From f90dffbf1a79a3da90526da2b7ed8e37946d36d1 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Apr 2021 11:41:26 +0200 Subject: [PATCH 01/79] Do not put hostname and pi.hole into local.list - this will be handled by FTL after FTL#1111 has been merged Signed-off-by: DL6ER --- gravity.sh | 50 ++++++-------------------------------------------- 1 file changed, 6 insertions(+), 44 deletions(-) diff --git a/gravity.sh b/gravity.sh index 24a41c48..bfe45b55 100755 --- a/gravity.sh +++ b/gravity.sh @@ -47,16 +47,6 @@ domainsExtension="domains" setupVars="${piholeDir}/setupVars.conf" if [[ -f "${setupVars}" ]];then source "${setupVars}" - - # Remove CIDR mask from IPv4/6 addresses - IPV4_ADDRESS="${IPV4_ADDRESS%/*}" - IPV6_ADDRESS="${IPV6_ADDRESS%/*}" - - # Determine if IPv4/6 addresses exist - if [[ -z "${IPV4_ADDRESS}" ]] && [[ -z "${IPV6_ADDRESS}" ]]; then - echo -e " ${COL_LIGHT_RED}No IP addresses found! Please run 'pihole -r' to reconfigure${COL_NC}" - exit 1 - fi else echo -e " ${COL_LIGHT_RED}Installation Failure: ${setupVars} does not exist! ${COL_NC} Please run 'pihole -r', and choose the 'reconfigure' option to fix." @@ -564,7 +554,7 @@ compareLists() { # Download specified URL and perform checks on HTTP status and file content gravity_DownloadBlocklistFromUrl() { local url="${1}" cmd_ext="${2}" agent="${3}" adlistID="${4}" saveLocation="${5}" target="${6}" compression="${7}" - local heisenbergCompensator="" patternBuffer str httpCode success="" + local heisenbergCompensator="" patternBuffer str httpCode success="" ip # Create temp file to store content on disk instead of RAM patternBuffer=$(mktemp -p "/tmp" --suffix=".phgpb") @@ -582,7 +572,10 @@ gravity_DownloadBlocklistFromUrl() { blocked=false case $BLOCKINGMODE in "IP-NODATA-AAAA"|"IP") - if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then + # Get IP address of this domain + ip="$(dig "${domain}" +short)" + # Check if this IP matches any IP of the system + if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then blocked=true fi;; "NXDOMAIN") @@ -785,43 +778,12 @@ gravity_ShowCount() { gravity_Table_Count "vw_regex_whitelist" "regex whitelist filters" } -# Parse list of domains into hosts format -gravity_ParseDomainsIntoHosts() { - awk -v ipv4="$IPV4_ADDRESS" -v ipv6="$IPV6_ADDRESS" '{ - # Remove windows CR line endings - sub(/\r$/, "") - # Parse each line as "ipaddr domain" - if(ipv6 && ipv4) { - print ipv4" "$0"\n"ipv6" "$0 - } else if(!ipv6) { - print ipv4" "$0 - } else { - print ipv6" "$0 - } - }' >> "${2}" < "${1}" -} - # Create "localhost" entries into hosts format gravity_generateLocalList() { - local hostname - - if [[ -s "/etc/hostname" ]]; then - hostname=$(< "/etc/hostname") - elif command -v hostname &> /dev/null; then - hostname=$(hostname -f) - else - echo -e " ${CROSS} Unable to determine fully qualified domain name of host" - return 0 - fi - - echo -e "${hostname}\\npi.hole" > "${localList}.tmp" - # Empty $localList if it already exists, otherwise, create it - : > "${localList}" + echo "### Do not modify this file, it will be overwritten by pihole -g" > "${localList}" chmod 644 "${localList}" - gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}" - # Add additional LAN hosts provided by OpenVPN (if available) if [[ -f "${VPNList}" ]]; then awk -F, '{printf $2"\t"$1".vpn\n"}' "${VPNList}" >> "${localList}" From aa88be335e602a57e5c8cc70dea6db06454ebf93 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Apr 2021 11:44:54 +0200 Subject: [PATCH 02/79] Acknowledge that IPV{4,6}_ADDRESS may not exist Signed-off-by: DL6ER --- pihole | 5 +---- test/test_automated_install.py | 2 -- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/pihole b/pihole index f8085c8e..4fe80fc7 100755 --- a/pihole +++ b/pihole @@ -363,16 +363,13 @@ tailFunc() { fi echo -e " ${INFO} Press Ctrl-C to exit" - # Retrieve IPv4/6 addresses - source /etc/pihole/setupVars.conf - # Strip date from each line # Color blocklist/blacklist/wildcard entries as red # Color A/AAAA/DHCP strings as white # Color everything else as gray tail -f /var/log/pihole.log | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ - -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 44624082..ba1781aa 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -45,8 +45,6 @@ def test_setupVars_are_sourced_to_global_scope(Pihole): # Currently debug test function only echo "Outputting sourced variables" echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}" - echo "IPV4_ADDRESS=${IPV4_ADDRESS}" - echo "IPV6_ADDRESS=${IPV6_ADDRESS}" echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}" echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}" } From 58905a1188b9d46e97e6dec975fbb90a22101258 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Apr 2021 12:14:05 +0200 Subject: [PATCH 03/79] Modify debugger to test name resolution on all available interfaces Signed-off-by: DL6ER --- advanced/Scripts/chronometer.sh | 4 --- advanced/Scripts/piholeDebug.sh | 63 ++++++++++++++++++++++----------- 2 files changed, 43 insertions(+), 24 deletions(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 4f9ea59a..3f85bdfc 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -498,10 +498,6 @@ chronoFunc() { printFunc " RAM usage: " "$ram_perc%" "$ram_info" printFunc " HDD usage: " "$disk_perc" "$disk_info" - if [[ "$scr_lines" -gt 17 ]] && [[ "$chrono_width" != "small" ]]; then - printFunc " LAN addr: " "${IPV4_ADDRESS/\/*/}" "$lan_info" - fi - if [[ "$DHCP_ACTIVE" == "true" ]]; then printFunc "DHCP usage: " "$ph_dhcp_percent%" "$dhcp_info" fi diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 13a886f1..c6294e6e 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -859,7 +859,6 @@ dig_at() { # Store the arguments as variables with names local protocol="${1}" - local IP="${2}" echo_current_diagnostic "Name resolution (IPv${protocol}) using a random blocked domain and a known ad-serving domain" # Set more local variables # We need to test name resolution locally, via Pi-hole, and via a public resolver @@ -874,15 +873,15 @@ dig_at() { if [[ ${protocol} == "6" ]]; then # Set the IPv6 variables and record type local local_address="::1" - local pihole_address="${IP}" local remote_address="2001:4860:4860::8888" + local sed_selector="inet6" local record_type="AAAA" # Otherwise, it should be 4 else # so use the IPv4 values local local_address="127.0.0.1" - local pihole_address="${IP}" local remote_address="8.8.8.8" + local sed_selector="inet" local record_type="A" fi @@ -895,25 +894,53 @@ dig_at() { # First, do a dig on localhost to see if Pi-hole can use itself to block a domain if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then # If it can, show success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})" + log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC at ${COL_CYAN}${local_address}${CON_NC}" else # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} (${local_address})" + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} at ${COL_CYAN}${local_address}${CON_NC}" fi # Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address # This better emulates how clients will interact with Pi-hole as opposed to above where Pi-hole is # just asing itself locally - # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't waiting for too long + # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't + # waiting for too long + # + # Turn off history expansion such that the "!" in the sed command cannot do silly things + set +H + # Get interfaces + # sed logic breakdown: + # / master /d; + # Removes all interfaces that are slaves of others (e.g. virtual docker interfaces) + # /UP/!d; + # Removes all interfaces which are not UP + # s/^[0-9]*: //g; + # Removes interface index + # s/: <.*//g; + # Removes everything after the interface name + local interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")" - # If Pi-hole can dig itself from it's IP (not the loopback address) - if pihole_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${pihole_address}" +short "${record_type}"); then - # show a success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${pihole_dig}${COL_NC} via ${COL_CYAN}Pi-hole${COL_NC} (${pihole_address})" - else - # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}Pi-hole${COL_NC} (${pihole_address})" - fi + while IFS= read -r iface ; do + # Get addresses of current interface + # sed logic breakdown: + # /inet(|6) /!d; + # Removes all lines from ip a that do not contain either "inet " or "inet6 " + # s/^.*inet(|6) //g; + # Removes all leading whitespace as well as the "inet " or "inet6 " string + # s/\/.*$//g; + # Removes CIDR and everything thereafter (e.g., scope properties) + local addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" + while IFS= read -r local_address ; do + # Check if Pi-hole can use itself to block a domain + if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then + # If it can, show success + log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" + else + # Otherwise, show a failure + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})" + fi + done <<< "${addresses}" + done <<< "${interfaces}" # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server # We are using the static remote_url here instead of a random one because we know it works with IPv4 and IPv6 @@ -1046,12 +1073,8 @@ parse_file() { check_name_resolution() { # Check name resolution from localhost, Pi-hole's IP, and Google's name severs # using the function we created earlier - dig_at 4 "${IPV4_ADDRESS%/*}" - # If IPv6 enabled, - if [[ "${IPV6_ADDRESS}" ]]; then - # check resolution - dig_at 6 "${IPV6_ADDRESS%/*}" - fi + dig_at 4 + dig_at 6 } # This function can check a directory exists From 3b574096b80a44b2366c8bdbb9df8cfea14091b0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Apr 2021 12:24:46 +0200 Subject: [PATCH 04/79] Remove duplicated lo test Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index c6294e6e..02363b60 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -863,8 +863,9 @@ dig_at() { # Set more local variables # We need to test name resolution locally, via Pi-hole, and via a public resolver local local_dig - local pihole_dig local remote_dig + local interfaces + local addresses # Use a static domain that we know has IPv4 and IPv6 to avoid false positives # Sometimes the randomly chosen domains don't use IPv6, or something else is wrong with them local remote_url="doubleclick.com" @@ -891,15 +892,6 @@ dig_at() { local random_url random_url=$(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity ORDER BY RANDOM() LIMIT 1") - # First, do a dig on localhost to see if Pi-hole can use itself to block a domain - if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then - # If it can, show success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC at ${COL_CYAN}${local_address}${CON_NC}" - else - # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} at ${COL_CYAN}${local_address}${CON_NC}" - fi - # Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address # This better emulates how clients will interact with Pi-hole as opposed to above where Pi-hole is # just asing itself locally @@ -918,7 +910,7 @@ dig_at() { # Removes interface index # s/: <.*//g; # Removes everything after the interface name - local interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")" + interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")" while IFS= read -r iface ; do # Get addresses of current interface @@ -929,10 +921,10 @@ dig_at() { # Removes all leading whitespace as well as the "inet " or "inet6 " string # s/\/.*$//g; # Removes CIDR and everything thereafter (e.g., scope properties) - local addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" + addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" while IFS= read -r local_address ; do # Check if Pi-hole can use itself to block a domain - if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then + if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then # If it can, show success log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" else @@ -944,7 +936,7 @@ dig_at() { # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server # We are using the static remote_url here instead of a random one because we know it works with IPv4 and IPv6 - if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @${remote_address} +short "${record_type}" | head -n1); then + if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @"${remote_address}" +short "${record_type}" | head -n1); then # If successful, the real IP of the domain will be returned instead of Pi-hole's IP log_write "${TICK} ${remote_url} ${COL_GREEN}is ${remote_dig}${COL_NC} via ${COL_CYAN}a remote, public DNS server${COL_NC} (${remote_address})" else @@ -1059,7 +1051,7 @@ parse_file() { local file_lines # For each line in the file, for file_lines in "${file_info[@]}"; do - if [[ ! -z "${file_lines}" ]]; then + if [[ -n "${file_lines}" ]]; then # don't include the Web password hash [[ "${file_lines}" =~ ^\#.*$ || ! "${file_lines}" || "${file_lines}" == "WEBPASSWORD="* ]] && continue # otherwise, display the lines of the file From 60513f93a3f239bf503372972c9e3c3b312cf9be Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 18 Apr 2021 09:26:23 +0200 Subject: [PATCH 05/79] Don't set IPV{4,6}_ADDRESS in conftest.py Signed-off-by: DL6ER --- test/conftest.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/conftest.py b/test/conftest.py index 07166ec5..13731eb8 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -8,8 +8,6 @@ check_output = testinfra.get_backend( SETUPVARS = { 'PIHOLE_INTERFACE': 'eth99', - 'IPV4_ADDRESS': '1.1.1.1', - 'IPV6_ADDRESS': 'FE80::240:D0FF:FE48:4672', 'PIHOLE_DNS_1': '4.2.2.1', 'PIHOLE_DNS_2': '4.2.2.2' } From 2ba350984f19165b2f224d4d9d7e9bc3bf655850 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Sun, 18 Apr 2021 15:12:01 +0200 Subject: [PATCH 06/79] Enable PHP8 support for Debian/Ubuntu Since PHP8.0, the JSON extension is a core PHP extension and hence the php8.0-json package does not exist and is not required: - https://www.php.net/manual/json.installation.php - https://packages.debian.org/php8.0-json Solves: https://discourse.pi-hole.net/t/php-8-packages-not-found/46286 Signed-off-by: MichaIng --- automated install/basic-install.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index eb52aea3..1d6253a0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -360,7 +360,11 @@ if is_command apt-get ; then PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-json" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php + if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then + PIHOLE_WEB_DEPS+=("${phpVer}-json") + fi # The Web server user, LIGHTTPD_USER="www-data" # group, From 5895690b588e0c26efe509f36e455b430fbe3db3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 24 Apr 2021 15:38:27 +0100 Subject: [PATCH 07/79] this has been annoying me for months Signed-off-by: Adam Warner --- advanced/Scripts/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index f77ee635..86ac45bc 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -153,7 +153,7 @@ versionOutput() { if [[ -n "$current" ]] && [[ -n "$latest" ]]; then output="${1^} version is $branch$current (Latest: $latest)" elif [[ -n "$current" ]] && [[ -z "$latest" ]]; then - output="Current ${1^} version is $branch$current." + output="Current ${1^} version is $branch$current" elif [[ -z "$current" ]] && [[ -n "$latest" ]]; then output="Latest ${1^} version is $latest" elif [[ "$curHash" == "N/A" ]] || [[ "$latHash" == "N/A" ]]; then From f3ceebbe06217cac68720d3668b210a0a35f900b Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 30 Apr 2021 20:48:12 +0200 Subject: [PATCH 08/79] Re-remove wget from dependencies The dependency has been removed here: https://github.com/pi-hole/pi-hole/pull/3185 But accidentally re-added here: https://github.com/pi-hole/pi-hole/commit/982c1b0059723e92fa6d6bc92d466d4f2b4f8b8d#diff-595630a29a855f6d667a84ca0662042e826bf3ec56322ef61d4a6ef149147d23 wget is still not used in any Pi-hole script, hence it can be removed safely from dependencies. Signed-off-by: MichaIng --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 1d6253a0..454daee4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -357,7 +357,7 @@ if is_command apt-get ; then # Packages required to run this install script (stored as an array) INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail dnsutils) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") From c9014436767251bd3b67558561afae60d78ee9b3 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Sun, 2 May 2021 13:27:35 +0200 Subject: [PATCH 09/79] Remove false statement about dependency removal on Raspbian The statement "All dependencies are safe to remove on Raspbian" has been added at a time where a much smaller list of dependencies were installed, all indeed relatively safe to purge. Nowadays this list has grown and includes important system packages, like iproute2, psmisc, sudo, curl and others, which are often again dependencies of other packages, like network stacks (ifupdown) and others, so that inexperienced users, following that statement, may break their systems network capabilities and more. This message has hence been removed. Signed-off-by: MichaIng --- automated install/uninstall.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index a0d3b108..543ca07a 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -206,11 +206,7 @@ removeNoPurge() { } ######### SCRIPT ########### -if command -v vcgencmd &> /dev/null; then - echo -e " ${INFO} All dependencies are safe to remove on Raspbian" -else - echo -e " ${INFO} Be sure to confirm if any dependencies should not be removed" -fi +echo -e " ${INFO} Be sure to confirm if any dependencies should not be removed" while true; do echo -e " ${INFO} ${COL_YELLOW}The following dependencies may have been added by the Pi-hole install:" echo -n " " From 6f60555f7994c0e33e5156f8eeadf3469338de25 Mon Sep 17 00:00:00 2001 From: Ashutosh Verma Date: Thu, 20 May 2021 22:34:19 +0530 Subject: [PATCH 10/79] Added install Method 3 Signed-off-by: Ashutosh Verma --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 57dee16d..06f541f4 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,8 @@ sudo bash basic-install.sh wget -O basic-install.sh https://install.pi-hole.net sudo bash basic-install.sh ``` +### Method 3: Using Docker to deploy Pi-hole +Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-hole) to use the Official Docker Images. ## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/) From a9e761ec1336284108baf12e908a2124059cef9f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 23 May 2021 12:11:04 +0200 Subject: [PATCH 11/79] Add missing sed anchors when deleting lines. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 8ef4d940..315236a3 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -716,7 +716,7 @@ RemoveCustomDNSAddress() { host="${args[3]}" if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - sed -i "/${ip} ${host}/d" "${dnscustomfile}" + sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" else echo -e " ${CROSS} Invalid IP has been passed" exit 1 @@ -748,7 +748,7 @@ RemoveCustomCNAMERecord() { if [[ -n "${validDomain}" ]]; then validTarget="$(checkDomain "${target}")" if [[ -n "${validDomain}" ]]; then - sed -i "/cname=${validDomain},${validTarget}/d" "${dnscustomcnamefile}" + sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" else echo " ${CROSS} Invalid Target Passed!" exit 1 From 01c310a78f41b84e77283daae87244cb47f5ff4a Mon Sep 17 00:00:00 2001 From: William Horning Date: Thu, 10 Jun 2021 19:23:58 -0400 Subject: [PATCH 12/79] Fix typo Signed-off-by: William Horning --- manpages/pihole.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manpages/pihole.8 b/manpages/pihole.8 index 4ba0e0f7..aaaa8d7e 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -56,7 +56,7 @@ Available commands and options: \fB-w, whitelist\fR [options] [ ] .br - Adds or removes specified domain or domains tho the Whitelist + Adds or removes specified domain or domains to the Whitelist .br \fB-b, blacklist\fR [options] [ ] From a2d5b8050af46b7f28eff0dfb6b3b81b2c499db9 Mon Sep 17 00:00:00 2001 From: jpgpi250 Date: Mon, 14 Jun 2021 20:27:10 +0200 Subject: [PATCH 13/79] Update gravity.sh Signed-off-by: jpgpi250 --- gravity.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index 24a41c48..7ba443d8 100755 --- a/gravity.sh +++ b/gravity.sh @@ -73,6 +73,8 @@ fi # have changed gravityDBfile="${GRAVITYDB}" gravityTEMPfile="${GRAVITYDB}_temp" +gravityDIR="$(dirname -- "${gravityDBfile}")" +gravityOLDfile="${gravityDIR}/gravity_old.db" if [[ -z "${BLOCKINGMODE}" ]] ; then BLOCKINGMODE="NULL" @@ -123,8 +125,19 @@ gravity_swap_databases() { fi echo -e "${OVER} ${TICK} ${str}" - # Swap databases and remove old database - rm "${gravityDBfile}" + # Swap databases and remove or conditionally rename old database + # Number of available blocks on disk + availableBlocks=$(stat -f --format "%a" "${gravityDIR}") + # Number of blocks, used by gravity.db + gravityBlocks=$(stat --format "%b" ${gravityDBfile}) + # Only keep the old database if available disk space is at least twice the size of the existing gravity.db. + # Better be safe than sorry... + if [ "${availableBlocks}" -gt "$(("${gravityBlocks}" * 2))" ] && [ -f "${gravityDBfile}" ]; then + echo -e " ${TICK} The old database remains available." + mv "${gravityDBfile}" "${gravityOLDfile}" + else + rm "${gravityDBfile}" + fi mv "${gravityTEMPfile}" "${gravityDBfile}" } @@ -890,6 +903,11 @@ for var in "$@"; do esac done +# Remove OLD (backup) gravity file, if it exists +if [[ -f "${gravityOLDfile}" ]]; then + rm "${gravityOLDfile}" +fi + # Trap Ctrl-C gravity_Trap From df3c46349ab0f32cf420ba26105c85bbe1a0814c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 3 May 2021 21:23:41 +0200 Subject: [PATCH 14/79] Add tail of pihole.log to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 85 +++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 37 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 13a886f1..36efe77f 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1281,53 +1281,64 @@ analyze_gravity_list() { IFS="$OLD_IFS" } +obfuscated_pihole_log() { + local pihole_log=("$@") + local line + local error_to_check_for + local line_to_obfuscate + local obfuscated_line + for line in "${pihole_log[@]}"; do + # A common error in the pihole.log is when there is a non-hosts formatted file + # that the DNS server is attempting to read. Since it's not formatted + # correctly, there will be an entry for "bad address at line n" + # So we can check for that here and highlight it in red so the user can see it easily + error_to_check_for=$(echo "${line}" | grep 'bad address at') + # Some users may not want to have the domains they visit sent to us + # To that end, we check for lines in the log that would contain a domain name + line_to_obfuscate=$(echo "${line}" | grep ': query\|: forwarded\|: reply') + # If the variable contains a value, it found an error in the log + if [[ -n ${error_to_check_for} ]]; then + # So we can print it in red to make it visible to the user + log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" + else + # If the variable does not a value (the current default behavior), so do not obfuscate anything + if [[ -z ${OBFUSCATE} ]]; then + log_write " ${line}" + # Othwerise, a flag was passed to this command to obfuscate domains in the log + else + # So first check if there are domains in the log that should be obfuscated + if [[ -n ${line_to_obfuscate} ]]; then + # If there are, we need to use awk to replace only the domain name (the 6th field in the log) + # so we substitute the domain for the placeholder value + obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}') + log_write " ${obfuscated_line}" + else + log_write " ${line}" + fi + fi + fi + done +} + analyze_pihole_log() { echo_current_diagnostic "Pi-hole log" - local head_line + local pihole_log_head=() + local pihole_log_tail=() + local pihole_log_permissions + # Put the current Internal Field Separator into another variable so it can be restored later OLD_IFS="$IFS" # Get the lines that are in the file(s) and store them in an array for parsing later IFS=$'\r\n' - local pihole_log_permissions pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" - local pihole_log_head=() mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" - local error_to_check_for - local line_to_obfuscate - local obfuscated_line - for head_line in "${pihole_log_head[@]}"; do - # A common error in the pihole.log is when there is a non-hosts formatted file - # that the DNS server is attempting to read. Since it's not formatted - # correctly, there will be an entry for "bad address at line n" - # So we can check for that here and highlight it in red so the user can see it easily - error_to_check_for=$(echo "${head_line}" | grep 'bad address at') - # Some users may not want to have the domains they visit sent to us - # To that end, we check for lines in the log that would contain a domain name - line_to_obfuscate=$(echo "${head_line}" | grep ': query\|: forwarded\|: reply') - # If the variable contains a value, it found an error in the log - if [[ -n ${error_to_check_for} ]]; then - # So we can print it in red to make it visible to the user - log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" - else - # If the variable does not a value (the current default behavior), so do not obfuscate anything - if [[ -z ${OBFUSCATE} ]]; then - log_write " ${head_line}" - # Othwerise, a flag was passed to this command to obfuscate domains in the log - else - # So first check if there are domains in the log that should be obfuscated - if [[ -n ${line_to_obfuscate} ]]; then - # If there are, we need to use awk to replace only the domain name (the 6th field in the log) - # so we substitute the domain for the placeholder value - obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}') - log_write " ${obfuscated_line}" - else - log_write " ${head_line}" - fi - fi - fi - done + obfuscated_pihole_log "${pihole_log_head[@]}" + log_write "" + mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_tail[@]}" log_write "" # Set the IFS back to what it was IFS="$OLD_IFS" From f2cba6cad1b8893757c69975e8b984c1bc8eda7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 3 Jun 2021 13:15:44 +0200 Subject: [PATCH 15/79] Skip analyze_pihole_log if query logging has been disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 47 +++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 36efe77f..859ac3d3 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1321,27 +1321,34 @@ obfuscated_pihole_log() { } analyze_pihole_log() { - echo_current_diagnostic "Pi-hole log" - local pihole_log_head=() - local pihole_log_tail=() - local pihole_log_permissions + echo_current_diagnostic "Pi-hole log" + local pihole_log_head=() + local pihole_log_tail=() + local pihole_log_permissions - # Put the current Internal Field Separator into another variable so it can be restored later - OLD_IFS="$IFS" - # Get the lines that are in the file(s) and store them in an array for parsing later - IFS=$'\r\n' - pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") - log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" - mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" - obfuscated_pihole_log "${pihole_log_head[@]}" - log_write "" - mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" - obfuscated_pihole_log "${pihole_log_tail[@]}" - log_write "" - # Set the IFS back to what it was - IFS="$OLD_IFS" + local logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) + if [[ "${logging_enabled}" == "0" ]]; then + # No "log-queries" lines are found. + # Commented out lines (such as "#log-queries") are ignored + log_write "${INFO} Query logging is disabled" + else + # Put the current Internal Field Separator into another variable so it can be restored later + OLD_IFS="$IFS" + # Get the lines that are in the file(s) and store them in an array for parsing later + IFS=$'\r\n' + pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") + log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" + mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_head[@]}" + log_write "" + mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_tail[@]}" + log_write "" + # Set the IFS back to what it was + IFS="$OLD_IFS" + fi } tricorder_use_nc_or_curl() { From 1ae67e1de8677341b0f9af70008dfa8973c87d95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 4 Jun 2021 21:19:07 +0200 Subject: [PATCH 16/79] Only inform user about disabled logging, don't skipp printing pihole.log MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 35 ++++++++++++++++----------------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 859ac3d3..8b6a5c24 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1328,27 +1328,26 @@ analyze_pihole_log() { local logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) if [[ "${logging_enabled}" == "0" ]]; then - # No "log-queries" lines are found. - # Commented out lines (such as "#log-queries") are ignored + # Inform user that logging has been disabled and pihole.log does not contain queries log_write "${INFO} Query logging is disabled" - else - # Put the current Internal Field Separator into another variable so it can be restored later - OLD_IFS="$IFS" - # Get the lines that are in the file(s) and store them in an array for parsing later - IFS=$'\r\n' - pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") - log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" - mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" - obfuscated_pihole_log "${pihole_log_head[@]}" log_write "" - mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" - obfuscated_pihole_log "${pihole_log_tail[@]}" - log_write "" - # Set the IFS back to what it was - IFS="$OLD_IFS" fi + # Put the current Internal Field Separator into another variable so it can be restored later + OLD_IFS="$IFS" + # Get the lines that are in the file(s) and store them in an array for parsing later + IFS=$'\r\n' + pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") + log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" + mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_head[@]}" + log_write "" + mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_tail[@]}" + log_write "" + # Set the IFS back to what it was + IFS="$OLD_IFS" } tricorder_use_nc_or_curl() { From 08cf9aa5a7a5698c7c968b6dd003910875c9279d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 4 Jun 2021 21:30:41 +0200 Subject: [PATCH 17/79] Declare and assign 'logging_enabled' separately MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 8b6a5c24..62ba9aba 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1325,8 +1325,9 @@ analyze_pihole_log() { local pihole_log_head=() local pihole_log_tail=() local pihole_log_permissions + local logging_enabled - local logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) + logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) if [[ "${logging_enabled}" == "0" ]]; then # Inform user that logging has been disabled and pihole.log does not contain queries log_write "${INFO} Query logging is disabled" From 01764cc581220fb1751ebcb8808d5ca59ec7d2d6 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 20 Jun 2021 10:28:25 -0700 Subject: [PATCH 18/79] Explicity declare values for the RA packet. Signed-off-by: Dan Schaper --- advanced/Scripts/webpage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 8ef4d940..32719eb2 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -426,7 +426,7 @@ dhcp-leasefile=/etc/pihole/dhcp.leases echo "#quiet-dhcp6 #enable-ra dhcp-option=option6:dns-server,[::] -dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime} +dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600 ra-param=*,0,0 " >> "${dhcpconfig}" fi From 7df22cd8e035d64bf6d46397dbf3680395222776 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 20 Jun 2021 11:18:33 -0700 Subject: [PATCH 19/79] Check for logroate script existing first. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 454daee4..73b456ca 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1944,9 +1944,17 @@ finalExports() { # Install the logrotate script installLogrotate() { local str="Installing latest logrotate script" + local target=/etc/pihole/logrotate + printf "\\n %b %s..." "${INFO}" "${str}" + if [[ -f ${target} ]]; then + printf "\\n\\t%b Existing logrotate file found. No changes made.\\n" "${INFO}" + # Return value isn't that important, using 2 to indicate that it's not a fatal error but + # the function did not complete. + return 2 + fi # Copy the file over from the local repo - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate /etc/pihole/logrotate + install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate ${target} # Different operating systems have different user / group # settings for logrotate that makes it impossible to create # a static logrotate file that will work with e.g. @@ -1957,7 +1965,7 @@ installLogrotate() { # If there is a usergroup for log rotation, if [[ ! -z "${logusergroup}" ]]; then # replace the line in the logrotate script with that usergroup. - sed -i "s/# su #/su ${logusergroup}/g;" /etc/pihole/logrotate + sed -i "s/# su #/su ${logusergroup}/g;" ${target} fi printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" } From 4f660966d036a562d1fbbadbe0d56b52fa6cbf5b Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 20 Jun 2021 11:19:19 -0700 Subject: [PATCH 20/79] Shellchecker Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 73b456ca..96ca8c92 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1954,7 +1954,7 @@ installLogrotate() { return 2 fi # Copy the file over from the local repo - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate ${target} + install -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target} # Different operating systems have different user / group # settings for logrotate that makes it impossible to create # a static logrotate file that will work with e.g. @@ -1963,7 +1963,7 @@ installLogrotate() { # the local properties of the /var/log directory logusergroup="$(stat -c '%U %G' /var/log)" # If there is a usergroup for log rotation, - if [[ ! -z "${logusergroup}" ]]; then + if [[ -n "${logusergroup}" ]]; then # replace the line in the logrotate script with that usergroup. sed -i "s/# su #/su ${logusergroup}/g;" ${target} fi From 2b499880133c2869313d1a8ce971d3be86c6ae81 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 1 Jul 2021 02:19:00 +0000 Subject: [PATCH 21/79] Include lighttpd-mod-deflate in the PIHOLE_WEB_DEPS list since it is no longer provided by default in Debian Bullseye Signed-off-by: Daniel --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 96ca8c92..17462c73 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -360,7 +360,7 @@ if is_command apt-get ; then PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd lighttpd-mod-deflate "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then PIHOLE_WEB_DEPS+=("${phpVer}-json") From c120f8a8d88a20dd9bb5905ae3cf5a5f3ddb9466 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 2 Jul 2021 22:09:41 +0100 Subject: [PATCH 22/79] Revert "Include lighttpd-mod-deflate since it is no longer provided by default in Bullsye" --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 17462c73..96ca8c92 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -360,7 +360,7 @@ if is_command apt-get ; then PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd lighttpd-mod-deflate "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then PIHOLE_WEB_DEPS+=("${phpVer}-json") From 469b71544262f8473cc1e22142ee01a4016785fc Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 3 Jul 2021 00:00:54 +0100 Subject: [PATCH 23/79] Add three new tests (one for each dependecy array) to check packages are available in supported OS package repos Signed-off-by: Adam Warner --- test/test_automated_install.py | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 44624082..891fc185 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -597,3 +597,43 @@ def test_os_check_passes(Pihole): ''') expected_stdout = 'Supported OS detected' assert expected_stdout in detectOS.stdout + + +def test_package_manager_has_installer_deps(Pihole): + ''' Confirms OS is able to install the required packages for the installer''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + distro_check + install_dependent_packages ${INSTALLER_DEPS[@]} + ''') + + assert 'No package' not in output.stdout #centos7 still exits 0... + assert output.rc == 0 + + +def test_package_manager_has_pihole_deps(Pihole): + ''' Confirms OS is able to install the required packages for Pi-hole ''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + distro_check + install_dependent_packages ${PIHOLE_DEPS[@]} + ''') + + assert 'No package' not in output.stdout #centos7 still exits 0... + assert output.rc == 0 + + +def test_package_manager_has_web_deps(Pihole): + ''' Confirms OS is able to install the required packages for web ''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + distro_check + install_dependent_packages ${PIHOLE_WEB_DEPS[@]} + ''') + + assert 'No package' not in output.stdout #centos7 still exits 0... + assert output.rc == 0 + From 87f2ae82cd16473886c4bf9da1d9d19fb909aa1a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 3 Jul 2021 00:07:37 +0100 Subject: [PATCH 24/79] Stickler gonna stickle... Signed-off-by: Adam Warner --- test/test_automated_install.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 891fc185..0849aa9a 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -608,7 +608,7 @@ def test_package_manager_has_installer_deps(Pihole): install_dependent_packages ${INSTALLER_DEPS[@]} ''') - assert 'No package' not in output.stdout #centos7 still exits 0... + assert 'No package' not in output.stdout # centos7 still exits 0... assert output.rc == 0 @@ -621,7 +621,7 @@ def test_package_manager_has_pihole_deps(Pihole): install_dependent_packages ${PIHOLE_DEPS[@]} ''') - assert 'No package' not in output.stdout #centos7 still exits 0... + assert 'No package' not in output.stdout # centos7 still exits 0... assert output.rc == 0 @@ -634,6 +634,5 @@ def test_package_manager_has_web_deps(Pihole): install_dependent_packages ${PIHOLE_WEB_DEPS[@]} ''') - assert 'No package' not in output.stdout #centos7 still exits 0... + assert 'No package' not in output.stdout # centos7 still exits 0... assert output.rc == 0 - From 4fb5157719f3f8c74e9dfb9e8167673c96947532 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 4 Jun 2021 21:59:17 +0200 Subject: [PATCH 25/79] Squashed commits MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add simple grep function to pihole -t Signed-off-by: Christian König Add help info Signed-off-by: Christian König Improve help info Signed-off-by: Christian König Fix details Signed-off-by: Christian König --- pihole | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pihole b/pihole index f8085c8e..58ec385a 100755 --- a/pihole +++ b/pihole @@ -370,7 +370,7 @@ tailFunc() { # Color blocklist/blacklist/wildcard entries as red # Color A/AAAA/DHCP strings as white # Color everything else as gray - tail -f /var/log/pihole.log | sed -E \ + tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ @@ -456,7 +456,10 @@ Debugging Options: Add '-a' to automatically upload the log to tricorder.pi-hole.net -f, flush Flush the Pi-hole log -r, reconfigure Reconfigure or Repair Pi-hole subsystems - -t, tail View the live output of the Pi-hole log + -t, tail [arg] View the live output of the Pi-hole log. + Add an optional argument to filter the log + (regular expressions are supported) + Options: -a, admin Web interface options @@ -530,7 +533,7 @@ case "${1}" in "status" ) statusFunc "$2";; "restartdns" ) restartDNS "$2";; "-a" | "admin" ) webpageFunc "$@";; - "-t" | "tail" ) tailFunc;; + "-t" | "tail" ) tailFunc "$2";; "checkout" ) piholeCheckoutFunc "$@";; "tricorder" ) tricorderFunc;; "updatechecker" ) updateCheckFunc "$@";; From e80e54a61a4942320391770d939e370fb3f996c5 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 4 Jul 2021 01:18:46 +0100 Subject: [PATCH 26/79] head_line -> line Signed-off-by: Adam Warner --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 62ba9aba..f0d6f799 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1299,7 +1299,7 @@ obfuscated_pihole_log() { # If the variable contains a value, it found an error in the log if [[ -n ${error_to_check_for} ]]; then # So we can print it in red to make it visible to the user - log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" + log_write " ${CROSS} ${COL_RED}${line}${COL_NC} (${FAQ_BAD_ADDRESS})" else # If the variable does not a value (the current default behavior), so do not obfuscate anything if [[ -z ${OBFUSCATE} ]]; then From a0d74d1e9d52fb0039b6c3f709216e4af2acb0d3 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 4 Jul 2021 13:55:47 +0200 Subject: [PATCH 27/79] Canary domain handling is now happening in FTL where we have much finer control over it. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index ec5f8e49..9f07b120 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -273,11 +273,6 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 fi fi - # Prevent Firefox from automatically switching over to DNS-over-HTTPS - # This follows https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https - # (sourced 7th September 2019) - add_dnsmasq_setting "server=/use-application-dns.net/" - # We need to process DHCP settings here as well to account for possible # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf # as we don't want to delete all local=/.../ lines so it's much safer to From 31a096dec279ad478632d9e1ec614fbae362a4b7 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 7 Jul 2021 13:31:59 +0000 Subject: [PATCH 28/79] Remove mod_compress (mod_deflate) from lighttpd to provide backwards compatible support for Debian Bullseye (11) Signed-off-by: Daniel --- advanced/lighttpd.conf.debian | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index cd6d7737..9c892fc0 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -20,7 +20,6 @@ server.modules = ( "mod_accesslog", "mod_auth", "mod_expire", - "mod_compress", "mod_redirect", "mod_setenv", "mod_rewrite" @@ -41,26 +40,6 @@ index-file.names = ( "index.php", "index.html", "index.lighttpd.html" url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) -compress.cache-dir = "/var/cache/lighttpd/compress/" -compress.filetype = ( - "application/json", - "application/vnd.ms-fontobject", - "application/xml", - "font/eot", - "font/opentype", - "font/otf", - "font/ttf", - "image/bmp", - "image/svg+xml", - "image/vnd.microsoft.icon", - "image/x-icon", - "text/css", - "text/html", - "text/javascript", - "text/plain", - "text/xml" -) - mimetype.assign = ( ".ico" => "image/x-icon", ".jpeg" => "image/jpeg", From c9e341b5d48b254cab5dadd0d24dbad8e0674783 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Jul 2021 19:20:14 +0100 Subject: [PATCH 29/79] Same change as with #4221, but on fedora config too Signed-off-by: Adam Warner --- advanced/lighttpd.conf.fedora | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 64428617..aae4a6a4 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -21,7 +21,6 @@ server.modules = ( "mod_expire", "mod_fastcgi", "mod_accesslog", - "mod_compress", "mod_redirect", "mod_setenv", "mod_rewrite" @@ -42,26 +41,6 @@ index-file.names = ( "index.php", "index.html", "index.lighttpd.html" url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) -compress.cache-dir = "/var/cache/lighttpd/compress/" -compress.filetype = ( - "application/json", - "application/vnd.ms-fontobject", - "application/xml", - "font/eot", - "font/opentype", - "font/otf", - "font/ttf", - "image/bmp", - "image/svg+xml", - "image/vnd.microsoft.icon", - "image/x-icon", - "text/css", - "text/html", - "text/javascript", - "text/plain", - "text/xml" -) - mimetype.assign = ( ".ico" => "image/x-icon", ".jpeg" => "image/jpeg", From fdca19e66d9f249b4fc5afbf6d4acd396d570fa9 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 15 Apr 2021 13:59:10 +0000 Subject: [PATCH 30/79] Support and test Debian Bullsye (11) Signed-off-by: Daniel --- .github/workflows/test.yml | 2 +- advanced/Scripts/piholeDebug.sh | 4 ++-- automated install/basic-install.sh | 4 ++-- supportedos.txt | 4 ++-- test/_debian_11.Dockerfile | 17 +++++++++++++++++ test/tox.debian_11.ini | 8 ++++++++ 6 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 test/_debian_11.Dockerfile create mode 100644 test/tox.debian_11.ini diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d19df5ab..a6fd1acc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] + distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f0a22b6d..8ea640c2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -410,12 +410,12 @@ os_check() { # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net # and determines whether or not the script is running on one of those systems local remote_os_domain valid_os valid_version detected_os detected_version cmdResult digReturnCode response - remote_os_domain="versions.pi-hole.net" + remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"} detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"') detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') - cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)" + cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)" #Get the return code of the previous command (last line) digReturnCode="${cmdResult##*$'\n'}" diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 96ca8c92..4212159e 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -186,12 +186,12 @@ os_check() { # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net # and determines whether or not the script is running on one of those systems local remote_os_domain valid_os valid_version valid_response detected_os detected_version display_warning cmdResult digReturnCode response - remote_os_domain="versions.pi-hole.net" + remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"} detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"') detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') - cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)" + cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)" # Gets the return code of the previous command (last line) digReturnCode="${cmdResult##*$'\n'}" diff --git a/supportedos.txt b/supportedos.txt index 6d579132..c9332deb 100644 --- a/supportedos.txt +++ b/supportedos.txt @@ -1,5 +1,5 @@ Raspbian=9,10 Ubuntu=16,18,20 -Debian=9,10 +Debian=9,10,11 Fedora=32,33 -CentOS=7,8 \ No newline at end of file +CentOS=7,8 diff --git a/test/_debian_11.Dockerfile b/test/_debian_11.Dockerfile new file mode 100644 index 00000000..39be027e --- /dev/null +++ b/test/_debian_11.Dockerfile @@ -0,0 +1,17 @@ +FROM buildpack-deps:bullseye-scm + +ENV GITDIR /etc/.pihole +ENV SCRIPTDIR /opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/ +ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/tox.debian_11.ini b/test/tox.debian_11.ini new file mode 100644 index 00000000..af3c6e36 --- /dev/null +++ b/test/tox.debian_11.ini @@ -0,0 +1,8 @@ +[tox] +envlist = py37 + +[testenv] +whitelist_externals = docker +deps = -rrequirements.txt +commands = docker build -f _debian_11.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_automated_install.py From aa5c15a72882c5c76103363553644f8ef005bd61 Mon Sep 17 00:00:00 2001 From: Faye Duxovni Date: Fri, 9 Jul 2021 01:06:10 -0400 Subject: [PATCH 31/79] give pihole its own logrotate state file Signed-off-by: Faye Duxovni Co-authored-by: Dan Schaper --- advanced/Scripts/piholeLogFlush.sh | 11 ++++++++--- advanced/Templates/pihole.cron | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 51e94d7c..5c6a2c68 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -11,6 +11,11 @@ colfile="/opt/pihole/COL_TABLE" source ${colfile} +# In case we're running at the same time as a system logrotate, use a +# separate logrotate state file to prevent stepping on each other's +# toes. +STATEFILE="/var/lib/logrotate/pihole" + # Determine database location # Obtain DBFILE=... setting from pihole-FTL.db # Constructed to return nothing when @@ -32,7 +37,7 @@ if [[ "$@" == *"once"* ]]; then # Nightly logrotation if command -v /usr/sbin/logrotate >/dev/null; then # Logrotate once - /usr/sbin/logrotate --force /etc/pihole/logrotate + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate else # Copy pihole.log over to pihole.log.1 # and empty out pihole.log @@ -47,8 +52,8 @@ else # Manual flushing if command -v /usr/sbin/logrotate >/dev/null; then # Logrotate twice to move all data out of sight of FTL - /usr/sbin/logrotate --force /etc/pihole/logrotate; sleep 3 - /usr/sbin/logrotate --force /etc/pihole/logrotate + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate; sleep 3 + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate else # Flush both pihole.log and pihole.log.1 (if existing) echo " " > /var/log/pihole.log diff --git a/advanced/Templates/pihole.cron b/advanced/Templates/pihole.cron index ecd1e808..37724d2e 100644 --- a/advanced/Templates/pihole.cron +++ b/advanced/Templates/pihole.cron @@ -26,7 +26,7 @@ # parameter "quiet": don't print messages 00 00 * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet -@reboot root /usr/sbin/logrotate /etc/pihole/logrotate +@reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate # Pi-hole: Grab local version and branch every 10 minutes */10 * * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local From e2e7d0a6aa19e99cd0521a0644eae9f507739671 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 14 Jul 2021 22:36:02 +0100 Subject: [PATCH 32/79] add tests for ubuntu 21 Signed-off-by: Adam Warner --- test/_ubuntu_21.Dockerfile | 18 ++++++++++++++++++ test/tox.ubuntu_21.ini | 8 ++++++++ 2 files changed, 26 insertions(+) create mode 100644 test/_ubuntu_21.Dockerfile create mode 100644 test/tox.ubuntu_21.ini diff --git a/test/_ubuntu_21.Dockerfile b/test/_ubuntu_21.Dockerfile new file mode 100644 index 00000000..afddbfa9 --- /dev/null +++ b/test/_ubuntu_21.Dockerfile @@ -0,0 +1,18 @@ +FROM buildpack-deps:hirsute-scm + +ENV GITDIR /etc/.pihole +ENV SCRIPTDIR /opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/ +ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR +ENV DEBIAN_FRONTEND=noninteractive + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/tox.ubuntu_21.ini b/test/tox.ubuntu_21.ini new file mode 100644 index 00000000..651f933b --- /dev/null +++ b/test/tox.ubuntu_21.ini @@ -0,0 +1,8 @@ +[tox] +envlist = py37 + +[testenv] +whitelist_externals = docker +deps = -rrequirements.txt +commands = docker build -f _ubuntu_21.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_automated_install.py From 38d4b2a88339fef06e88fbc2da65d5141ccf0feb Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 14 Jul 2021 22:41:17 +0100 Subject: [PATCH 33/79] add OS_CHECK_DOMAIN_NAME override to all the dockerfiles Signed-off-by: Adam Warner --- test/_centos_7.Dockerfile | 1 + test/_centos_8.Dockerfile | 1 + test/_debian_10.Dockerfile | 1 + test/_debian_9.Dockerfile | 1 + test/_fedora_32.Dockerfile | 1 + test/_fedora_33.Dockerfile | 1 + test/_ubuntu_16.Dockerfile | 1 + test/_ubuntu_18.Dockerfile | 1 + test/_ubuntu_20.Dockerfile | 1 + 9 files changed, 9 insertions(+) diff --git a/test/_centos_7.Dockerfile b/test/_centos_7.Dockerfile index 00543b67..434242bf 100644 --- a/test/_centos_7.Dockerfile +++ b/test/_centos_7.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_centos_8.Dockerfile b/test/_centos_8.Dockerfile index 7444551b..afd2dc8a 100644 --- a/test/_centos_8.Dockerfile +++ b/test/_centos_8.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_10.Dockerfile b/test/_debian_10.Dockerfile index 9b72fc6a..54800d3c 100644 --- a/test/_debian_10.Dockerfile +++ b/test/_debian_10.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_9.Dockerfile b/test/_debian_9.Dockerfile index d6609ba3..c590a657 100644 --- a/test/_debian_9.Dockerfile +++ b/test/_debian_9.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_fedora_32.Dockerfile b/test/_fedora_32.Dockerfile index 869efb2b..e9c2ff2a 100644 --- a/test/_fedora_32.Dockerfile +++ b/test/_fedora_32.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_fedora_33.Dockerfile b/test/_fedora_33.Dockerfile index 0a1ac59c..9ae94c70 100644 --- a/test/_fedora_33.Dockerfile +++ b/test/_fedora_33.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_16.Dockerfile b/test/_ubuntu_16.Dockerfile index a92bc6f6..e572efd1 100644 --- a/test/_ubuntu_16.Dockerfile +++ b/test/_ubuntu_16.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ \ No newline at end of file diff --git a/test/_ubuntu_18.Dockerfile b/test/_ubuntu_18.Dockerfile index 2f63ea89..592c5c3f 100644 --- a/test/_ubuntu_18.Dockerfile +++ b/test/_ubuntu_18.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_20.Dockerfile b/test/_ubuntu_20.Dockerfile index caa6261f..80e2e007 100644 --- a/test/_ubuntu_20.Dockerfile +++ b/test/_ubuntu_20.Dockerfile @@ -13,5 +13,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ From a9b5fcd9230ff1f15ed85cfb92512c94d42e3301 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 15 Jul 2021 13:48:18 +0000 Subject: [PATCH 34/79] Add Ubuntu 21 to supportedos.txt, and github actions tests Signed-off-by: Daniel --- .github/workflows/test.yml | 2 +- supportedos.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a6fd1acc..129caea4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] + distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: diff --git a/supportedos.txt b/supportedos.txt index c9332deb..1726cc93 100644 --- a/supportedos.txt +++ b/supportedos.txt @@ -1,5 +1,5 @@ Raspbian=9,10 -Ubuntu=16,18,20 +Ubuntu=16,18,20,21 Debian=9,10,11 Fedora=32,33 CentOS=7,8 From 9beb3a9b6c2d1e7c9a57278df538409afe1ee8aa Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 16 Jul 2021 09:17:23 +0100 Subject: [PATCH 35/79] Delete supportedos.txt - it is not actually used anywhere can can cause confusion --- supportedos.txt | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 supportedos.txt diff --git a/supportedos.txt b/supportedos.txt deleted file mode 100644 index 1726cc93..00000000 --- a/supportedos.txt +++ /dev/null @@ -1,5 +0,0 @@ -Raspbian=9,10 -Ubuntu=16,18,20,21 -Debian=9,10,11 -Fedora=32,33 -CentOS=7,8 From 6be647a85f56028d9548467a86df1c2cc5ff24d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 16 Jul 2021 21:52:12 +0200 Subject: [PATCH 36/79] Fix coloring of pihole -t MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 126a4b86..470c9dc7 100755 --- a/pihole +++ b/pihole @@ -369,7 +369,7 @@ tailFunc() { # Color everything else as gray tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ - -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 From 092e533a30dcdef6716b975bb4587f052e7ec6ed Mon Sep 17 00:00:00 2001 From: Kenneth Chew Date: Sun, 18 Jul 2021 14:31:37 -0400 Subject: [PATCH 37/79] Add `-t` option to Admin Console help dialog Signed-off-by: Kenneth Chew --- advanced/Scripts/webpage.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 9f07b120..744416e7 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -44,7 +44,8 @@ Options: -e, email Set an administrative contact address for the Block Page -h, --help Show this help dialog -i, interface Specify dnsmasq's interface listening behavior - -l, privacylevel Set privacy level (0 = lowest, 3 = highest)" + -l, privacylevel Set privacy level (0 = lowest, 3 = highest) + -t, teleporter Backup configuration as an archive" exit 0 } From 57c40cbd09b461882eac4dac63f8ce816e343f1f Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 23 Jul 2021 20:43:13 +0200 Subject: [PATCH 38/79] Update pihole-FTL.service Make this script a bourne shell script, which requires the removal of only a single bashism, the "{n..m}" expansion. Furthermore, since POSIX echo has no reliable command line options, switch to printf when line breaks shall be omitted. On most distros/setups "sh" calls a much lighter bourne shell like dash, which inits and runs much faster than bash. Remove unused PIDFILE variable, remove the single case of FTLUSER call and remove it as well. Using variables here might give the wrong impression that there is a change these can be varied. But both are hardcoded in many places throughout Pi-hole, so in this service script. Consolidate and merge the commands to pre-create and set permissions for required files and directories. The /var/log/pihole directory is and was never used, the touch, chmod and chown call can be merged into one each to reduce overhead. Use "-f" option to to fail on missing database files instead of redirecting STDERR, which is otherwise helpful to debug other possible errors, like missing or corrupted commands, filesystem errors and such. Do not use "which pihole-FTL" when setting capabilities when the hardcoded path /usr/bin/pihole-FTL is used for the actual daemon call. It makes sense to use the full path here, as the Pi-hole installer and updater installs it explicitly there, and so we prevent users from e.g. overriding it via /usr/local/bin/pihole-FTL too easily. On pgrep and pkill calls, add the "-x" flag to assure that only "pihole-FTL" is matched and not "foo-pihole-FTL" or "pihole-FTL-bar". Do not remove possible leftovers from previous pihole-FTL processes on start, but on stop instead. Since "start" includes a proceeding "stop" as well, on service start nothing changes, but on service stop, some resources are now freed. Remove leading "$" from usage message. In bash this was omitted, as $'...' is a special syntax for escape sequence expansion, which is not applicable here. In dash it would be printed literally. To keep previous behaviour, it is hence removed. Signed-off-by: MichaIng --- advanced/Templates/pihole-FTL.service | 44 +++++++++++---------------- 1 file changed, 17 insertions(+), 27 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index f0743b49..76ad697a 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh ### BEGIN INIT INFO # Provides: pihole-FTL # Required-Start: $remote_fs $syslog $network @@ -9,11 +9,8 @@ # Description: Enable service provided by pihole-FTL daemon ### END INIT INFO -FTLUSER=pihole -PIDFILE=/run/pihole-FTL.pid - is_running() { - pgrep -o "pihole-FTL" > /dev/null 2>&1 + pgrep -xo "pihole-FTL" > /dev/null } @@ -23,27 +20,18 @@ start() { echo "pihole-FTL is already running" else # Touch files to ensure they exist (create if non-existing, preserve if existing) - touch /var/log/pihole-FTL.log /var/log/pihole.log - touch /run/pihole-FTL.pid /run/pihole-FTL.port - touch /etc/pihole/dhcp.leases - mkdir -p /run/pihole - mkdir -p /var/log/pihole - chown pihole:pihole /run/pihole /var/log/pihole - # Remove possible leftovers from previous pihole-FTL processes - rm -f /dev/shm/FTL-* 2> /dev/null - rm /run/pihole/FTL.sock 2> /dev/null + mkdir -pm 0755 /run/pihole + touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit all necessary files - chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port - chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null - chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log - chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole + chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist - chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null - if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then - su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" + chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "/usr/bin/pihole-FTL"; then + su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" - pihole-FTL + /usr/bin/pihole-FTL fi echo fi @@ -52,20 +40,20 @@ start() { # Stop the service stop() { if is_running; then - pkill -o pihole-FTL - for i in {1..5}; do + pkill -xo "pihole-FTL" + for i in 1 2 3 4 5; do if ! is_running; then break fi - echo -n "." + printf "." sleep 1 done echo if is_running; then echo "Not stopped; may still be shutting down or shutdown may have failed, killing now" - pkill -o -9 pihole-FTL + pkill -xo -9 "pihole-FTL" exit 1 else echo "Stopped" @@ -73,6 +61,8 @@ stop() { else echo "Not running" fi + # Cleanup + rm -f /run/pihole/FTL.sock /dev/shm/FTL-* echo } @@ -101,7 +91,7 @@ case "$1" in start ;; *) - echo $"Usage: $0 {start|stop|restart|reload|status}" + echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 esac From b1ea60484ef5156900aa274b889a2deef430b592 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 26 Jul 2021 13:22:26 -0700 Subject: [PATCH 39/79] Guard for logrotate func non-zero return Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4212159e..4ce3003b 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2043,7 +2043,10 @@ installPihole() { # Install the cron file installCron # Install the logrotate file - installLogrotate + if ! installLogrotate; then + printf " %b Failure in logrotate installation function.\\n" "${CROSS}" + # This isn't fatal, no need to exit. + fi # Check if dnsmasq is present. If so, disable it and back up any possible # config file disable_dnsmasq From 0c125eba2cc3cd097f93965f9084c8bf88649a4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 27 Jul 2021 22:04:30 +0200 Subject: [PATCH 40/79] Make output of SHM dir human readable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 8ea640c2..4c75f246 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1109,7 +1109,7 @@ list_files_in_dir() { : elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then # SHM file - we do not want to see the content, but we want to see the files and their sizes - log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")" + log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do From fbfec961d5e9a47ffd2100e2f9647eabd7784421 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 28 Jul 2021 21:16:19 +0200 Subject: [PATCH 41/79] Remove comparison of IP addresses with setupVars.conf Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 42 +-------------------------------- 1 file changed, 1 insertion(+), 41 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f0a22b6d..895747b1 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -605,38 +605,6 @@ parse_locale() { parse_file "${pihole_locale}" } -does_ip_match_setup_vars() { - # Check for IPv4 or 6 - local protocol="${1}" - # IP address to check for - local ip_address="${2}" - # See what IP is in the setupVars.conf file - local setup_vars_ip - setup_vars_ip=$(< ${PIHOLE_SETUP_VARS_FILE} grep IPV"${protocol}"_ADDRESS | cut -d '=' -f2) - # If it's an IPv6 address - if [[ "${protocol}" == "6" ]]; then - # Strip off the / (CIDR notation) - if [[ "${ip_address%/*}" == "${setup_vars_ip%/*}" ]]; then - # if it matches, show it in green - log_write " ${COL_GREEN}${ip_address%/*}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" - else - # otherwise show it in red with an FAQ URL - log_write " ${COL_RED}${ip_address%/*}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" - fi - - else - # if the protocol isn't 6, it's 4 so no need to strip the CIDR notation - # since it exists in the setupVars.conf that way - if [[ "${ip_address}" == "${setup_vars_ip}" ]]; then - # show in green if it matches - log_write " ${COL_GREEN}${ip_address}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" - else - # otherwise show it in red - log_write " ${COL_RED}${ip_address}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" - fi - fi -} - detect_ip_addresses() { # First argument should be a 4 or a 6 local protocol=${1} @@ -653,8 +621,7 @@ detect_ip_addresses() { log_write "${TICK} IPv${protocol} address(es) bound to the ${PIHOLE_INTERFACE} interface:" # Since there may be more than one IP address, store them in an array for i in "${!ip_addr_list[@]}"; do - # For each one in the list, print it out - does_ip_match_setup_vars "${protocol}" "${ip_addr_list[$i]}" + log_write " ${ip_addr_list[$i]}" done # Print a blank line just for formatting log_write "" @@ -663,13 +630,6 @@ detect_ip_addresses() { log_write "${CROSS} ${COL_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interface.\\n" return 1 fi - # If the protocol is v6 - if [[ "${protocol}" == "6" ]]; then - # let the user know that as long as there is one green address, things should be ok - log_write " ^ Please note that you may have more than one IP address listed." - log_write " As long as one of them is green, and it matches what is in ${PIHOLE_SETUP_VARS_FILE}, there is no need for concern.\\n" - log_write " The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.\\n" - fi } ping_ipv4_or_ipv6() { From d0eb0d50376358eed7d34579fcfa32a89fc0d1ec Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 28 Jul 2021 21:18:02 +0200 Subject: [PATCH 42/79] Remove extra failure display when installation of logrotate file is skipped because the file already exists Signed-off-by: DL6ER --- automated install/basic-install.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4ce3003b..96d0b693 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2042,11 +2042,10 @@ installPihole() { fi # Install the cron file installCron + # Install the logrotate file - if ! installLogrotate; then - printf " %b Failure in logrotate installation function.\\n" "${CROSS}" - # This isn't fatal, no need to exit. - fi + installLogrotate || true + # Check if dnsmasq is present. If so, disable it and back up any possible # config file disable_dnsmasq From d02aa3ced18094e33705b7b3e0d748ec10548791 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 28 Jul 2021 21:38:36 +0200 Subject: [PATCH 43/79] Fix error on checking interfaces that are not dual-stack Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4c75f246..837e1778 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -922,16 +922,20 @@ dig_at() { # s/\/.*$//g; # Removes CIDR and everything thereafter (e.g., scope properties) addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" - while IFS= read -r local_address ; do - # Check if Pi-hole can use itself to block a domain - if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then - # If it can, show success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" - else - # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})" - fi - done <<< "${addresses}" + if [ -n "${addresses}" ]; then + while IFS= read -r local_address ; do + # Check if Pi-hole can use itself to block a domain + if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then + # If it can, show success + log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" + else + # Otherwise, show a failure + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})" + fi + done <<< "${addresses}" + else + log_write "${TICK} No IPv${protocol} address available on ${COL_CYAN}${iface}${COL_NC}" + fi done <<< "${interfaces}" # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server From f552173be37d5ce1d58b31fa1ef7a0f4824a85f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 22:51:04 +0200 Subject: [PATCH 44/79] Resolve merge conflict MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4c75f246..3e31a097 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1110,6 +1110,10 @@ list_files_in_dir() { elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then # SHM file - we do not want to see the content, but we want to see the files and their sizes log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" + elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then + # in case of the dnsmasq directory inlcuede all files in the debug output + log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do From c99c86af7f161910f16eb98b2fef6b3f580dc8b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 22:53:30 +0200 Subject: [PATCH 45/79] Make all dir list output human readable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 3e31a097..c222491d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1112,14 +1112,14 @@ list_files_in_dir() { log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then # in case of the dnsmasq directory inlcuede all files in the debug output - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then # display the filename - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" # Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing) case "${dir_to_parse}/${each_file}" in # If it's Web server error log, give the first and last 25 lines From b05fc5bb2b39a38c0dfef45c03db2b9a24205063 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 23:01:18 +0200 Subject: [PATCH 46/79] Remove specific dnsmasq config files from requiered files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index c222491d..d3fc4fec 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -165,9 +165,6 @@ PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" ) # Store the required directories in an array so it can be parsed through REQUIRED_FILES=("${PIHOLE_CRON_FILE}" -"${PIHOLE_DNS_CONFIG_FILE}" -"${PIHOLE_DHCP_CONFIG_FILE}" -"${PIHOLE_WILDCARD_CONFIG_FILE}" "${WEB_SERVER_CONFIG_FILE}" "${WEB_SERVER_CUSTOM_CONFIG_FILE}" "${PIHOLE_INSTALL_LOG_FILE}" From aa2da807686b153818da5f825bfbab88c96945a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 23:06:01 +0200 Subject: [PATCH 47/79] Remove traces of unused files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d3fc4fec..3bd86a29 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -83,10 +83,6 @@ SHM_DIRECTORY="/dev/shm" # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 PIHOLE_CRON_FILE="${CRON_D_DIRECTORY}/pihole" -PIHOLE_DNS_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/01-pihole.conf" -PIHOLE_DHCP_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/02-pihole-dhcp.conf" -PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf" - WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf" WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf" From d2c75a33d5c0fc4e75b466533a1e3f0a7c68498f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 4 Aug 2021 20:13:41 +0200 Subject: [PATCH 48/79] Increase width of ID column in adlist and domain table in debug script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 837e1778..e9b4be76 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1258,11 +1258,11 @@ show_groups() { } show_adlists() { - show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "4 7 12 100 19 19 50" + show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 100 19 19 50" } show_domainlist() { - show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "4 4 7 12 100 19 19 50" + show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 4 7 12 100 19 19 50" } show_clients() { From 075b3f64682d9025370ae696d3ec4534d9ee07cd Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Wed, 4 Aug 2021 20:57:09 -0700 Subject: [PATCH 49/79] Remove ports, nc option and fix wording. Signed-off-by: Dan Schaper --- advanced/Scripts/piholeDebug.sh | 42 ++++++++++----------------------- 1 file changed, 13 insertions(+), 29 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 8ea640c2..55c5739e 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -56,11 +56,6 @@ FAQ_BAD_ADDRESS="${COL_CYAN}https://discourse.pi-hole.net/t/why-do-i-see-bad-add # Other URLs we may use FORUMS_URL="${COL_CYAN}https://discourse.pi-hole.net${COL_NC}" -TRICORDER_CONTEST="${COL_CYAN}https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/${COL_NC}" - -# Port numbers used for uploading the debug log -TRICORDER_NC_PORT_NUMBER=9999 -TRICORDER_SSL_PORT_NUMBER=9998 # Directories required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -1366,25 +1361,14 @@ analyze_pihole_log() { IFS="$OLD_IFS" } -tricorder_use_nc_or_curl() { - # Users can submit their debug logs using nc (unencrypted) or curl (encrypted) if available - # Check for curl first since encryption is a good thing - if command -v curl &> /dev/null; then - # If the command exists, - log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." - # transmit he log via TLS and store the token returned in a variable - tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER}) - if [ -z "${tricorder_token}" ]; then - # curl failed, fallback to nc - log_write " * ${COL_GREEN}curl${COL_NC} failed, falling back to ${COL_YELLOW}netcat${COL_NC} for transmission." - tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER}) - fi - # Otherwise, - else - # use net cat - log_write "${INFO} Using ${COL_YELLOW}netcat${COL_NC} for transmission." - # Save the token returned by our server in a variable - tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER}) +curl_to_tricorder() { + # Users can submit their debug logs using curl (encrypted) + log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." + # transmit he log via TLS and store the token returned in a variable + tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) + if [ -z "${tricorder_token}" ]; then + # curl failed, fallback to nc + log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi } @@ -1403,14 +1387,13 @@ upload_to_tricorder() { # Provide information on what they should do with their token log_write " * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only." - log_write " * For more information, see: ${TRICORDER_CONTEST}" - log_write " * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat." + # If pihole -d is running automatically (usually through the dashboard) if [[ "${AUTOMATED}" ]]; then # let the user know log_write "${INFO} Debug script running in automated mode" # and then decide again which tool to use to submit it - tricorder_use_nc_or_curl + curl_to_tricorder # If we're not running in automated mode, else echo "" @@ -1419,7 +1402,7 @@ upload_to_tricorder() { read -r -p "[?] Would you like to upload the log? [y/N] " response case ${response} in # If they say yes, run our function for uploading the log - [yY][eE][sS]|[yY]) tricorder_use_nc_or_curl;; + [yY][eE][sS]|[yY]) curl_to_tricorder;; # If they choose no, just exit out of the script *) log_write " * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.\\n * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n";exit; esac @@ -1433,12 +1416,13 @@ upload_to_tricorder() { log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}" + log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}" log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "" log_write " * Provide the token above to the Pi-hole team for assistance at" log_write " * ${FORUMS_URL}" - log_write " * Your log will self-destruct on our server after ${COL_RED}48 hours${COL_NC}." + # If no token was generated else # Show an error and some help instructions From 1358209a9ae75eb09fefdd9d5032c914c7f9a4d3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 21:48:26 +0100 Subject: [PATCH 50/79] rename distro_check to package_manager_detect, as it is more in keeping with what the function actually does Signed-off-by: Adam Warner --- automated install/basic-install.sh | 6 ++--- automated install/uninstall.sh | 6 ++--- test/test_automated_install.py | 24 +++++++++---------- test/test_centos_7_support.py | 22 ++++++++--------- test/test_centos_8_support.py | 22 ++++++++--------- test/test_centos_common_support.py | 38 +++++++++++++++--------------- test/test_fedora_support.py | 6 ++--- 7 files changed, 62 insertions(+), 62 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 96d0b693..0d674b2f 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -276,7 +276,7 @@ os_check() { } # Compatibility -distro_check() { +package_manager_detect() { # If apt-get is installed, then we know it's part of the Debian family if is_command apt-get ; then # Set some global variables here @@ -1950,7 +1950,7 @@ installLogrotate() { if [[ -f ${target} ]]; then printf "\\n\\t%b Existing logrotate file found. No changes made.\\n" "${INFO}" # Return value isn't that important, using 2 to indicate that it's not a fatal error but - # the function did not complete. + # the function did not complete. return 2 fi # Copy the file over from the local repo @@ -2643,7 +2643,7 @@ main() { fi # Check for supported distribution - distro_check + package_manager_detect # If the setup variable file exists, if [[ -f "${setupVars}" ]]; then diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 543ca07a..0f4c4ca6 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -42,8 +42,8 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # setupVars set in basic-install.sh source "${setupVars}" -# distro_check() sourced from basic-install.sh -distro_check +# package_manager_detect() sourced from basic-install.sh +package_manager_detect # Install packages used by the Pi-hole DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}") @@ -113,7 +113,7 @@ removeNoPurge() { fi fi echo -e "${OVER} ${TICK} Removed Web Interface" - + # Attempt to preserve backwards compatibility with older versions # to guarantee no additional changes were made to /etc/crontab after # the installation of pihole, /etc/crontab.pihole should be permanently diff --git a/test/test_automated_install.py b/test/test_automated_install.py index b3078f5a..21468cd7 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -18,13 +18,13 @@ def test_supported_operating_system(Pihole): # break supported package managers to emulate an unsupported distribution Pihole.run('rm -rf /usr/bin/apt-get') Pihole.run('rm -rf /usr/bin/rpm') - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = cross_box + ' OS distribution not supported' - assert expected_stdout in distro_check.stdout - # assert distro_check.rc == 1 + assert expected_stdout in package_manager_detect.stdout + # assert package_manager_detect.rc == 1 def test_setupVars_are_sourced_to_global_scope(Pihole): @@ -135,7 +135,7 @@ def test_update_package_cache_success_no_errors(Pihole): ''' updateCache = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect update_package_cache ''') expected_stdout = tick_box + ' Update local cache of available packages' @@ -150,7 +150,7 @@ def test_update_package_cache_failure_no_errors(Pihole): mock_command('apt-get', {'update': ('', '1')}, Pihole) updateCache = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect update_package_cache ''') expected_stdout = cross_box + ' Update local cache of available packages' @@ -357,7 +357,7 @@ def test_FTL_download_aarch64_no_errors(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') download_binary = Pihole.run(''' @@ -567,7 +567,7 @@ def test_os_check_fails(Pihole): ''' Confirms install fails on unsupported OS ''' Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} cat < /etc/os-release ID=UnsupportedOS @@ -586,7 +586,7 @@ def test_os_check_passes(Pihole): ''' Confirms OS meets the requirements ''' Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') detectOS = Pihole.run(''' @@ -602,7 +602,7 @@ def test_package_manager_has_installer_deps(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) output = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') @@ -615,7 +615,7 @@ def test_package_manager_has_pihole_deps(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) output = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${PIHOLE_DEPS[@]} ''') @@ -628,7 +628,7 @@ def test_package_manager_has_web_deps(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) output = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${PIHOLE_WEB_DEPS[@]} ''') diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py index 2f744ab4..ed99231a 100644 --- a/test/test_centos_7_support.py +++ b/test/test_centos_7_support.py @@ -9,13 +9,13 @@ def test_php_upgrade_default_optout_centos_eq_7(Pihole): ''' confirms the default behavior to opt-out of installing PHP7 from REMI ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -27,13 +27,13 @@ def test_php_upgrade_user_optout_centos_eq_7(Pihole): ''' # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -45,16 +45,16 @@ def test_php_upgrade_user_optin_centos_eq_7(Pihole): ''' # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert 'opt-out' not in distro_check.stdout + assert 'opt-out' not in package_manager_detect.stdout expected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert remi_package.is_installed diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py index d3e83658..b8ad9607 100644 --- a/test/test_centos_8_support.py +++ b/test/test_centos_8_support.py @@ -10,13 +10,13 @@ def test_php_upgrade_default_continue_centos_gte_8(Pihole): confirms the latest version of CentOS continues / does not optout (should trigger on CentOS7 only) ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -30,13 +30,13 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): ''' # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -50,16 +50,16 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): ''' # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert 'opt-out' not in distro_check.stdout + assert 'opt-out' not in package_manager_detect.stdout unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout unexpected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py index fdf43cba..8412173d 100644 --- a/test/test_centos_common_support.py +++ b/test/test_centos_common_support.py @@ -13,29 +13,29 @@ def test_release_supported_version_check_centos(Pihole): ''' # modify /etc/redhat-release to mock an unsupported CentOS release Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release') - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = cross_box + (' CentOS 6 is not supported.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = 'Please update to CentOS release 7 or later' - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout def test_enable_epel_repository_centos(Pihole): ''' confirms the EPEL package repository is enabled when installed on CentOS ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' Enabling EPEL package repository ' '(https://fedoraproject.org/wiki/EPEL)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + ' Installed epel-release' - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout epel_package = Pihole.package('epel-release') assert epel_package.is_installed @@ -51,13 +51,13 @@ def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -75,13 +75,13 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -99,20 +99,20 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages PIHOLE_WEB_DEPS[@] ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout not in distro_check.stdout + assert expected_stdout not in package_manager_detect.stdout expected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert remi_package.is_installed updated_php_package = Pihole.package('php') diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py index 473b2e96..a2ac4c71 100644 --- a/test/test_fedora_support.py +++ b/test/test_fedora_support.py @@ -3,11 +3,11 @@ def test_epel_and_remi_not_installed_fedora(Pihole): confirms installer does not attempt to install EPEL/REMI repositories on Fedora ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert distro_check.stdout == '' + assert package_manager_detect.stdout == '' epel_package = Pihole.package('epel-release') assert not epel_package.is_installed From 913dcead7f2c154e63fa1a607c394a1d4e6ef93c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 22:39:33 +0100 Subject: [PATCH 51/79] move chmod/chown of macvendor.db to pihole-FTL.service Signed-off-by: Adam Warner --- advanced/Templates/pihole-FTL.service | 3 ++- automated install/basic-install.sh | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index f0743b49..88f50539 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -37,8 +37,9 @@ start() { chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + chmod 0644 /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist - chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null + chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db 2> /dev/null if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" else diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 0d674b2f..71aa8b49 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2336,8 +2336,6 @@ FTLinstall() { # Before stopping FTL, we download the macvendor database curl -sSL "https://ftl.pi-hole.net/macvendor.db" -o "${PI_HOLE_CONFIG_DIR}/macvendor.db" || true - chmod 644 "${PI_HOLE_CONFIG_DIR}/macvendor.db" - chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/macvendor.db" # Stop pihole-FTL service if available stop_service pihole-FTL &> /dev/null From d68a2ffaf312071c2d849689dab178c548b73628 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 22:48:03 +0100 Subject: [PATCH 52/79] Install only minimal requiered package before performing os_check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Christian König Signed-off-by: Adam Warner --- automated install/basic-install.sh | 16 +++++++++++----- test/test_automated_install.py | 2 ++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 71aa8b49..9cad94b3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -354,10 +354,12 @@ if is_command apt-get ; then printf " %b Aborting installation: No SQLite PHP module was found in APT repository.\\n" "${CROSS}" exit 1 fi + # Packages required to perfom the os_check (stored as an array) + OS_CHECK_DEPS=(grep dnsutils) # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail dnsutils) + INSTALLER_DEPS=(git "${iproute_pkg}" whiptail) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(dhcpcd5 cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") @@ -400,7 +402,8 @@ elif is_command rpm ; then # These variable names match the ones in the Debian family. See above for an explanation of what they are for. PKG_INSTALL=("${PKG_MANAGER}" install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" - INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig bind-utils) + OS_CHECK_DEPS=(grep bind-utils) + INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig) PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap lsof) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) LIGHTTPD_USER="lighttpd" @@ -2662,12 +2665,15 @@ main() { # Notify user of package availability notify_package_updates_available - # Install packages used by this installation script - install_dependent_packages "${INSTALLER_DEPS[@]}" + # Install packages necessary to perform os_check + install_dependent_packages "${OS_CHECK_DEPS[@]}" # Check that the installed OS is officially supported - display warning if not os_check + # Install packages used by this installation script + install_dependent_packages "${INSTALLER_DEPS[@]}" + # Check if SELinux is Enforcing checkSelinux diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 21468cd7..593c19d2 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -568,6 +568,7 @@ def test_os_check_fails(Pihole): Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} cat < /etc/os-release ID=UnsupportedOS @@ -587,6 +588,7 @@ def test_os_check_passes(Pihole): Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} ''') detectOS = Pihole.run(''' From 3ad5097b12ae1ee26967a0ac757c04078aee2218 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 22:53:29 +0100 Subject: [PATCH 53/79] Change initial install script order: 1. Ensure we have a compatible package manager 2. Install required packages for os_check to run (we need dnsutils and grep for this 3. Try to install FTL 4. FTL installed? Install installer dependencies and continue as normal - no other dependencies are installed until user has gone through all whiptails Signed-off-by: Adam Warner --- automated install/basic-install.sh | 57 +++++++++++++++--------------- 1 file changed, 28 insertions(+), 29 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9cad94b3..563b6bee 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2643,9 +2643,36 @@ main() { fi fi - # Check for supported distribution + # Check for supported package managers so that we may install dependencies package_manager_detect + # Notify user of package availability + notify_package_updates_available + + # Install packages necessary to perform os_check + install_dependent_packages "${OS_CHECK_DEPS[@]}" + + # Check that the installed OS is officially supported - display warning if not + os_check + + # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole + local funcOutput + funcOutput=$(get_binary_name) #Store output of get_binary_name here + local binary + binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL) + local theRest + theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL") + if ! FTLdetect "${binary}" "${theRest}"; then + printf " %b FTL Engine not installed\\n" "${CROSS}" + exit 1 + fi + + # Install packages used by this installation script + install_dependent_packages "${INSTALLER_DEPS[@]}" + + # Check if SELinux is Enforcing + checkSelinux + # If the setup variable file exists, if [[ -f "${setupVars}" ]]; then # if it's running unattended, @@ -2661,22 +2688,6 @@ main() { fi fi - # Start the installer - # Notify user of package availability - notify_package_updates_available - - # Install packages necessary to perform os_check - install_dependent_packages "${OS_CHECK_DEPS[@]}" - - # Check that the installed OS is officially supported - display warning if not - os_check - - # Install packages used by this installation script - install_dependent_packages "${INSTALLER_DEPS[@]}" - - # Check if SELinux is Enforcing - checkSelinux - if [[ "${useUpdateVars}" == false ]]; then # Display welcome dialogs welcomeDialogs @@ -2740,18 +2751,6 @@ main() { # Create the pihole user create_pihole_user - # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole - local funcOutput - funcOutput=$(get_binary_name) #Store output of get_binary_name here - local binary - binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL) - local theRest - theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL") - if ! FTLdetect "${binary}" "${theRest}"; then - printf " %b FTL Engine not installed\\n" "${CROSS}" - exit 1 - fi - # Install and log everything to a file installPihole | tee -a /proc/$$/fd/3 From 2ff3b951170eb8ba00d5b328f853efbe3f7c6df4 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 23:11:22 +0100 Subject: [PATCH 54/79] put FTL Install back to where it was Signed-off-by: Adam Warner --- automated install/basic-install.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 563b6bee..d38e94e1 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2655,18 +2655,6 @@ main() { # Check that the installed OS is officially supported - display warning if not os_check - # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole - local funcOutput - funcOutput=$(get_binary_name) #Store output of get_binary_name here - local binary - binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL) - local theRest - theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL") - if ! FTLdetect "${binary}" "${theRest}"; then - printf " %b FTL Engine not installed\\n" "${CROSS}" - exit 1 - fi - # Install packages used by this installation script install_dependent_packages "${INSTALLER_DEPS[@]}" @@ -2751,6 +2739,18 @@ main() { # Create the pihole user create_pihole_user + # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole + local funcOutput + funcOutput=$(get_binary_name) #Store output of get_binary_name here + local binary + binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL) + local theRest + theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL") + if ! FTLdetect "${binary}" "${theRest}"; then + printf " %b FTL Engine not installed\\n" "${CROSS}" + exit 1 + fi + # Install and log everything to a file installPihole | tee -a /proc/$$/fd/3 From 1ecb9165ee38e54149cc0cc1081577089dd6a7bc Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 23:26:59 +0100 Subject: [PATCH 55/79] Remove weird global counter Signed-off-by: Adam Warner --- automated install/basic-install.sh | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d38e94e1..01090285 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1696,20 +1696,7 @@ notify_package_updates_available() { fi } -# This counter is outside of install_dependent_packages so that it can count the number of times the function is called. -counter=0 - install_dependent_packages() { - # Local, named variables should be used here, especially for an iterator - # Add one to the counter - counter=$((counter+1)) - if [[ "${counter}" == 1 ]]; then - # On the first loop, print a special message - printf " %b Installer Dependency checks...\\n" "${INFO}" - else - # On all subsequent loops, print a generic message. - printf " %b Main Dependency checks...\\n" "${INFO}" - fi # Install packages passed in via argument array # No spinner - conflicts with set -e @@ -2650,12 +2637,14 @@ main() { notify_package_updates_available # Install packages necessary to perform os_check + printf " %b Checking for / installing Required dependencies for OS Check...\\n" "${INFO}" install_dependent_packages "${OS_CHECK_DEPS[@]}" # Check that the installed OS is officially supported - display warning if not os_check # Install packages used by this installation script + printf " %b Checking for / installing Required dependencies for this install script...\\n" "${INFO}" install_dependent_packages "${INSTALLER_DEPS[@]}" # Check if SELinux is Enforcing @@ -2722,6 +2711,8 @@ main() { dep_install_list+=("${PIHOLE_WEB_DEPS[@]}") fi + # Install packages used by the actual software + printf " %b Checking for / installing Required dependencies for Pi-hole software...\\n" "${INFO}" install_dependent_packages "${dep_install_list[@]}" unset dep_install_list From bdab7014702aaa207cddad7b9a2b9728585adc20 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 3 Aug 2021 23:43:48 +0100 Subject: [PATCH 56/79] Remove dhcpcd5 dependency, however still help the user set the static IP if dhcpd5 is already installed (i.e on raspbian) Signed-off-by: Adam Warner --- automated install/basic-install.sh | 127 ++++------------------------- 1 file changed, 18 insertions(+), 109 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 01090285..5eda20ea 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -288,21 +288,6 @@ if is_command apt-get ; then PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" - # Some distros vary slightly so these fixes for dependencies may apply - # on Ubuntu 18.04.1 LTS we need to add the universe repository to gain access to dhcpcd5 - APT_SOURCES="/etc/apt/sources.list" - if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}' ${APT_SOURCES}; then - if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5" "${r}" "${c}"; then - printf " %b Aborting installation: Dependencies could not be installed.\\n" "${CROSS}" - exit 1 - else - printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}" - cp -p ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list - printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup" - add-apt-repository universe - printf " %b Enabled %s\\n" "${TICK}" "'universe' repository" - fi - fi # Update package cache. This is required already here to assure apt-cache calls have package lists available. update_package_cache || exit 1 # Debian 7 doesn't have iproute2 so check if it's available first @@ -359,7 +344,7 @@ if is_command apt-get ; then # Packages required to run this install script (stored as an array) INSTALLER_DEPS=(git "${iproute_pkg}" whiptail) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(dhcpcd5 cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") @@ -695,9 +680,17 @@ welcomeDialogs() { whiptail --msgbox --backtitle "Plea" --title "Free and open source" "\\n\\nThe Pi-hole is free, but powered by your donations: https://pi-hole.net/donate/" "${r}" "${c}" # Explain the need for a static address - whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly. + if whiptail --defaultno --backtitle "Initiating network interface" --title "Static IP Needed" --yesno "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly. -In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." "${r}" "${c}" +IMPORTANT: If you have not already done so, you must ensure that this device has a static IP. Either through DHCP reservation, or by manually assigning one. Depending on your operating system, there are many ways to achieve this. + +Choose yes to indicate that you have understood this message, and wish to continue" "${r}" "${c}"; then +#Nothing to do, continue + echo +else + printf " %b Installer exited at static IP message.\\n" "${INFO}" + exit 1 +fi } # A function that lets the user pick an interface to use with Pi-hole @@ -850,8 +843,11 @@ use4andor6() { if [[ "${useIPv4}" ]]; then # Run our function to get the information we need find_IPv4_information - getStaticIPv4Settings - setStaticIPv4 + if [[ -f "/etc/dhcpcd.conf" ]]; then + # configure networking via dhcpcd + getStaticIPv4Settings + setDHCPCD + fi fi # If IPv6 is to be used, if [[ "${useIPv6}" ]]; then @@ -936,93 +932,6 @@ setDHCPCD() { fi } -# Configure networking ifcfg-xxxx file found at /etc/sysconfig/network-scripts/ -# This function requires the full path of an ifcfg file passed as an argument -setIFCFG() { - # Local, named variables - local IFCFG_FILE - local IPADDR - local CIDR - IFCFG_FILE=$1 - printf -v IPADDR "%s" "${IPV4_ADDRESS%%/*}" - # Check if the desired IP is already set - if grep -Eq "${IPADDR}(\\b|\\/)" "${IFCFG_FILE}"; then - printf " %b Static IP already configured\\n" "${INFO}" - else - # Otherwise, put the IP in variables without the CIDR notation - printf -v CIDR "%s" "${IPV4_ADDRESS##*/}" - # Backup existing interface configuration: - cp -p "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig - # Build Interface configuration file using the GLOBAL variables we have - { - echo "# Configured via Pi-hole installer" - echo "DEVICE=$PIHOLE_INTERFACE" - echo "BOOTPROTO=none" - echo "ONBOOT=yes" - echo "IPADDR=$IPADDR" - echo "PREFIX=$CIDR" - echo "GATEWAY=$IPv4gw" - echo "DNS1=$PIHOLE_DNS_1" - echo "DNS2=$PIHOLE_DNS_2" - echo "USERCTL=no" - }> "${IFCFG_FILE}" - chmod 644 "${IFCFG_FILE}" - chown root:root "${IFCFG_FILE}" - # Use ip to immediately set the new address - ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}" - # If NetworkMangler command line interface exists and ready to mangle, - if is_command nmcli && nmcli general status &> /dev/null; then - # Tell NetworkManagler to read our new sysconfig file - nmcli con load "${IFCFG_FILE}" > /dev/null - fi - # Show a warning that the user may need to restart - printf " %b Set IP address to %s\\n You may need to restart after the install is complete\\n" "${TICK}" "${IPV4_ADDRESS%%/*}" - fi -} - -setStaticIPv4() { - # Local, named variables - local IFCFG_FILE - local CONNECTION_NAME - - # If a static interface is already configured, we are done. - if [[ -r "/etc/sysconfig/network/ifcfg-${PIHOLE_INTERFACE}" ]]; then - if grep -q '^BOOTPROTO=.static.' "/etc/sysconfig/network/ifcfg-${PIHOLE_INTERFACE}"; then - return 0 - fi - fi - # For the Debian family, if dhcpcd.conf exists then we can just configure using DHCPD. - if [[ -f "/etc/dhcpcd.conf" ]]; then - setDHCPCD - return 0 - fi - # If a DHCPCD config file was not found, check for an ifcfg config file based on the interface name - if [[ -f "/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE}" ]];then - # If it exists, then we can configure using IFCFG - IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE} - setIFCFG "${IFCFG_FILE}" - return 0 - fi - # If an ifcfg config does not exists for the interface name, search for one based on the connection name via network manager - if is_command nmcli && nmcli general status &> /dev/null; then - CONNECTION_NAME=$(nmcli dev show "${PIHOLE_INTERFACE}" | grep 'GENERAL.CONNECTION' | cut -d: -f2 | sed 's/^System//' | xargs | tr ' ' '_') - IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME} - if [[ -f "${IFCFG_FILE}" ]];then - # If it exists, - setIFCFG "${IFCFG_FILE}" - return 0 - else - printf " %b Warning: sysconfig network script not found. Creating ${IFCFG_FILE}\\n" "${INFO}" - touch "${IFCFG_FILE}" - setIFCFG "${IFCFG_FILE}" - return 0 - fi - fi - # If previous conditions failed, show an error and exit - printf " %b Warning: Unable to locate configuration file to set static IPv4 address\\n" "${INFO}" - exit 1 -} - # Check an IP address to see if it is a valid one valid_ip() { # Local, named variables @@ -2120,7 +2029,7 @@ Your Admin Webpage login password is ${pwstring}" IPv4: ${IPV4_ADDRESS%/*} IPv6: ${IPV6_ADDRESS:-"Not Configured"} -If you set a new IP address, you should restart the Pi. +If you have not done so already, the above IP should be set to static. The install log is in /etc/pihole. @@ -2817,7 +2726,7 @@ main() { printf " %b You may now configure your devices to use the Pi-hole as their DNS server\\n" "${INFO}" [[ -n "${IPV4_ADDRESS%/*}" ]] && printf " %b Pi-hole DNS (IPv4): %s\\n" "${INFO}" "${IPV4_ADDRESS%/*}" [[ -n "${IPV6_ADDRESS}" ]] && printf " %b Pi-hole DNS (IPv6): %s\\n" "${INFO}" "${IPV6_ADDRESS}" - printf " %b If you set a new IP address, please restart the server running the Pi-hole\\n" "${INFO}" + printf " %b If you have not done so already, the above IP should be set to static.\\n" "${INFO}" INSTALL_TYPE="Installation" else INSTALL_TYPE="Update" From ffe45e8b76b19ecc7db0b3f06d8c2027e20d1d56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 6 Aug 2021 20:51:48 +0200 Subject: [PATCH 57/79] On enabling/disabeling only reload-lists instead of reload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 470c9dc7..e8fa9317 100755 --- a/pihole +++ b/pihole @@ -242,7 +242,7 @@ Time: echo "BLOCKING_ENABLED=true" >> "${setupVars}" fi - restartDNS reload + restartDNS reload-lists echo -e "${OVER} ${TICK} ${str}" } From bb7c7cdf337ba0ddee21f83d99ae03c569b61bf5 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sat, 7 Aug 2021 20:07:14 +0200 Subject: [PATCH 58/79] Add uptime to debug log (#4265) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add uptime to debug log Signed-off-by: Christian König * Address github comments Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 0c4393cc..26ef61fa 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -230,6 +230,7 @@ copy_to_debug_log() { } initialize_debug() { + local system_uptime # Clear the screen so the debug log is readable clear show_disclaimer @@ -237,6 +238,10 @@ initialize_debug() { log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}" # Timestamp the start of the log log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initialized." + # Uptime of the system + # credits to https://stackoverflow.com/questions/28353409/bash-format-uptime-to-show-days-hours-minutes + system_uptime=$(uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/){if ($9=="min") {d=$6;m=$8} else {d=$6;h=$8;m=$9}} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes"}') + log_write "${INFO} System has been running for ${system_uptime}" } # This is a function for visually displaying the current test that is being run. From ee749f700fcaecb888093d6785f6140682b91f26 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sat, 7 Aug 2021 20:07:45 +0200 Subject: [PATCH 59/79] Add switching 'to...from' message to ftl checkout output (#4266) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add switching 'to...from' message to ftl checkout output Signed-off-by: Christian König * Add quotes Signed-off-by: Christian König --- advanced/Scripts/piholeCheckout.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 1c1b16a4..4c0a4f40 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -166,12 +166,15 @@ checkout() { checkout_pull_branch "${webInterfaceDir}" "${2}" elif [[ "${1}" == "ftl" ]] ; then local path + local oldbranch path="${2}/${binary}" + oldbranch="$(pihole-FTL -b)" if check_download_exists "$path"; then echo " ${TICK} Branch ${2} exists" echo "${2}" > /etc/pihole/ftlbranch chmod 644 /etc/pihole/ftlbranch + echo -e " ${INFO} Switching to branch: \"${2}\" from \"${oldbranch}\"" FTLinstall "${binary}" restart_service pihole-FTL enable_service pihole-FTL From 676b7e60f3dd3e0eee661f4e2638bf387440e118 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 12 Aug 2021 13:55:40 +0200 Subject: [PATCH 60/79] Fix Splashpage not appearing properly on non-root directories MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/index.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index a38cd365..d0c5fc5d 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -73,12 +73,12 @@ if ($serverName === "pi.hole" $viewPort ● $serverName - - + +
- Pi-hole logo + Pi-hole logo

Pi-hole: Your black hole for Internet advertisements

Did you mean to go to the admin panel?
From 3ef90a9e47f8af7595506818d83f706624b56ff4 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 13 Aug 2021 20:37:42 +0200 Subject: [PATCH 61/79] Remove ineffective Access-Control-Allow-Origin header The Access-Control-Allow-Origin header has only relevance, when a resource is loaded from an external host, so one that does not match the host of the primary loaded website. As the fonts are reasonably loaded via local URLs without hostname or scheme from the blocking page style sheet, they are never seen as external resources, regardless whether the blocking page is shown to the browser from a blocked domain or from the Pi-hole domain/IP. For reference: https://github.com/pi-hole/pi-hole/issues/3462 Signed-off-by: MichaIng --- advanced/lighttpd.conf.debian | 5 ----- advanced/lighttpd.conf.fedora | 5 ----- 2 files changed, 10 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 9c892fc0..3ecd7213 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -78,11 +78,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index aae4a6a4..5a99a9bf 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -86,11 +86,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore From ea5a3bf0b22c204198c99d09b788719c98ec6d96 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 15 Aug 2021 11:17:09 +0200 Subject: [PATCH 62/79] Install RFC6761 config file Signed-off-by: DL6ER --- advanced/06-rfc6761.conf | 41 ++++++++++++++++++++++++++++++ automated install/basic-install.sh | 8 +++++- automated install/uninstall.sh | 1 + 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 advanced/06-rfc6761.conf diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf new file mode 100644 index 00000000..7fb9be00 --- /dev/null +++ b/advanced/06-rfc6761.conf @@ -0,0 +1,41 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2021 Pi-hole, LLC (https://pi-hole.net) +# Network-wide ad blocking via your own hardware. +# +# RFC 6761 config file for Pi-hole +# +# This file is copyright under the latest version of the EUPL. +# Please see LICENSE file for your rights under this license. + +############################################################################### +# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # +# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # +# # +# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # +# WITHIN /etc/dnsmasq.d/yourname.conf # +############################################################################### + +# RFC 6761: Caching DNS servers SHOULD recognize +# test, localhost, invalid +# names as special and SHOULD NOT attempt to look up NS records for them, or +# otherwise query authoritative DNS servers in an attempt to resolve these +# names. +server=/test/ +server=/localhost/ +server=/invalid/ + +# The same RFC requests something similar for +# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 27.172.in-addr.arpa. +# 17.172.in-addr.arpa. 30.172.in-addr.arpa. 28.172.in-addr.arpa. +# 18.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. +# 19.172.in-addr.arpa. 24.172.in-addr.arpa. 31.172.in-addr.arpa. +# 20.172.in-addr.arpa. 25.172.in-addr.arpa. 168.192.in-addr.arpa. +# Pi-hole implements this via the dnsmasq option "bogus-priv" (see +# 01-pihole.conf) because this also covers IPv6. + +# OpenWRT furthermore blocks bind, local, onion domains, this seems meaningful +# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD +# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +server=/bind/ +server=/local/ +server=/onion/ diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..51ff5dcf 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1249,6 +1249,8 @@ version_check_dnsmasq() { local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_config="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_location="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1284,7 +1286,7 @@ version_check_dnsmasq() { fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + printf "%b %b Copied 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" @@ -1315,6 +1317,10 @@ version_check_dnsmasq() { # Otherwise, enable it by uncommenting the directive in the DNS config file sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" fi + + printf " %b Copying 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf..." "${INFO}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_config}" "${dnsmasq_rfc6761_06_location}" + printf "%b %b Copied 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf\\n" "${OVER}" "${TICK}" } # Clean an existing installation to prepare for upgrade/reinstall diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 0f4c4ca6..5e27514f 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -145,6 +145,7 @@ removeNoPurge() { ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null + ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null ${SUDO} rm -rf /var/log/*pihole* &> /dev/null ${SUDO} rm -rf /etc/pihole/ &> /dev/null ${SUDO} rm -rf /etc/.pihole/ &> /dev/null From e1dca46423a003cc2bf4b114547dc4779c688ee9 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 16 Jul 2021 19:58:49 +0200 Subject: [PATCH 63/79] Hardcode whiptail dimensions to 20 rows and 70 chars width With the suggested way to call the installer via "curl -sSL https://install.pi-hole.net | bash", STDIN is no terminal, but overridden by the curl output, hence in most cases, the minimum dimensions were applied, even on larger screens. All whiptail calls are hence assured to work fine with those dimensions, aside of one case, making the calculations obsolete. This commit hardcodes the whiptail dimensions to the prior minimum and removes the calculations. This also helps with testing, as it does not matter anymore how the script is called, and developers have a clearly defined space to make dialogs look nice, including line breaks, menu and list heights. The only case which does not fit the 70 character width, the second menu entry of the "pihole -r" dialog, has been shortened accordingly. This was not an issue before, as "pihole -r" does not override the scripts STDIN and hence did allow larger dimensions based on the now removed calculations. See the following discussions for reference: - https://github.com/pi-hole/pi-hole/issues/3323 - https://github.com/pi-hole/pi-hole/pull/4197#issuecomment-876702380 Signed-off-by: MichaIng --- automated install/basic-install.sh | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..e68ee1eb 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -94,24 +94,9 @@ if [ -z "${USER}" ]; then USER="$(id -un)" fi - -# Check if we are running on a real terminal and find the rows and columns -# If there is no real terminal, we will default to 80x24 -if [ -t 0 ] ; then - screen_size=$(stty size) -else - screen_size="24 80" -fi -# Determine terminal rows and columns by parsing screen_size -printf -v rows '%d' "${screen_size%% *}" -printf -v columns '%d' "${screen_size##* }" - -# Divide by two so the dialogs take up half of the screen, which looks nice. -r=$(( rows / 2 )) -c=$(( columns / 2 )) -# Unless the screen is tiny -r=$(( r < 20 ? 20 : r )) -c=$(( c < 70 ? 70 : c )) +# whiptail dialog dimensions: 20 rows and 70 chars width assures to fit on small screens and is known to hold all content. +r=20 +c=70 ######## Undocumented Flags. Shhh ######## # These are undocumented flags; some of which we can use when repairing an installation @@ -2050,7 +2035,7 @@ update_dialogs() { strAdd="You will be updated to the latest version." fi opt2a="Reconfigure" - opt2b="This will reset your Pi-hole and allow you to enter new settings." + opt2b="Resets Pi-hole and allows re-selecting settings." # Display the information to the user UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\\n\\nWe have detected an existing install.\\n\\nPlease choose from the following options: \\n($strAdd)" "${r}" "${c}" 2 \ From e8e8104b36913b07101a4b3180b6a42b6d0af0e8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 15 Aug 2021 18:37:12 +0200 Subject: [PATCH 64/79] Remove server=/local/ because of https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 Signed-off-by: DL6ER --- advanced/06-rfc6761.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf index 7fb9be00..e03569e8 100644 --- a/advanced/06-rfc6761.conf +++ b/advanced/06-rfc6761.conf @@ -33,9 +33,9 @@ server=/invalid/ # Pi-hole implements this via the dnsmasq option "bogus-priv" (see # 01-pihole.conf) because this also covers IPv6. -# OpenWRT furthermore blocks bind, local, onion domains, this seems meaningful +# OpenWRT furthermore blocks bind, local, onion domains # see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD # and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 server=/bind/ -server=/local/ server=/onion/ From ff64d8cf4d20871b105f228185bef9464ad083b8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 16 Aug 2021 09:57:12 +0200 Subject: [PATCH 65/79] Use variable in user output, too Signed-off-by: DL6ER --- automated install/basic-install.sh | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 51ff5dcf..f4d9edc0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1247,10 +1247,10 @@ version_check_dnsmasq() { local dnsmasq_pihole_id_string="addn-hosts=/etc/pihole/gravity.list" local dnsmasq_pihole_id_string2="# Dnsmasq config for Pi-hole's FTLDNS" local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" - local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" - local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" - local dnsmasq_rfc6761_06_config="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" - local dnsmasq_rfc6761_06_location="/etc/dnsmasq.d/06-rfc6761.conf" + local dnsmasq_pihole_01_source="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" + local dnsmasq_pihole_01_target="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_source="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_target="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1279,48 +1279,48 @@ version_check_dnsmasq() { printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" fi - printf " %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." "${INFO}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_pihole_01_target}" # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) if [[ ! -d "/etc/dnsmasq.d" ]];then install -d -m 755 "/etc/dnsmasq.d" fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory - install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copied 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + install -D -m 644 -T "${dnsmasq_pihole_01_source}" "${dnsmasq_pihole_01_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_pihole_01_target}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, - sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" + sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_target}" if [[ "${PIHOLE_DNS_1}" != "" ]]; then # then swap in the primary DNS server. - sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_target}" else # Otherwise, remove the line which sets DNS1. - sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_target}" fi # Ditto if DNS2 is not empty if [[ "${PIHOLE_DNS_2}" != "" ]]; then - sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_target}" else - sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}" fi # Set the cache size - sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" ${dnsmasq_pihole_01_location} + sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}" # If the user does not want to enable logging, if [[ "${QUERY_LOGGING}" == false ]] ; then # disable it by commenting out the directive in the DNS config file - sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_target}" else # Otherwise, enable it by uncommenting the directive in the DNS config file - sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_target}" fi - printf " %b Copying 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf..." "${INFO}" - install -D -m 644 -T "${dnsmasq_rfc6761_06_config}" "${dnsmasq_rfc6761_06_location}" - printf "%b %b Copied 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf\\n" "${OVER}" "${TICK}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_rfc6761_06_source}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_source}" "${dnsmasq_rfc6761_06_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_rfc6761_06_target}" } # Clean an existing installation to prepare for upgrade/reinstall From c2f3477a824bf26f551ff1cb8ce510713b1ac394 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 20 Aug 2021 14:04:50 +0200 Subject: [PATCH 66/79] Ensure conditional forwarding will forward unqualified host names if we have no local answer for them. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 744416e7..129bdb62 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -269,7 +269,10 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" + # Forward unqualified names to the CF target + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then + # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi fi From 06fd8123c3b3fd73d367fb1045e1a30c514f54e0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 20 Aug 2021 16:26:17 +0200 Subject: [PATCH 67/79] Also remove "rev-server" lines when rewriting 01-pihole.conf Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 129bdb62..fa2c044d 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -54,7 +54,7 @@ add_setting() { } delete_setting() { - sed -i "/${1}/d" "${setupVars}" + sed -i "/^${1}/d" "${setupVars}" } change_setting() { @@ -67,7 +67,7 @@ addFTLsetting() { } deleteFTLsetting() { - sed -i "/${1}/d" "${FTLconf}" + sed -i "/^${1}/d" "${FTLconf}" } changeFTLsetting() { @@ -84,7 +84,7 @@ add_dnsmasq_setting() { } delete_dnsmasq_setting() { - sed -i "/${1}/d" "${dnsmasqconfig}" + sed -i "/^${1}/d" "${dnsmasqconfig}" } SetTemperatureUnit() { @@ -267,6 +267,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 delete_setting "CONDITIONAL_FORWARDING_IP" fi + delete_dnsmasq_setting "rev-server" + if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" # Forward unqualified names to the CF target From 839a70cc3796731b075cb436f8fc400d71a90ad5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 27 Aug 2021 19:16:15 +0200 Subject: [PATCH 68/79] Add sudo to apt-get recommendation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..54397198 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1578,7 +1578,7 @@ update_package_cache() { else # Otherwise, show an error and exit printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "${UPDATE_PKG_CACHE}" "${COL_NC}" + printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" return 1 fi } From 31c7c019cb3c0678eeac4935cf770d7919587398 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 14:04:48 +0200 Subject: [PATCH 69/79] Fix piping to pihole tricorder Signed-off-by: DL6ER --- pihole | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/pihole b/pihole index e8fa9317..1fba6f4d 100755 --- a/pihole +++ b/pihole @@ -404,29 +404,10 @@ tricorderFunc() { exit 1 fi - if ! (echo > /dev/tcp/tricorder.pi-hole.net/9998) >/dev/null 2>&1; then - echo -e " ${CROSS} Unable to connect to Pi-hole's Tricorder server" - exit 1 - fi - - if command -v openssl &> /dev/null; then - openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin - exit "$?" - else - echo -e " ${INFO} ${COL_YELLOW}Security Notice${COL_NC}: ${COL_WHITE}openssl${COL_NC} is not installed - Your debug log will be transmitted unencrypted via plain-text - There is a possibility that this could be intercepted by a third party - If you wish to cancel, press Ctrl-C to exit within 10 seconds" - secs="10" - while [[ "$secs" -gt "0" ]]; do - echo -ne "." - sleep 1 - : $((secs--)) - done - echo " " - nc tricorder.pi-hole.net 9999 < /dev/stdin - exit "$?" - fi + curl --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin + ret=$? + echo "" + exit $ret } updateCheckFunc() { From 21897d7fbd1b7b9d2e3bab3fa94c29fd63625367 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 15:55:42 +0200 Subject: [PATCH 70/79] Add warning if curl failed Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 1 - pihole | 12 ++++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 26ef61fa..4e2a1ca8 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1336,7 +1336,6 @@ curl_to_tricorder() { # transmit he log via TLS and store the token returned in a variable tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) if [ -z "${tricorder_token}" ]; then - # curl failed, fallback to nc log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi } diff --git a/pihole b/pihole index 1fba6f4d..e7a6978b 100755 --- a/pihole +++ b/pihole @@ -399,15 +399,19 @@ Branches: } tricorderFunc() { + local tricorder_token if [[ ! -p "/dev/stdin" ]]; then echo -e " ${INFO} Please do not call Tricorder directly" exit 1 fi - curl --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin - ret=$? - echo "" - exit $ret + tricorder_token="$(curl --silent --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" + if [ -z "${tricorder_token}" ]; then + echo -e "${CROSS} uploading failed failed, contact Pi-hole support for assistance." + exit 1 + fi + echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" + exit 0 } updateCheckFunc() { From 115e3eeda9098e3d3499dfcedf6154b8ce77c78b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 20:20:45 +0200 Subject: [PATCH 71/79] Use --no-progress-meter instead of --silent so error reasons are printed Signed-off-by: DL6ER --- pihole | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pihole b/pihole index e7a6978b..7b1d5404 100755 --- a/pihole +++ b/pihole @@ -405,9 +405,9 @@ tricorderFunc() { exit 1 fi - tricorder_token="$(curl --silent --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" + tricorder_token="$(curl --no-progress-meter --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" if [ -z "${tricorder_token}" ]; then - echo -e "${CROSS} uploading failed failed, contact Pi-hole support for assistance." + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." exit 1 fi echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" From b241a19e8727c75e01c883136eb367d0550c9555 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 21:19:47 +0200 Subject: [PATCH 72/79] Use --no-progress-meter instead of --silent so error reasons are printed Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4e2a1ca8..5113615d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1334,7 +1334,7 @@ curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." # transmit he log via TLS and store the token returned in a variable - tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) + tricorder_token="$(curl --no-progress-meter --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net)" if [ -z "${tricorder_token}" ]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi From 6fec4acd827132936e27a5c2e20f3367ee9010a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 5 Sep 2021 20:44:39 +0200 Subject: [PATCH 73/79] Add content of /etc/resolv.conf to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4e2a1ca8..ab4b1515 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -73,6 +73,7 @@ HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" SHM_DIRECTORY="/dev/shm" +ETC="/etc" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -136,6 +137,8 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log" PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" +RESOLVCONF="${ETC}/resolv.conf" + # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS") @@ -180,7 +183,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_DEBUG_LOG}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" -"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") +"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" +"${RESOLVCONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. @@ -1118,6 +1122,7 @@ show_content_of_pihole_files() { show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}" show_content_of_files_in_dir "${LOG_DIRECTORY}" show_content_of_files_in_dir "${SHM_DIRECTORY}" + show_content_of_files_in_dir "${ETC}" } head_tail_log() { From 69411555721afb713defacb33d626ecd845f8b1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 6 Sep 2021 17:16:36 +0200 Subject: [PATCH 74/79] Add content of /etc/dnsmasq.conf to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index ab4b1515..a12a79b3 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -138,6 +138,7 @@ PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" RESOLVCONF="${ETC}/resolv.conf" +DNSMASQ_CONF="${ETC}/dnsmasq.conf" # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value @@ -184,7 +185,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" -"${RESOLVCONF}") +"${RESOLVCONF}" +"${DNSMASQ_CONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. From a1ee7d92a9b2c3535b228d7af88990a0bd84250c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 6 Sep 2021 22:38:16 +0200 Subject: [PATCH 75/79] Add possibly missing capabilities Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 88f50539..0f96c8bd 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -40,7 +40,7 @@ start() { chmod 0644 /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db 2> /dev/null - if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "$(which pihole-FTL)"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" From 606b05eec19da6e076179e80174178ef79f084fa Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:13:09 +0200 Subject: [PATCH 76/79] Ensure curl is either storing a valid token or a meaningful error message Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 5113615d..6172dae2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1334,9 +1334,14 @@ curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." # transmit he log via TLS and store the token returned in a variable - tricorder_token="$(curl --no-progress-meter --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net)" - if [ -z "${tricorder_token}" ]; then + tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ ! -z "${tricorder_token}" ]; then + log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi fi } From be68a5339ceb3e5d522f469fe2c71eb3678d57ed Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:15:36 +0200 Subject: [PATCH 77/79] Apply same improvement to pihole tricorder feature Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- pihole | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 6172dae2..02e253a9 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1333,7 +1333,7 @@ analyze_pihole_log() { curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." - # transmit he log via TLS and store the token returned in a variable + # transmit the log via TLS and store the token returned in a variable tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." diff --git a/pihole b/pihole index 7b1d5404..b30f6052 100755 --- a/pihole +++ b/pihole @@ -405,12 +405,17 @@ tricorderFunc() { exit 1 fi - tricorder_token="$(curl --no-progress-meter --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" - if [ -z "${tricorder_token}" ]; then - echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." - exit 1 + tricorder_token=$(curl --silent --fail --show-error --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ ! -z "${tricorder_token}" ]; then + echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi + exit 1 fi - echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" + echo "Upload successful, your token is: ${COL_GREEN}${tricorder_token}${COL_NC}" exit 0 } From cbc99d45c6a2ec243dc2e31e80d1681bd4b8e889 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:20:42 +0200 Subject: [PATCH 78/79] Small style change to finished debug upload display Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 15 +++++++-------- pihole | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 02e253a9..e2dba54a 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1338,7 +1338,7 @@ curl_to_tricorder() { if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." # Log curl error (if available) - if [ ! -z "${tricorder_token}" ]; then + if [ -n "${tricorder_token}" ]; then log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" tricorder_token="" fi @@ -1386,15 +1386,14 @@ upload_to_tricorder() { # Again, try to make this visually striking so the user realizes they need to do something with this information # Namely, provide the Pi-hole devs with the token log_write "" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}\\n" log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}" - log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}\\n" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" log_write "" - log_write " * Provide the token above to the Pi-hole team for assistance at" - log_write " * ${FORUMS_URL}" + log_write " * Provide the token above to the Pi-hole team for assistance at ${FORUMS_URL}" # If no token was generated else diff --git a/pihole b/pihole index b30f6052..31356671 100755 --- a/pihole +++ b/pihole @@ -409,7 +409,7 @@ tricorderFunc() { if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." # Log curl error (if available) - if [ ! -z "${tricorder_token}" ]; then + if [ -n "${tricorder_token}" ]; then echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" tricorder_token="" fi From d0e8b0c962bde2d538baa2f59111677176c04d55 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 9 Sep 2021 20:28:33 +0200 Subject: [PATCH 79/79] Forward unqualified names to the CF target only when the "Never forward non-FQDN" option is NOT ticked Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index fa2c044d..52c388f8 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -271,12 +271,17 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" - # Forward unqualified names to the CF target - add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi + + if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then + # Forward unqualified names to the CF target only when the "never + # forward non-FQDN" option is unticked + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" + fi + fi # We need to process DHCP settings here as well to account for possible