From f552173be37d5ce1d58b31fa1ef7a0f4824a85f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 22:51:04 +0200 Subject: [PATCH 01/21] Resolve merge conflict MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4c75f246..3e31a097 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1110,6 +1110,10 @@ list_files_in_dir() { elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then # SHM file - we do not want to see the content, but we want to see the files and their sizes log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" + elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then + # in case of the dnsmasq directory inlcuede all files in the debug output + log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do From c99c86af7f161910f16eb98b2fef6b3f580dc8b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 22:53:30 +0200 Subject: [PATCH 02/21] Make all dir list output human readable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 3e31a097..c222491d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1112,14 +1112,14 @@ list_files_in_dir() { log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then # in case of the dnsmasq directory inlcuede all files in the debug output - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then # display the filename - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" # Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing) case "${dir_to_parse}/${each_file}" in # If it's Web server error log, give the first and last 25 lines From b05fc5bb2b39a38c0dfef45c03db2b9a24205063 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 23:01:18 +0200 Subject: [PATCH 03/21] Remove specific dnsmasq config files from requiered files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index c222491d..d3fc4fec 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -165,9 +165,6 @@ PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" ) # Store the required directories in an array so it can be parsed through REQUIRED_FILES=("${PIHOLE_CRON_FILE}" -"${PIHOLE_DNS_CONFIG_FILE}" -"${PIHOLE_DHCP_CONFIG_FILE}" -"${PIHOLE_WILDCARD_CONFIG_FILE}" "${WEB_SERVER_CONFIG_FILE}" "${WEB_SERVER_CUSTOM_CONFIG_FILE}" "${PIHOLE_INSTALL_LOG_FILE}" From aa2da807686b153818da5f825bfbab88c96945a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 23:06:01 +0200 Subject: [PATCH 04/21] Remove traces of unused files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d3fc4fec..3bd86a29 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -83,10 +83,6 @@ SHM_DIRECTORY="/dev/shm" # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 PIHOLE_CRON_FILE="${CRON_D_DIRECTORY}/pihole" -PIHOLE_DNS_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/01-pihole.conf" -PIHOLE_DHCP_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/02-pihole-dhcp.conf" -PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf" - WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf" WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf" From ea5a3bf0b22c204198c99d09b788719c98ec6d96 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 15 Aug 2021 11:17:09 +0200 Subject: [PATCH 05/21] Install RFC6761 config file Signed-off-by: DL6ER --- advanced/06-rfc6761.conf | 41 ++++++++++++++++++++++++++++++ automated install/basic-install.sh | 8 +++++- automated install/uninstall.sh | 1 + 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 advanced/06-rfc6761.conf diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf new file mode 100644 index 00000000..7fb9be00 --- /dev/null +++ b/advanced/06-rfc6761.conf @@ -0,0 +1,41 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2021 Pi-hole, LLC (https://pi-hole.net) +# Network-wide ad blocking via your own hardware. +# +# RFC 6761 config file for Pi-hole +# +# This file is copyright under the latest version of the EUPL. +# Please see LICENSE file for your rights under this license. + +############################################################################### +# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # +# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # +# # +# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # +# WITHIN /etc/dnsmasq.d/yourname.conf # +############################################################################### + +# RFC 6761: Caching DNS servers SHOULD recognize +# test, localhost, invalid +# names as special and SHOULD NOT attempt to look up NS records for them, or +# otherwise query authoritative DNS servers in an attempt to resolve these +# names. +server=/test/ +server=/localhost/ +server=/invalid/ + +# The same RFC requests something similar for +# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 27.172.in-addr.arpa. +# 17.172.in-addr.arpa. 30.172.in-addr.arpa. 28.172.in-addr.arpa. +# 18.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. +# 19.172.in-addr.arpa. 24.172.in-addr.arpa. 31.172.in-addr.arpa. +# 20.172.in-addr.arpa. 25.172.in-addr.arpa. 168.192.in-addr.arpa. +# Pi-hole implements this via the dnsmasq option "bogus-priv" (see +# 01-pihole.conf) because this also covers IPv6. + +# OpenWRT furthermore blocks bind, local, onion domains, this seems meaningful +# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD +# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +server=/bind/ +server=/local/ +server=/onion/ diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..51ff5dcf 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1249,6 +1249,8 @@ version_check_dnsmasq() { local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_config="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_location="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1284,7 +1286,7 @@ version_check_dnsmasq() { fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + printf "%b %b Copied 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" @@ -1315,6 +1317,10 @@ version_check_dnsmasq() { # Otherwise, enable it by uncommenting the directive in the DNS config file sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" fi + + printf " %b Copying 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf..." "${INFO}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_config}" "${dnsmasq_rfc6761_06_location}" + printf "%b %b Copied 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf\\n" "${OVER}" "${TICK}" } # Clean an existing installation to prepare for upgrade/reinstall diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 0f4c4ca6..5e27514f 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -145,6 +145,7 @@ removeNoPurge() { ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null + ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null ${SUDO} rm -rf /var/log/*pihole* &> /dev/null ${SUDO} rm -rf /etc/pihole/ &> /dev/null ${SUDO} rm -rf /etc/.pihole/ &> /dev/null From e8e8104b36913b07101a4b3180b6a42b6d0af0e8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 15 Aug 2021 18:37:12 +0200 Subject: [PATCH 06/21] Remove server=/local/ because of https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 Signed-off-by: DL6ER --- advanced/06-rfc6761.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf index 7fb9be00..e03569e8 100644 --- a/advanced/06-rfc6761.conf +++ b/advanced/06-rfc6761.conf @@ -33,9 +33,9 @@ server=/invalid/ # Pi-hole implements this via the dnsmasq option "bogus-priv" (see # 01-pihole.conf) because this also covers IPv6. -# OpenWRT furthermore blocks bind, local, onion domains, this seems meaningful +# OpenWRT furthermore blocks bind, local, onion domains # see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD # and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 server=/bind/ -server=/local/ server=/onion/ From ff64d8cf4d20871b105f228185bef9464ad083b8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 16 Aug 2021 09:57:12 +0200 Subject: [PATCH 07/21] Use variable in user output, too Signed-off-by: DL6ER --- automated install/basic-install.sh | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 51ff5dcf..f4d9edc0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1247,10 +1247,10 @@ version_check_dnsmasq() { local dnsmasq_pihole_id_string="addn-hosts=/etc/pihole/gravity.list" local dnsmasq_pihole_id_string2="# Dnsmasq config for Pi-hole's FTLDNS" local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" - local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" - local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" - local dnsmasq_rfc6761_06_config="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" - local dnsmasq_rfc6761_06_location="/etc/dnsmasq.d/06-rfc6761.conf" + local dnsmasq_pihole_01_source="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" + local dnsmasq_pihole_01_target="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_source="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_target="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1279,48 +1279,48 @@ version_check_dnsmasq() { printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" fi - printf " %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." "${INFO}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_pihole_01_target}" # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) if [[ ! -d "/etc/dnsmasq.d" ]];then install -d -m 755 "/etc/dnsmasq.d" fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory - install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copied 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + install -D -m 644 -T "${dnsmasq_pihole_01_source}" "${dnsmasq_pihole_01_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_pihole_01_target}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, - sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" + sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_target}" if [[ "${PIHOLE_DNS_1}" != "" ]]; then # then swap in the primary DNS server. - sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_target}" else # Otherwise, remove the line which sets DNS1. - sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_target}" fi # Ditto if DNS2 is not empty if [[ "${PIHOLE_DNS_2}" != "" ]]; then - sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_target}" else - sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}" fi # Set the cache size - sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" ${dnsmasq_pihole_01_location} + sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}" # If the user does not want to enable logging, if [[ "${QUERY_LOGGING}" == false ]] ; then # disable it by commenting out the directive in the DNS config file - sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_target}" else # Otherwise, enable it by uncommenting the directive in the DNS config file - sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_target}" fi - printf " %b Copying 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf..." "${INFO}" - install -D -m 644 -T "${dnsmasq_rfc6761_06_config}" "${dnsmasq_rfc6761_06_location}" - printf "%b %b Copied 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf\\n" "${OVER}" "${TICK}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_rfc6761_06_source}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_source}" "${dnsmasq_rfc6761_06_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_rfc6761_06_target}" } # Clean an existing installation to prepare for upgrade/reinstall From c2f3477a824bf26f551ff1cb8ce510713b1ac394 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 20 Aug 2021 14:04:50 +0200 Subject: [PATCH 08/21] Ensure conditional forwarding will forward unqualified host names if we have no local answer for them. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 744416e7..129bdb62 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -269,7 +269,10 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" + # Forward unqualified names to the CF target + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then + # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi fi From 06fd8123c3b3fd73d367fb1045e1a30c514f54e0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 20 Aug 2021 16:26:17 +0200 Subject: [PATCH 09/21] Also remove "rev-server" lines when rewriting 01-pihole.conf Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 129bdb62..fa2c044d 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -54,7 +54,7 @@ add_setting() { } delete_setting() { - sed -i "/${1}/d" "${setupVars}" + sed -i "/^${1}/d" "${setupVars}" } change_setting() { @@ -67,7 +67,7 @@ addFTLsetting() { } deleteFTLsetting() { - sed -i "/${1}/d" "${FTLconf}" + sed -i "/^${1}/d" "${FTLconf}" } changeFTLsetting() { @@ -84,7 +84,7 @@ add_dnsmasq_setting() { } delete_dnsmasq_setting() { - sed -i "/${1}/d" "${dnsmasqconfig}" + sed -i "/^${1}/d" "${dnsmasqconfig}" } SetTemperatureUnit() { @@ -267,6 +267,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 delete_setting "CONDITIONAL_FORWARDING_IP" fi + delete_dnsmasq_setting "rev-server" + if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" # Forward unqualified names to the CF target From 839a70cc3796731b075cb436f8fc400d71a90ad5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 27 Aug 2021 19:16:15 +0200 Subject: [PATCH 10/21] Add sudo to apt-get recommendation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..54397198 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1578,7 +1578,7 @@ update_package_cache() { else # Otherwise, show an error and exit printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "${UPDATE_PKG_CACHE}" "${COL_NC}" + printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" return 1 fi } From 31c7c019cb3c0678eeac4935cf770d7919587398 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 14:04:48 +0200 Subject: [PATCH 11/21] Fix piping to pihole tricorder Signed-off-by: DL6ER --- pihole | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/pihole b/pihole index e8fa9317..1fba6f4d 100755 --- a/pihole +++ b/pihole @@ -404,29 +404,10 @@ tricorderFunc() { exit 1 fi - if ! (echo > /dev/tcp/tricorder.pi-hole.net/9998) >/dev/null 2>&1; then - echo -e " ${CROSS} Unable to connect to Pi-hole's Tricorder server" - exit 1 - fi - - if command -v openssl &> /dev/null; then - openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin - exit "$?" - else - echo -e " ${INFO} ${COL_YELLOW}Security Notice${COL_NC}: ${COL_WHITE}openssl${COL_NC} is not installed - Your debug log will be transmitted unencrypted via plain-text - There is a possibility that this could be intercepted by a third party - If you wish to cancel, press Ctrl-C to exit within 10 seconds" - secs="10" - while [[ "$secs" -gt "0" ]]; do - echo -ne "." - sleep 1 - : $((secs--)) - done - echo " " - nc tricorder.pi-hole.net 9999 < /dev/stdin - exit "$?" - fi + curl --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin + ret=$? + echo "" + exit $ret } updateCheckFunc() { From 21897d7fbd1b7b9d2e3bab3fa94c29fd63625367 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 15:55:42 +0200 Subject: [PATCH 12/21] Add warning if curl failed Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 1 - pihole | 12 ++++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 26ef61fa..4e2a1ca8 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1336,7 +1336,6 @@ curl_to_tricorder() { # transmit he log via TLS and store the token returned in a variable tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) if [ -z "${tricorder_token}" ]; then - # curl failed, fallback to nc log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi } diff --git a/pihole b/pihole index 1fba6f4d..e7a6978b 100755 --- a/pihole +++ b/pihole @@ -399,15 +399,19 @@ Branches: } tricorderFunc() { + local tricorder_token if [[ ! -p "/dev/stdin" ]]; then echo -e " ${INFO} Please do not call Tricorder directly" exit 1 fi - curl --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin - ret=$? - echo "" - exit $ret + tricorder_token="$(curl --silent --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" + if [ -z "${tricorder_token}" ]; then + echo -e "${CROSS} uploading failed failed, contact Pi-hole support for assistance." + exit 1 + fi + echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" + exit 0 } updateCheckFunc() { From 115e3eeda9098e3d3499dfcedf6154b8ce77c78b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 20:20:45 +0200 Subject: [PATCH 13/21] Use --no-progress-meter instead of --silent so error reasons are printed Signed-off-by: DL6ER --- pihole | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pihole b/pihole index e7a6978b..7b1d5404 100755 --- a/pihole +++ b/pihole @@ -405,9 +405,9 @@ tricorderFunc() { exit 1 fi - tricorder_token="$(curl --silent --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" + tricorder_token="$(curl --no-progress-meter --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" if [ -z "${tricorder_token}" ]; then - echo -e "${CROSS} uploading failed failed, contact Pi-hole support for assistance." + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." exit 1 fi echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" From b241a19e8727c75e01c883136eb367d0550c9555 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 21:19:47 +0200 Subject: [PATCH 14/21] Use --no-progress-meter instead of --silent so error reasons are printed Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4e2a1ca8..5113615d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1334,7 +1334,7 @@ curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." # transmit he log via TLS and store the token returned in a variable - tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) + tricorder_token="$(curl --no-progress-meter --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net)" if [ -z "${tricorder_token}" ]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi From 6fec4acd827132936e27a5c2e20f3367ee9010a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 5 Sep 2021 20:44:39 +0200 Subject: [PATCH 15/21] Add content of /etc/resolv.conf to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4e2a1ca8..ab4b1515 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -73,6 +73,7 @@ HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" SHM_DIRECTORY="/dev/shm" +ETC="/etc" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -136,6 +137,8 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log" PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" +RESOLVCONF="${ETC}/resolv.conf" + # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS") @@ -180,7 +183,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_DEBUG_LOG}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" -"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") +"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" +"${RESOLVCONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. @@ -1118,6 +1122,7 @@ show_content_of_pihole_files() { show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}" show_content_of_files_in_dir "${LOG_DIRECTORY}" show_content_of_files_in_dir "${SHM_DIRECTORY}" + show_content_of_files_in_dir "${ETC}" } head_tail_log() { From 69411555721afb713defacb33d626ecd845f8b1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 6 Sep 2021 17:16:36 +0200 Subject: [PATCH 16/21] Add content of /etc/dnsmasq.conf to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index ab4b1515..a12a79b3 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -138,6 +138,7 @@ PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" RESOLVCONF="${ETC}/resolv.conf" +DNSMASQ_CONF="${ETC}/dnsmasq.conf" # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value @@ -184,7 +185,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" -"${RESOLVCONF}") +"${RESOLVCONF}" +"${DNSMASQ_CONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. From a1ee7d92a9b2c3535b228d7af88990a0bd84250c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 6 Sep 2021 22:38:16 +0200 Subject: [PATCH 17/21] Add possibly missing capabilities Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 88f50539..0f96c8bd 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -40,7 +40,7 @@ start() { chmod 0644 /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db 2> /dev/null - if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "$(which pihole-FTL)"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" From 606b05eec19da6e076179e80174178ef79f084fa Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:13:09 +0200 Subject: [PATCH 18/21] Ensure curl is either storing a valid token or a meaningful error message Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 5113615d..6172dae2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1334,9 +1334,14 @@ curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." # transmit he log via TLS and store the token returned in a variable - tricorder_token="$(curl --no-progress-meter --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net)" - if [ -z "${tricorder_token}" ]; then + tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ ! -z "${tricorder_token}" ]; then + log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi fi } From be68a5339ceb3e5d522f469fe2c71eb3678d57ed Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:15:36 +0200 Subject: [PATCH 19/21] Apply same improvement to pihole tricorder feature Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- pihole | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 6172dae2..02e253a9 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1333,7 +1333,7 @@ analyze_pihole_log() { curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." - # transmit he log via TLS and store the token returned in a variable + # transmit the log via TLS and store the token returned in a variable tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." diff --git a/pihole b/pihole index 7b1d5404..b30f6052 100755 --- a/pihole +++ b/pihole @@ -405,12 +405,17 @@ tricorderFunc() { exit 1 fi - tricorder_token="$(curl --no-progress-meter --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" - if [ -z "${tricorder_token}" ]; then - echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." - exit 1 + tricorder_token=$(curl --silent --fail --show-error --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ ! -z "${tricorder_token}" ]; then + echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi + exit 1 fi - echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" + echo "Upload successful, your token is: ${COL_GREEN}${tricorder_token}${COL_NC}" exit 0 } From cbc99d45c6a2ec243dc2e31e80d1681bd4b8e889 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:20:42 +0200 Subject: [PATCH 20/21] Small style change to finished debug upload display Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 15 +++++++-------- pihole | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 02e253a9..e2dba54a 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1338,7 +1338,7 @@ curl_to_tricorder() { if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." # Log curl error (if available) - if [ ! -z "${tricorder_token}" ]; then + if [ -n "${tricorder_token}" ]; then log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" tricorder_token="" fi @@ -1386,15 +1386,14 @@ upload_to_tricorder() { # Again, try to make this visually striking so the user realizes they need to do something with this information # Namely, provide the Pi-hole devs with the token log_write "" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}\\n" log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}" - log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}\\n" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" log_write "" - log_write " * Provide the token above to the Pi-hole team for assistance at" - log_write " * ${FORUMS_URL}" + log_write " * Provide the token above to the Pi-hole team for assistance at ${FORUMS_URL}" # If no token was generated else diff --git a/pihole b/pihole index b30f6052..31356671 100755 --- a/pihole +++ b/pihole @@ -409,7 +409,7 @@ tricorderFunc() { if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." # Log curl error (if available) - if [ ! -z "${tricorder_token}" ]; then + if [ -n "${tricorder_token}" ]; then echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" tricorder_token="" fi From d0e8b0c962bde2d538baa2f59111677176c04d55 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 9 Sep 2021 20:28:33 +0200 Subject: [PATCH 21/21] Forward unqualified names to the CF target only when the "Never forward non-FQDN" option is NOT ticked Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index fa2c044d..52c388f8 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -271,12 +271,17 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" - # Forward unqualified names to the CF target - add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi + + if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then + # Forward unqualified names to the CF target only when the "never + # forward non-FQDN" option is unticked + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" + fi + fi # We need to process DHCP settings here as well to account for possible