From b87bcc8f5f876811aa2bf4bd572aeb609f72e94c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 24 Feb 2018 13:23:06 +0100 Subject: [PATCH 01/35] Modifications in pihole-FTL.service for FTLDNS Signed-off-by: DL6ER --- advanced/pihole-FTL.service | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index 959b7794..a21fd260 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -29,9 +29,11 @@ start() { mkdir -p /var/run/pihole mkdir -p /var/log/pihole chown pihole:pihole /var/run/pihole /var/log/pihole - rm /var/run/pihole/FTL.sock - chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole + rm /var/run/pihole/FTL.sock 2> /dev/null + chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port + chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + setcap CAP_NET_BIND_SERVICE=+eip "$(which pihole-FTL)" su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo fi From e8ec0dc701d00a2d8a8d5f5a0da5329a4748b059 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Feb 2018 09:34:04 +0100 Subject: [PATCH 02/35] Use pihole-FTL resolver in pihole and gravity Signed-off-by: DL6ER --- gravity.sh | 6 ++++-- pihole | 13 ++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/gravity.sh b/gravity.sh index ce2734fc..22c78201 100755 --- a/gravity.sh +++ b/gravity.sh @@ -42,6 +42,8 @@ preEventHorizon="list.preEventHorizon" skipDownload="false" +resolver="pihole-FTL" + # Source setupVars from install script setupVars="${piholeDir}/setupVars.conf" if [[ -f "${setupVars}" ]];then @@ -102,7 +104,7 @@ gravity_CheckDNSResolutionAvailable() { fi # Determine error output message - if pidof dnsmasq &> /dev/null; then + if pidof "${resolver}" &> /dev/null; then echo -e " ${CROSS} DNS resolution is currently unavailable" else echo -e " ${CROSS} DNS service is not running" @@ -560,7 +562,7 @@ gravity_Cleanup() { echo -e "${OVER} ${TICK} ${str}" # Only restart DNS service if offline - if ! pidof dnsmasq &> /dev/null; then + if ! pidof "${resolver}" &> /dev/null; then "${PIHOLE_COMMAND}" restartdns dnsWasOffline=true fi diff --git a/pihole b/pihole index 4421cb87..54701027 100755 --- a/pihole +++ b/pihole @@ -14,6 +14,8 @@ readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" source "${colfile}" +resolver="pihole-FTL" + # Must be root to use this tool if [[ ! $EUID -eq 0 ]];then if [[ -x "$(command -v sudo)" ]]; then @@ -332,18 +334,18 @@ restartDNS() { local svcOption svc str output status svcOption="${1:-}" - # Determine if we should reload or restart dnsmasq + # Determine if we should reload or restart restart if [[ "${svcOption}" =~ "reload" ]]; then # Using SIGHUP will NOT re-read any *.conf files - svc="killall -s SIGHUP dnsmasq" + svc="killall -s SIGHUP \"${resolver}\"" else - # Get PID of dnsmasq to determine if it needs to start or restart + # Get PID of resolver to determine if it needs to start or restart if pidof dnsmasq &> /dev/null; then svcOption="restart" else svcOption="start" fi - svc="service dnsmasq ${svcOption}" + svc="service \"${resolver}\" ${svcOption}" fi # Print output to Terminal, but not to Web Admin @@ -359,9 +361,6 @@ restartDNS() { [[ ! -t 1 ]] && local OVER="" echo -e "${OVER} ${CROSS} ${output}" fi - - # Send signal to FTL to have it re-parse the gravity files - killall -s SIGHUP pihole-FTL } piholeEnable() { From 09886a3f11889f485febcb16bd057a91496fe5ed Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Feb 2018 10:11:11 +0100 Subject: [PATCH 03/35] Add resolveconf config to pihole-FTL.service Signed-off-by: DL6ER --- advanced/pihole-FTL.service | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index a21fd260..5499cbe0 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -20,6 +20,7 @@ is_running() { ps "$(get_pid)" > /dev/null 2>&1 } + # Start the service start() { if is_running; then @@ -34,6 +35,7 @@ start() { chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log setcap CAP_NET_BIND_SERVICE=+eip "$(which pihole-FTL)" + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo fi @@ -42,6 +44,7 @@ start() { # Stop the service stop() { if is_running; then + /sbin/resolvconf -d lo.piholeFTL kill "$(get_pid)" for i in {1..5}; do if ! is_running; then From 56a2924a3360f4a5ecdc60c603f091e8848e23ca Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Feb 2018 23:38:34 +0100 Subject: [PATCH 04/35] Unprivileged processes are subject to full permission checking based on the process's credentials, we have to explicitly allow pihole-FTL to bind to ports < 1024 (port 53 for DNS) and for various advanced network-related operations (to allow for handling DHCP requests) Signed-off-by: DL6ER --- advanced/pihole-FTL.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index 5499cbe0..70d0b9d0 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -34,7 +34,7 @@ start() { chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log - setcap CAP_NET_BIND_SERVICE=+eip "$(which pihole-FTL)" + setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN+eip "$(which pihole-FTL)" echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo From fcdc85eab8c658166c1529e308b3067d7005f04e Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Feb 2018 23:47:11 +0100 Subject: [PATCH 05/35] Remove dnsmasq from dependencies Signed-off-by: DL6ER --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b694b527..eeccbf5d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) + PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) @@ -207,7 +207,7 @@ elif command -v rpm &> /dev/null; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget libidn2 psmisc) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo) # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS if grep -qi 'centos' /etc/redhat-release; then From 7ed45d26c29bd86e540779e324ad07928823bddb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 26 Feb 2018 17:26:51 +0100 Subject: [PATCH 06/35] Remove " " at some places where they shouldn't be Signed-off-by: DL6ER --- gravity.sh | 4 ++-- pihole | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gravity.sh b/gravity.sh index 22c78201..9d3bad95 100755 --- a/gravity.sh +++ b/gravity.sh @@ -104,7 +104,7 @@ gravity_CheckDNSResolutionAvailable() { fi # Determine error output message - if pidof "${resolver}" &> /dev/null; then + if pidof ${resolver} &> /dev/null; then echo -e " ${CROSS} DNS resolution is currently unavailable" else echo -e " ${CROSS} DNS service is not running" @@ -562,7 +562,7 @@ gravity_Cleanup() { echo -e "${OVER} ${TICK} ${str}" # Only restart DNS service if offline - if ! pidof "${resolver}" &> /dev/null; then + if ! pidof ${resolver} &> /dev/null; then "${PIHOLE_COMMAND}" restartdns dnsWasOffline=true fi diff --git a/pihole b/pihole index 54701027..c18ba12d 100755 --- a/pihole +++ b/pihole @@ -337,7 +337,7 @@ restartDNS() { # Determine if we should reload or restart restart if [[ "${svcOption}" =~ "reload" ]]; then # Using SIGHUP will NOT re-read any *.conf files - svc="killall -s SIGHUP \"${resolver}\"" + svc="killall -s SIGHUP ${resolver}" else # Get PID of resolver to determine if it needs to start or restart if pidof dnsmasq &> /dev/null; then @@ -345,7 +345,7 @@ restartDNS() { else svcOption="start" fi - svc="service \"${resolver}\" ${svcOption}" + svc="service ${resolver} ${svcOption}" fi # Print output to Terminal, but not to Web Admin From 0b87f489d53ceb11f9c37b523be53d74e8cc43a8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 3 Mar 2018 15:59:56 +0000 Subject: [PATCH 07/35] Look for pihole-FTL, not dnsmasq! Signed-off-by: Adam Warner --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index c18ba12d..3de16caf 100755 --- a/pihole +++ b/pihole @@ -340,7 +340,7 @@ restartDNS() { svc="killall -s SIGHUP ${resolver}" else # Get PID of resolver to determine if it needs to start or restart - if pidof dnsmasq &> /dev/null; then + if pidof pihole-FTL &> /dev/null; then svcOption="restart" else svcOption="start" From 8cf8da4c78cbcf92c3e196d90332a15395250520 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 6 Mar 2018 18:44:57 +0000 Subject: [PATCH 08/35] - Check file /etc/pihole/ftlbranch for current FTL branch, download from github if master, or pi-hole.net if other - Check if downloaded binary file can resolve queries, if so stop and disable dnsmasq - Add service_disable function - Add dependency libcap2-bin on debian to enable setcap. Need to check other distos -Always download FTL binary if /etc/pihole/ftlbranch does not contain "master" - Change some strings/variables that reference dnsmasq and change them to pihole/pihole-FTL Signed-off-by: Adam Warner --- automated install/basic-install.sh | 160 +++++++++++++++++++++-------- test/test_automated_install.py | 2 +- 2 files changed, 121 insertions(+), 41 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 32352306..39855a58 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) + PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) @@ -172,9 +172,7 @@ if command -v apt-get &> /dev/null; then # group, LIGHTTPD_GROUP="www-data" # and config file - LIGHTTPD_CFG="lighttpd.conf.debian" - # The DNS server user - DNSMASQ_USER="dnsmasq" + LIGHTTPD_CFG="lighttpd.conf.debian" # A function to check... test_dpkg_lock() { @@ -202,12 +200,12 @@ elif command -v rpm &> /dev/null; then PKG_MANAGER="yum" fi - # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. + # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. UPDATE_PKG_CACHE=":" PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc libnettle.so.4) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo) # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS if grep -qi 'centos' /etc/redhat-release; then @@ -215,8 +213,7 @@ elif command -v rpm &> /dev/null; then fi LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" - LIGHTTPD_CFG="lighttpd.conf.fedora" - DNSMASQ_USER="nobody" + LIGHTTPD_CFG="lighttpd.conf.fedora" # If neither apt-get or rmp/dnf are found else @@ -984,6 +981,10 @@ version_check_dnsmasq() { fi echo -en " ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." + # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) + if [[ ! -d "/etc/dnsmasq.d" ]];then + mkdir "/etc/dnsmasq.d" + fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location} echo -e "${OVER} ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf" @@ -1158,6 +1159,24 @@ enable_service() { echo -e "${OVER} ${TICK} ${str}" } +# Disable service so that it will not with next reboot +disable_service() { + # Local, named variables + local str="Disabling ${1} service" + echo "" + echo -ne " ${INFO} ${str}..." + # If systemctl exists, + if command -v systemctl &> /dev/null; then + # use that to disable the service + systemctl disable "${1}" &> /dev/null + # Othwerwise, + else + # use update-rc.d to accomplish this + update-rc.d "${1}" disable &> /dev/null + fi + echo -e "${OVER} ${TICK} ${str}" +} + update_package_cache() { # Running apt-get update/upgrade with minimal output can cause some issues with # requiring user input (e.g password for phpmyadmin see #218) @@ -1286,7 +1305,7 @@ install_dependent_packages() { # Create logfiles if necessary CreateLogFile() { - local str="Creating log and changing owner to dnsmasq" + local str="Creating log and changing owner to pihole" echo "" echo -ne " ${INFO} ${str}..." # If the pihole log does not exist, @@ -1296,7 +1315,7 @@ CreateLogFile() { # set the permissions, chmod 644 /var/log/pihole.log # and owners - chown "${DNSMASQ_USER}":root /var/log/pihole.log + chown pihole:root /var/log/pihole.log echo -e "${OVER} ${TICK} ${str}" # Otherwise, else @@ -1423,7 +1442,7 @@ configureFirewall() { # ask if the user wants to install Pi-hole's default firwall rules whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \ { echo -e " ${INFO} Not installing firewall rulesets."; return 0; } - echo -e " ${TICK} Configuring FirewallD for httpd and dnsmasq" + echo -e " ${TICK} Configuring FirewallD for httpd and pihole-FTL" # Allow HTTP and DNS traffice firewall-cmd --permanent --add-service=http --add-service=dns # Reload the firewall to apply these changes @@ -1757,11 +1776,45 @@ FTLinstall() { # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" - # If the download worked, - if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "${binary}"; then - # get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "${binary}.sha1" + local ftlBranch + local url + local ftlBranch + + if [[ -f "/etc/pihole/ftlbranch" ]];then + ftlBranch=$( /dev/null; then + if [[ $(which dnsmasq 2>/dev/null) ]]; then + stop_service dnsmasq + disable_service dnsmasq + #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` + confdir="conf-dir=/etc/dnsmasq.d" + conffile="/etc/dnsmasq.conf" + if ! grep -q "$confdir" "$conffile"; then + echo "$confdir" >> "$conffile" + fi + fi + fi + # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then echo -n "transferred... " @@ -1865,30 +1918,42 @@ FTLdetect() { echo -e " ${INFO} Checking for existing FTL binary..." local ftlLoc=$(which pihole-FTL 2>/dev/null) + + local ftlBranch + + if [[ -f "/etc/pihole/ftlbranch" ]];then + ftlBranch=$(/dev/null) ]]; then + if pihole-FTL --resolver > /dev/null; then + stop_service pihole-FTL + else + stop_service dnsmasq + fi + else + if [[ $(which dnsmasq 2>/dev/null) ]]; then + stop_service dnsmasq + fi + fi - stop_service dnsmasq if [[ "${INSTALL_WEB}" == true ]]; then stop_service lighttpd fi @@ -2094,8 +2171,11 @@ main() { echo -e " ${INFO} Restarting services..." # Start services - start_service dnsmasq - enable_service dnsmasq + # Only start and enable dnsmasq if FTL does not have the --resolver switch + if ! pihole-FTL --resolver > /dev/null; then + start_service dnsmasq + enable_service dnsmasq + fi # If the Web server was installed, if [[ "${INSTALL_WEB}" == true ]]; then diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 0e961c7f..2c65c660 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -80,7 +80,7 @@ def test_configureFirewall_firewalld_running_no_errors(Pihole): source /opt/pihole/basic-install.sh configureFirewall ''') - expected_stdout = 'Configuring FirewallD for httpd and dnsmasq' + expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL' assert expected_stdout in configureFirewall.stdout firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout assert 'firewall-cmd --state' in firewall_calls From 6584933e9297f82c90e68d4bff3167189fec5870 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 6 Mar 2018 18:49:38 +0000 Subject: [PATCH 09/35] fix stickler complaints Signed-off-by: Adam Warner --- automated install/basic-install.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 39855a58..f435e269 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1931,8 +1931,10 @@ FTLdetect() { FTLinstall "${binary}" || return 1 else if [[ ${ftlLoc} ]]; then - local FTLversion=$(/usr/bin/pihole-FTL tag) - local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') + local FTLversion + FTLversion=$(/usr/bin/pihole-FTL tag) + local FTLlatesttag + FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then # Install FTL @@ -1940,8 +1942,10 @@ FTLdetect() { else echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..." - local remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1) - local localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1) + local remoteSha1 + remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1) + local localSha1 + localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1) if [[ "${remoteSha1}" != "${localSha1}" ]]; then echo -e " ${INFO} Corruption detected..." From acd69fa4b07e55ec1ffc4e13af85d0fdd18ba1af Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 22:19:11 +0000 Subject: [PATCH 10/35] silence push/popd Signed-off-by: Adam Warner --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f435e269..4efa9f30 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1771,7 +1771,7 @@ FTLinstall() { fi # Move into the temp ftl directory - pushd "$(mktemp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; } + pushd "$(mktemp -d)" > /dev/null || { echo "Unable to make temporary directory for FTL binary download"; return 1; } # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" @@ -1830,14 +1830,14 @@ FTLinstall() { # Otherise, else # the download failed, so just go back to the original directory - popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } + popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" return 1 fi # Otherwise, else - popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } + popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" # The URL could not be found echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" From 7193f40b879b43d5493d18ad637a963a16b0fd3f Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 22:23:05 +0000 Subject: [PATCH 11/35] remove libnettle, missed a >/dev/null Signed-off-by: Adam Warner --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4efa9f30..de118052 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -205,7 +205,7 @@ elif command -v rpm &> /dev/null; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc libnettle.so.4) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo) # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS if grep -qi 'centos' /etc/redhat-release; then @@ -1823,7 +1823,7 @@ FTLinstall() { # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL # Move back into the original directory the user was in - popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } + popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } # Install the FTL service echo -e "${OVER} ${TICK} ${str}" return 0 From 84bd86f1eecb77e5b6a9b290657f15effc02a9a3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 23:31:28 +0000 Subject: [PATCH 12/35] - Test to see if dnsmasq service is enabled before stopping and disabling it. - Some formatting tweaks to the `start_service` `stop_`service` `disable_service` and `enable_service` commands Signed-off-by: Adam Warner --- automated install/basic-install.sh | 71 ++++++++++++++++++------------ 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index de118052..22d549e1 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1112,8 +1112,7 @@ installConfigs() { stop_service() { # Stop service passed in as argument. # Can softfail, as process may not be installed when this is called - local str="Stopping ${1} service" - echo "" + local str="Stopping ${1} service" echo -ne " ${INFO} ${str}..." if command -v systemctl &> /dev/null; then systemctl stop "${1}" &> /dev/null || true @@ -1126,8 +1125,7 @@ stop_service() { # Start/Restart service passed in as argument start_service() { # Local, named variables - local str="Starting ${1} service" - echo "" + local str="Starting ${1} service" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1144,8 +1142,7 @@ start_service() { # Enable service so that it will start with next reboot enable_service() { # Local, named variables - local str="Enabling ${1} service to start on reboot" - echo "" + local str="Enabling ${1} service to start on reboot" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1162,8 +1159,7 @@ enable_service() { # Disable service so that it will not with next reboot disable_service() { # Local, named variables - local str="Disabling ${1} service" - echo "" + local str="Disabling ${1} service" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1177,6 +1173,26 @@ disable_service() { echo -e "${OVER} ${TICK} ${str}" } +check_service_active() { + # If systemctl exists, + if command -v systemctl &> /dev/null; then + # use that to disable the service + if systemctl status "${1}" | grep -q "Active: active" > /dev/null; then + return 0 + else + return 1 + fi + # Othwerwise, + else + # fall back to service command + if service "${1}" status | grep "Active: active" > /dev/null; then + return 0 + else + return 1 + fi + fi +} + update_package_cache() { # Running apt-get update/upgrade with minimal output can cause some issues with # requiring user input (e.g password for phpmyadmin see #218) @@ -1796,25 +1812,8 @@ FTLinstall() { # If the download worked, if curl -sSL --fail "${url}/${binary}" -o "${binary}"; then # get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "${url}/${binary}.sha1" -o "${binary}.sha1" - - # Make the tempory binary executable so that we can test the --resolver flag - chmod +x "${binary}" + curl -sSL --fail "${url}/${binary}.sha1" -o "${binary}.sha1" - # If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq - if ./"${binary}" --resolver > /dev/null; then - if [[ $(which dnsmasq 2>/dev/null) ]]; then - stop_service dnsmasq - disable_service dnsmasq - #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` - confdir="conf-dir=/etc/dnsmasq.d" - conffile="/etc/dnsmasq.conf" - if ! grep -q "$confdir" "$conffile"; then - echo "$confdir" >> "$conffile" - fi - fi - fi - # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then echo -n "transferred... " @@ -1826,6 +1825,23 @@ FTLinstall() { popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } # Install the FTL service echo -e "${OVER} ${TICK} ${str}" + # If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq + if pihole-FTL --resolver > /dev/null; then + if [[ $(which dnsmasq 2>/dev/null) ]]; then + if check_service_active "dnsmasq";then + echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" + stop_service dnsmasq + disable_service dnsmasq + fi + fi + + #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` + confdir="conf-dir=/etc/dnsmasq.d" + conffile="/etc/dnsmasq.conf" + if ! grep -q "$confdir" "$conffile"; then + echo "$confdir" >> "$conffile" + fi + fi return 0 # Otherise, else @@ -1834,7 +1850,7 @@ FTLinstall() { echo -e "${OVER} ${CROSS} ${str}" echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" return 1 - fi + fi # Otherwise, else popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } @@ -1959,6 +1975,7 @@ FTLdetect() { FTLinstall "${binary}" || return 1 fi fi + echo "" } make_temporary_log() { From b92ccb2de4204299717b02b9c3291ed22dfdcc3d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 14 Mar 2018 20:01:06 +0000 Subject: [PATCH 13/35] Additionally `mask` the dnsmasq service on systems with systemctl Signed-off-by: Adam Warner --- automated install/basic-install.sh | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 22d549e1..47348775 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1173,6 +1173,25 @@ disable_service() { echo -e "${OVER} ${TICK} ${str}" } +# Mask service so that it cannot be started accidentally +mask_service() { + # Local, named variables + local str="Masking ${1} service" + echo -ne " ${INFO} ${str}..." + # If systemctl exists, + if command -v systemctl &> /dev/null; then + # use that to disable the service + systemctl mask "${1}" &> /dev/null + echo -e "${OVER} ${TICK} ${str}" + # Othwerwise, + else + # use update-rc.d to accomplish this + echo -e "${OVER} ${CROSS} ${str}" + echo -e " ${INFO} systemctl not detected. Cannot mask service." + fi + +} + check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1831,7 +1850,8 @@ FTLinstall() { if check_service_active "dnsmasq";then echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" stop_service dnsmasq - disable_service dnsmasq + disable_service dnsmasq + mask_service dnsmasq fi fi From 44d8cb77e3a56b897a3769b7fad14f4fded93233 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 17 Mar 2018 22:48:11 +0000 Subject: [PATCH 14/35] Kill off `mask_service` function Signed-off-by: Adam Warner --- automated install/basic-install.sh | 31 ++++++------------------------ 1 file changed, 6 insertions(+), 25 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 47348775..6a160be6 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1148,7 +1148,7 @@ enable_service() { if command -v systemctl &> /dev/null; then # use that to enable the service systemctl enable "${1}" &> /dev/null - # Othwerwise, + # Otherwise, else # use update-rc.d to accomplish this update-rc.d "${1}" defaults &> /dev/null @@ -1165,7 +1165,7 @@ disable_service() { if command -v systemctl &> /dev/null; then # use that to disable the service systemctl disable "${1}" &> /dev/null - # Othwerwise, + # Otherwise, else # use update-rc.d to accomplish this update-rc.d "${1}" disable &> /dev/null @@ -1173,25 +1173,6 @@ disable_service() { echo -e "${OVER} ${TICK} ${str}" } -# Mask service so that it cannot be started accidentally -mask_service() { - # Local, named variables - local str="Masking ${1} service" - echo -ne " ${INFO} ${str}..." - # If systemctl exists, - if command -v systemctl &> /dev/null; then - # use that to disable the service - systemctl mask "${1}" &> /dev/null - echo -e "${OVER} ${TICK} ${str}" - # Othwerwise, - else - # use update-rc.d to accomplish this - echo -e "${OVER} ${CROSS} ${str}" - echo -e " ${INFO} systemctl not detected. Cannot mask service." - fi - -} - check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1201,7 +1182,7 @@ check_service_active() { else return 1 fi - # Othwerwise, + # Otherwise, else # fall back to service command if service "${1}" status | grep "Active: active" > /dev/null; then @@ -1385,7 +1366,7 @@ installPiholeWeb() { # back it up mv /var/www/html/index.lighttpd.html /var/www/html/index.lighttpd.orig echo -e "${OVER} ${TICK} ${str}" - # Othwerwise, + # Otherwise, else # don't do anything echo -e "${OVER} ${CROSS} ${str} @@ -1458,7 +1439,7 @@ create_pihole_user() { if id -u pihole &> /dev/null; then # just show a success echo -ne "${OVER} ${TICK} ${str}" - # Othwerwise, + # Otherwise, else echo -ne "${OVER} ${CROSS} ${str}" local str="Creating user 'pihole'" @@ -1498,7 +1479,7 @@ configureFirewall() { iptables -C INPUT -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT return 0 fi - # Othwerwise, + # Otherwise, else # no firewall is running echo -e " ${INFO} No active firewall detected.. skipping firewall configuration" From f18bf35b208813e798affdb15ed4333e46b8030a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 17 Mar 2018 22:56:50 +0000 Subject: [PATCH 15/35] use `systemctl is-enabled` to check enabled status of service Signed-off-by: Adam Warner --- automated install/basic-install.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6a160be6..ddebe6fa 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1176,12 +1176,9 @@ disable_service() { check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then - # use that to disable the service - if systemctl status "${1}" | grep -q "Active: active" > /dev/null; then - return 0 - else - return 1 - fi + # use that to check the status of the service + systemctl is-enabled "${1}" > /dev/null + return $? # Otherwise, else # fall back to service command @@ -1832,7 +1829,6 @@ FTLinstall() { echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" stop_service dnsmasq disable_service dnsmasq - mask_service dnsmasq fi fi From e2e8b733a85a1f290269993823db138583e65265 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 18 Mar 2018 00:13:10 +0000 Subject: [PATCH 16/35] tidy up function Signed-off-by: Adam Warner --- automated install/basic-install.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ddebe6fa..2574b4a3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1177,17 +1177,12 @@ check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then # use that to check the status of the service - systemctl is-enabled "${1}" > /dev/null - return $? + systemctl is-enabled "${1}" > /dev/null # Otherwise, else # fall back to service command - if service "${1}" status | grep "Active: active" > /dev/null; then - return 0 - else - return 1 - fi - fi + service "${1}" status > /dev/null + fi } update_package_cache() { @@ -1824,12 +1819,12 @@ FTLinstall() { echo -e "${OVER} ${TICK} ${str}" # If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq if pihole-FTL --resolver > /dev/null; then - if [[ $(which dnsmasq 2>/dev/null) ]]; then + if which dnsmasq > /dev/null; then if check_service_active "dnsmasq";then echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" stop_service dnsmasq disable_service dnsmasq - fi + fi fi #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` From d26ea2b948b73865c9cdcd0c90ac0fb5b33bc7c8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 18 Mar 2018 00:38:34 +0000 Subject: [PATCH 17/35] remove trailing whitespace Signed-off-by: Adam Warner --- automated install/basic-install.sh | 38 +++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2574b4a3..a5d52309 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -172,7 +172,7 @@ if command -v apt-get &> /dev/null; then # group, LIGHTTPD_GROUP="www-data" # and config file - LIGHTTPD_CFG="lighttpd.conf.debian" + LIGHTTPD_CFG="lighttpd.conf.debian" # A function to check... test_dpkg_lock() { @@ -200,7 +200,7 @@ elif command -v rpm &> /dev/null; then PKG_MANAGER="yum" fi - # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. + # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. UPDATE_PKG_CACHE=":" PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" @@ -213,7 +213,7 @@ elif command -v rpm &> /dev/null; then fi LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" - LIGHTTPD_CFG="lighttpd.conf.fedora" + LIGHTTPD_CFG="lighttpd.conf.fedora" # If neither apt-get or rmp/dnf are found else @@ -1112,7 +1112,7 @@ installConfigs() { stop_service() { # Stop service passed in as argument. # Can softfail, as process may not be installed when this is called - local str="Stopping ${1} service" + local str="Stopping ${1} service" echo -ne " ${INFO} ${str}..." if command -v systemctl &> /dev/null; then systemctl stop "${1}" &> /dev/null || true @@ -1125,7 +1125,7 @@ stop_service() { # Start/Restart service passed in as argument start_service() { # Local, named variables - local str="Starting ${1} service" + local str="Starting ${1} service" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1142,7 +1142,7 @@ start_service() { # Enable service so that it will start with next reboot enable_service() { # Local, named variables - local str="Enabling ${1} service to start on reboot" + local str="Enabling ${1} service to start on reboot" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1159,7 +1159,7 @@ enable_service() { # Disable service so that it will not with next reboot disable_service() { # Local, named variables - local str="Disabling ${1} service" + local str="Disabling ${1} service" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1177,11 +1177,11 @@ check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then # use that to check the status of the service - systemctl is-enabled "${1}" > /dev/null + systemctl is-enabled "${1}" > /dev/null # Otherwise, else # fall back to service command - service "${1}" status > /dev/null + service "${1}" status > /dev/null fi } @@ -1787,13 +1787,13 @@ FTLinstall() { local ftlBranch local url local ftlBranch - + if [[ -f "/etc/pihole/ftlbranch" ]];then ftlBranch=$( /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } @@ -1926,9 +1926,9 @@ FTLdetect() { echo -e " ${INFO} Checking for existing FTL binary..." local ftlLoc=$(which pihole-FTL 2>/dev/null) - + local ftlBranch - + if [[ -f "/etc/pihole/ftlbranch" ]];then ftlBranch=$(/dev/null) ]]; then - if pihole-FTL --resolver > /dev/null; then + if pihole-FTL --resolver > /dev/null; then stop_service pihole-FTL else stop_service dnsmasq @@ -2185,7 +2185,7 @@ main() { echo -e " ${INFO} Restarting services..." # Start services # Only start and enable dnsmasq if FTL does not have the --resolver switch - if ! pihole-FTL --resolver > /dev/null; then + if ! pihole-FTL --resolver > /dev/null; then start_service dnsmasq enable_service dnsmasq fi From 51765b1f659a5fe5023bb0c2001ebce4ed8be861 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 23 Mar 2018 10:15:40 +0000 Subject: [PATCH 18/35] chown pihole log to pihole:pihole, rather than pihole:root Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a5d52309..c2e44843 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1323,7 +1323,7 @@ CreateLogFile() { # set the permissions, chmod 644 /var/log/pihole.log # and owners - chown pihole:root /var/log/pihole.log + chown pihole:pihole /var/log/pihole.log echo -e "${OVER} ${TICK} ${str}" # Otherwise, else From 238a56cac3a0ca958900e4e465ed97b5e326ff77 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 23 Mar 2018 10:53:22 +0000 Subject: [PATCH 19/35] Remove CreateLogFile function, as this is handled by the FTL service Signed-off-by: Adam Warner --- automated install/basic-install.sh | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c2e44843..01a1aff0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1311,27 +1311,6 @@ install_dependent_packages() { return 0 } -# Create logfiles if necessary -CreateLogFile() { - local str="Creating log and changing owner to pihole" - echo "" - echo -ne " ${INFO} ${str}..." - # If the pihole log does not exist, - if [[ ! -f "/var/log/pihole.log" ]]; then - # Make it, - touch /var/log/pihole.log - # set the permissions, - chmod 644 /var/log/pihole.log - # and owners - chown pihole:pihole /var/log/pihole.log - echo -e "${OVER} ${TICK} ${str}" - # Otherwise, - else - # the file should already exist - echo -e " ${COL_LIGHT_GREEN}log already exists!${COL_NC}" - fi -} - # Install the Web interface dashboard installPiholeWeb() { echo "" @@ -1577,8 +1556,6 @@ installPihole() { installScripts # configs, installConfigs - # and create the log file - CreateLogFile # If the user wants to install the dashboard, if [[ "${INSTALL_WEB}" == true ]]; then # do so @@ -1614,9 +1591,7 @@ updatePihole() { # Install base files and web interface installScripts # Install config files - installConfigs - # Create the log file - CreateLogFile + installConfigs # If the user wants to install the dasboard, if [[ "${INSTALL_WEB}" == true ]]; then # do so From fbab930cb19ca8a9c5f0afeadbb804f484837e77 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 23 Mar 2018 22:46:41 +0000 Subject: [PATCH 20/35] Allow install script to install FTL instead of the checkout script. Utilises the /etc/pihole/ftlbranch file. Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 45 +----------------------------- 1 file changed, 1 insertion(+), 44 deletions(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 21919ddf..81ea27b3 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -19,7 +19,6 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # setupVars set in basic-install.sh source "${setupVars}" -update="false" coltable="/opt/pihole/COL_TABLE" source ${coltable} @@ -33,40 +32,6 @@ check_download_exists() { fi } -FTLinstall() { - # Download and install FTL binary - local binary - binary="${1}" - local path - path="${2}" - local str - str="Installing FTL" - echo -ne " ${INFO} ${str}..." - - if curl -sSL --fail "https://ftl.pi-hole.net/${path}" -o "/tmp/${binary}"; then - # Get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "https://ftl.pi-hole.net/${path}.sha1" -o "/tmp/${binary}.sha1" - # Check if we just downloaded text, or a binary file. - cd /tmp || return 1 - if sha1sum --status --quiet -c "${binary}".sha1; then - echo -n "transferred... " - stop_service pihole-FTL &> /dev/null - install -T -m 0755 "/tmp/${binary}" "/usr/bin/pihole-FTL" - rm "/tmp/${binary}" "/tmp/${binary}.sha1" - start_service pihole-FTL &> /dev/null - echo -e "${OVER} ${TICK} ${str}" - return 0 - else - echo -e "${OVER} ${CROSS} ${str}" - echo -e " ${COL_LIGHT_RED}Error: Download of binary from ftl.pi-hole.net failed${COL_NC}" - return 1 - fi - else - echo -e "${OVER} ${CROSS} ${str}" - echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" - fi -} - get_binary_name() { local machine machine=$(uname -m) @@ -176,11 +141,6 @@ checkout_pull_branch() { git checkout "${branch}" --quiet || return 1 echo -e "${OVER} ${TICK} $str" - - if [[ "$(git diff "${oldbranch}" | grep -c "^")" -gt "0" ]]; then - update="true" - fi - git_pull=$(git pull || return 1) if [[ "$git_pull" == *"up-to-date"* ]]; then @@ -257,7 +217,6 @@ checkout() { local path path="development/${binary}" echo "development" > /etc/pihole/ftlbranch - FTLinstall "${binary}" "${path}" elif [[ "${1}" == "master" ]] ; then # Shortcut to check out master branches echo -e " ${INFO} Shortcut \"master\" detected - checking out master branches..." @@ -272,7 +231,6 @@ checkout() { local path path="master/${binary}" echo "master" > /etc/pihole/ftlbranch - FTLinstall "${binary}" "${path}" elif [[ "${1}" == "core" ]] ; then str="Fetching branches from ${piholeGitUrl}" echo -ne " ${INFO} $str" @@ -335,7 +293,6 @@ checkout() { if check_download_exists "$path"; then echo " ${TICK} Branch ${2} exists" echo "${2}" > /etc/pihole/ftlbranch - FTLinstall "${binary}" "${path}" else echo " ${CROSS} Requested branch \"${2}\" is not available" ftlbranches=( $(git ls-remote https://github.com/pi-hole/ftl | grep 'heads' | sed 's/refs\/heads\///;s/ //g' | awk '{print $2}') ) @@ -350,7 +307,7 @@ checkout() { fi # Force updating everything - if [[ ( ! "${1}" == "web" && ! "${1}" == "ftl" ) && "${update}" == "true" ]]; then + if [[ ! "${1}" == "web" ]]; then echo -e " ${INFO} Running installer to upgrade your installation" if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then exit 0 From 295ac49f838ee295cf5da6a7f69ea09e23b69424 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Mar 2018 09:58:22 +0200 Subject: [PATCH 21/35] Add capability CAP_NET_RAW to allow pihole-FTL to use RAW sockets for being able to create an ICMPv6 socket for IPv6 handling in the DHCP service Signed-off-by: DL6ER --- advanced/pihole-FTL.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index 70d0b9d0..ef8ee9c2 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -34,7 +34,7 @@ start() { chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log - setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN+eip "$(which pihole-FTL)" + setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)" echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo From ff47ab12fbc8bc9164c4c75d92f4cfba94d202d2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 30 Mar 2018 21:01:51 +0200 Subject: [PATCH 22/35] Save number of effectively blocked domains in /etc/pihole/numBlocked Signed-off-by: DL6ER --- gravity.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gravity.sh b/gravity.sh index 88ba8bb0..5806dea7 100755 --- a/gravity.sh +++ b/gravity.sh @@ -510,9 +510,11 @@ gravity_ParseBlacklistDomains() { if [[ -f "${piholeDir}/${whitelistMatter}" ]]; then gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" + grep -c "^" "${piholeDir}/${whitelistMatter}" > "${piholeDir}/numBlocked" 2> /dev/null else # There was no whitelist file, so use preEventHorizon instead of whitelistMatter. gravity_ParseDomainsIntoHosts "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}" + grep -c "^" "${piholeDir}/${preEventHorizon}" > "${piholeDir}/numBlocked" 2> /dev/null fi # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it From b1d6c0319091c22ee7a39ffd6e258dc3e09aff07 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Apr 2018 21:53:32 +0100 Subject: [PATCH 23/35] Break out binary name funtion to it's own function Remove duplicate code. get_binary_name is now in the install script Add some "version" checking to ftl download when using an alt branch, uses checksum Greatly simplify update process. Source pihole-FTL version checker from basic-install.sh Always run install script to finalise changes. Install script now outputs versions after an update (This is a Squash of previous work into one commit) Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 49 ------------ advanced/Scripts/update.sh | 117 ++++++++--------------------- automated install/basic-install.sh | 68 ++++++++++++----- gravity.sh | 2 + 4 files changed, 80 insertions(+), 156 deletions(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 81ea27b3..7b189bcc 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -32,55 +32,6 @@ check_download_exists() { fi } -get_binary_name() { - local machine - machine=$(uname -m) - - local str - str="Detecting architecture" - echo -ne " ${INFO} ${str}..." - if [[ "${machine}" == "arm"* || "${machine}" == *"aarch"* ]]; then - # ARM - local rev - rev=$(uname -m | sed "s/[^0-9]//g;") - local lib - lib=$(ldd /bin/ls | grep -E '^\s*/lib' | awk '{ print $1 }') - if [[ "${lib}" == "/lib/ld-linux-aarch64.so.1" ]]; then - echo -e "${OVER} ${TICK} Detected ARM-aarch64 architecture" - binary="pihole-FTL-aarch64-linux-gnu" - elif [[ "${lib}" == "/lib/ld-linux-armhf.so.3" ]]; then - if [[ "$rev" -gt "6" ]]; then - echo -e "${OVER} ${TICK} Detected ARM-hf architecture (armv7+)" - binary="pihole-FTL-arm-linux-gnueabihf" - else - echo -e "${OVER} ${TICK} Detected ARM-hf architecture (armv6 or lower) Using ARM binary" - binary="pihole-FTL-arm-linux-gnueabi" - fi - else - echo -e "${OVER} ${TICK} Detected ARM architecture" - binary="pihole-FTL-arm-linux-gnueabi" - fi - elif [[ "${machine}" == "ppc" ]]; then - # PowerPC - echo -e "${OVER} ${TICK} Detected PowerPC architecture" - binary="pihole-FTL-powerpc-linux-gnu" - elif [[ "${machine}" == "x86_64" ]]; then - # 64bit - echo -e "${OVER} ${TICK} Detected x86_64 architecture" - binary="pihole-FTL-linux-x86_64" - else - # Something else - we try to use 32bit executable and warn the user - if [[ ! "${machine}" == "i686" ]]; then - echo -e "${OVER} ${CROSS} ${str}... - ${COL_LIGHT_RED}Not able to detect architecture (unknown: ${machine}), trying 32bit executable - Contact support if you experience issues (e.g: FTL not running)${COL_NC}" - else - echo -e "${OVER} ${TICK} Detected 32bit (i686) architecture" - fi - binary="pihole-FTL-linux-x86_32" - fi -} - fully_fetch_repo() { # Add upstream branches to shallow clone local directory="${1}" diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index a4ada4c8..ee168fc4 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -77,24 +77,18 @@ GitCheckUpdateAvail() { fi } -FTLcheckUpdate() { - local FTLversion - FTLversion=$(/usr/bin/pihole-FTL tag) - local FTLlatesttag - FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') - - if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then - return 0 - else - return 1 - fi -} - main() { local pihole_version_current local web_version_current local basicError="\\n ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}" - + local core_update + local web_update + local FTL_update + + core_update=false + web_update=false + FTL_update=false + # shellcheck disable=1090,2154 source "${setupVars}" @@ -115,7 +109,9 @@ main() { echo -e " ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - if FTLcheckUpdate ; then + get_binary_name > /dev/null # Needed so that we have the correct binary name for the FTL Update check function + + if FTLcheckUpdate > /dev/null; then # Function is in sourced basic-install.sh FTL_update=true echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" else @@ -123,16 +119,6 @@ main() { echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - # Logic: Don't update FTL when there is a core update available - # since the core update will run the installer which will itself - # re-install (i.e. update) FTL - if ${FTL_update} && ! ${core_update}; then - echo "" - echo -e " ${INFO} FTL out of date" - FTLdetect - echo "" - fi - if [[ "${INSTALL_WEB}" == true ]]; then if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then echo -e "\\n ${COL_LIGHT_RED}Error: Web Admin repo is missing from system! @@ -147,80 +133,37 @@ main() { web_update=false echo -e " ${INFO} Web Interface:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - - # Logic - # If Core up to date AND web up to date: - # Do nothing - # If Core up to date AND web NOT up to date: - # Pull web repo - # If Core NOT up to date AND web up to date: - # pull pihole repo, run install --unattended -- reconfigure - # if Core NOT up to date AND web NOT up to date: - # pull pihole repo run install --unattended - - if ! ${core_update} && ! ${web_update} ; then - if ! ${FTL_update} ; then - echo "" - echo -e " ${TICK} Everything is up to date!" - exit 0 - fi - elif ! ${core_update} && ${web_update} ; then - echo "" - echo -e " ${INFO} Pi-hole Web Admin files out of date" - getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}" - elif ${core_update} && ! ${web_update} ; then - echo "" - echo -e " ${INFO} Pi-hole core files out of date" - getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ - echo -e "${basicError}" && exit 1 - elif ${core_update} && ${web_update} ; then - echo "" - echo -e " ${INFO} Updating Pi-hole core and web admin files" - getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --unattended || \ - echo -e "${basicError}" && exit 1 - else - echo -e " ${COL_LIGHT_RED}Update script has malfunctioned, please contact Pi-hole Support${COL_NC}" - exit 1 - fi - else # Web Admin not installed, so only verify if core is up to date - if ! ${core_update}; then - if ! ${FTL_update} ; then - echo "" - echo -e " ${INFO} Everything is up to date!" - exit 0 - fi - else - echo "" - echo -e " ${INFO} Pi-hole Core files out of date" - getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ - echo -e "${basicError}" && exit 1 - fi fi - if [[ "${web_update}" == true ]]; then - web_version_current="$(/usr/local/bin/pihole version --admin --current)" + if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then echo "" - echo -e " ${INFO} Web Admin version is now at ${web_version_current/* v/v} - ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'" + echo -e " ${TICK} Everything is up to date!" + exit 0 fi if [[ "${core_update}" == true ]]; then - pihole_version_current="$(/usr/local/bin/pihole version --pihole --current)" echo "" - echo -e " ${INFO} Pi-hole version is now at ${pihole_version_current/* v/v} - ${INFO} If you had made any changes in '/etc/.pihole/', they have been stashed using 'git stash'" + echo -e " ${INFO} Pi-hole core files out of date, updating local repo." + getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" + echo -e " ${INFO} If you had made any changes in '/etc/.pihole/', they have been stashed using 'git stash'" + fi + + if [[ "${web_update}" == true ]]; then + echo "" + echo -e " ${INFO} Pi-hole Web Admin files out of date, updating local repo." + getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}" + echo -e " ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'" fi if [[ "${FTL_update}" == true ]]; then - FTL_version_current="$(/usr/bin/pihole-FTL tag)" - echo -e "\\n ${INFO} FTL version is now at ${FTL_version_current/* v/v}" - start_service pihole-FTL - enable_service pihole-FTL + echo "" + echo -e " ${INFO} FTL out of date, it will be updated by the installer." fi + if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then + ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ + echo -e "${basicError}" && exit 1 + fi echo "" exit 0 } diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 01a1aff0..d9c4b8f9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1828,15 +1828,9 @@ FTLinstall() { fi } -# Detect suitable FTL binary platform -FTLdetect() { - echo "" - echo -e " ${INFO} FTL Checks..." - - # Local, named variables +get_binary_name() { +# Local, named variables local machine - local binary - # Store architecture in a variable machine=$(uname -m) @@ -1895,11 +1889,10 @@ FTLdetect() { fi binary="pihole-FTL-linux-x86_32" fi +} - #In the next section we check to see if FTL is already installed (in case of pihole -r). - #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download - echo -e " ${INFO} Checking for existing FTL binary..." - +FTLcheckUpdate() +{ local ftlLoc=$(which pihole-FTL 2>/dev/null) local ftlBranch @@ -1910,8 +1903,26 @@ FTLdetect() { ftlBranch="master" fi + local remoteSha1 + local localSha1 + if [[ ! "${ftlBranch}" == "master" ]]; then - FTLinstall "${binary}" || return 1 + if [[ ${ftlLoc} ]]; then + # We already have a pihole-FTL binary downloaded. + # Alt branches don't have a tagged version against them, so just confirm the checksum of the local vs remote to decide whether we download or not + remoteSha1=$(curl -sSL --fail "https://ftl.pi-hole.net/${ftlBranch}/${binary}.sha1" | cut -d ' ' -f 1) + localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1) + + if [[ "${remoteSha1}" != "${localSha1}" ]]; then + echo -e " ${INFO} Checksums do not match, downloading from ftl.pi-hole.net." + return 0 + else + echo -e " ${INFO} Checksum of installed binary matches remote. No need to download!" + return 1 + fi + else + return 0 + fi else if [[ ${ftlLoc} ]]; then local FTLversion @@ -1920,28 +1931,41 @@ FTLdetect() { FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then - # Install FTL - FTLinstall "${binary}" || return 1 + return 0 else echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..." - local remoteSha1 remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1) - local localSha1 localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1) if [[ "${remoteSha1}" != "${localSha1}" ]]; then echo -e " ${INFO} Corruption detected..." - FTLinstall "${binary}" || return 1 + return 0 else echo -e " ${INFO} Checksum correct. No need to download!" + return 1 fi fi else - # Install FTL - FTLinstall "${binary}" || return 1 + return 0 fi fi +} + +# Detect suitable FTL binary platform +FTLdetect() { + echo "" + echo -e " ${INFO} FTL Checks..." + + get_binary_name + + #In the next section we check to see if FTL is already installed (in case of pihole -r). + #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download + echo -e " ${INFO} Checking for existing FTL binary..." + if FTLcheckUpdate ; then + FTLinstall "${binary}" || return 1 + fi + echo "" } @@ -2225,6 +2249,10 @@ main() { echo -e "\\n ${INFO} The install log is located at: ${installLogLoc} ${COL_LIGHT_GREEN}${INSTALL_TYPE} Complete! ${COL_NC}" + if [[ "${INSTALL_TYPE}" == "Update" ]]; then + echo "" + /usr/local/bin/pihole version --current + fi } # diff --git a/gravity.sh b/gravity.sh index 88ba8bb0..5806dea7 100755 --- a/gravity.sh +++ b/gravity.sh @@ -510,9 +510,11 @@ gravity_ParseBlacklistDomains() { if [[ -f "${piholeDir}/${whitelistMatter}" ]]; then gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" + grep -c "^" "${piholeDir}/${whitelistMatter}" > "${piholeDir}/numBlocked" 2> /dev/null else # There was no whitelist file, so use preEventHorizon instead of whitelistMatter. gravity_ParseDomainsIntoHosts "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}" + grep -c "^" "${piholeDir}/${preEventHorizon}" > "${piholeDir}/numBlocked" 2> /dev/null fi # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it From 56278c6394b5954245c66a76c3a6fd5158b0ac5e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Apr 2018 22:06:36 +0100 Subject: [PATCH 24/35] Fix shellcheck complaints Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index ee168fc4..d80edca2 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -28,9 +28,12 @@ source "/opt/pihole/COL_TABLE" # make_repo() sourced from basic-install.sh # update_repo() source from basic-install.sh # getGitFiles() sourced from basic-install.sh +# get_binary_name() sourced from basic-install.sh +# FTLcheckUpdate() sourced from basic-install.sh GitCheckUpdateAvail() { - local directory="${1}" + local directory + directory="${1}" curdir=$PWD cd "${directory}" || return @@ -78,8 +81,6 @@ GitCheckUpdateAvail() { } main() { - local pihole_version_current - local web_version_current local basicError="\\n ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}" local core_update local web_update @@ -111,7 +112,7 @@ main() { get_binary_name > /dev/null # Needed so that we have the correct binary name for the FTL Update check function - if FTLcheckUpdate > /dev/null; then # Function is in sourced basic-install.sh + if FTLcheckUpdate > /dev/null; then FTL_update=true echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" else From f37b2bc7c18abfdfff802fa6dc45b3d259f39654 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Apr 2018 23:22:06 +0100 Subject: [PATCH 25/35] move call to `get_binary_name` into `FTLcheckUpdate()` to avoid having to run that first Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 2 -- automated install/basic-install.sh | 14 ++++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index d80edca2..0f9f9783 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -110,8 +110,6 @@ main() { echo -e " ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - get_binary_name > /dev/null # Needed so that we have the correct binary name for the FTL Update check function - if FTLcheckUpdate > /dev/null; then FTL_update=true echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d9c4b8f9..8ade6796 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1893,7 +1893,14 @@ get_binary_name() { FTLcheckUpdate() { - local ftlLoc=$(which pihole-FTL 2>/dev/null) + get_binary_name + + #In the next section we check to see if FTL is already installed (in case of pihole -r). + #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download + echo -e " ${INFO} Checking for existing FTL binary..." + + local ftlLoc + ftlLoc=$(which pihole-FTL 2>/dev/null) local ftlBranch @@ -1957,11 +1964,6 @@ FTLdetect() { echo "" echo -e " ${INFO} FTL Checks..." - get_binary_name - - #In the next section we check to see if FTL is already installed (in case of pihole -r). - #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download - echo -e " ${INFO} Checking for existing FTL binary..." if FTLcheckUpdate ; then FTLinstall "${binary}" || return 1 fi From 4941e0f8ad507e0b720b1a0cf13c5b66985043eb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 4 Apr 2018 13:12:39 +0200 Subject: [PATCH 26/35] Backend changes needed to be able to set the privacy level Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 5eb35e97..3116f878 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -13,6 +13,7 @@ readonly setupVars="/etc/pihole/setupVars.conf" readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf" readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf" +readonly FTLconf="/etc/pihole/pihole-FTL.conf" # 03 -> wildcards readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf" @@ -52,6 +53,19 @@ change_setting() { add_setting "${1}" "${2}" } +addFTLsetting() { + echo "${1}=${2}" >> "${FTLconf}" +} + +deleteFTLsetting() { + sed -i "/${1}/d" "${FTLconf}" +} + +changeFTLsetting() { + deleteFTLsetting "${1}" + addFTLsetting "${1}" "${2}" +} + add_dnsmasq_setting() { if [[ "${2}" != "" ]]; then echo "${1}=${2}" >> "${dnsmasqconfig}" @@ -505,6 +519,13 @@ audit() echo "${args[2]}" >> /etc/pihole/auditlog.list } +SetPrivacyLevel() { + # Set privacy level. Minimum is 0, maximum is 3 + if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then + changeFTLsetting "PRIVACYLEVEL" "${args[2]}" + fi +} + main() { args=("$@") @@ -534,6 +555,7 @@ main() { "-t" | "teleporter" ) Teleporter;; "adlist" ) CustomizeAdLists;; "audit" ) audit;; + "privacylevel" ) SetPrivacyLevel;; * ) helpFunc;; esac From 631f5b484846e8b2ecfd5cd6a4527e4617e672be Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 4 Apr 2018 16:34:31 +0100 Subject: [PATCH 27/35] Change order of updatable components to match the end output Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 0f9f9783..9dbdb680 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -110,14 +110,6 @@ main() { echo -e " ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - if FTLcheckUpdate > /dev/null; then - FTL_update=true - echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" - else - FTL_update=false - echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}" - fi - if [[ "${INSTALL_WEB}" == true ]]; then if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then echo -e "\\n ${COL_LIGHT_RED}Error: Web Admin repo is missing from system! @@ -134,6 +126,14 @@ main() { fi fi + if FTLcheckUpdate > /dev/null; then + FTL_update=true + echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" + else + FTL_update=false + echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}" + fi + if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then echo "" echo -e " ${TICK} Everything is up to date!" From 6086614274eac0ccd2704a12c37abd7b8685dbeb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 4 Apr 2018 18:10:23 +0200 Subject: [PATCH 28/35] Add "-l, privacylevel" description to "pihole -a" Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 56 ++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 3116f878..ce6c34d2 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -36,7 +36,7 @@ Options: -e, email Set an administrative contact address for the Block Page -h, --help Show this help dialog -i, interface Specify dnsmasq's interface listening behavior - Add '-h' for more info on interface usage" + -l, privacylevel Set privacy level (0 = lowest, 3 = highest)" exit 0 } @@ -530,33 +530,33 @@ main() { args=("$@") case "${args[1]}" in - "-p" | "password" ) SetWebPassword;; - "-c" | "celsius" ) unit="C"; SetTemperatureUnit;; - "-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;; - "-k" | "kelvin" ) unit="K"; SetTemperatureUnit;; - "setdns" ) SetDNSServers;; - "setexcludedomains" ) SetExcludeDomains;; - "setexcludeclients" ) SetExcludeClients;; - "poweroff" ) Poweroff;; - "reboot" ) Reboot;; - "restartdns" ) RestartDNS;; - "setquerylog" ) SetQueryLogOptions;; - "enabledhcp" ) EnableDHCP;; - "disabledhcp" ) DisableDHCP;; - "layout" ) SetWebUILayout;; - "-h" | "--help" ) helpFunc;; - "privacymode" ) SetPrivacyMode;; - "resolve" ) ResolutionSettings;; - "addstaticdhcp" ) AddDHCPStaticAddress;; - "removestaticdhcp" ) RemoveDHCPStaticAddress;; - "-r" | "hostrecord" ) SetHostRecord "$3";; - "-e" | "email" ) SetAdminEmail "$3";; - "-i" | "interface" ) SetListeningMode "$@";; - "-t" | "teleporter" ) Teleporter;; - "adlist" ) CustomizeAdLists;; - "audit" ) audit;; - "privacylevel" ) SetPrivacyLevel;; - * ) helpFunc;; + "-p" | "password" ) SetWebPassword;; + "-c" | "celsius" ) unit="C"; SetTemperatureUnit;; + "-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;; + "-k" | "kelvin" ) unit="K"; SetTemperatureUnit;; + "setdns" ) SetDNSServers;; + "setexcludedomains" ) SetExcludeDomains;; + "setexcludeclients" ) SetExcludeClients;; + "poweroff" ) Poweroff;; + "reboot" ) Reboot;; + "restartdns" ) RestartDNS;; + "setquerylog" ) SetQueryLogOptions;; + "enabledhcp" ) EnableDHCP;; + "disabledhcp" ) DisableDHCP;; + "layout" ) SetWebUILayout;; + "-h" | "--help" ) helpFunc;; + "privacymode" ) SetPrivacyMode;; + "resolve" ) ResolutionSettings;; + "addstaticdhcp" ) AddDHCPStaticAddress;; + "removestaticdhcp" ) RemoveDHCPStaticAddress;; + "-r" | "hostrecord" ) SetHostRecord "$3";; + "-e" | "email" ) SetAdminEmail "$3";; + "-i" | "interface" ) SetListeningMode "$@";; + "-t" | "teleporter" ) Teleporter;; + "adlist" ) CustomizeAdLists;; + "audit" ) audit;; + "-l" | "privacylevel" ) SetPrivacyLevel;; + * ) helpFunc;; esac shift From 82d5afe9961a7964bc22e70f44ec8fdd504fa855 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 5 Apr 2018 22:28:55 +0200 Subject: [PATCH 29/35] Silence error in log flush subroutine when no pihole-FTL.conf can be found Signed-off-by: DL6ER --- advanced/Scripts/piholeLogFlush.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 5fd9832e..0bc998ac 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -16,7 +16,7 @@ source ${colfile} # Constructed to return nothing when # a) the setting is not present in the config file, or # b) the setting is commented out (e.g. "#DBFILE=...") -DBFILE="$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf)" +DBFILE="$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf 2> /dev/null)" # Test for empty string. Use standard path in this case. if [ -z "$DBFILE" ]; then DBFILE="/etc/pihole/pihole-FTL.db" From 8b5dcc3872de9a77833d2ed680cfac525350574c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 13 Apr 2018 16:53:57 +0100 Subject: [PATCH 30/35] Match change made by 7edab27 to prevent merge conflict Signed-off-by: Adam Warner --- advanced/Scripts/piholeLogFlush.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 0bc998ac..d9ac5ebd 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -16,12 +16,10 @@ source ${colfile} # Constructed to return nothing when # a) the setting is not present in the config file, or # b) the setting is commented out (e.g. "#DBFILE=...") -DBFILE="$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf 2> /dev/null)" -# Test for empty string. Use standard path in this case. -if [ -z "$DBFILE" ]; then - DBFILE="/etc/pihole/pihole-FTL.db" +FTLconf="/etc/pihole/pihole-FTL.conf" +if [ -e "$FTLconf" ]; then + DBFILE="$(sed -n -e 's/^\s*DBFILE\s*=\s*//p' ${FTLconf})" fi - if [[ "$@" != *"quiet"* ]]; then echo -ne " ${INFO} Flushing /var/log/pihole.log ..." fi From bca23dd896e743575e3b9925e3c63f320e421f09 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 18:25:35 +0100 Subject: [PATCH 31/35] Allow passing of --check-only to update script. Don't run installer for updating web files, it's handled by getGitFiles. I think this works... Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 14 +++++++++++++- pihole | 4 ++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 9dbdb680..f0deab2b 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -19,6 +19,9 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole" # shellcheck disable=SC2034 PH_TEST=true +# when --check-only is passed to this script, it will not perform the actual update +CHECK_ONLY=false + # shellcheck disable=SC1090 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # shellcheck disable=SC1091 @@ -140,6 +143,11 @@ main() { exit 0 fi + if [[ "${CHECK_ONLY}" == true ]]; then + echo "" + exit 0 + fi + if [[ "${core_update}" == true ]]; then echo "" echo -e " ${INFO} Pi-hole core files out of date, updating local repo." @@ -159,7 +167,7 @@ main() { echo -e " ${INFO} FTL out of date, it will be updated by the installer." fi - if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then + if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ echo -e "${basicError}" && exit 1 fi @@ -167,4 +175,8 @@ main() { exit 0 } +if [[ "$1" == "--check-only" ]]; then + CHECK_ONLY=true +fi + main diff --git a/pihole b/pihole index 4c824242..8ae85f00 100755 --- a/pihole +++ b/pihole @@ -71,7 +71,7 @@ flushFunc() { } updatePiholeFunc() { - "${PI_HOLE_SCRIPT_DIR}"/update.sh + "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@" exit 0 } @@ -644,7 +644,7 @@ case "${1}" in "-wild" | "wildcard" ) wildcardFunc "$@";; "-d" | "debug" ) debugFunc "$@";; "-f" | "flush" ) flushFunc "$@";; - "-up" | "updatePihole" ) updatePiholeFunc;; + "-up" | "updatePihole" ) updatePiholeFunc "$@";; "-r" | "reconfigure" ) reconfigurePiholeFunc;; "-g" | "updateGravity" ) updateGravityFunc "$@";; "-c" | "chronometer" ) chronometerFunc "$@";; From 33148ba8328a1646f4ed1b36a5a736a66a24b94d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 18:30:13 +0100 Subject: [PATCH 32/35] Add help text to pihole command to document new flag Signed-off-by: Adam Warner --- pihole | 1 + 1 file changed, 1 insertion(+) diff --git a/pihole b/pihole index 8ae85f00..3a15df7b 100755 --- a/pihole +++ b/pihole @@ -620,6 +620,7 @@ Options: -q, query Query the adlists for a specified domain Add '-h' for more info on query usage -up, updatePihole Update Pi-hole subsystems + Add '--check-only' to exit script before update is performed. -v, version Show installed versions of Pi-hole, Admin Console & FTL Add '-h' for more info on version usage uninstall Uninstall Pi-hole from your system From e49a9096a52124fbb61e1195f5d949156ad5e03d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 18:37:32 +0100 Subject: [PATCH 33/35] accidentally a 'shift' Signed-off-by: Adam Warner --- pihole | 1 + 1 file changed, 1 insertion(+) diff --git a/pihole b/pihole index 3a15df7b..cb75861b 100755 --- a/pihole +++ b/pihole @@ -71,6 +71,7 @@ flushFunc() { } updatePiholeFunc() { + shift "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@" exit 0 } From 20e0bca71d4005a99cbbe25430e9d5df62e928cc Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 23:45:36 +0100 Subject: [PATCH 34/35] add some more linters to stickler Signed-off-by: Adam Warner --- .stickler.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.stickler.yml b/.stickler.yml index b96fc2e7..d254899a 100644 --- a/.stickler.yml +++ b/.stickler.yml @@ -1,3 +1,6 @@ linters: shellcheck: shell: bash + phpcs: + css: + flake8: From 18b24535fe65e5ae1d878deaffab7edce7706456 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 23:46:52 +0100 Subject: [PATCH 35/35] Lets try the correct name for csslint Signed-off-by: Adam Warner --- .stickler.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.stickler.yml b/.stickler.yml index d254899a..0eaae8cb 100644 --- a/.stickler.yml +++ b/.stickler.yml @@ -2,5 +2,5 @@ linters: shellcheck: shell: bash phpcs: - css: + csslint: flake8: