Smoke Tests + run: | + # Ensure scripts in repository are executable + IFS=$'\n'; + for f in $(find . -name '*.sh'); do if [[ ! -x $f ]]; then echo "$f is not executable" && FAIL=1; fi ;done + unset IFS; + # If FAIL is 1 then we fail. + [[ $FAIL == 1 ]] && exit 1 || echo "Smoke Tests Passed" + distro-test: if: github.event.pull_request.draft == false runs-on: ubuntu-latest + needs: smoke-test strategy: matrix: distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.7 + - + name: Checkout repository + uses: actions/checkout@v2 + - + name: Set up Python 3.7 uses: actions/setup-python@v2 with: python-version: 3.7 - - name: Install dependencies + - + name: Install dependencies run: pip install -r test/requirements.txt - - name: Test with tox + - + name: Test with tox run: tox -c test/tox.${DISTRO}.ini diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh old mode 100644 new mode 100755 diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh old mode 100644 new mode 100755 diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh old mode 100644 new mode 100755 From 0ea7344c309a81c64fe11769c0921cd0141b935e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Oct 2021 01:19:28 +0100 Subject: [PATCH 115/141] add --no-rebase to the git pull command(s) to squelch hint message in newer versions of git (#4226) Signed-off-by: Adam Warner --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 422c1904..9cba9339 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -514,7 +514,7 @@ update_repo() { git stash --all --quiet &> /dev/null || true # Okay for stash failure git clean --quiet --force -d || true # Okay for already clean directory # Pull the latest commits - git pull --quiet &> /dev/null || return $? + git pull --no-rebase --quiet &> /dev/null || return $? # Check current branch. If it is master, then reset to the latest available tag. # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks) curBranch=$(git rev-parse --abbrev-ref HEAD) @@ -2028,7 +2028,7 @@ checkout_pull_branch() { # Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git) chmod -R a+rX "${directory}" - git_pull=$(git pull || return 1) + git_pull=$(git pull --no-rebase || return 1) if [[ "$git_pull" == *"up-to-date"* ]]; then printf " %b %s\\n" "${INFO}" "${git_pull}" From 3cad8e4c5b4d226b9b85251b55647bd5aa1b2cc2 Mon Sep 17 00:00:00 2001 From: Frieder Bluemle Date: Wed, 6 Oct 2021 13:33:13 +0200 Subject: [PATCH 116/141] Remove .idea/ Signed-off-by: Frieder Bluemle --- .gitignore | 67 +--------------------------- .idea/codeStyleSettings.xml | 25 ----------- .idea/codeStyles/Project.xml | 7 --- .idea/codeStyles/codeStyleConfig.xml | 5 --- 4 files changed, 1 insertion(+), 103 deletions(-) delete mode 100644 .idea/codeStyleSettings.xml delete mode 100644 .idea/codeStyles/Project.xml delete mode 100644 .idea/codeStyles/codeStyleConfig.xml diff --git a/.gitignore b/.gitignore index b7ad1e41..c19555ed 100644 --- a/.gitignore +++ b/.gitignore @@ -7,70 +7,5 @@ __pycache__ .tox .eggs *.egg-info - - -# Created by https://www.gitignore.io/api/jetbrains+iml - -### JetBrains+iml ### -# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm -# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 - -# All idea files, with exceptions -.idea -!.idea/codeStyles/* -!.idea/codeStyleSettings.xml - - -# Sensitive or high-churn files: -.idea/**/dataSources/ -.idea/**/dataSources.ids -.idea/**/dataSources.xml -.idea/**/dataSources.local.xml -.idea/**/sqlDataSources.xml -.idea/**/dynamic.xml -.idea/**/uiDesigner.xml - -# Gradle: -.idea/**/gradle.xml -.idea/**/libraries - -# CMake -cmake-build-debug/ - -# Mongo Explorer plugin: -.idea/**/mongoSettings.xml - -## File-based project format: -*.iws - -## Plugin-specific files: - -# IntelliJ -/out/ - -# mpeltonen/sbt-idea plugin -.idea_modules/ - -# JIRA plugin -atlassian-ide-plugin.xml - -# Cursive Clojure plugin -.idea/replstate.xml - -# Ruby plugin and RubyMine -/.rakeTasks - -# Crashlytics plugin (for Android Studio and IntelliJ) -com_crashlytics_export_strings.xml -crashlytics.properties -crashlytics-build.properties -fabric.properties - -### JetBrains+iml Patch ### -# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023 - +.idea/ *.iml -.idea/misc.xml -*.ipr - -# End of https://www.gitignore.io/api/jetbrains+iml diff --git a/.idea/codeStyleSettings.xml b/.idea/codeStyleSettings.xml deleted file mode 100644 index 6ad75d68..00000000 --- a/.idea/codeStyleSettings.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml deleted file mode 100644 index 79a710fd..00000000 --- a/.idea/codeStyles/Project.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/.idea/codeStyles/codeStyleConfig.xml b/.idea/codeStyles/codeStyleConfig.xml deleted file mode 100644 index 79ee123c..00000000 --- a/.idea/codeStyles/codeStyleConfig.xml +++ /dev/null @@ -1,5 +0,0 @@ - - - - \ No newline at end of file From f3acc7c8393b8c038a448e2fff9a0840d67422fa Mon Sep 17 00:00:00 2001 From: yubiuser Date: Thu, 7 Oct 2021 00:19:25 +0200 Subject: [PATCH 117/141] Make debug log file size human readable (#4350) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d199b4f5..71e5c696 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1238,10 +1238,10 @@ show_messages() { } analyze_gravity_list() { - echo_current_diagnostic "Gravity List and Database" + echo_current_diagnostic "Gravity Database" local gravity_permissions - gravity_permissions=$(ls -ld "${PIHOLE_GRAVITY_DB_FILE}") + gravity_permissions=$(ls -lhd "${PIHOLE_GRAVITY_DB_FILE}") log_write "${COL_GREEN}${gravity_permissions}${COL_NC}" show_db_entries "Info table" "SELECT property,value FROM info" "20 40" @@ -1320,7 +1320,7 @@ analyze_pihole_log() { OLD_IFS="$IFS" # Get the lines that are in the file(s) and store them in an array for parsing later IFS=$'\r\n' - pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") + pihole_log_permissions=$(ls -lhd "${PIHOLE_LOG}") log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" From ab27a3bd452dac07f452f5a98e14c850b06ea63c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Oct 2021 23:30:29 +0100 Subject: [PATCH 118/141] Dependabot config tweak Signed-off-by: Adam Warner --- .github/dependabot.yml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bc08634e..e10beb30 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,17 +1,10 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - version: 2 updates: - # Maintain dependencies for GitHub Actions - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly day: saturday time: "10:00" open-pull-requests-limit: 10 - target-branch: development - versioning-strategy: increase + target-branch: developement \ No newline at end of file From f8af1a1baa5f0edee437e39c9a5fcf9a1ee6e944 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 7 Oct 2021 00:16:07 +0100 Subject: [PATCH 119/141] Allow iFrame for teleporter.php, see https://github.com/pi-hole/AdminLTE/pull/1231 Signed-off-by: Adam Warner --- advanced/lighttpd.conf.debian | 7 +++++++ advanced/lighttpd.conf.fedora | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 3ecd7213..a58b5a88 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -85,5 +85,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { url.access-deny = ("") } +# allow teleporter iframe on settings page +$HTTP["url"] =~ "/teleporter\.php$" { + $HTTP["referer"] =~ "/admin/settings\.php" { + setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + } +} + # Default expire header expire.url = ( "" => "access plus 0 seconds" ) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 5a99a9bf..ad336a93 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -93,5 +93,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { url.access-deny = ("") } +# allow teleporter iframe on settings page +$HTTP["url"] =~ "/teleporter\.php$" { + $HTTP["referer"] =~ "/admin/settings\.php" { + setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + } +} + # Default expire header expire.url = ( "" => "access plus 0 seconds" ) From b30d729aa49e5ecdc260a8a43afeabcb5c164673 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 8 Oct 2021 21:03:21 +0200 Subject: [PATCH 120/141] Simplify vw_adlist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/database_migration/gravity-db.sh | 6 ++++++ .../database_migration/gravity/13_to_14.sql | 2 +- .../database_migration/gravity/14_to_15.sql | 15 +++++++++++++++ advanced/Templates/gravity.db.sql | 10 ++++------ 4 files changed, 26 insertions(+), 7 deletions(-) create mode 100644 advanced/Scripts/database_migration/gravity/14_to_15.sql diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh index 22f241dd..0fecf34a 100755 --- a/advanced/Scripts/database_migration/gravity-db.sh +++ b/advanced/Scripts/database_migration/gravity-db.sh @@ -122,4 +122,10 @@ upgrade_gravityDB(){ sqlite3 "${database}" < "${scriptPath}/13_to_14.sql" version=14 fi + if [[ "$version" == "14" ]]; then + # Changes the vw_adlist created in 5_to_6 + echo -e " ${INFO} Upgrading gravity database from version 14 to 15" + sqlite3 "${database}" < "${scriptPath}/14_to_15.sql" + version=15 +fi } diff --git a/advanced/Scripts/database_migration/gravity/13_to_14.sql b/advanced/Scripts/database_migration/gravity/13_to_14.sql index fa230865..0a465d1d 100644 --- a/advanced/Scripts/database_migration/gravity/13_to_14.sql +++ b/advanced/Scripts/database_migration/gravity/13_to_14.sql @@ -10,4 +10,4 @@ ALTER TABLE adlist ADD COLUMN status INTEGER NOT NULL DEFAULT 0; UPDATE info SET value = 14 WHERE property = 'version'; -COMMIT; \ No newline at end of file +COMMIT; diff --git a/advanced/Scripts/database_migration/gravity/14_to_15.sql b/advanced/Scripts/database_migration/gravity/14_to_15.sql new file mode 100644 index 00000000..41cb7517 --- /dev/null +++ b/advanced/Scripts/database_migration/gravity/14_to_15.sql @@ -0,0 +1,15 @@ +.timeout 30000 + +PRAGMA FOREIGN_KEYS=OFF; + +BEGIN TRANSACTION; +DROP VIEW vw_adlist; + +CREATE VIEW vw_adlist AS SELECT DISTINCT address, id + FROM adlist + WHERE enabled = 1 + ORDER BY id; + +UPDATE info SET value = 15 WHERE property = 'version'; + +COMMIT; diff --git a/advanced/Templates/gravity.db.sql b/advanced/Templates/gravity.db.sql index 5d7bafa9..3f696d6d 100644 --- a/advanced/Templates/gravity.db.sql +++ b/advanced/Templates/gravity.db.sql @@ -57,7 +57,7 @@ CREATE TABLE info value TEXT NOT NULL ); -INSERT INTO "info" VALUES('version','14'); +INSERT INTO "info" VALUES('version','15'); CREATE TABLE domain_audit ( @@ -143,12 +143,10 @@ CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id LEFT JOIN "group" ON "group".id = adlist_by_group.group_id WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1); -CREATE VIEW vw_adlist AS SELECT DISTINCT address, adlist.id AS id +CREATE VIEW vw_adlist AS SELECT DISTINCT address, id FROM adlist - LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = adlist.id - LEFT JOIN "group" ON "group".id = adlist_by_group.group_id - WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1) - ORDER BY adlist.id; + WHERE enabled = 1 + ORDER BY id; CREATE TRIGGER tr_domainlist_add AFTER INSERT ON domainlist BEGIN From a0ecfcc1dcb11e541456caeb76fc3c8758f1b785 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 8 Oct 2021 21:50:46 +0200 Subject: [PATCH 121/141] Include df -h in debug log MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 71e5c696..d8ef7f7e 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -585,6 +585,13 @@ processor_check() { fi } +disk_usage() { + local df + echo_current_diagnostic "Disk usage" + DF=$(df -h) + log_write "${DF}"; +} + parse_setup_vars() { echo_current_diagnostic "Setup variables" # If the file exists, @@ -1421,6 +1428,7 @@ diagnose_operating_system check_selinux check_firewalld processor_check +disk_usage check_networking check_name_resolution check_dhcp_servers From fdc4cf9869e11df5fed525b09684736c247b7e2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 8 Oct 2021 21:54:50 +0200 Subject: [PATCH 122/141] Fix stickler MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d8ef7f7e..01daaa9f 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -586,7 +586,7 @@ processor_check() { } disk_usage() { - local df + local DF echo_current_diagnostic "Disk usage" DF=$(df -h) log_write "${DF}"; From 3c41ec08a3dedf18ac8a6004aaa34bff534bc295 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Fri, 8 Oct 2021 23:54:23 +0200 Subject: [PATCH 123/141] Set file permission for querie database in pihole-FTL.service (#4328) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Set file permission for querie database in pihole-FTL.service Signed-off-by: Christian König * Use -f flag for chmod of the macvendor.db Signed-off-by: Christian König * Fix missing space Signed-off-by: Christian König * Fix spelling Signed-off-by: Christian König --- advanced/Templates/pihole-FTL.service | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 55a68b15..865e2cd9 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -24,9 +24,13 @@ start() { touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit all necessary files chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole - chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /etc/pihole/macvendor.db + chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases + # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist + chmod -f 0644 /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db + # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist + chmod -f 0664 /etc/pihole/pihole-FTL.db if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole else From 99981b5e662c489fb0840f2a0da666bddf43f8d3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 11 Sep 2021 22:43:27 +0100 Subject: [PATCH 124/141] now that whiptail size is fixed, lose a couple of lines from the final whiptail output Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2e86f024..a39f7381 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1914,8 +1914,6 @@ IPv6: ${IPV6_ADDRESS:-"Not Configured"} If you have not done so already, the above IP should be set to static. -The install log is in /etc/pihole. - ${additional}" "${r}" "${c}" } From 77a30ac0c25ca1f788e974b72d787e225a4ea82d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 11 Oct 2021 17:31:03 +0200 Subject: [PATCH 125/141] Use mapfile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 01daaa9f..1366c14b 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -586,10 +586,13 @@ processor_check() { } disk_usage() { - local DF + local file_system echo_current_diagnostic "Disk usage" - DF=$(df -h) - log_write "${DF}"; + mapfile -t file_system < <(df -h) + + for line in "${file_system[@]}"; do + log_write " ${line}" + done } parse_setup_vars() { From d84da7131000502a1b2d9792eab6124f6036081d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 11 Oct 2021 18:02:47 +0200 Subject: [PATCH 126/141] Only show lines not containing sensitive keywords MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 1366c14b..cd615825 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -587,11 +587,22 @@ processor_check() { disk_usage() { local file_system + local hide + echo_current_diagnostic "Disk usage" mapfile -t file_system < <(df -h) + # Some lines of df might contain sensitive information like usernames and passwords. + # E.g. curlftpfs filesystems (https://www.looklinux.com/mount-ftp-share-on-linux-using-curlftps/) + # We are not interested in those lines so we collect keyword, to remove them from the output + # Additinal keywords can be added, separated by "|" + hide="curlftpfs" + + # only show those lines not containg a sensitive phrase for line in "${file_system[@]}"; do + if [[ ! $line =~ $hide ]]; then log_write " ${line}" + fi done } From 04f9e92bffd316320266293106e1a596f90e4f6e Mon Sep 17 00:00:00 2001 From: MichaIng Date: Mon, 11 Oct 2021 21:43:12 +0200 Subject: [PATCH 127/141] Fix PHP8.0 detection (#4383) The phpInsNewer variable is not set anymore, so that the JSON module is now always tried to be installed. Instead of checking for phpInsNewer to derive whether PHP was installed already, phpInsMajor is now checked. If it is set, PHP is installed already, and only if the major version is lower than 8, the JSON module can be installed. Signed-off-by: MichaIng --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a39f7381..babb8213 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -292,7 +292,7 @@ if is_command apt-get ; then # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php - if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then + if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then PIHOLE_WEB_DEPS+=("${phpVer}-json") fi # The Web server user, From b7bba6a689d135a9de972393fee47a520e6c5406 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 12 Oct 2021 18:15:56 +0200 Subject: [PATCH 128/141] Validate when adding not when removing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 44 ++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 52c388f8..b651bed5 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -709,7 +709,13 @@ AddCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" - echo "${ip} ${host}" >> "${dnscustomfile}" + + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + echo "${ip} ${host}" >> "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi # Restart dnsmasq to load new custom DNS entries RestartDNS @@ -721,12 +727,7 @@ RemoveCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" - if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" - else - echo -e " ${CROSS} Invalid IP has been passed" - exit 1 - fi + sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" # Restart dnsmasq to update removed custom DNS entries RestartDNS @@ -738,8 +739,19 @@ AddCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" - echo "cname=${domain},${target}" >> "${dnscustomcnamefile}" - + validDomain="$(checkDomain "${domain}")" + if [[ -n "${validDomain}" ]]; then + validTarget="$(checkDomain "${target}")" + if [[ -n "${validTarget}" ]]; then + echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}" + else + echo " ${CROSS} Invalid Target Passed!" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 + fi # Restart dnsmasq to load new custom CNAME records RestartDNS } @@ -750,19 +762,7 @@ RemoveCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" - validDomain="$(checkDomain "${domain}")" - if [[ -n "${validDomain}" ]]; then - validTarget="$(checkDomain "${target}")" - if [[ -n "${validDomain}" ]]; then - sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" - else - echo " ${CROSS} Invalid Target Passed!" - exit 1 - fi - else - echo " ${CROSS} Invalid Domain passed!" - exit 1 - fi + sed -i "/cname=${domain},${target}$/d" "${dnscustomcnamefile}" # Restart dnsmasq to update removed custom CNAME records RestartDNS From bc21a7155de841b5f39ce8c3c3aa51a691d25fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 12 Oct 2021 19:49:36 +0200 Subject: [PATCH 129/141] Add option to not reload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index b651bed5..f382b4d1 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -709,6 +709,7 @@ AddCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" + reload="${args[4]}" if valid_ip "${ip}" || valid_ip6 "${ip}" ; then echo "${ip} ${host}" >> "${dnscustomfile}" @@ -717,8 +718,10 @@ AddCustomDNSAddress() { exit 1 fi - # Restart dnsmasq to load new custom DNS entries - RestartDNS + # Restart dnsmasq to load new custom DNS entries only if $reload not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi } RemoveCustomDNSAddress() { @@ -726,11 +729,14 @@ RemoveCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" + reload="${args[4]}" sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" - # Restart dnsmasq to update removed custom DNS entries - RestartDNS + # Restart dnsmasq to load new custom DNS entries only if reload is not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi } AddCustomCNAMERecord() { @@ -738,6 +744,7 @@ AddCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" + reload="${args[4]}" validDomain="$(checkDomain "${domain}")" if [[ -n "${validDomain}" ]]; then @@ -752,8 +759,10 @@ AddCustomCNAMERecord() { echo " ${CROSS} Invalid Domain passed!" exit 1 fi - # Restart dnsmasq to load new custom CNAME records - RestartDNS + # Restart dnsmasq to load new custom CNAME records only if reload is not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi } RemoveCustomCNAMERecord() { @@ -761,11 +770,14 @@ RemoveCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" + reload="${args[4]}" sed -i "/cname=${domain},${target}$/d" "${dnscustomcnamefile}" - # Restart dnsmasq to update removed custom CNAME records - RestartDNS + # Restart dnsmasq to update removed custom CNAME records only if $reload not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi } main() { From a872fabe7d8518a9d025887da70ad922251e2cf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 17 Oct 2021 20:51:59 +0200 Subject: [PATCH 130/141] Validate on removal as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index f382b4d1..463b12fe 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -731,7 +731,12 @@ RemoveCustomDNSAddress() { host="${args[3]}" reload="${args[4]}" - sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi # Restart dnsmasq to load new custom DNS entries only if reload is not false if [[ ! $reload == "false" ]]; then @@ -772,7 +777,19 @@ RemoveCustomCNAMERecord() { target="${args[3]}" reload="${args[4]}" - sed -i "/cname=${domain},${target}$/d" "${dnscustomcnamefile}" + validDomain="$(checkDomain "${domain}")" + if [[ -n "${validDomain}" ]]; then + validTarget="$(checkDomain "${target}")" + if [[ -n "${validTarget}" ]]; then + sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" + else + echo " ${CROSS} Invalid Target Passed!" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 + fi # Restart dnsmasq to update removed custom CNAME records only if $reload not false if [[ ! $reload == "false" ]]; then From 596689b4c99f794eba8ddd14b51e914d0eac5917 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 19 Oct 2021 21:34:16 +0200 Subject: [PATCH 131/141] Validate host/domain of Local DNS records as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 463b12fe..a739d898 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -711,12 +711,18 @@ AddCustomDNSAddress() { host="${args[3]}" reload="${args[4]}" - if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - echo "${ip} ${host}" >> "${dnscustomfile}" - else - echo -e " ${CROSS} Invalid IP has been passed" - exit 1 - fi + validHost="$(checkDomain "${host}")" + if [[ -n "${validHost}" ]]; then + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + echo "${ip} ${validHost}" >> "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 + fi # Restart dnsmasq to load new custom DNS entries only if $reload not false if [[ ! $reload == "false" ]]; then @@ -731,11 +737,17 @@ RemoveCustomDNSAddress() { host="${args[3]}" reload="${args[4]}" - if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" - else - echo -e " ${CROSS} Invalid IP has been passed" - exit 1 + validHost="$(checkDomain "${host}")" + if [[ -n "${validHost}" ]]; then + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + sed -i "/^${ip} ${validHost}$/d" "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 fi # Restart dnsmasq to load new custom DNS entries only if reload is not false From 8713135b018fd0464c55dee53393eaae23c195a0 Mon Sep 17 00:00:00 2001 From: Blayne Campbell Date: Sat, 23 Oct 2021 12:43:20 -0600 Subject: [PATCH 132/141] update tests: remove fedora 32, add fedora 34 (#4403) Signed-off-by: bcambl --- .github/workflows/test.yml | 2 +- test/{_fedora_32.Dockerfile => _fedora_34.Dockerfile} | 2 +- test/{tox.fedora_32.ini => tox.fedora_34.ini} | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename test/{_fedora_32.Dockerfile => _fedora_34.Dockerfile} (97%) rename test/{tox.fedora_32.ini => tox.fedora_34.ini} (78%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c2b4dbbc..49f139e1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: needs: smoke-test strategy: matrix: - distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33] + distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_33, fedora_34] env: DISTRO: ${{matrix.distro}} steps: diff --git a/test/_fedora_32.Dockerfile b/test/_fedora_34.Dockerfile similarity index 97% rename from test/_fedora_32.Dockerfile rename to test/_fedora_34.Dockerfile index e9c2ff2a..96de18da 100644 --- a/test/_fedora_32.Dockerfile +++ b/test/_fedora_34.Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:32 +FROM fedora:34 ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/tox.fedora_32.ini b/test/tox.fedora_34.ini similarity index 78% rename from test/tox.fedora_32.ini rename to test/tox.fedora_34.ini index c68e0757..154662cf 100644 --- a/test/tox.fedora_32.ini +++ b/test/tox.fedora_34.ini @@ -4,5 +4,5 @@ envlist = py37 [testenv] whitelist_externals = docker deps = -rrequirements.txt -commands = docker build -f _fedora_32.Dockerfile -t pytest_pihole:test_container ../ +commands = docker build -f _fedora_34.Dockerfile -t pytest_pihole:test_container ../ pytest {posargs:-vv -n auto} ./test_automated_install.py ./test_centos_fedora_common_support.py ./test_fedora_support.py From c6da1a39183573261642fdc38555cebcf9f753c0 Mon Sep 17 00:00:00 2001 From: David Irvine Date: Thu, 28 Oct 2021 12:09:34 +0200 Subject: [PATCH 133/141] Fix documentation; add some missing zones Signed-off-by: David Irvine --- advanced/06-rfc6761.conf | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf index e03569e8..fcdd0010 100644 --- a/advanced/06-rfc6761.conf +++ b/advanced/06-rfc6761.conf @@ -25,11 +25,12 @@ server=/localhost/ server=/invalid/ # The same RFC requests something similar for -# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 27.172.in-addr.arpa. -# 17.172.in-addr.arpa. 30.172.in-addr.arpa. 28.172.in-addr.arpa. -# 18.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. -# 19.172.in-addr.arpa. 24.172.in-addr.arpa. 31.172.in-addr.arpa. -# 20.172.in-addr.arpa. 25.172.in-addr.arpa. 168.192.in-addr.arpa. +# 10.in-addr.arpa. 21.172.in-addr.arpa. 27.172.in-addr.arpa. +# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 28.172.in-addr.arpa. +# 17.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. +# 18.172.in-addr.arpa. 24.172.in-addr.arpa. 30.172.in-addr.arpa. +# 19.172.in-addr.arpa. 25.172.in-addr.arpa. 31.172.in-addr.arpa. +# 20.172.in-addr.arpa. 26.172.in-addr.arpa. 168.192.in-addr.arpa. # Pi-hole implements this via the dnsmasq option "bogus-priv" (see # 01-pihole.conf) because this also covers IPv6. From e73355329542de074caace35fb38908343346955 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 2 Nov 2021 21:22:14 +0100 Subject: [PATCH 134/141] Remove unused code from webpage.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index a739d898..2a406565 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -532,25 +532,6 @@ CustomizeAdLists() { fi } -SetPrivacyMode() { - if [[ "${args[2]}" == "true" ]]; then - change_setting "API_PRIVACY_MODE" "true" - else - change_setting "API_PRIVACY_MODE" "false" - fi -} - -ResolutionSettings() { - typ="${args[2]}" - state="${args[3]}" - - if [[ "${typ}" == "forward" ]]; then - change_setting "API_GET_UPSTREAM_DNS_HOSTNAME" "${state}" - elif [[ "${typ}" == "clients" ]]; then - change_setting "API_GET_CLIENT_HOSTNAME" "${state}" - fi -} - AddDHCPStaticAddress() { mac="${args[2]}" ip="${args[3]}" @@ -829,8 +810,6 @@ main() { "layout" ) SetWebUILayout;; "theme" ) SetWebUITheme;; "-h" | "--help" ) helpFunc;; - "privacymode" ) SetPrivacyMode;; - "resolve" ) ResolutionSettings;; "addstaticdhcp" ) AddDHCPStaticAddress;; "removestaticdhcp" ) RemoveDHCPStaticAddress;; "-e" | "email" ) SetAdminEmail "$3";; From 996f8fff28237d916ab44f7f039202ac32ccd75d Mon Sep 17 00:00:00 2001 From: yubiuser Date: Thu, 4 Nov 2021 23:55:16 +0100 Subject: [PATCH 135/141] Recommend apt instead of apt-get if updating the package cache failed (#4421) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Only change the recommendation to use apt Signed-off-by: Christian König --- automated install/basic-install.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index babb8213..0f9f8cc0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1481,8 +1481,14 @@ update_package_cache() { printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" else # Otherwise, show an error and exit + + # In case we used apt-get and apt is also available, we use this as recommendation as we have seen it + # gives more user-friendly (interactive) advice + if [[ ${PKG_MANAGER} == "apt-get" ]] && is_command apt ; then + UPDATE_PKG_CACHE="apt update" + fi printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" + printf " %bError: Unable to update package cache. Please try \"%s\"%b\\n" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" return 1 fi } From ac4a975be55a3533d6425eac72026d5b94dda5f1 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sat, 6 Nov 2021 21:32:03 +0100 Subject: [PATCH 136/141] Allow users to skip setting static IP adress (#4419) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Allow users to skip setting static IP adresss Signed-off-by: Christian König --- automated install/basic-install.sh | 85 +++++++++++++++++------------- 1 file changed, 48 insertions(+), 37 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 0f9f8cc0..c806a6ae 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -761,7 +761,6 @@ collect_v4andv6_information() { if [[ -f "/etc/dhcpcd.conf" ]]; then # configure networking via dhcpcd getStaticIPv4Settings - setDHCPCD fi find_IPv6_information printf " %b IPv6 address: %s\\n" "${INFO}" "${IPV6_ADDRESS}" @@ -770,47 +769,59 @@ collect_v4andv6_information() { getStaticIPv4Settings() { # Local, named variables local ipSettingsCorrect + local DHCPChoice # Ask if the user wants to use DHCP settings as their static IP # This is useful for users that are using DHCP reservations; then we can just use the information gathered via our functions - if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Do you want to use your current network settings as a static address? - IP address: ${IPV4_ADDRESS} - Gateway: ${IPv4gw}" "${r}" "${c}"; then + DHCPChoice=$(whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --menu --separate-output "Do you want to use your current network settings as a static address? \\n + IP address: ${IPV4_ADDRESS} \\n + Gateway: ${IPv4gw} \\n" "${r}" "${c}" 3\ + "Yes" "Set static IP using current values" \ + "No" "Set static IP using custom values" \ + "Skip" "I will set a static IP later, or have already done so" 3>&2 2>&1 1>&3) || \ + { printf " %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; } + + case ${DHCPChoice} in + "Yes") # If they choose yes, let the user know that the IP address will not be available via DHCP and may cause a conflict. whiptail --msgbox --backtitle "IP information" --title "FYI: IP Conflict" "It is possible your router could still try to assign this IP to a device, which would cause a conflict. But in most cases the router is smart enough to not do that. -If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want. -It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." "${r}" "${c}" - # Nothing else to do since the variables are already set above - else - # Otherwise, we need to ask the user to input their desired settings. - # Start by getting the IPv4 address (pre-filling it with info gathered from DHCP) - # Start a loop to let the user enter their information with the chance to go back and edit it if necessary - until [[ "${ipSettingsCorrect}" = True ]]; do + If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want. + It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." "${r}" "${c}" + # Nothing else to do since the variables are already set above + setDHCPCD + ;; - # Ask for the IPv4 address - IPV4_ADDRESS=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" "${r}" "${c}" "${IPV4_ADDRESS}" 3>&1 1>&2 2>&3) || \ - # Canceling IPv4 settings window - { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } - printf " %b Your static IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" + "No") + # Otherwise, we need to ask the user to input their desired settings. + # Start by getting the IPv4 address (pre-filling it with info gathered from DHCP) + # Start a loop to let the user enter their information with the chance to go back and edit it if necessary + until [[ "${ipSettingsCorrect}" = True ]]; do - # Ask for the gateway - IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" "${r}" "${c}" "${IPv4gw}" 3>&1 1>&2 2>&3) || \ - # Canceling gateway settings window - { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } - printf " %b Your static IPv4 gateway: %s\\n" "${INFO}" "${IPv4gw}" + # Ask for the IPv4 address + IPV4_ADDRESS=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" "${r}" "${c}" "${IPV4_ADDRESS}" 3>&1 1>&2 2>&3) || \ + # Canceling IPv4 settings window + { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } + printf " %b Your static IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" - # Give the user a chance to review their settings before moving on - if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct? - IP address: ${IPV4_ADDRESS} - Gateway: ${IPv4gw}" "${r}" "${c}"; then - # After that's done, the loop ends and we move on - ipSettingsCorrect=True - else - # If the settings are wrong, the loop continues - ipSettingsCorrect=False - fi - done - # End the if statement for DHCP vs. static - fi + # Ask for the gateway + IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" "${r}" "${c}" "${IPv4gw}" 3>&1 1>&2 2>&3) || \ + # Canceling gateway settings window + { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } + printf " %b Your static IPv4 gateway: %s\\n" "${INFO}" "${IPv4gw}" + + # Give the user a chance to review their settings before moving on + if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct? + IP address: ${IPV4_ADDRESS} + Gateway: ${IPv4gw}" "${r}" "${c}"; then + # After that's done, the loop ends and we move on + ipSettingsCorrect=True + else + # If the settings are wrong, the loop continues + ipSettingsCorrect=False + fi + done + setDHCPCD + ;; + esac } # Configure networking via dhcpcd @@ -2475,12 +2486,12 @@ main() { get_available_interfaces # Find interfaces and let the user choose one chooseInterface + # find IPv4 and IPv6 information of the device + collect_v4andv6_information # Decide what upstream DNS Servers to use setDNS # Give the user a choice of blocklists to include in their install. Or not. chooseBlocklists - # find IPv4 and IPv6 information of the device - collect_v4andv6_information # Let the user decide if they want the web interface to be installed automatically setAdminFlag # Let the user decide if they want query logging enabled... From cedd1a259105dc231744d58562f0bc80d4294c7a Mon Sep 17 00:00:00 2001 From: pvogt09 <50047961+pvogt09@users.noreply.github.com> Date: Thu, 11 Nov 2021 17:44:57 +0100 Subject: [PATCH 137/141] unit test for umask problems in #3177 and #2730 (#3191) * add test for file permissions of $webroot Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * changes sudo to su for running command as user www-data Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * installs PIHOLE_WEB_DEPS to create LIGHTTPD_USER Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * changes stdout to rc Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * use installPihole instead of installPiholeWeb in test Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * try installation process with main Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * mock systemctl Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * removes stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * start lighttpd and make webpage test optional Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * test all files and directories in $webroot Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * fix stickler and codefactor warnings Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * set permission for /var/cache if it did not exist before Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * add test case for pihole files Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * fix stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * revert "set permission for /var/cache if it did not exist before" and make lighttpd start work Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * add --add-cap=NET_ADMIN to enable FTL start Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * specify DNS server for cURL Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * check files created by FTL Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * reorder code and change nameserver in /etc/resolv.conf Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * resolve with dig instead of relying on /etc/resolv.conf Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * set IP to 127.0.0.1 in setupVars.conf for blockpage tests Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * resolve domain with dig and remove debug output Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * fix stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * no git pull in Github Action runs for pull requests Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * --cap-add=ALL test Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * fix stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * remove debug code Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * update_repo patch for CentOS 7 in Github Actions Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * removes TODOs and stickler warnings Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * adds trailing slash to domain Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * use only first result from dig Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * domain name resolution does not work reliably in docker container Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * repair executable permission Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * Create mock_command_passthrough that allows intercepting of specific arguments - everything else is passed through to the proper command. Use this new command instead of making changes in basic-install.sh to make the tests pass. Signed-off-by: Adam Warner Co-authored-by: Adam Warner --- test/README.md | 4 +- test/conftest.py | 69 ++++- test/test_automated_install.py | 514 +++++++++++++++++++++++++++++++++ 3 files changed, 581 insertions(+), 6 deletions(-) diff --git a/test/README.md b/test/README.md index b4dd1122..692155b7 100644 --- a/test/README.md +++ b/test/README.md @@ -18,8 +18,8 @@ py.test -vv -n auto -m "build_stage" py.test -vv -n auto -m "not build_stage" ``` -The build_stage tests have to run first to create the docker images, followed by the actual tests which utilize said images. Unless you're changing your dockerfiles you shouldn't have to run the build_stage every time - but it's a good idea to rebuild at least once a day in case the base Docker images or packages change. +The build_stage tests have to run first to create the docker images, followed by the actual tests which utilize said images. Unless you're changing your dockerfiles you shouldn't have to run the build_stage every time - but it's a good idea to rebuild at least once a day in case the base Docker images or packages change. # How do I debug python? -Highly recommended: Setup PyCharm on a **Docker enabled** machine. Having a python debugger like PyCharm changes your life if you've never used it :) +Highly recommended: Setup PyCharm on a **Docker enabled** machine. Having a python debugger like PyCharm changes your life if you've never used it :) diff --git a/test/conftest.py b/test/conftest.py index 13731eb8..2d388fdd 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -64,7 +64,7 @@ def args(request): ''' -t became required when tput began being used ''' - return '-t -d' + return '-t -d --cap-add=ALL' @pytest.fixture(params=[ @@ -100,7 +100,7 @@ def mock_command(script, args, container): in unit tests ''' full_script_path = '/usr/local/bin/{}'.format(script) - mock_script = dedent('''\ + mock_script = dedent(r'''\ #!/bin/bash -e echo "\$0 \$@" >> /var/log/{script} case "\$1" in'''.format(script=script)) @@ -121,13 +121,75 @@ def mock_command(script, args, container): scriptlog=script)) +def mock_command_passthrough(script, args, container): + ''' + Per other mock_command* functions, allows intercepting of commands we don't want to run for real + in unit tests, however also allows only specific arguments to be mocked. Anything not defined will + be passed through to the actual command. + + Example use-case: mocking `git pull` but still allowing `git clone` to work as intended + ''' + orig_script_path = check_output('which {}'.format(script)) + full_script_path = '/usr/local/bin/{}'.format(script) + mock_script = dedent(r'''\ + #!/bin/bash -e + echo "\$0 \$@" >> /var/log/{script} + case "\$1" in'''.format(script=script)) + for k, v in args.items(): + case = dedent(''' + {arg}) + echo {res} + exit {retcode} + ;;'''.format(arg=k, res=v[0], retcode=v[1])) + mock_script += case + mock_script += dedent(r''' + *) + {orig_script_path} "\$@" + ;;'''.format(orig_script_path=orig_script_path)) + mock_script += dedent(''' + esac''') + container.run(''' + cat < {script}\n{content}\nEOF + chmod +x {script} + rm -f /var/log/{scriptlog}'''.format(script=full_script_path, + content=mock_script, + scriptlog=script)) + + +def mock_command_run(script, args, container): + ''' + Allows for setup of commands we don't really want to have to run for real + in unit tests + ''' + full_script_path = '/usr/local/bin/{}'.format(script) + mock_script = dedent(r'''\ + #!/bin/bash -e + echo "\$0 \$@" >> /var/log/{script} + case "\$1 \$2" in'''.format(script=script)) + for k, v in args.items(): + case = dedent(''' + \"{arg}\") + echo {res} + exit {retcode} + ;;'''.format(arg=k, res=v[0], retcode=v[1])) + mock_script += case + mock_script += dedent(''' + esac''') + container.run(''' + cat < {script}\n{content}\nEOF + chmod +x {script} + rm -f /var/log/{scriptlog}'''.format(script=full_script_path, + content=mock_script, + scriptlog=script)) + + def mock_command_2(script, args, container): ''' Allows for setup of commands we don't really want to have to run for real in unit tests ''' full_script_path = '/usr/local/bin/{}'.format(script) - mock_script = dedent('''\ + mock_script = dedent(r'''\ #!/bin/bash -e echo "\$0 \$@" >> /var/log/{script} case "\$1 \$2" in'''.format(script=script)) @@ -147,7 +209,6 @@ def mock_command_2(script, args, container): content=mock_script, scriptlog=script)) - def run_script(Pihole, script): result = Pihole.run(script) assert result.rc == 0 diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 37ebdad2..304a8783 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -1,3 +1,4 @@ +import pytest from textwrap import dedent import re from .conftest import ( @@ -6,7 +7,9 @@ from .conftest import ( info_box, cross_box, mock_command, + mock_command_run, mock_command_2, + mock_command_passthrough, run_script ) @@ -109,6 +112,7 @@ def test_installPiholeWeb_fresh_install_no_errors(Pihole): confirms all web page assets from Core repo are installed on a fresh build ''' installWeb = Pihole.run(''' + umask 0027 source /opt/pihole/basic-install.sh installPiholeWeb ''') @@ -129,6 +133,516 @@ def test_installPiholeWeb_fresh_install_no_errors(Pihole): assert 'blockingpage.css' in web_directory +def get_directories_recursive(Pihole, directory): + if directory is None: + return directory + ls = Pihole.run('ls -d {}'.format(directory + '/*/')) + directories = list(filter(bool, ls.stdout.splitlines())) + dirs = directories + for dirval in directories: + dir_rec = get_directories_recursive(Pihole, dirval) + if isinstance(dir_rec, str): + dirs.extend([dir_rec]) + else: + dirs.extend(dir_rec) + return dirs + + +def test_installPihole_fresh_install_readableFiles(Pihole): + ''' + confirms all neccessary files are readable by pihole user + ''' + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', {'*': ('', '0')}, Pihole) + # mock git pull + mock_command_passthrough('git', {'pull': ('', '0')}, Pihole) + # mock systemctl to not start lighttpd and FTL + mock_command_2( + 'systemctl', + { + 'enable lighttpd': ( + '', + '0' + ), + 'restart lighttpd': ( + '', + '0' + ), + 'start lighttpd': ( + '', + '0' + ), + 'enable pihole-FTL': ( + '', + '0' + ), + 'restart pihole-FTL': ( + '', + '0' + ), + 'start pihole-FTL': ( + '', + '0' + ), + '*': ( + 'echo "systemctl call with $@"', + '0' + ), + }, + Pihole + ) + # try to install man + Pihole.run('command -v apt-get > /dev/null && apt-get install -qq man') + Pihole.run('command -v dnf > /dev/null && dnf install -y man') + Pihole.run('command -v yum > /dev/null && yum install -y man') + # create configuration file + setup_var_file = 'cat < /etc/pihole/setupVars.conf\n' + for k, v in SETUPVARS.items(): + setup_var_file += "{}={}\n".format(k, v) + setup_var_file += "INSTALL_WEB_SERVER=true\n" + setup_var_file += "INSTALL_WEB_INTERFACE=true\n" + setup_var_file += "EOF\n" + Pihole.run(setup_var_file) + install = Pihole.run(''' + export TERM=xterm + export DEBIAN_FRONTEND=noninteractive + umask 0027 + runUnattended=true + useUpdateVars=true + source /opt/pihole/basic-install.sh > /dev/null + runUnattended=true + useUpdateVars=true + main + ''') + assert 0 == install.rc + maninstalled = True + if (info_box + ' man not installed') in install.stdout: + maninstalled = False + piholeuser = 'pihole' + exit_status_success = 0 + test_cmd = 'su --shell /bin/bash --command "test -{0} {1}" -p {2}' + # check files in /etc/pihole for read, write and execute permission + check_etc = test_cmd.format('r', '/etc/pihole', piholeuser) + actual_rc = Pihole.run(check_etc).rc + assert exit_status_success == actual_rc + check_etc = test_cmd.format('x', '/etc/pihole', piholeuser) + actual_rc = Pihole.run(check_etc).rc + assert exit_status_success == actual_rc + # readable and writable dhcp.leases + check_leases = test_cmd.format('r', '/etc/pihole/dhcp.leases', piholeuser) + actual_rc = Pihole.run(check_leases).rc + assert exit_status_success == actual_rc + check_leases = test_cmd.format('w', '/etc/pihole/dhcp.leases', piholeuser) + actual_rc = Pihole.run(check_leases).rc + # readable dns-servers.conf + assert exit_status_success == actual_rc + check_servers = test_cmd.format( + 'r', '/etc/pihole/dns-servers.conf', piholeuser) + actual_rc = Pihole.run(check_servers).rc + assert exit_status_success == actual_rc + # readable GitHubVersions + check_version = test_cmd.format( + 'r', '/etc/pihole/GitHubVersions', piholeuser) + actual_rc = Pihole.run(check_version).rc + assert exit_status_success == actual_rc + # readable install.log + check_install = test_cmd.format( + 'r', '/etc/pihole/install.log', piholeuser) + actual_rc = Pihole.run(check_install).rc + assert exit_status_success == actual_rc + # readable localbranches + check_localbranch = test_cmd.format( + 'r', '/etc/pihole/localbranches', piholeuser) + actual_rc = Pihole.run(check_localbranch).rc + assert exit_status_success == actual_rc + # readable localversions + check_localversion = test_cmd.format( + 'r', '/etc/pihole/localversions', piholeuser) + actual_rc = Pihole.run(check_localversion).rc + assert exit_status_success == actual_rc + # readable logrotate + check_logrotate = test_cmd.format( + 'r', '/etc/pihole/logrotate', piholeuser) + actual_rc = Pihole.run(check_logrotate).rc + assert exit_status_success == actual_rc + # readable macvendor.db + check_macvendor = test_cmd.format( + 'r', '/etc/pihole/macvendor.db', piholeuser) + actual_rc = Pihole.run(check_macvendor).rc + assert exit_status_success == actual_rc + # readable and writeable pihole-FTL.conf + check_FTLconf = test_cmd.format( + 'r', '/etc/pihole/pihole-FTL.conf', piholeuser) + actual_rc = Pihole.run(check_FTLconf).rc + assert exit_status_success == actual_rc + check_FTLconf = test_cmd.format( + 'w', '/etc/pihole/pihole-FTL.conf', piholeuser) + actual_rc = Pihole.run(check_FTLconf).rc + assert exit_status_success == actual_rc + # readable setupVars.conf + check_setup = test_cmd.format( + 'r', '/etc/pihole/setupVars.conf', piholeuser) + actual_rc = Pihole.run(check_setup).rc + assert exit_status_success == actual_rc + # check dnsmasq files + # readable /etc/dnsmasq.conf + check_dnsmasqconf = test_cmd.format( + 'r', '/etc/dnsmasq.conf', piholeuser) + actual_rc = Pihole.run(check_dnsmasqconf).rc + assert exit_status_success == actual_rc + # readable /etc/dnsmasq.d/01-pihole.conf + check_dnsmasqconf = test_cmd.format( + 'r', '/etc/dnsmasq.d', piholeuser) + actual_rc = Pihole.run(check_dnsmasqconf).rc + assert exit_status_success == actual_rc + check_dnsmasqconf = test_cmd.format( + 'x', '/etc/dnsmasq.d', piholeuser) + actual_rc = Pihole.run(check_dnsmasqconf).rc + assert exit_status_success == actual_rc + check_dnsmasqconf = test_cmd.format( + 'r', '/etc/dnsmasq.d/01-pihole.conf', piholeuser) + actual_rc = Pihole.run(check_dnsmasqconf).rc + assert exit_status_success == actual_rc + # check readable and executable /etc/init.d/pihole-FTL + check_init = test_cmd.format( + 'x', '/etc/init.d/pihole-FTL', piholeuser) + actual_rc = Pihole.run(check_init).rc + assert exit_status_success == actual_rc + check_init = test_cmd.format( + 'r', '/etc/init.d/pihole-FTL', piholeuser) + actual_rc = Pihole.run(check_init).rc + assert exit_status_success == actual_rc + # check readable /etc/lighttpd/lighttpd.conf + check_lighttpd = test_cmd.format( + 'r', '/etc/lighttpd/lighttpd.conf', piholeuser) + actual_rc = Pihole.run(check_lighttpd).rc + assert exit_status_success == actual_rc + # check readable and executable manpages + if maninstalled is True: + check_man = test_cmd.format( + 'x', '/usr/local/share/man', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'x', '/usr/local/share/man/man8', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man8', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'x', '/usr/local/share/man/man5', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man5', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man8/pihole.8', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man8/pihole-FTL.8', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man5/pihole-FTL.conf.5', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + # check not readable sudoers file + check_sudo = test_cmd.format( + 'r', '/etc/sudoers.d/pihole', piholeuser) + actual_rc = Pihole.run(check_sudo).rc + assert exit_status_success != actual_rc + # check not readable cron file + check_sudo = test_cmd.format( + 'x', '/etc/cron.d/', piholeuser) + actual_rc = Pihole.run(check_sudo).rc + assert exit_status_success == actual_rc + check_sudo = test_cmd.format( + 'r', '/etc/cron.d/', piholeuser) + actual_rc = Pihole.run(check_sudo).rc + assert exit_status_success == actual_rc + check_sudo = test_cmd.format( + 'r', '/etc/cron.d/pihole', piholeuser) + actual_rc = Pihole.run(check_sudo).rc + assert exit_status_success == actual_rc + directories = get_directories_recursive(Pihole, '/etc/.pihole/') + for directory in directories: + check_pihole = test_cmd.format('r', directory, piholeuser) + actual_rc = Pihole.run(check_pihole).rc + check_pihole = test_cmd.format('x', directory, piholeuser) + actual_rc = Pihole.run(check_pihole).rc + findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;' + filelist = Pihole.run(findfiles.format(directory)) + files = list(filter(bool, filelist.stdout.splitlines())) + for file in files: + check_pihole = test_cmd.format('r', file, piholeuser) + actual_rc = Pihole.run(check_pihole).rc + + +@pytest.mark.parametrize("test_webpage", [True]) +def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): + ''' + confirms all web page assets from Core repo are readable + by $LIGHTTPD_USER on a fresh build + ''' + piholeWebpage = [ + "127.0.0.1", + # "pi.hole" + ] + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', {'*': ('', '0')}, Pihole) + # mock git pull + mock_command_passthrough('git', {'pull': ('', '0')}, Pihole) + # mock systemctl to start lighttpd and FTL + ligthttpdcommand = dedent(r'''\"\" + echo 'starting lighttpd with {}' + if [ command -v "apt-get" >/dev/null 2>&1 ]; then + LIGHTTPD_USER="www-data" + LIGHTTPD_GROUP="www-data" + else + LIGHTTPD_USER="lighttpd" + LIGHTTPD_GROUP="lighttpd" + fi + mkdir -p "{run}" + chown {usergroup} "{run}" + mkdir -p "{cache}" + chown {usergroup} "/var/cache" + chown {usergroup} "{cache}" + mkdir -p "{compress}" + chown {usergroup} "{compress}" + mkdir -p "{uploads}" + chown {usergroup} "{uploads}" + chmod 0777 /var + chmod 0777 /var/cache + chmod 0777 "{cache}" + find "{run}" -type d -exec chmod 0777 {chmodarg} \;; + find "{run}" -type f -exec chmod 0666 {chmodarg} \;; + find "{compress}" -type d -exec chmod 0777 {chmodarg} \;; + find "{compress}" -type f -exec chmod 0666 {chmodarg} \;; + find "{uploads}" -type d -exec chmod 0777 {chmodarg} \;; + find "{uploads}" -type f -exec chmod 0666 {chmodarg} \;; + /usr/sbin/lighttpd -tt -f '{config}' + /usr/sbin/lighttpd -f '{config}' + echo \"\"'''.format( + '{}', + usergroup='${{LIGHTTPD_USER}}:${{LIGHTTPD_GROUP}}', + chmodarg='{{}}', + config='/etc/lighttpd/lighttpd.conf', + run='/var/run/lighttpd', + cache='/var/cache/lighttpd', + uploads='/var/cache/lighttpd/uploads', + compress='/var/cache/lighttpd/compress' + ) + ) + FTLcommand = dedent('''\"\" + set -x + /etc/init.d/pihole-FTL restart + echo \"\"''') + mock_command_run( + 'systemctl', + { + 'enable lighttpd': ( + '', + '0' + ), + 'restart lighttpd': ( + ligthttpdcommand.format('restart'), + '0' + ), + 'start lighttpd': ( + ligthttpdcommand.format('start'), + '0' + ), + 'enable pihole-FTL': ( + '', + '0' + ), + 'restart pihole-FTL': ( + FTLcommand, + '0' + ), + 'start pihole-FTL': ( + FTLcommand, + '0' + ), + '*': ( + 'echo "systemctl call with $@"', + '0' + ), + }, + Pihole + ) + # create configuration file + setup_var_file = 'cat < /etc/pihole/setupVars.conf\n' + for k, v in SETUPVARS.items(): + setup_var_file += "{}={}\n".format(k, v) + setup_var_file += "INSTALL_WEB_SERVER=true\n" + setup_var_file += "INSTALL_WEB_INTERFACE=true\n" + setup_var_file += "IPV4_ADDRESS=127.0.0.1\n" + setup_var_file += "EOF\n" + Pihole.run(setup_var_file) + installWeb = Pihole.run(''' + export TERM=xterm + export DEBIAN_FRONTEND=noninteractive + umask 0027 + runUnattended=true + useUpdateVars=true + source /opt/pihole/basic-install.sh > /dev/null + runUnattended=true + useUpdateVars=true + main + echo "LIGHTTPD_USER=${LIGHTTPD_USER}" + echo "webroot=${webroot}" + echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" + echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}" + ''') + assert 0 == installWeb.rc + piholeuser = 'pihole' + webuser = '' + user = re.findall( + r"^\s*LIGHTTPD_USER=.*$", installWeb.stdout, re.MULTILINE) + for match in user: + webuser = match.replace('LIGHTTPD_USER=', '').strip() + webroot = '' + user = re.findall( + r"^\s*webroot=.*$", installWeb.stdout, re.MULTILINE) + for match in user: + webroot = match.replace('webroot=', '').strip() + if not webroot.strip(): + webroot = '/var/www/html' + installWebInterface = True + interface = re.findall( + r"^\s*INSTALL_WEB_INTERFACE=.*$", installWeb.stdout, re.MULTILINE) + for match in interface: + testvalue = match.replace('INSTALL_WEB_INTERFACE=', '').strip().lower() + if not testvalue.strip(): + installWebInterface = testvalue == "true" + installWebServer = True + server = re.findall( + r"^\s*INSTALL_WEB_SERVER=.*$", installWeb.stdout, re.MULTILINE) + for match in server: + testvalue = match.replace('INSTALL_WEB_SERVER=', '').strip().lower() + if not testvalue.strip(): + installWebServer = testvalue == "true" + # if webserver install was not requested + # at least pihole must be able to read files + if installWebServer is False: + webuser = piholeuser + exit_status_success = 0 + test_cmd = 'su --shell /bin/bash --command "test -{0} {1}" -p {2}' + # check files that need a running FTL to be created + # readable and writeable pihole-FTL.db + check_FTLconf = test_cmd.format( + 'r', '/etc/pihole/pihole-FTL.db', piholeuser) + actual_rc = Pihole.run(check_FTLconf).rc + assert exit_status_success == actual_rc + check_FTLconf = test_cmd.format( + 'w', '/etc/pihole/pihole-FTL.db', piholeuser) + actual_rc = Pihole.run(check_FTLconf).rc + assert exit_status_success == actual_rc + # check directories above $webroot for read and execute permission + check_var = test_cmd.format('r', '/var', webuser) + actual_rc = Pihole.run(check_var).rc + assert exit_status_success == actual_rc + check_var = test_cmd.format('x', '/var', webuser) + actual_rc = Pihole.run(check_var).rc + assert exit_status_success == actual_rc + check_www = test_cmd.format('r', '/var/www', webuser) + actual_rc = Pihole.run(check_www).rc + assert exit_status_success == actual_rc + check_www = test_cmd.format('x', '/var/www', webuser) + actual_rc = Pihole.run(check_www).rc + assert exit_status_success == actual_rc + check_html = test_cmd.format('r', '/var/www/html', webuser) + actual_rc = Pihole.run(check_html).rc + assert exit_status_success == actual_rc + check_html = test_cmd.format('x', '/var/www/html', webuser) + actual_rc = Pihole.run(check_html).rc + assert exit_status_success == actual_rc + # check directories below $webroot for read and execute permission + check_admin = test_cmd.format('r', webroot + '/admin', webuser) + actual_rc = Pihole.run(check_admin).rc + assert exit_status_success == actual_rc + check_admin = test_cmd.format('x', webroot + '/admin', webuser) + actual_rc = Pihole.run(check_admin).rc + assert exit_status_success == actual_rc + directories = get_directories_recursive(Pihole, webroot + '/admin/*/') + for directory in directories: + check_pihole = test_cmd.format('r', directory, webuser) + actual_rc = Pihole.run(check_pihole).rc + check_pihole = test_cmd.format('x', directory, webuser) + actual_rc = Pihole.run(check_pihole).rc + findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;' + filelist = Pihole.run(findfiles.format(directory)) + files = list(filter(bool, filelist.stdout.splitlines())) + for file in files: + check_pihole = test_cmd.format('r', file, webuser) + actual_rc = Pihole.run(check_pihole).rc + # check web interface files + # change nameserver to pi-hole + # setting nameserver in /etc/resolv.conf to pi-hole does + # not work here because of the way docker uses this file + ns = Pihole.run( + r"sed -i 's/nameserver.*/nameserver 127.0.0.1/' /etc/resolv.conf") + pihole_is_ns = ns.rc == 0 + + def is_ip(address): + m = re.match(r"(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})", address) + return bool(m) + if installWebInterface is True: + check_pihole = test_cmd.format('r', webroot + '/pihole', webuser) + actual_rc = Pihole.run(check_pihole).rc + assert exit_status_success == actual_rc + check_pihole = test_cmd.format('x', webroot + '/pihole', webuser) + actual_rc = Pihole.run(check_pihole).rc + assert exit_status_success == actual_rc + # check most important files in $webroot for read permission + check_index = test_cmd.format( + 'r', webroot + '/pihole/index.php', webuser) + actual_rc = Pihole.run(check_index).rc + assert exit_status_success == actual_rc + check_blockpage = test_cmd.format( + 'r', webroot + '/pihole/blockingpage.css', webuser) + actual_rc = Pihole.run(check_blockpage).rc + assert exit_status_success == actual_rc + if test_webpage is True: + # check webpage for unreadable files + noPHPfopen = re.compile( + (r"PHP Error(%d+):\s+fopen([^)]+):\s+" + + r"failed to open stream: " + + r"Permission denied in"), + re.I) + # using cURL option --dns-servers is not possible + status = ( + 'curl -s --head "{}" | ' + + 'head -n 1 | ' + + 'grep "HTTP/1.[01] [23].." > /dev/null') + digcommand = r"dig A +short {} @127.0.0.1 | head -n 1" + pagecontent = 'curl --verbose -L "{}"' + for page in piholeWebpage: + testpage = "http://" + page + "/admin/" + resolvesuccess = True + if is_ip(page) is False: + dig = Pihole.run(digcommand.format(page)) + testpage = "http://" + dig.stdout.strip() + "/admin/" + resolvesuccess = dig.rc == 0 + if resolvesuccess or pihole_is_ns: + # check HTTP status of blockpage + actual_rc = Pihole.run(status.format(testpage)) + assert exit_status_success == actual_rc.rc + # check for PHP error + actual_output = Pihole.run(pagecontent.format(testpage)) + assert noPHPfopen.match(actual_output.stdout) is None + + def test_update_package_cache_success_no_errors(Pihole): ''' confirms package cache was updated without any errors From cdd4d9ea9e51c8110df832d5fadeb44bc90b5085 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 18 Nov 2021 01:03:37 +0000 Subject: [PATCH 138/141] Update the tests (#4427) * unpin the requirements and update all to latest available - needs more work still. see notes in `def host()` Signed-off-by: Adam Warner * fix py3 monkey patch of testinfra docker using bash Signed-off-by: Adam Hill * update the other test files to use `host` instead of `Pihole` Address some sticklr and codefactor update python version from 3.7 to 3.8 preload `git` onto the centos/fedora test images, and switch which with command -v in the passthrough mock testinfra is deprecated, use pytest-testinfra Signed-off-by: Adam Warner Co-authored-by: Adam Hill --- .github/workflows/test.yml | 4 +- .gitignore | 1 + test/_centos_7.Dockerfile | 1 + test/_centos_8.Dockerfile | 1 + test/_fedora_33.Dockerfile | 1 + test/_fedora_34.Dockerfile | 1 + test/conftest.py | 101 ++----- test/requirements.txt | 12 +- test/test_automated_install.py | 339 +++++++++++----------- test/test_centos_7_support.py | 22 +- test/test_centos_8_support.py | 22 +- test/test_centos_common_support.py | 48 +-- test/test_centos_fedora_common_support.py | 24 +- test/test_fedora_support.py | 8 +- test/tox.centos_7.ini | 2 +- test/tox.centos_8.ini | 2 +- test/tox.debian_10.ini | 2 +- test/tox.debian_11.ini | 2 +- test/tox.debian_9.ini | 2 +- test/tox.fedora_33.ini | 2 +- test/tox.fedora_34.ini | 2 +- test/tox.ubuntu_16.ini | 2 +- test/tox.ubuntu_18.ini | 2 +- test/tox.ubuntu_20.ini | 2 +- test/tox.ubuntu_21.ini | 2 +- 25 files changed, 285 insertions(+), 322 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 49f139e1..17557a87 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -36,10 +36,10 @@ jobs: name: Checkout repository uses: actions/checkout@v2 - - name: Set up Python 3.7 + name: Set up Python 3.8 uses: actions/setup-python@v2 with: - python-version: 3.7 + python-version: 3.8 - name: Install dependencies run: pip install -r test/requirements.txt diff --git a/.gitignore b/.gitignore index c19555ed..8016472b 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ __pycache__ *.egg-info .idea/ *.iml +.vscode/ diff --git a/test/_centos_7.Dockerfile b/test/_centos_7.Dockerfile index 434242bf..355f4fdb 100644 --- a/test/_centos_7.Dockerfile +++ b/test/_centos_7.Dockerfile @@ -1,4 +1,5 @@ FROM centos:7 +RUN yum install -y git ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/_centos_8.Dockerfile b/test/_centos_8.Dockerfile index afd2dc8a..fddb3ed1 100644 --- a/test/_centos_8.Dockerfile +++ b/test/_centos_8.Dockerfile @@ -1,4 +1,5 @@ FROM centos:8 +RUN yum install -y git ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/_fedora_33.Dockerfile b/test/_fedora_33.Dockerfile index 9ae94c70..5cdd66ee 100644 --- a/test/_fedora_33.Dockerfile +++ b/test/_fedora_33.Dockerfile @@ -1,4 +1,5 @@ FROM fedora:33 +RUN dnf install -y git ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/_fedora_34.Dockerfile b/test/_fedora_34.Dockerfile index 96de18da..fbbaacd6 100644 --- a/test/_fedora_34.Dockerfile +++ b/test/_fedora_34.Dockerfile @@ -1,4 +1,5 @@ FROM fedora:34 +RUN dnf install -y git ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/conftest.py b/test/conftest.py index 2d388fdd..fb7e1eea 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -1,10 +1,9 @@ import pytest import testinfra +import testinfra.backend.docker +import subprocess from textwrap import dedent -check_output = testinfra.get_backend( - "local://" -).get_module("Command").check_output SETUPVARS = { 'PIHOLE_INTERFACE': 'eth99', @@ -12,85 +11,42 @@ SETUPVARS = { 'PIHOLE_DNS_2': '4.2.2.2' } +IMAGE = 'pytest_pihole:test_container' + tick_box = "[\x1b[1;32m\u2713\x1b[0m]" cross_box = "[\x1b[1;31m\u2717\x1b[0m]" info_box = "[i]" -@pytest.fixture -def Pihole(Docker): - ''' - used to contain some script stubbing, now pretty much an alias. - Also provides bash as the default run function shell - ''' - def run_bash(self, command, *args, **kwargs): - cmd = self.get_command(command, *args) - if self.user is not None: - out = self.run_local( - "docker exec -u %s %s /bin/bash -c %s", - self.user, self.name, cmd) - else: - out = self.run_local( - "docker exec %s /bin/bash -c %s", self.name, cmd) - out.command = self.encode(cmd) - return out +# Monkeypatch sh to bash, if they ever support non hard code /bin/sh this can go away +# https://github.com/pytest-dev/pytest-testinfra/blob/master/testinfra/backend/docker.py +def run_bash(self, command, *args, **kwargs): + cmd = self.get_command(command, *args) + if self.user is not None: + out = self.run_local( + "docker exec -u %s %s /bin/bash -c %s", self.user, self.name, cmd + ) + else: + out = self.run_local("docker exec %s /bin/bash -c %s", self.name, cmd) + out.command = self.encode(cmd) + return out - funcType = type(Docker.run) - Docker.run = funcType(run_bash, Docker) - return Docker + +testinfra.backend.docker.DockerBackend.run = run_bash @pytest.fixture -def Docker(request, args, image, cmd): - ''' - combine our fixtures into a docker run command and setup finalizer to - cleanup - ''' - assert 'docker' in check_output('id'), "Are you in the docker group?" - docker_run = "docker run {} {} {}".format(args, image, cmd) - docker_id = check_output(docker_run) +def host(): + # run a container + docker_id = subprocess.check_output( + ['docker', 'run', '-t', '-d', '--cap-add=ALL', IMAGE]).decode().strip() - def teardown(): - check_output("docker rm -f %s", docker_id) - request.addfinalizer(teardown) + # return a testinfra connection to the container + docker_host = testinfra.get_host("docker://" + docker_id) - docker_container = testinfra.get_backend("docker://" + docker_id) - docker_container.id = docker_id - return docker_container - - -@pytest.fixture -def args(request): - ''' - -t became required when tput began being used - ''' - return '-t -d --cap-add=ALL' - - -@pytest.fixture(params=[ - 'test_container' -]) -def tag(request): - ''' - consumed by image to make the test matrix - ''' - return request.param - - -@pytest.fixture() -def image(request, tag): - ''' - built by test_000_build_containers.py - ''' - return 'pytest_pihole:{}'.format(tag) - - -@pytest.fixture() -def cmd(request): - ''' - default to doing nothing by tailing null, but don't exit - ''' - return 'tail -f /dev/null' + yield docker_host + # at the end of the test suite, destroy the container + subprocess.check_call(['docker', 'rm', '-f', docker_id]) # Helper functions @@ -129,7 +85,7 @@ def mock_command_passthrough(script, args, container): Example use-case: mocking `git pull` but still allowing `git clone` to work as intended ''' - orig_script_path = check_output('which {}'.format(script)) + orig_script_path = container.check_output('command -v {}'.format(script)) full_script_path = '/usr/local/bin/{}'.format(script) mock_script = dedent(r'''\ #!/bin/bash -e @@ -209,6 +165,7 @@ def mock_command_2(script, args, container): content=mock_script, scriptlog=script)) + def run_script(Pihole, script): result = Pihole.run(script) assert result.rc == 0 diff --git a/test/requirements.txt b/test/requirements.txt index 17d62ad9..d65ee6a5 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,6 +1,6 @@ -docker-compose==1.23.2 -pytest==4.3.0 -pytest-xdist==1.26.1 -pytest-cov==2.6.1 -testinfra==1.19.0 -tox==3.7.0 +docker-compose +pytest +pytest-xdist +pytest-cov +pytest-testinfra +tox diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 304a8783..911407fc 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -14,14 +14,14 @@ from .conftest import ( ) -def test_supported_package_manager(Pihole): +def test_supported_package_manager(host): ''' confirm installer exits when no supported package manager found ''' # break supported package managers - Pihole.run('rm -rf /usr/bin/apt-get') - Pihole.run('rm -rf /usr/bin/rpm') - package_manager_detect = Pihole.run(''' + host.run('rm -rf /usr/bin/apt-get') + host.run('rm -rf /usr/bin/rpm') + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect ''') @@ -30,7 +30,7 @@ def test_supported_package_manager(Pihole): # assert package_manager_detect.rc == 1 -def test_setupVars_are_sourced_to_global_scope(Pihole): +def test_setupVars_are_sourced_to_global_scope(host): ''' currently update_dialogs sources setupVars with a dot, then various other functions use the variables. @@ -40,7 +40,7 @@ def test_setupVars_are_sourced_to_global_scope(Pihole): for k, v in SETUPVARS.items(): setup_var_file += "{}={}\n".format(k, v) setup_var_file += "EOF\n" - Pihole.run(setup_var_file) + host.run(setup_var_file) script = dedent('''\ set -e @@ -58,13 +58,13 @@ def test_setupVars_are_sourced_to_global_scope(Pihole): printSetupVars ''') - output = run_script(Pihole, script).stdout + output = run_script(host, script).stdout for k, v in SETUPVARS.items(): assert "{}={}".format(k, v) in output -def test_setupVars_saved_to_file(Pihole): +def test_setupVars_saved_to_file(host): ''' confirm saved settings are written to a file for future updates to re-use ''' @@ -72,7 +72,7 @@ def test_setupVars_saved_to_file(Pihole): set_setup_vars = '\n' for k, v in SETUPVARS.items(): set_setup_vars += " {}={}\n".format(k, v) - Pihole.run(set_setup_vars).stdout + host.run(set_setup_vars) script = dedent('''\ set -e @@ -87,17 +87,17 @@ def test_setupVars_saved_to_file(Pihole): cat /etc/pihole/setupVars.conf '''.format(set_setup_vars)) - output = run_script(Pihole, script).stdout + output = run_script(host, script).stdout for k, v in SETUPVARS.items(): assert "{}={}".format(k, v) in output -def test_selinux_not_detected(Pihole): +def test_selinux_not_detected(host): ''' confirms installer continues when SELinux configuration file does not exist ''' - check_selinux = Pihole.run(''' + check_selinux = host.run(''' rm -f /etc/selinux/config source /opt/pihole/basic-install.sh checkSelinux @@ -107,11 +107,11 @@ def test_selinux_not_detected(Pihole): assert check_selinux.rc == 0 -def test_installPiholeWeb_fresh_install_no_errors(Pihole): +def test_installPiholeWeb_fresh_install_no_errors(host): ''' confirms all web page assets from Core repo are installed on a fresh build ''' - installWeb = Pihole.run(''' + installWeb = host.run(''' umask 0027 source /opt/pihole/basic-install.sh installPiholeWeb @@ -128,19 +128,19 @@ def test_installPiholeWeb_fresh_install_no_errors(Pihole): assert expected_stdout in installWeb.stdout expected_stdout = tick_box + ' Installing sudoer file' assert expected_stdout in installWeb.stdout - web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout + web_directory = host.run('ls -r /var/www/html/pihole').stdout assert 'index.php' in web_directory assert 'blockingpage.css' in web_directory -def get_directories_recursive(Pihole, directory): +def get_directories_recursive(host, directory): if directory is None: return directory - ls = Pihole.run('ls -d {}'.format(directory + '/*/')) + ls = host.run('ls -d {}'.format(directory + '/*/')) directories = list(filter(bool, ls.stdout.splitlines())) dirs = directories for dirval in directories: - dir_rec = get_directories_recursive(Pihole, dirval) + dir_rec = get_directories_recursive(host, dirval) if isinstance(dir_rec, str): dirs.extend([dir_rec]) else: @@ -148,14 +148,14 @@ def get_directories_recursive(Pihole, directory): return dirs -def test_installPihole_fresh_install_readableFiles(Pihole): +def test_installPihole_fresh_install_readableFiles(host): ''' confirms all neccessary files are readable by pihole user ''' # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) + mock_command('whiptail', {'*': ('', '0')}, host) # mock git pull - mock_command_passthrough('git', {'pull': ('', '0')}, Pihole) + mock_command_passthrough('git', {'pull': ('', '0')}, host) # mock systemctl to not start lighttpd and FTL mock_command_2( 'systemctl', @@ -189,12 +189,12 @@ def test_installPihole_fresh_install_readableFiles(Pihole): '0' ), }, - Pihole + host ) # try to install man - Pihole.run('command -v apt-get > /dev/null && apt-get install -qq man') - Pihole.run('command -v dnf > /dev/null && dnf install -y man') - Pihole.run('command -v yum > /dev/null && yum install -y man') + host.run('command -v apt-get > /dev/null && apt-get install -qq man') + host.run('command -v dnf > /dev/null && dnf install -y man') + host.run('command -v yum > /dev/null && yum install -y man') # create configuration file setup_var_file = 'cat < /etc/pihole/setupVars.conf\n' for k, v in SETUPVARS.items(): @@ -202,8 +202,8 @@ def test_installPihole_fresh_install_readableFiles(Pihole): setup_var_file += "INSTALL_WEB_SERVER=true\n" setup_var_file += "INSTALL_WEB_INTERFACE=true\n" setup_var_file += "EOF\n" - Pihole.run(setup_var_file) - install = Pihole.run(''' + host.run(setup_var_file) + install = host.run(''' export TERM=xterm export DEBIAN_FRONTEND=noninteractive umask 0027 @@ -223,172 +223,172 @@ def test_installPihole_fresh_install_readableFiles(Pihole): test_cmd = 'su --shell /bin/bash --command "test -{0} {1}" -p {2}' # check files in /etc/pihole for read, write and execute permission check_etc = test_cmd.format('r', '/etc/pihole', piholeuser) - actual_rc = Pihole.run(check_etc).rc + actual_rc = host.run(check_etc).rc assert exit_status_success == actual_rc check_etc = test_cmd.format('x', '/etc/pihole', piholeuser) - actual_rc = Pihole.run(check_etc).rc + actual_rc = host.run(check_etc).rc assert exit_status_success == actual_rc # readable and writable dhcp.leases check_leases = test_cmd.format('r', '/etc/pihole/dhcp.leases', piholeuser) - actual_rc = Pihole.run(check_leases).rc + actual_rc = host.run(check_leases).rc assert exit_status_success == actual_rc check_leases = test_cmd.format('w', '/etc/pihole/dhcp.leases', piholeuser) - actual_rc = Pihole.run(check_leases).rc + actual_rc = host.run(check_leases).rc # readable dns-servers.conf assert exit_status_success == actual_rc check_servers = test_cmd.format( 'r', '/etc/pihole/dns-servers.conf', piholeuser) - actual_rc = Pihole.run(check_servers).rc + actual_rc = host.run(check_servers).rc assert exit_status_success == actual_rc # readable GitHubVersions check_version = test_cmd.format( 'r', '/etc/pihole/GitHubVersions', piholeuser) - actual_rc = Pihole.run(check_version).rc + actual_rc = host.run(check_version).rc assert exit_status_success == actual_rc # readable install.log check_install = test_cmd.format( 'r', '/etc/pihole/install.log', piholeuser) - actual_rc = Pihole.run(check_install).rc + actual_rc = host.run(check_install).rc assert exit_status_success == actual_rc # readable localbranches check_localbranch = test_cmd.format( 'r', '/etc/pihole/localbranches', piholeuser) - actual_rc = Pihole.run(check_localbranch).rc + actual_rc = host.run(check_localbranch).rc assert exit_status_success == actual_rc # readable localversions check_localversion = test_cmd.format( 'r', '/etc/pihole/localversions', piholeuser) - actual_rc = Pihole.run(check_localversion).rc + actual_rc = host.run(check_localversion).rc assert exit_status_success == actual_rc # readable logrotate check_logrotate = test_cmd.format( 'r', '/etc/pihole/logrotate', piholeuser) - actual_rc = Pihole.run(check_logrotate).rc + actual_rc = host.run(check_logrotate).rc assert exit_status_success == actual_rc # readable macvendor.db check_macvendor = test_cmd.format( 'r', '/etc/pihole/macvendor.db', piholeuser) - actual_rc = Pihole.run(check_macvendor).rc + actual_rc = host.run(check_macvendor).rc assert exit_status_success == actual_rc # readable and writeable pihole-FTL.conf check_FTLconf = test_cmd.format( 'r', '/etc/pihole/pihole-FTL.conf', piholeuser) - actual_rc = Pihole.run(check_FTLconf).rc + actual_rc = host.run(check_FTLconf).rc assert exit_status_success == actual_rc check_FTLconf = test_cmd.format( 'w', '/etc/pihole/pihole-FTL.conf', piholeuser) - actual_rc = Pihole.run(check_FTLconf).rc + actual_rc = host.run(check_FTLconf).rc assert exit_status_success == actual_rc # readable setupVars.conf check_setup = test_cmd.format( 'r', '/etc/pihole/setupVars.conf', piholeuser) - actual_rc = Pihole.run(check_setup).rc + actual_rc = host.run(check_setup).rc assert exit_status_success == actual_rc # check dnsmasq files # readable /etc/dnsmasq.conf check_dnsmasqconf = test_cmd.format( 'r', '/etc/dnsmasq.conf', piholeuser) - actual_rc = Pihole.run(check_dnsmasqconf).rc + actual_rc = host.run(check_dnsmasqconf).rc assert exit_status_success == actual_rc # readable /etc/dnsmasq.d/01-pihole.conf check_dnsmasqconf = test_cmd.format( 'r', '/etc/dnsmasq.d', piholeuser) - actual_rc = Pihole.run(check_dnsmasqconf).rc + actual_rc = host.run(check_dnsmasqconf).rc assert exit_status_success == actual_rc check_dnsmasqconf = test_cmd.format( 'x', '/etc/dnsmasq.d', piholeuser) - actual_rc = Pihole.run(check_dnsmasqconf).rc + actual_rc = host.run(check_dnsmasqconf).rc assert exit_status_success == actual_rc check_dnsmasqconf = test_cmd.format( 'r', '/etc/dnsmasq.d/01-pihole.conf', piholeuser) - actual_rc = Pihole.run(check_dnsmasqconf).rc + actual_rc = host.run(check_dnsmasqconf).rc assert exit_status_success == actual_rc # check readable and executable /etc/init.d/pihole-FTL check_init = test_cmd.format( 'x', '/etc/init.d/pihole-FTL', piholeuser) - actual_rc = Pihole.run(check_init).rc + actual_rc = host.run(check_init).rc assert exit_status_success == actual_rc check_init = test_cmd.format( 'r', '/etc/init.d/pihole-FTL', piholeuser) - actual_rc = Pihole.run(check_init).rc + actual_rc = host.run(check_init).rc assert exit_status_success == actual_rc # check readable /etc/lighttpd/lighttpd.conf check_lighttpd = test_cmd.format( 'r', '/etc/lighttpd/lighttpd.conf', piholeuser) - actual_rc = Pihole.run(check_lighttpd).rc + actual_rc = host.run(check_lighttpd).rc assert exit_status_success == actual_rc # check readable and executable manpages if maninstalled is True: check_man = test_cmd.format( 'x', '/usr/local/share/man', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'x', '/usr/local/share/man/man8', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man8', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'x', '/usr/local/share/man/man5', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man5', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man8/pihole.8', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man8/pihole-FTL.8', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man5/pihole-FTL.conf.5', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc # check not readable sudoers file check_sudo = test_cmd.format( 'r', '/etc/sudoers.d/pihole', piholeuser) - actual_rc = Pihole.run(check_sudo).rc + actual_rc = host.run(check_sudo).rc assert exit_status_success != actual_rc # check not readable cron file check_sudo = test_cmd.format( 'x', '/etc/cron.d/', piholeuser) - actual_rc = Pihole.run(check_sudo).rc + actual_rc = host.run(check_sudo).rc assert exit_status_success == actual_rc check_sudo = test_cmd.format( 'r', '/etc/cron.d/', piholeuser) - actual_rc = Pihole.run(check_sudo).rc + actual_rc = host.run(check_sudo).rc assert exit_status_success == actual_rc check_sudo = test_cmd.format( 'r', '/etc/cron.d/pihole', piholeuser) - actual_rc = Pihole.run(check_sudo).rc + actual_rc = host.run(check_sudo).rc assert exit_status_success == actual_rc - directories = get_directories_recursive(Pihole, '/etc/.pihole/') + directories = get_directories_recursive(host, '/etc/.pihole/') for directory in directories: check_pihole = test_cmd.format('r', directory, piholeuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc check_pihole = test_cmd.format('x', directory, piholeuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;' - filelist = Pihole.run(findfiles.format(directory)) + filelist = host.run(findfiles.format(directory)) files = list(filter(bool, filelist.stdout.splitlines())) for file in files: check_pihole = test_cmd.format('r', file, piholeuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc @pytest.mark.parametrize("test_webpage", [True]) -def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): +def test_installPihole_fresh_install_readableBlockpage(host, test_webpage): ''' confirms all web page assets from Core repo are readable by $LIGHTTPD_USER on a fresh build @@ -398,9 +398,10 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): # "pi.hole" ] # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) + mock_command('whiptail', {'*': ('', '0')}, host) + # mock git pull - mock_command_passthrough('git', {'pull': ('', '0')}, Pihole) + mock_command_passthrough('git', {'pull': ('', '0')}, host) # mock systemctl to start lighttpd and FTL ligthttpdcommand = dedent(r'''\"\" echo 'starting lighttpd with {}' @@ -478,7 +479,7 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): '0' ), }, - Pihole + host ) # create configuration file setup_var_file = 'cat < /etc/pihole/setupVars.conf\n' @@ -488,8 +489,8 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): setup_var_file += "INSTALL_WEB_INTERFACE=true\n" setup_var_file += "IPV4_ADDRESS=127.0.0.1\n" setup_var_file += "EOF\n" - Pihole.run(setup_var_file) - installWeb = Pihole.run(''' + host.run(setup_var_file) + installWeb = host.run(''' export TERM=xterm export DEBIAN_FRONTEND=noninteractive umask 0027 @@ -542,55 +543,55 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): # readable and writeable pihole-FTL.db check_FTLconf = test_cmd.format( 'r', '/etc/pihole/pihole-FTL.db', piholeuser) - actual_rc = Pihole.run(check_FTLconf).rc + actual_rc = host.run(check_FTLconf).rc assert exit_status_success == actual_rc check_FTLconf = test_cmd.format( 'w', '/etc/pihole/pihole-FTL.db', piholeuser) - actual_rc = Pihole.run(check_FTLconf).rc + actual_rc = host.run(check_FTLconf).rc assert exit_status_success == actual_rc # check directories above $webroot for read and execute permission check_var = test_cmd.format('r', '/var', webuser) - actual_rc = Pihole.run(check_var).rc + actual_rc = host.run(check_var).rc assert exit_status_success == actual_rc check_var = test_cmd.format('x', '/var', webuser) - actual_rc = Pihole.run(check_var).rc + actual_rc = host.run(check_var).rc assert exit_status_success == actual_rc check_www = test_cmd.format('r', '/var/www', webuser) - actual_rc = Pihole.run(check_www).rc + actual_rc = host.run(check_www).rc assert exit_status_success == actual_rc check_www = test_cmd.format('x', '/var/www', webuser) - actual_rc = Pihole.run(check_www).rc + actual_rc = host.run(check_www).rc assert exit_status_success == actual_rc check_html = test_cmd.format('r', '/var/www/html', webuser) - actual_rc = Pihole.run(check_html).rc + actual_rc = host.run(check_html).rc assert exit_status_success == actual_rc check_html = test_cmd.format('x', '/var/www/html', webuser) - actual_rc = Pihole.run(check_html).rc + actual_rc = host.run(check_html).rc assert exit_status_success == actual_rc # check directories below $webroot for read and execute permission check_admin = test_cmd.format('r', webroot + '/admin', webuser) - actual_rc = Pihole.run(check_admin).rc + actual_rc = host.run(check_admin).rc assert exit_status_success == actual_rc check_admin = test_cmd.format('x', webroot + '/admin', webuser) - actual_rc = Pihole.run(check_admin).rc + actual_rc = host.run(check_admin).rc assert exit_status_success == actual_rc - directories = get_directories_recursive(Pihole, webroot + '/admin/*/') + directories = get_directories_recursive(host, webroot + '/admin/*/') for directory in directories: check_pihole = test_cmd.format('r', directory, webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc check_pihole = test_cmd.format('x', directory, webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;' - filelist = Pihole.run(findfiles.format(directory)) + filelist = host.run(findfiles.format(directory)) files = list(filter(bool, filelist.stdout.splitlines())) for file in files: check_pihole = test_cmd.format('r', file, webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc # check web interface files # change nameserver to pi-hole # setting nameserver in /etc/resolv.conf to pi-hole does # not work here because of the way docker uses this file - ns = Pihole.run( + ns = host.run( r"sed -i 's/nameserver.*/nameserver 127.0.0.1/' /etc/resolv.conf") pihole_is_ns = ns.rc == 0 @@ -599,19 +600,19 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): return bool(m) if installWebInterface is True: check_pihole = test_cmd.format('r', webroot + '/pihole', webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc assert exit_status_success == actual_rc check_pihole = test_cmd.format('x', webroot + '/pihole', webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc assert exit_status_success == actual_rc # check most important files in $webroot for read permission check_index = test_cmd.format( 'r', webroot + '/pihole/index.php', webuser) - actual_rc = Pihole.run(check_index).rc + actual_rc = host.run(check_index).rc assert exit_status_success == actual_rc check_blockpage = test_cmd.format( 'r', webroot + '/pihole/blockingpage.css', webuser) - actual_rc = Pihole.run(check_blockpage).rc + actual_rc = host.run(check_blockpage).rc assert exit_status_success == actual_rc if test_webpage is True: # check webpage for unreadable files @@ -631,23 +632,23 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): testpage = "http://" + page + "/admin/" resolvesuccess = True if is_ip(page) is False: - dig = Pihole.run(digcommand.format(page)) + dig = host.run(digcommand.format(page)) testpage = "http://" + dig.stdout.strip() + "/admin/" resolvesuccess = dig.rc == 0 if resolvesuccess or pihole_is_ns: # check HTTP status of blockpage - actual_rc = Pihole.run(status.format(testpage)) + actual_rc = host.run(status.format(testpage)) assert exit_status_success == actual_rc.rc # check for PHP error - actual_output = Pihole.run(pagecontent.format(testpage)) + actual_output = host.run(pagecontent.format(testpage)) assert noPHPfopen.match(actual_output.stdout) is None -def test_update_package_cache_success_no_errors(Pihole): +def test_update_package_cache_success_no_errors(host): ''' confirms package cache was updated without any errors ''' - updateCache = Pihole.run(''' + updateCache = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect update_package_cache @@ -657,12 +658,12 @@ def test_update_package_cache_success_no_errors(Pihole): assert 'error' not in updateCache.stdout.lower() -def test_update_package_cache_failure_no_errors(Pihole): +def test_update_package_cache_failure_no_errors(host): ''' confirms package cache was not updated ''' - mock_command('apt-get', {'update': ('', '1')}, Pihole) - updateCache = Pihole.run(''' + mock_command('apt-get', {'update': ('', '1')}, host) + updateCache = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect update_package_cache @@ -672,12 +673,12 @@ def test_update_package_cache_failure_no_errors(Pihole): assert 'Error: Unable to update package cache.' in updateCache.stdout -def test_FTL_detect_aarch64_no_errors(Pihole): +def test_FTL_detect_aarch64_no_errors(host): ''' confirms only aarch64 package is downloaded for FTL engine ''' # mock uname to return aarch64 platform - mock_command('uname', {'-m': ('aarch64', '0')}, Pihole) + mock_command('uname', {'-m': ('aarch64', '0')}, host) # mock ldd to respond with aarch64 shared library mock_command( 'ldd', @@ -687,9 +688,9 @@ def test_FTL_detect_aarch64_no_errors(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -705,15 +706,15 @@ def test_FTL_detect_aarch64_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv4t_no_errors(Pihole): +def test_FTL_detect_armv4t_no_errors(host): ''' confirms only armv4t package is downloaded for FTL engine ''' # mock uname to return armv4t platform - mock_command('uname', {'-m': ('armv4t', '0')}, Pihole) + mock_command('uname', {'-m': ('armv4t', '0')}, host) # mock ldd to respond with ld-linux shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -729,15 +730,15 @@ def test_FTL_detect_armv4t_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv5te_no_errors(Pihole): +def test_FTL_detect_armv5te_no_errors(host): ''' confirms only armv5te package is downloaded for FTL engine ''' # mock uname to return armv5te platform - mock_command('uname', {'-m': ('armv5te', '0')}, Pihole) + mock_command('uname', {'-m': ('armv5te', '0')}, host) # mock ldd to respond with ld-linux shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -753,15 +754,15 @@ def test_FTL_detect_armv5te_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv6l_no_errors(Pihole): +def test_FTL_detect_armv6l_no_errors(host): ''' confirms only armv6l package is downloaded for FTL engine ''' # mock uname to return armv6l platform - mock_command('uname', {'-m': ('armv6l', '0')}, Pihole) + mock_command('uname', {'-m': ('armv6l', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -778,15 +779,15 @@ def test_FTL_detect_armv6l_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv7l_no_errors(Pihole): +def test_FTL_detect_armv7l_no_errors(host): ''' confirms only armv7l package is downloaded for FTL engine ''' # mock uname to return armv7l platform - mock_command('uname', {'-m': ('armv7l', '0')}, Pihole) + mock_command('uname', {'-m': ('armv7l', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -803,15 +804,15 @@ def test_FTL_detect_armv7l_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv8a_no_errors(Pihole): +def test_FTL_detect_armv8a_no_errors(host): ''' confirms only armv8a package is downloaded for FTL engine ''' # mock uname to return armv8a platform - mock_command('uname', {'-m': ('armv8a', '0')}, Pihole) + mock_command('uname', {'-m': ('armv8a', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -827,11 +828,11 @@ def test_FTL_detect_armv8a_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_x86_64_no_errors(Pihole): +def test_FTL_detect_x86_64_no_errors(host): ''' confirms only x86_64 package is downloaded for FTL engine ''' - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -847,11 +848,11 @@ def test_FTL_detect_x86_64_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_unknown_no_errors(Pihole): +def test_FTL_detect_unknown_no_errors(host): ''' confirms only generic package is downloaded for FTL engine ''' # mock uname to return generic platform - mock_command('uname', {'-m': ('mips', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('uname', {'-m': ('mips', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -863,18 +864,18 @@ def test_FTL_detect_unknown_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_download_aarch64_no_errors(Pihole): +def test_FTL_download_aarch64_no_errors(host): ''' confirms only aarch64 package is downloaded for FTL engine ''' # mock whiptail answers and ensure installer dependencies - mock_command('whiptail', {'*': ('', '0')}, Pihole) - Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + host.run(''' source /opt/pihole/basic-install.sh package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') - download_binary = Pihole.run(''' + download_binary = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user FTLinstall "pihole-FTL-aarch64-linux-gnu" @@ -884,11 +885,11 @@ def test_FTL_download_aarch64_no_errors(Pihole): assert 'error' not in download_binary.stdout.lower() -def test_FTL_binary_installed_and_responsive_no_errors(Pihole): +def test_FTL_binary_installed_and_responsive_no_errors(host): ''' confirms FTL binary is copied and functional in installed location ''' - installed_binary = Pihole.run(''' + installed_binary = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -901,11 +902,11 @@ def test_FTL_binary_installed_and_responsive_no_errors(Pihole): assert expected_stdout in installed_binary.stdout -# def test_FTL_support_files_installed(Pihole): +# def test_FTL_support_files_installed(host): # ''' # confirms FTL support files are installed # ''' -# support_files = Pihole.run(''' +# support_files = host.run(''' # source /opt/pihole/basic-install.sh # FTLdetect # stat -c '%a %n' /var/log/pihole-FTL.log @@ -918,7 +919,7 @@ def test_FTL_binary_installed_and_responsive_no_errors(Pihole): # assert '644 /var/log/pihole-FTL.log' in support_files.stdout -def test_IPv6_only_link_local(Pihole): +def test_IPv6_only_link_local(host): ''' confirms IPv6 blocking is disabled for Link-local address ''' @@ -931,9 +932,9 @@ def test_IPv6_only_link_local(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -941,7 +942,7 @@ def test_IPv6_only_link_local(Pihole): assert expected_stdout in detectPlatform.stdout -def test_IPv6_only_ULA(Pihole): +def test_IPv6_only_ULA(host): ''' confirms IPv6 blocking is enabled for ULA addresses ''' @@ -954,9 +955,9 @@ def test_IPv6_only_ULA(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -964,7 +965,7 @@ def test_IPv6_only_ULA(Pihole): assert expected_stdout in detectPlatform.stdout -def test_IPv6_only_GUA(Pihole): +def test_IPv6_only_GUA(host): ''' confirms IPv6 blocking is enabled for GUA addresses ''' @@ -977,9 +978,9 @@ def test_IPv6_only_GUA(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -987,7 +988,7 @@ def test_IPv6_only_GUA(Pihole): assert expected_stdout in detectPlatform.stdout -def test_IPv6_GUA_ULA_test(Pihole): +def test_IPv6_GUA_ULA_test(host): ''' confirms IPv6 blocking is enabled for GUA and ULA addresses ''' @@ -1001,9 +1002,9 @@ def test_IPv6_GUA_ULA_test(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -1011,7 +1012,7 @@ def test_IPv6_GUA_ULA_test(Pihole): assert expected_stdout in detectPlatform.stdout -def test_IPv6_ULA_GUA_test(Pihole): +def test_IPv6_ULA_GUA_test(host): ''' confirms IPv6 blocking is enabled for GUA and ULA addresses ''' @@ -1025,9 +1026,9 @@ def test_IPv6_ULA_GUA_test(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -1035,13 +1036,13 @@ def test_IPv6_ULA_GUA_test(Pihole): assert expected_stdout in detectPlatform.stdout -def test_validate_ip(Pihole): +def test_validate_ip(host): ''' Tests valid_ip for various IP addresses ''' def test_address(addr, success=True): - output = Pihole.run(''' + output = host.run(''' source /opt/pihole/basic-install.sh valid_ip "{addr}" '''.format(addr=addr)) @@ -1076,9 +1077,9 @@ def test_validate_ip(Pihole): test_address('0.0.0.0#00001', False) -def test_os_check_fails(Pihole): +def test_os_check_fails(host): ''' Confirms install fails on unsupported OS ''' - Pihole.run(''' + host.run(''' source /opt/pihole/basic-install.sh package_manager_detect install_dependent_packages ${OS_CHECK_DEPS[@]} @@ -1088,7 +1089,7 @@ def test_os_check_fails(Pihole): VERSION_ID="2" EOT ''') - detectOS = Pihole.run('''t + detectOS = host.run('''t source /opt/pihole/basic-install.sh os_check ''') @@ -1096,15 +1097,15 @@ def test_os_check_fails(Pihole): assert expected_stdout in detectOS.stdout -def test_os_check_passes(Pihole): +def test_os_check_passes(host): ''' Confirms OS meets the requirements ''' - Pihole.run(''' + host.run(''' source /opt/pihole/basic-install.sh package_manager_detect install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} ''') - detectOS = Pihole.run(''' + detectOS = host.run(''' source /opt/pihole/basic-install.sh os_check ''') @@ -1112,10 +1113,10 @@ def test_os_check_passes(Pihole): assert expected_stdout in detectOS.stdout -def test_package_manager_has_installer_deps(Pihole): +def test_package_manager_has_installer_deps(host): ''' Confirms OS is able to install the required packages for the installer''' - mock_command('whiptail', {'*': ('', '0')}, Pihole) - output = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + output = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} @@ -1125,10 +1126,10 @@ def test_package_manager_has_installer_deps(Pihole): assert output.rc == 0 -def test_package_manager_has_pihole_deps(Pihole): +def test_package_manager_has_pihole_deps(host): ''' Confirms OS is able to install the required packages for Pi-hole ''' - mock_command('whiptail', {'*': ('', '0')}, Pihole) - output = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + output = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -1139,10 +1140,10 @@ def test_package_manager_has_pihole_deps(Pihole): assert output.rc == 0 -def test_package_manager_has_web_deps(Pihole): +def test_package_manager_has_web_deps(host): ''' Confirms OS is able to install the required packages for web ''' - mock_command('whiptail', {'*': ('', '0')}, Pihole) - output = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + output = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py index 14f62637..f72740a6 100644 --- a/test/test_centos_7_support.py +++ b/test/test_centos_7_support.py @@ -5,11 +5,11 @@ from .conftest import ( ) -def test_php_upgrade_default_optout_centos_eq_7(Pihole): +def test_php_upgrade_default_optout_centos_eq_7(host): ''' confirms the default behavior to opt-out of installing PHP7 from REMI ''' - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -17,18 +17,18 @@ def test_php_upgrade_default_optout_centos_eq_7(Pihole): expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_upgrade_user_optout_centos_eq_7(Pihole): +def test_php_upgrade_user_optout_centos_eq_7(host): ''' confirms installer behavior when user opt-out of installing PHP7 from REMI (php not currently installed) ''' # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '1')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '1')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -36,18 +36,18 @@ def test_php_upgrade_user_optout_centos_eq_7(Pihole): expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_upgrade_user_optin_centos_eq_7(Pihole): +def test_php_upgrade_user_optin_centos_eq_7(host): ''' confirms installer behavior when user opt-in to installing PHP7 from REMI (php not currently installed) ''' # Whiptail dialog returns Continue for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -59,5 +59,5 @@ def test_php_upgrade_user_optin_centos_eq_7(Pihole): expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert remi_package.is_installed diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py index bbdbb765..464055b4 100644 --- a/test/test_centos_8_support.py +++ b/test/test_centos_8_support.py @@ -5,12 +5,12 @@ from .conftest import ( ) -def test_php_upgrade_default_continue_centos_gte_8(Pihole): +def test_php_upgrade_default_continue_centos_gte_8(host): ''' confirms the latest version of CentOS continues / does not optout (should trigger on CentOS7 only) ''' - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -19,19 +19,19 @@ def test_php_upgrade_default_continue_centos_gte_8(Pihole): ' Deprecated PHP may be in use.') assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): +def test_php_upgrade_user_optout_skipped_centos_gte_8(host): ''' confirms installer skips user opt-out of installing PHP7 from REMI on latest CentOS (should trigger on CentOS7 only) (php not currently installed) ''' # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '1')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '1')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -40,19 +40,19 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): ' Deprecated PHP may be in use.') assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): +def test_php_upgrade_user_optin_skipped_centos_gte_8(host): ''' confirms installer skips user opt-in to installing PHP7 from REMI on latest CentOS (should trigger on CentOS7 only) (php not currently installed) ''' # Whiptail dialog returns Continue for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -64,5 +64,5 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): unexpected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') assert unexpected_stdout not in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py index 0b36cbae..8903a7a0 100644 --- a/test/test_centos_common_support.py +++ b/test/test_centos_common_support.py @@ -7,13 +7,13 @@ from .conftest import ( ) -def test_release_supported_version_check_centos(Pihole): +def test_release_supported_version_check_centos(host): ''' confirms installer exits on unsupported releases of CentOS ''' # modify /etc/redhat-release to mock an unsupported CentOS release - Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release') - package_manager_detect = Pihole.run(''' + host.run('echo "CentOS Linux release 6.9" > /etc/redhat-release') + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -24,11 +24,11 @@ def test_release_supported_version_check_centos(Pihole): assert expected_stdout in package_manager_detect.stdout -def test_enable_epel_repository_centos(Pihole): +def test_enable_epel_repository_centos(host): ''' confirms the EPEL package repository is enabled when installed on CentOS ''' - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -38,22 +38,22 @@ def test_enable_epel_repository_centos(Pihole): assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + ' Installed epel-release' assert expected_stdout in package_manager_detect.stdout - epel_package = Pihole.package('epel-release') + epel_package = host.package('epel-release') assert epel_package.is_installed -def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): +def test_php_version_lt_7_detected_upgrade_default_optout_centos(host): ''' confirms the default behavior to opt-out of upgrading to PHP7 from REMI ''' # first we will install the default php version to test installer behavior - php_install = Pihole.run('yum install -y php') + php_install = host.run('yum install -y php') assert php_install.rc == 0 - php_package = Pihole.package('php') + php_package = host.package('php') default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -61,24 +61,24 @@ def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): +def test_php_version_lt_7_detected_upgrade_user_optout_centos(host): ''' confirms installer behavior when user opt-out to upgrade to PHP7 via REMI ''' # first we will install the default php version to test installer behavior - php_install = Pihole.run('yum install -y php') + php_install = host.run('yum install -y php') assert php_install.rc == 0 - php_package = Pihole.package('php') + php_package = host.package('php') default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '1')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '1')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -86,24 +86,24 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): +def test_php_version_lt_7_detected_upgrade_user_optin_centos(host): ''' confirms installer behavior when user opt-in to upgrade to PHP7 via REMI ''' # first we will install the default php version to test installer behavior - php_install = Pihole.run('yum install -y php') + php_install = host.run('yum install -y php') assert php_install.rc == 0 - php_package = Pihole.package('php') + php_package = host.package('php') default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Continue for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -118,8 +118,8 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert remi_package.is_installed - updated_php_package = Pihole.package('php') + updated_php_package = host.package('php') updated_php_version = updated_php_package.version.split('.')[0] assert int(updated_php_version) == 7 diff --git a/test/test_centos_fedora_common_support.py b/test/test_centos_fedora_common_support.py index 21ae6d1d..a2a13048 100644 --- a/test/test_centos_fedora_common_support.py +++ b/test/test_centos_fedora_common_support.py @@ -5,7 +5,7 @@ from .conftest import ( ) -def mock_selinux_config(state, Pihole): +def mock_selinux_config(state, host): ''' Creates a mock SELinux config file with expected content ''' @@ -13,20 +13,20 @@ def mock_selinux_config(state, Pihole): valid_states = ['enforcing', 'permissive', 'disabled'] assert state in valid_states # getenforce returns the running state of SELinux - mock_command('getenforce', {'*': (state.capitalize(), '0')}, Pihole) + mock_command('getenforce', {'*': (state.capitalize(), '0')}, host) # create mock configuration with desired content - Pihole.run(''' + host.run(''' mkdir /etc/selinux echo "SELINUX={state}" > /etc/selinux/config '''.format(state=state.lower())) -def test_selinux_enforcing_exit(Pihole): +def test_selinux_enforcing_exit(host): ''' confirms installer prompts to exit when SELinux is Enforcing by default ''' - mock_selinux_config("enforcing", Pihole) - check_selinux = Pihole.run(''' + mock_selinux_config("enforcing", host) + check_selinux = host.run(''' source /opt/pihole/basic-install.sh checkSelinux ''') @@ -37,12 +37,12 @@ def test_selinux_enforcing_exit(Pihole): assert check_selinux.rc == 1 -def test_selinux_permissive(Pihole): +def test_selinux_permissive(host): ''' confirms installer continues when SELinux is Permissive ''' - mock_selinux_config("permissive", Pihole) - check_selinux = Pihole.run(''' + mock_selinux_config("permissive", host) + check_selinux = host.run(''' source /opt/pihole/basic-install.sh checkSelinux ''') @@ -51,12 +51,12 @@ def test_selinux_permissive(Pihole): assert check_selinux.rc == 0 -def test_selinux_disabled(Pihole): +def test_selinux_disabled(host): ''' confirms installer continues when SELinux is Disabled ''' - mock_selinux_config("disabled", Pihole) - check_selinux = Pihole.run(''' + mock_selinux_config("disabled", host) + check_selinux = host.run(''' source /opt/pihole/basic-install.sh checkSelinux ''') diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py index 3ad84be5..63fde90e 100644 --- a/test/test_fedora_support.py +++ b/test/test_fedora_support.py @@ -1,16 +1,16 @@ -def test_epel_and_remi_not_installed_fedora(Pihole): +def test_epel_and_remi_not_installed_fedora(host): ''' confirms installer does not attempt to install EPEL/REMI repositories on Fedora ''' - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php ''') assert package_manager_detect.stdout == '' - epel_package = Pihole.package('epel-release') + epel_package = host.package('epel-release') assert not epel_package.is_installed - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed diff --git a/test/tox.centos_7.ini b/test/tox.centos_7.ini index c2752698..88940fdd 100644 --- a/test/tox.centos_7.ini +++ b/test/tox.centos_7.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.centos_8.ini b/test/tox.centos_8.ini index c8852bae..5088da16 100644 --- a/test/tox.centos_8.ini +++ b/test/tox.centos_8.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.debian_10.ini b/test/tox.debian_10.ini index e8c5d746..9c2a05d1 100644 --- a/test/tox.debian_10.ini +++ b/test/tox.debian_10.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.debian_11.ini b/test/tox.debian_11.ini index af3c6e36..f3cdbe84 100644 --- a/test/tox.debian_11.ini +++ b/test/tox.debian_11.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.debian_9.ini b/test/tox.debian_9.ini index b33e9927..b46e0a49 100644 --- a/test/tox.debian_9.ini +++ b/test/tox.debian_9.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.fedora_33.ini b/test/tox.fedora_33.ini index 00ea732a..d33fbf53 100644 --- a/test/tox.fedora_33.ini +++ b/test/tox.fedora_33.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.fedora_34.ini b/test/tox.fedora_34.ini index 154662cf..819291fa 100644 --- a/test/tox.fedora_34.ini +++ b/test/tox.fedora_34.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.ubuntu_16.ini b/test/tox.ubuntu_16.ini index 6f484b6b..bce948a2 100644 --- a/test/tox.ubuntu_16.ini +++ b/test/tox.ubuntu_16.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.ubuntu_18.ini b/test/tox.ubuntu_18.ini index 10d4ac09..cf7a3642 100644 --- a/test/tox.ubuntu_18.ini +++ b/test/tox.ubuntu_18.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.ubuntu_20.ini b/test/tox.ubuntu_20.ini index 8b405b28..03b605ce 100644 --- a/test/tox.ubuntu_20.ini +++ b/test/tox.ubuntu_20.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.ubuntu_21.ini b/test/tox.ubuntu_21.ini index 651f933b..12b1ac0b 100644 --- a/test/tox.ubuntu_21.ini +++ b/test/tox.ubuntu_21.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker From 996a2c74fa0004fdd40b172cd9eec695a2d31768 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Mon, 22 Nov 2021 13:25:13 +0100 Subject: [PATCH 139/141] Use a fixed list height for network interface selection This solves the issue reported here: https://github.com/pi-hole/pi-hole/issues/4196 It replaces the other suggested solution here: https://github.com/pi-hole/pi-hole/pull/4197 The benefit of using a fixed/limited list height, compared to allowing larger whiptail/dialogue dimension, is that it works on small screens as well, where the screen or console size itself is too small to hold the interface list + text above + whiptail frame. It the amount of list elements exceeds the defined list height, automatically a visual scroll bar is added and the list can be scrolled with up/down pageup/pagedown buttons, hence it is generally not required to adjust a list height based on the amount of elements. The fixed height of "6" is chosen since all other "--radiolist" calls use this fixed height as well, it fits and looks good within a 20 rows high whiptail dialogue, and in the common Pi-hole use cases there are no more than 6 network interfaces. Signed-off-by: MichaIng --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c806a6ae..5c317edc 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -674,7 +674,7 @@ chooseInterface() { # Feed the available interfaces into this while loop done <<< "${availableInterfaces}" # The whiptail command that will be run, stored in a variable - chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to toggle selection)" "${r}" "${c}" "${interfaceCount}") + chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to toggle selection)" "${r}" "${c}" 6) # Now run the command using the interfaces saved into the array chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty) || \ # If the user chooses Cancel, exit From bc8150adfa12b00b7f04ea0c15270e19de84b381 Mon Sep 17 00:00:00 2001 From: jbzdarkid Date: Wed, 24 Nov 2021 22:41:40 -0800 Subject: [PATCH 140/141] Clean up bash script formatting Done with the help of beautysh (a python-based bash formatter) Signed-off-by: jbzdarkid --- advanced/Scripts/chronometer.sh | 8 +- .../Scripts/database_migration/gravity-db.sh | 10 +- advanced/Scripts/list.sh | 42 +- advanced/Scripts/piholeDebug.sh | 2 +- advanced/Scripts/query.sh | 28 +- advanced/Scripts/update.sh | 2 +- advanced/Scripts/version.sh | 8 +- advanced/Scripts/webpage.sh | 150 +++---- automated install/basic-install.sh | 376 +++++++++--------- gravity.sh | 52 +-- 10 files changed, 339 insertions(+), 339 deletions(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 3f85bdfc..312c484f 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -329,8 +329,8 @@ get_sys_stats() { *) cpu_col="$COL_URG_RED";; esac - # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED - cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY" + # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED + cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY" elif [[ "$temp_unit" == "F" ]]; then cpu_temp=$(printf "%.0ff\\n" "$(calcFunc "($(< $temp_file) / 1000) * 9 / 5 + 32")") @@ -445,7 +445,7 @@ get_strings() { lan_info="Gateway: $net_gateway" dhcp_info="$leased_str$ph_dhcp_num of $ph_dhcp_max" - ads_info="$total_str$ads_blocked_today of $dns_queries_today" + ads_info="$total_str$ads_blocked_today of $dns_queries_today" dns_info="$dns_count DNS servers" [[ "$recent_blocked" == "0" ]] && recent_blocked="${COL_LIGHT_RED}FTL offline${COL_NC}" @@ -488,7 +488,7 @@ chronoFunc() { ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC} ${COL_DARK_GRAY}$scr_line_str${COL_NC}" else - echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}" + echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}" fi printFunc " Hostname: " "$sys_name" "$host_info" diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh index 0fecf34a..09dc1727 100755 --- a/advanced/Scripts/database_migration/gravity-db.sh +++ b/advanced/Scripts/database_migration/gravity-db.sh @@ -123,9 +123,9 @@ upgrade_gravityDB(){ version=14 fi if [[ "$version" == "14" ]]; then - # Changes the vw_adlist created in 5_to_6 - echo -e " ${INFO} Upgrading gravity database from version 14 to 15" - sqlite3 "${database}" < "${scriptPath}/14_to_15.sql" - version=15 -fi + # Changes the vw_adlist created in 5_to_6 + echo -e " ${INFO} Upgrading gravity database from version 14 to 15" + sqlite3 "${database}" < "${scriptPath}/14_to_15.sql" + version=15 + fi } diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 5bd42d55..bc254515 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -16,7 +16,7 @@ GRAVITYDB="${piholeDir}/gravity.db" # Source pihole-FTL from install script pihole_FTL="${piholeDir}/pihole-FTL.conf" if [[ -f "${pihole_FTL}" ]]; then - source "${pihole_FTL}" + source "${pihole_FTL}" fi # Set this only after sourcing pihole-FTL.conf as the gravity database path may @@ -133,7 +133,7 @@ ProcessDomainList() { else RemoveDomain "${dom}" fi - done + done } AddDomain() { @@ -145,19 +145,19 @@ AddDomain() { requestedListname="$(GetListnameFromTypeId "${typeId}")" if [[ "${num}" -ne 0 ]]; then - existingTypeId="$(sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")" - if [[ "${existingTypeId}" == "${typeId}" ]]; then - if [[ "${verbose}" == true ]]; then - echo -e " ${INFO} ${1} already exists in ${requestedListname}, no need to add!" + existingTypeId="$(sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")" + if [[ "${existingTypeId}" == "${typeId}" ]]; then + if [[ "${verbose}" == true ]]; then + echo -e " ${INFO} ${1} already exists in ${requestedListname}, no need to add!" + fi + else + existingListname="$(GetListnameFromTypeId "${existingTypeId}")" + sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';" + if [[ "${verbose}" == true ]]; then + echo -e " ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!" + fi fi - else - existingListname="$(GetListnameFromTypeId "${existingTypeId}")" - sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';" - if [[ "${verbose}" == true ]]; then - echo -e " ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!" - fi - fi - return + return fi # Domain not found in the table, add it! @@ -185,10 +185,10 @@ RemoveDomain() { requestedListname="$(GetListnameFromTypeId "${typeId}")" if [[ "${num}" -eq 0 ]]; then - if [[ "${verbose}" == true ]]; then - echo -e " ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!" - fi - return + if [[ "${verbose}" == true ]]; then + echo -e " ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!" + fi + return fi # Domain found in the table, remove it! @@ -256,8 +256,8 @@ NukeList() { GetComment() { comment="$1" if [[ "${comment}" =~ [^a-zA-Z0-9_\#:/\.,\ -] ]]; then - echo " ${CROSS} Found invalid characters in domain comment!" - exit + echo " ${CROSS} Found invalid characters in domain comment!" + exit fi } @@ -292,7 +292,7 @@ ProcessDomainList # Used on web interface if $web; then -echo "DONE" + echo "DONE" fi if [[ ${reload} == true && ${noReloadRequested} == false ]]; then diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index cd615825..ad58d6c7 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -27,7 +27,7 @@ PIHOLE_COLTABLE_FILE="${PIHOLE_SCRIPTS_DIRECTORY}/COL_TABLE" # These provide the colors we need for making the log more readable if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then - source ${PIHOLE_COLTABLE_FILE} + source ${PIHOLE_COLTABLE_FILE} else COL_NC='\e[0m' # No Color COL_RED='\e[1;91m' diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 26b4508e..0fd9871a 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -21,7 +21,7 @@ matchType="match" # Source pihole-FTL from install script pihole_FTL="${piholeDir}/pihole-FTL.conf" if [[ -f "${pihole_FTL}" ]]; then - source "${pihole_FTL}" + source "${pihole_FTL}" fi # Set this only after sourcing pihole-FTL.conf as the gravity database path may @@ -48,7 +48,7 @@ scanList(){ # Iterate through each regexp and check whether it matches the domainQuery # If it does, print the matching regexp and continue looping # Input 1 - regexps | Input 2 - domainQuery - "regex" ) + "regex" ) for list in ${lists}; do if [[ "${domain}" =~ ${list} ]]; then printf "%b\n" "${list}"; @@ -109,15 +109,15 @@ scanDatabaseTable() { # behavior. The "ESCAPE '\'" clause specifies that an underscore preceded by an '\' should be matched # as a literal underscore character. We pretreat the $domain variable accordingly to escape underscores. if [[ "${table}" == "gravity" ]]; then - case "${exact}" in - "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";; - * ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";; - esac + case "${exact}" in + "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";; + * ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";; + esac else - case "${exact}" in - "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";; - * ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";; - esac + case "${exact}" in + "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";; + * ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";; + esac fi # Send prepared query to gravity database @@ -128,8 +128,8 @@ scanDatabaseTable() { fi if [[ "${table}" == "gravity" ]]; then - echo "${result}" - return + echo "${result}" + return fi # Mark domain as having been white-/blacklist matched (global variable) @@ -233,9 +233,9 @@ for result in "${results[@]}"; do adlistAddress="${extra/|*/}" extra="${extra#*|}" if [[ "${extra}" == "0" ]]; then - extra="(disabled)" + extra="(disabled)" else - extra="" + extra="" fi if [[ -n "${blockpage}" ]]; then diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index dae04861..3fab9a95 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -200,7 +200,7 @@ main() { if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ - echo -e "${basicError}" && exit 1 + echo -e "${basicError}" && exit 1 fi if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 86ac45bc..2cb0a2c9 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -92,9 +92,9 @@ getRemoteVersion(){ if [[ -f "$cachedVersions" ]]; then IFS=' ' read -r -a arrCache < "$cachedVersions" case $daemon in - "pi-hole" ) echo "${arrCache[0]}";; - "AdminLTE" ) echo "${arrCache[1]}";; - "FTL" ) echo "${arrCache[2]}";; + "pi-hole" ) echo "${arrCache[0]}";; + "AdminLTE" ) echo "${arrCache[1]}";; + "FTL" ) echo "${arrCache[2]}";; esac return 0 @@ -117,7 +117,7 @@ getLocalBranch(){ local directory="${1}" local branch - # Local FTL btranch is stored in /etc/pihole/ftlbranch + # Local FTL btranch is stored in /etc/pihole/ftlbranch if [[ "$1" == "FTL" ]]; then branch="$(pihole-FTL branch)" else diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 2a406565..ec9b2cac 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -122,14 +122,14 @@ SetWebPassword() { read -s -r -p "Enter New Password (Blank for no password): " PASSWORD echo "" - if [ "${PASSWORD}" == "" ]; then - change_setting "WEBPASSWORD" "" - echo -e " ${TICK} Password Removed" - exit 0 - fi + if [ "${PASSWORD}" == "" ]; then + change_setting "WEBPASSWORD" "" + echo -e " ${TICK} Password Removed" + exit 0 + fi - read -s -r -p "Confirm Password: " CONFIRM - echo "" + read -s -r -p "Confirm Password: " CONFIRM + echo "" fi if [ "${PASSWORD}" == "${CONFIRM}" ] ; then @@ -247,8 +247,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 3 ) REV_SERVER_CIDR="${arrRev[0]}.0.0.0/8";; esac else - # Set REV_SERVER_CIDR to whatever value it was set to - REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}" + # Set REV_SERVER_CIDR to whatever value it was set to + REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}" fi # If REV_SERVER_CIDR is not converted by the above, then use the REV_SERVER_TARGET variable to derive it @@ -371,34 +371,34 @@ ProcessDHCPSettings() { source "${setupVars}" if [[ "${DHCP_ACTIVE}" == "true" ]]; then - interface="${PIHOLE_INTERFACE}" + interface="${PIHOLE_INTERFACE}" - # Use eth0 as fallback interface - if [ -z ${interface} ]; then - interface="eth0" - fi + # Use eth0 as fallback interface + if [ -z ${interface} ]; then + interface="eth0" + fi - if [[ "${PIHOLE_DOMAIN}" == "" ]]; then - PIHOLE_DOMAIN="lan" - change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" - fi + if [[ "${PIHOLE_DOMAIN}" == "" ]]; then + PIHOLE_DOMAIN="lan" + change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" + fi - if [[ "${DHCP_LEASETIME}" == "0" ]]; then - leasetime="infinite" - elif [[ "${DHCP_LEASETIME}" == "" ]]; then - leasetime="24" - change_setting "DHCP_LEASETIME" "${leasetime}" - elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then - #Installation is affected by known bug, introduced in a previous version. - #This will automatically clean up setupVars.conf and remove the unnecessary "h" - leasetime="24" - change_setting "DHCP_LEASETIME" "${leasetime}" - else - leasetime="${DHCP_LEASETIME}h" - fi + if [[ "${DHCP_LEASETIME}" == "0" ]]; then + leasetime="infinite" + elif [[ "${DHCP_LEASETIME}" == "" ]]; then + leasetime="24" + change_setting "DHCP_LEASETIME" "${leasetime}" + elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then + #Installation is affected by known bug, introduced in a previous version. + #This will automatically clean up setupVars.conf and remove the unnecessary "h" + leasetime="24" + change_setting "DHCP_LEASETIME" "${leasetime}" + else + leasetime="${DHCP_LEASETIME}h" + fi - # Write settings to file - echo "############################################################################### + # Write settings to file + echo "############################################################################### # DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE. # # ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE # ############################################################################### @@ -408,34 +408,34 @@ dhcp-option=option:router,${DHCP_ROUTER} dhcp-leasefile=/etc/pihole/dhcp.leases #quiet-dhcp " > "${dhcpconfig}" - chmod 644 "${dhcpconfig}" + chmod 644 "${dhcpconfig}" - if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then - echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" + if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then + echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" - # When there is a Pi-hole domain set and "Never forward non-FQDNs" is - # ticked, we add `local=/domain/` to tell FTL that this domain is purely - # local and FTL may answer queries from /etc/hosts or DHCP but should - # never forward queries on that domain to any upstream servers - if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then - echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}" + # When there is a Pi-hole domain set and "Never forward non-FQDNs" is + # ticked, we add `local=/domain/` to tell FTL that this domain is purely + # local and FTL may answer queries from /etc/hosts or DHCP but should + # never forward queries on that domain to any upstream servers + if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then + echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}" + fi fi - fi - # Sourced from setupVars - # shellcheck disable=SC2154 - if [[ "${DHCP_rapid_commit}" == "true" ]]; then - echo "dhcp-rapid-commit" >> "${dhcpconfig}" - fi + # Sourced from setupVars + # shellcheck disable=SC2154 + if [[ "${DHCP_rapid_commit}" == "true" ]]; then + echo "dhcp-rapid-commit" >> "${dhcpconfig}" + fi - if [[ "${DHCP_IPv6}" == "true" ]]; then - echo "#quiet-dhcp6 + if [[ "${DHCP_IPv6}" == "true" ]]; then + echo "#quiet-dhcp6 #enable-ra dhcp-option=option6:dns-server,[::] dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600 ra-param=*,0,0 " >> "${dhcpconfig}" - fi + fi else if [[ -f "${dhcpconfig}" ]]; then @@ -605,7 +605,7 @@ Interfaces: single Listen only on ${PIHOLE_INTERFACE} interface all Listen on all interfaces, permit all origins" exit 0 - fi + fi if [[ "${args[2]}" == "all" ]]; then echo -e " ${INFO} Listening on all interfaces, permitting all origins. Please use a firewall!" @@ -654,18 +654,18 @@ addAudit() domains="" for domain in "$@" do - # Check domain to be added. Only continue if it is valid - validDomain="$(checkDomain "${domain}")" - if [[ -n "${validDomain}" ]]; then - # Put comma in between domains when there is - # more than one domains to be added - # SQL INSERT allows adding multiple rows at once using the format - ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st'); - if [[ -n "${domains}" ]]; then - domains="${domains}," + # Check domain to be added. Only continue if it is valid + validDomain="$(checkDomain "${domain}")" + if [[ -n "${validDomain}" ]]; then + # Put comma in between domains when there is + # more than one domains to be added + # SQL INSERT allows adding multiple rows at once using the format + ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st'); + if [[ -n "${domains}" ]]; then + domains="${domains}," + fi + domains="${domains}('${domain}')" fi - domains="${domains}('${domain}')" - fi done # Insert only the domain here. The date_added field will be # filled with its default value (date_added = current timestamp) @@ -707,7 +707,7 @@ AddCustomDNSAddress() { # Restart dnsmasq to load new custom DNS entries only if $reload not false if [[ ! $reload == "false" ]]; then - RestartDNS + RestartDNS fi } @@ -726,14 +726,14 @@ RemoveCustomDNSAddress() { echo -e " ${CROSS} Invalid IP has been passed" exit 1 fi - else - echo " ${CROSS} Invalid Domain passed!" - exit 1 + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 fi # Restart dnsmasq to load new custom DNS entries only if reload is not false if [[ ! $reload == "false" ]]; then - RestartDNS + RestartDNS fi } @@ -748,10 +748,10 @@ AddCustomCNAMERecord() { if [[ -n "${validDomain}" ]]; then validTarget="$(checkDomain "${target}")" if [[ -n "${validTarget}" ]]; then - echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}" + echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}" else - echo " ${CROSS} Invalid Target Passed!" - exit 1 + echo " ${CROSS} Invalid Target Passed!" + exit 1 fi else echo " ${CROSS} Invalid Domain passed!" @@ -759,7 +759,7 @@ AddCustomCNAMERecord() { fi # Restart dnsmasq to load new custom CNAME records only if reload is not false if [[ ! $reload == "false" ]]; then - RestartDNS + RestartDNS fi } @@ -776,8 +776,8 @@ RemoveCustomCNAMERecord() { if [[ -n "${validTarget}" ]]; then sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" else - echo " ${CROSS} Invalid Target Passed!" - exit 1 + echo " ${CROSS} Invalid Target Passed!" + exit 1 fi else echo " ${CROSS} Invalid Domain passed!" @@ -786,7 +786,7 @@ RemoveCustomCNAMERecord() { # Restart dnsmasq to update removed custom CNAME records only if $reload not false if [[ ! $reload == "false" ]]; then - RestartDNS + RestartDNS fi } diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5c317edc..cbb8ebae 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -76,7 +76,7 @@ PI_HOLE_CONFIG_DIR="/etc/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" PI_HOLE_BLOCKPAGE_DIR="${webroot}/pihole" if [ -z "$useUpdateVars" ]; then - useUpdateVars=false + useUpdateVars=false fi adlistFile="/etc/pihole/adlists.list" @@ -90,7 +90,7 @@ PRIVACY_LEVEL=0 CACHE_SIZE=10000 if [ -z "${USER}" ]; then - USER="$(id -un)" + USER="$(id -un)" fi # whiptail dialog dimensions: 20 rows and 70 chars width assures to fit on small screens and is known to hold all content. @@ -133,7 +133,7 @@ fi # A simple function that just echoes out our logo in ASCII format # This lets users know that it is a Pi-hole, LLC product show_ascii_berry() { - echo -e " + echo -e " ${COL_LIGHT_GREEN}.;;,. .ccccc:,. :cccclll:. ..,, @@ -261,174 +261,174 @@ os_check() { # Compatibility package_manager_detect() { -# First check to see if apt-get is installed. -if is_command apt-get ; then - # Set some global variables here - # We don't set them earlier since the installed package manager might be rpm, so these values would be different - PKG_MANAGER="apt-get" - # A variable to store the command used to update the package cache - UPDATE_PKG_CACHE="${PKG_MANAGER} update" - # The command we will use to actually install packages - PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) - # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. - PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" - # Update package cache - update_package_cache || exit 1 - # Check for and determine version number (major and minor) of current php install - local phpVer="php" - if is_command php ; then - printf " %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "$(php <<< "")" - printf -v phpInsMajor "%d" "$(php <<< "")" - printf -v phpInsMinor "%d" "$(php <<< "")" - phpVer="php$phpInsMajor.$phpInsMinor" - fi - # Packages required to perfom the os_check (stored as an array) - OS_CHECK_DEPS=(grep dnsutils) - # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) - # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) - # Packages required for the Web admin interface (stored as an array) - # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") - # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php - if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then - PIHOLE_WEB_DEPS+=("${phpVer}-json") - fi - # The Web server user, - LIGHTTPD_USER="www-data" - # group, - LIGHTTPD_GROUP="www-data" - # and config file - LIGHTTPD_CFG="lighttpd.conf.debian" + # First check to see if apt-get is installed. + if is_command apt-get ; then + # Set some global variables here + # We don't set them earlier since the installed package manager might be rpm, so these values would be different + PKG_MANAGER="apt-get" + # A variable to store the command used to update the package cache + UPDATE_PKG_CACHE="${PKG_MANAGER} update" + # The command we will use to actually install packages + PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) + # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. + PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" + # Update package cache + update_package_cache || exit 1 + # Check for and determine version number (major and minor) of current php install + local phpVer="php" + if is_command php ; then + printf " %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "$(php <<< "")" + printf -v phpInsMajor "%d" "$(php <<< "")" + printf -v phpInsMinor "%d" "$(php <<< "")" + phpVer="php$phpInsMajor.$phpInsMinor" + fi + # Packages required to perfom the os_check (stored as an array) + OS_CHECK_DEPS=(grep dnsutils) + # Packages required to run this install script (stored as an array) + INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) + # Packages required to run Pi-hole (stored as an array) + PIHOLE_DEPS=(cron curl iputils-ping lsof psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) + # Packages required for the Web admin interface (stored as an array) + # It's useful to separate this from Pi-hole, since the two repos are also setup separately + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") + # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php + if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then + PIHOLE_WEB_DEPS+=("${phpVer}-json") + fi + # The Web server user, + LIGHTTPD_USER="www-data" + # group, + LIGHTTPD_GROUP="www-data" + # and config file + LIGHTTPD_CFG="lighttpd.conf.debian" - # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. - test_dpkg_lock() { - i=0 - # fuser is a program to show which processes use the named files, sockets, or filesystems - # So while the lock is held, - while fuser /var/lib/dpkg/lock >/dev/null 2>&1 - do - # we wait half a second, - sleep 0.5 - # increase the iterator, - ((i=i+1)) - done - # and then report success once dpkg is unlocked. - return 0 - } + # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. + test_dpkg_lock() { + i=0 + # fuser is a program to show which processes use the named files, sockets, or filesystems + # So while the lock is held, + while fuser /var/lib/dpkg/lock >/dev/null 2>&1 + do + # we wait half a second, + sleep 0.5 + # increase the iterator, + ((i=i+1)) + done + # and then report success once dpkg is unlocked. + return 0 + } -# If apt-get is not found, check for rpm. -elif is_command rpm ; then - # Then check if dnf or yum is the package manager - if is_command dnf ; then - PKG_MANAGER="dnf" + # If apt-get is not found, check for rpm. + elif is_command rpm ; then + # Then check if dnf or yum is the package manager + if is_command dnf ; then + PKG_MANAGER="dnf" + else + PKG_MANAGER="yum" + fi + + # These variable names match the ones for apt-get. See above for an explanation of what they are for. + PKG_INSTALL=("${PKG_MANAGER}" install -y) + PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" + OS_CHECK_DEPS=(grep bind-utils) + INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates) + PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc sqlite libcap lsof) + PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) + LIGHTTPD_USER="lighttpd" + LIGHTTPD_GROUP="lighttpd" + LIGHTTPD_CFG="lighttpd.conf.fedora" + + # If neither apt-get or yum/dnf package managers were found else - PKG_MANAGER="yum" + # we cannot install required packages + printf " %b No supported package manager found\\n" "${CROSS}" + # so exit the installer + exit fi - - # These variable names match the ones for apt-get. See above for an explanation of what they are for. - PKG_INSTALL=("${PKG_MANAGER}" install -y) - PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" - OS_CHECK_DEPS=(grep bind-utils) - INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates) - PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc sqlite libcap lsof) - PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) - LIGHTTPD_USER="lighttpd" - LIGHTTPD_GROUP="lighttpd" - LIGHTTPD_CFG="lighttpd.conf.fedora" - -# If neither apt-get or yum/dnf package managers were found -else - # we cannot install required packages - printf " %b No supported package manager found\\n" "${CROSS}" - # so exit the installer - exit -fi } select_rpm_php(){ -# If the host OS is Fedora, -if grep -qiE 'fedora|fedberry' /etc/redhat-release; then - # all required packages should be available by default with the latest fedora release - : # continue -# or if host OS is CentOS, -elif grep -qiE 'centos|scientific' /etc/redhat-release; then - # Pi-Hole currently supports CentOS 7+ with PHP7+ - SUPPORTED_CENTOS_VERSION=7 - SUPPORTED_CENTOS_PHP_VERSION=7 - # Check current CentOS major release version - CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release) - # Check if CentOS version is supported - if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then - printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" - printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" - # exit the installer - exit - fi - # php-json is not required on CentOS 7 as it is already compiled into php - # verifiy via `php -m | grep json` - if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then - # create a temporary array as arrays are not designed for use as mutable data structures - CENTOS7_PIHOLE_WEB_DEPS=() - for i in "${!PIHOLE_WEB_DEPS[@]}"; do - if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then - CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" ) - fi - done - # re-assign the clean dependency array back to PIHOLE_WEB_DEPS - PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}") - unset CENTOS7_PIHOLE_WEB_DEPS - fi - # CentOS requires the EPEL repository to gain access to Fedora packages - EPEL_PKG="epel-release" - rpm -q ${EPEL_PKG} &> /dev/null || rc=$? - if [[ $rc -ne 0 ]]; then - printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" - "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null - printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" - fi + # If the host OS is Fedora, + if grep -qiE 'fedora|fedberry' /etc/redhat-release; then + # all required packages should be available by default with the latest fedora release + : # continue + # or if host OS is CentOS, + elif grep -qiE 'centos|scientific' /etc/redhat-release; then + # Pi-Hole currently supports CentOS 7+ with PHP7+ + SUPPORTED_CENTOS_VERSION=7 + SUPPORTED_CENTOS_PHP_VERSION=7 + # Check current CentOS major release version + CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release) + # Check if CentOS version is supported + if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then + printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" + printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" + # exit the installer + exit + fi + # php-json is not required on CentOS 7 as it is already compiled into php + # verifiy via `php -m | grep json` + if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then + # create a temporary array as arrays are not designed for use as mutable data structures + CENTOS7_PIHOLE_WEB_DEPS=() + for i in "${!PIHOLE_WEB_DEPS[@]}"; do + if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then + CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" ) + fi + done + # re-assign the clean dependency array back to PIHOLE_WEB_DEPS + PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}") + unset CENTOS7_PIHOLE_WEB_DEPS + fi + # CentOS requires the EPEL repository to gain access to Fedora packages + EPEL_PKG="epel-release" + rpm -q ${EPEL_PKG} &> /dev/null || rc=$? + if [[ $rc -ne 0 ]]; then + printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" + "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null + printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" + fi - # The default php on CentOS 7.x is 5.4 which is EOL - # Check if the version of PHP available via installed repositories is >= to PHP 7 - AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1) - if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then - # Since PHP 7 is available by default, install via default PHP package names - : # do nothing as PHP is current - else - REMI_PKG="remi-release" - REMI_REPO="remi-php72" - rpm -q ${REMI_PKG} &> /dev/null || rc=$? - if [[ $rc -ne 0 ]]; then - # The PHP version available via default repositories is older than version 7 - if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then - # User decided to NOT update PHP from REMI, attempt to install the default available PHP version - printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" - : # continue with unsupported php version + # The default php on CentOS 7.x is 5.4 which is EOL + # Check if the version of PHP available via installed repositories is >= to PHP 7 + AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1) + if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then + # Since PHP 7 is available by default, install via default PHP package names + : # do nothing as PHP is current else - printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" - "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null - # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) - "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null - yum-config-manager --enable ${REMI_REPO} &> /dev/null - printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" - # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI - if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then - printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" + REMI_PKG="remi-release" + REMI_REPO="remi-php72" + rpm -q ${REMI_PKG} &> /dev/null || rc=$? + if [[ $rc -ne 0 ]]; then + # The PHP version available via default repositories is older than version 7 + if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then + # User decided to NOT update PHP from REMI, attempt to install the default available PHP version + printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" + : # continue with unsupported php version + else + printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" + "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null + # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) + "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null + yum-config-manager --enable ${REMI_REPO} &> /dev/null + printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" + # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI + if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then + printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" + else + printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" + exit 1 + fi + fi + fi # Warn user of unsupported version of Fedora or CentOS + if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then + printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" + exit else - printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" - exit 1 + printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" fi fi - fi # Warn user of unsupported version of Fedora or CentOS - if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then - printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" - exit - else - printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" fi -fi -fi } # A function for checking if a directory is a git repository @@ -519,7 +519,7 @@ update_repo() { # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks) curBranch=$(git rev-parse --abbrev-ref HEAD) if [[ "${curBranch}" == "master" ]]; then - git reset --hard "$(git describe --abbrev=0 --tags)" || return $? + git reset --hard "$(git describe --abbrev=0 --tags)" || return $? fi # Show a completion message printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" @@ -629,12 +629,12 @@ welcomeDialogs() { IMPORTANT: If you have not already done so, you must ensure that this device has a static IP. Either through DHCP reservation, or by manually assigning one. Depending on your operating system, there are many ways to achieve this. Choose yes to indicate that you have understood this message, and wish to continue" "${r}" "${c}"; then -#Nothing to do, continue - echo -else - printf " %b Installer exited at static IP message.\\n" "${INFO}" - exit 1 -fi + #Nothing to do, continue + echo + else + printf " %b Installer exited at static IP message.\\n" "${INFO}" + exit 1 + fi } # A function that lets the user pick an interface to use with Pi-hole @@ -759,8 +759,8 @@ collect_v4andv6_information() { printf " %b IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" # if `dhcpcd` is used offer to set this as static IP for the device if [[ -f "/etc/dhcpcd.conf" ]]; then - # configure networking via dhcpcd - getStaticIPv4Settings + # configure networking via dhcpcd + getStaticIPv4Settings fi find_IPv6_information printf " %b IPv6 address: %s\\n" "${INFO}" "${IPV6_ADDRESS}" @@ -913,8 +913,8 @@ setDNS() { IFS=${OIFS} # In a whiptail dialog, show the options DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." "${r}" "${c}" 7 \ - "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \ - # Exit if the user selects "Cancel" + "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \ + # Exit if the user selects "Cancel" { printf " %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; } # Depending on the user's choice, set the GLOBAL variables to the IP of the respective provider @@ -1180,8 +1180,8 @@ version_check_dnsmasq() { install -D -m 644 -T "${dnsmasq_original_config}" "${dnsmasq_conf}" printf "%b %b Restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" else - # Otherwise, don't to anything - printf " it is not a Pi-hole file, leaving alone!\\n" + # Otherwise, don't to anything + printf " it is not a Pi-hole file, leaving alone!\\n" fi else # If a file cannot be found, @@ -1216,8 +1216,8 @@ version_check_dnsmasq() { sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}" fi - # Set the cache size - sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" + # Set the cache size + sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}" @@ -1565,7 +1565,7 @@ install_dependent_packages() { # Install Fedora/CentOS packages for i in "$@"; do - # For each package, check if it's already installed (and if so, don't add it to the installArray) + # For each package, check if it's already installed (and if so, don't add it to the installArray) printf " %b Checking for %s..." "${INFO}" "${i}" if "${PKG_MANAGER}" -q list installed "${i}" &> /dev/null; then printf "%b %b Checking for %s\\n" "${OVER}" "${TICK}" "${i}" @@ -1735,18 +1735,18 @@ finalExports() { fi # echo the information to the user { - echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}" - echo "IPV4_ADDRESS=${IPV4_ADDRESS}" - echo "IPV6_ADDRESS=${IPV6_ADDRESS}" - echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}" - echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}" - echo "QUERY_LOGGING=${QUERY_LOGGING}" - echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}" - echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" - echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" - echo "CACHE_SIZE=${CACHE_SIZE}" - echo "DNS_FQDN_REQUIRED=${DNS_FQDN_REQUIRED:-true}" - echo "DNS_BOGUS_PRIV=${DNS_BOGUS_PRIV:-true}" + echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}" + echo "IPV4_ADDRESS=${IPV4_ADDRESS}" + echo "IPV6_ADDRESS=${IPV6_ADDRESS}" + echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}" + echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}" + echo "QUERY_LOGGING=${QUERY_LOGGING}" + echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}" + echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" + echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" + echo "CACHE_SIZE=${CACHE_SIZE}" + echo "DNS_FQDN_REQUIRED=${DNS_FQDN_REQUIRED:-true}" + echo "DNS_BOGUS_PRIV=${DNS_BOGUS_PRIV:-true}" }>> "${setupVars}" chmod 644 "${setupVars}" @@ -1921,7 +1921,7 @@ displayFinalMessage() { additional="View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin Your Admin Webpage login password is ${pwstring}" - fi + fi # Final completion message to user whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using: @@ -2456,7 +2456,7 @@ main() { #In case of RPM based distro, select the proper PHP version if [[ "$PKG_MANAGER" == "yum" || "$PKG_MANAGER" == "dnf" ]] ; then - select_rpm_php + select_rpm_php fi # Check if SELinux is Enforcing diff --git a/gravity.sh b/gravity.sh index dfaf4fea..bb4f4e4b 100755 --- a/gravity.sh +++ b/gravity.sh @@ -213,7 +213,7 @@ database_table_from_file() { # Move source file to backup directory, create directory if not existing mkdir -p "${backup_path}" mv "${source}" "${backup_file}" 2> /dev/null || \ - echo -e " ${CROSS} Unable to backup ${source} to ${backup_path}" + echo -e " ${CROSS} Unable to backup ${source} to ${backup_path}" # Delete tmpFile rm "${tmpFile}" > /dev/null 2>&1 || \ @@ -430,9 +430,9 @@ gravity_DownloadBlocklists() { compression="--compressed" echo -e " ${INFO} Using libz compression\n" else - compression="" - echo -e " ${INFO} Libz compression not available\n" - fi + compression="" + echo -e " ${INFO} Libz compression not available\n" + fi # Loop through $sources and download each one for ((i = 0; i < "${#sources[@]}"; i++)); do url="${sources[$i]}" @@ -462,9 +462,9 @@ gravity_DownloadBlocklists() { check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$url" )" if [[ "${check_url}" =~ ${regex} ]]; then - echo -e " ${CROSS} Invalid Target" + echo -e " ${CROSS} Invalid Target" else - gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" + gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" fi echo "" done @@ -583,28 +583,28 @@ gravity_DownloadBlocklistFromUrl() { blocked=false case $BLOCKINGMODE in "IP-NODATA-AAAA"|"IP") - # Get IP address of this domain - ip="$(dig "${domain}" +short)" - # Check if this IP matches any IP of the system - if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then - blocked=true - fi;; + # Get IP address of this domain + ip="$(dig "${domain}" +short)" + # Check if this IP matches any IP of the system + if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then + blocked=true + fi;; "NXDOMAIN") - if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then - blocked=true - fi;; + if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then + blocked=true + fi;; "NULL"|*) - if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then - blocked=true - fi;; - esac + if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then + blocked=true + fi;; + esac if [[ "${blocked}" == true ]]; then printf -v ip_addr "%s" "${PIHOLE_DNS_1%#*}" if [[ ${PIHOLE_DNS_1} != *"#"* ]]; then - port=53 + port=53 else - printf -v port "%s" "${PIHOLE_DNS_1#*#}" + printf -v port "%s" "${PIHOLE_DNS_1#*#}" fi ip=$(dig "@${ip_addr}" -p "${port}" +short "${domain}" | tail -1) if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then @@ -623,11 +623,11 @@ gravity_DownloadBlocklistFromUrl() { case $url in # Did we "download" a local file? "file"*) - if [[ -s "${patternBuffer}" ]]; then - echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true - else - echo -e "${OVER} ${CROSS} ${str} Not found / empty list" - fi;; + if [[ -s "${patternBuffer}" ]]; then + echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true + else + echo -e "${OVER} ${CROSS} ${str} Not found / empty list" + fi;; # Did we "download" a remote file? *) # Determine "Status:" output based on HTTP response From 14a379d4485328b85c08ff6cee30b137210b23d5 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Tue, 30 Nov 2021 02:57:44 +0100 Subject: [PATCH 141/141] Fix generated /etc/os-release file in OS check test Signed-off-by: MichaIng --- test/test_automated_install.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 911407fc..7959e100 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -1085,9 +1085,9 @@ def test_os_check_fails(host): install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} cat < /etc/os-release - ID=UnsupportedOS - VERSION_ID="2" - EOT +ID=UnsupportedOS +VERSION_ID="2" +EOT ''') detectOS = host.run('''t source /opt/pihole/basic-install.sh