From f4286a4d1256d2629272d7286a4ad12bbe4aef24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 12 Feb 2022 23:33:19 +0100 Subject: [PATCH 01/45] Fix log flush with new query database schema MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeLogFlush.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 7547a5fd..57f901f5 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -63,7 +63,7 @@ else fi fi # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) - deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1") + deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1") # Restart pihole-FTL to force reloading history sudo pihole restartdns From 91b4233d3a66a48a68659acfc60b1827a1fa9c61 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 19 Feb 2022 09:30:53 +0100 Subject: [PATCH 02/45] Add backend option to set rate-limit from the dashboard Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index aa4795dd..0f88c463 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -808,6 +808,23 @@ RemoveCustomCNAMERecord() { fi } +SetRateLimit() { + local rate_limit_count rate_limit_interval reload + rate_limit_count="${args[2]}" + rate_limit_interval="${args[3]}" + reload="${args[4]}" + + # Set rate-limit setting inf valid + if [ "${rate_limit_count}" -ge 0 ] && [ "${rate_limit_interval}" -ge 0 ]; then + changeFTLsetting "RATE_LIMIT" "${rate_limit_count}/${rate_limit_interval}" + fi + + # Restart FTL to update rate-limit settings only if $reload not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi +} + main() { args=("$@") @@ -841,6 +858,7 @@ main() { "removecustomdns" ) RemoveCustomDNSAddress;; "addcustomcname" ) AddCustomCNAMERecord;; "removecustomcname" ) RemoveCustomCNAMERecord;; + "ratelimit" ) SetRateLimit;; * ) helpFunc;; esac From 42424b515ba174fc60309f8363a193c91b7b444d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 20 Feb 2022 22:24:17 +0100 Subject: [PATCH 03/45] Add getFTLAPIPort function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add ftl_api_port function Signed-off-by: Christian König Use getFTLAPIPort in pihole Signed-off-by: Christian König Use default portfile as fallback Signed-off-by: Christian König Fix stickler Signed-off-by: Christian König Correct variables Signed-off-by: Christian König Apply suggestions from code review Co-authored-by: DL6ER Add test getFTLAPIPort returing default port Signed-off-by: Christian König Remove unused code from test_key_val_replacement_works Signed-off-by: Christian König Add getFTLAPIPort_custom test Signed-off-by: Christian König Fix output format Signed-off-by: Christian König Add debugging Signed-off-by: Christian König Remove debugging and fix function Signed-off-by: Christian König --- advanced/Scripts/utils.sh | 27 +++++++++++++++++++++++++++ pihole | 7 ++++--- test/test_any_utils.py | 26 ++++++++++++++++++++++++-- 3 files changed, 55 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index 887816cc..97dca952 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -33,3 +33,30 @@ addOrEditKeyValPair() { echo "${key}=${value}" >> "${file}" fi } + +####################### +# returns FTL's current telnet API port +####################### +getFTLAPIPort(){ + local -r FTLCONFFILE="/etc/pihole/pihole-FTL.conf" + local -r DEFAULT_PORT_FILE="/run/pihole-FTL.port" + local -r DEFAULT_FTL_PORT=4711 + local PORTFILE + local ftl_api_port + + if [[ -f "$FTLCONFFILE" ]]; then + # if PORTFILE is not set in pihole-FTL.conf, use the default path + PORTFILE="$( (grep "^PORTFILE=" $FTLCONFFILE || echo "$DEFAULT_PORT_FILE") | cut -d"=" -f2-)" + fi + + if [[ -s "$PORTFILE" ]]; then + # -s: FILE exists and has a size greater than zero + ftl_api_port=$(<"$PORTFILE") + # Exploit prevention: unset the variable if there is malicious content + # Verify that the value read from the file is numeric + [[ "$ftl_api_port" =~ [^[:digit:]] ]] && unset ftl_api_port + fi + + # echo the port found in the portfile or default to the default port + echo "${ftl_api_port:=$DEFAULT_FTL_PORT}" +} diff --git a/pihole b/pihole index 56d47eca..d73fd5aa 100755 --- a/pihole +++ b/pihole @@ -316,9 +316,10 @@ analyze_ports() { statusFunc() { # Determine if there is pihole-FTL service is listening - local listening pid port + local pid port ftl_api_port pid="$(getFTLPID)" + ftl_api_port="$(getFTLAPIPort)" if [[ "$pid" -eq "-1" ]]; then case "${1}" in "web") echo "-1";; @@ -326,8 +327,8 @@ statusFunc() { esac return 0 else - #get the port pihole-FTL is listening on by using FTL's telnet API - port="$(echo ">dns-port >quit" | nc 127.0.0.1 4711)" + #get the DNS port pihole-FTL is listening on by using FTL's telnet API + port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")" if [[ "${port}" == "0" ]]; then case "${1}" in "web") echo "-1";; diff --git a/test/test_any_utils.py b/test/test_any_utils.py index ba9b2d23..8ad27997 100644 --- a/test/test_any_utils.py +++ b/test/test_any_utils.py @@ -1,16 +1,38 @@ def test_key_val_replacement_works(host): ''' Confirms addOrEditKeyValPair provides the expected output ''' host.run(''' - setupvars=./testoutput source /opt/pihole/utils.sh addOrEditKeyValPair "KEY_ONE" "value1" "./testoutput" addOrEditKeyValPair "KEY_TWO" "value2" "./testoutput" addOrEditKeyValPair "KEY_ONE" "value3" "./testoutput" addOrEditKeyValPair "KEY_FOUR" "value4" "./testoutput" - cat ./testoutput ''') output = host.run(''' cat ./testoutput ''') expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n' assert expected_stdout == output.stdout + + +def test_getFTLAPIPort_default(host): + ''' Confirms getFTLAPIPort returns the default API port ''' + output = host.run(''' + source /opt/pihole/utils.sh + getFTLAPIPort + ''') + expected_stdout = '4711\n' + assert expected_stdout == output.stdout + + +def test_getFTLAPIPort_custom(host): + ''' Confirms getFTLAPIPort returns a custom API port in a custom PORTFILE location ''' + host.run(''' + echo "PORTFILE=/tmp/port.file" > /etc/pihole/pihole-FTL.conf + echo "1234" > /tmp/port.file + ''') + output = host.run(''' + source /opt/pihole/utils.sh + getFTLAPIPort + ''') + expected_stdout = '1234\n' + assert expected_stdout == output.stdout From c756bcb9d12a004b38d1925cd341fefa2fbb6ae9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 1 Mar 2022 09:07:51 +0100 Subject: [PATCH 04/45] Add procps to dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 1e004b8b..496d90fe 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -287,7 +287,7 @@ package_manager_detect() { # Packages required to run this install script (stored as an array) INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping psmisc sudo unzip idn2 libcap2-bin dns-root-data libcap2 netcat-openbsd) + PIHOLE_DEPS=(cron curl iputils-ping psmisc sudo unzip idn2 libcap2-bin dns-root-data libcap2 netcat-openbsd procps) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") From 40b96e673b6af18c3ede288fc3e968e36f661238 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Sat, 12 Mar 2022 02:58:46 -0300 Subject: [PATCH 05/45] Allows colorful debug logs via web interface Note: needs the AdminLTE code changes to work. Signed-off-by: RD WebDesign --- advanced/Scripts/COL_TABLE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/COL_TABLE b/advanced/Scripts/COL_TABLE index d76be68c..2d2b074b 100644 --- a/advanced/Scripts/COL_TABLE +++ b/advanced/Scripts/COL_TABLE @@ -1,5 +1,5 @@ # Determine if terminal is capable of showing colors -if [[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]; then +if ([[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]) || [[ "${WEBCALL}" ]]; then # Bold and underline may not show up on all clients # If something MUST be emphasized, use both COL_BOLD='' From 0219e5dfe040fd63b7cc161026854f358ed7150e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 12 Mar 2022 20:48:01 +0100 Subject: [PATCH 06/45] Pool identical messages in debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 7d3e7acf..e72ae5b8 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1273,7 +1273,7 @@ show_clients() { } show_messages() { - show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT id,datetime(timestamp,'unixepoch','localtime') timestamp,type,message,blob1,blob2,blob3,blob4,blob5 FROM message;" "4 19 20 60 20 20 20 20 20" + show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT count (message) as count, type, message, blob1, blob2, blob3, blob4, blob5 FROM message GROUP BY type, message, blob1, blob2, blob3, blob4, blob5;" "6 20 60 20 20 20 20 20" } analyze_gravity_list() { From 48136c5bbcda42a2241b2ed398c6df69868d0f98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 14 Mar 2022 19:54:46 +0100 Subject: [PATCH 07/45] Add last timestamp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index e72ae5b8..c5844131 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1273,7 +1273,7 @@ show_clients() { } show_messages() { - show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT count (message) as count, type, message, blob1, blob2, blob3, blob4, blob5 FROM message GROUP BY type, message, blob1, blob2, blob3, blob4, blob5;" "6 20 60 20 20 20 20 20" + show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT count (message) as count, datetime(max(timestamp),'unixepoch','localtime') as 'last timestamp', type, message, blob1, blob2, blob3, blob4, blob5 FROM message GROUP BY type, message, blob1, blob2, blob3, blob4, blob5;" "6 19 20 60 20 20 20 20 20" } analyze_gravity_list() { From ab7d83384ff801e238f42408a4209d2784c9c2b3 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Mon, 14 Mar 2022 18:55:46 -0300 Subject: [PATCH 08/45] Allow lighttpd to stream responses to browser Signed-off-by: RD WebDesign --- advanced/lighttpd.conf.debian | 5 +++++ advanced/lighttpd.conf.fedora | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index cf728e19..b8656a24 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -36,6 +36,11 @@ server.port = 80 accesslog.filename = "/var/log/lighttpd/access.log" accesslog.format = "%{%s}t|%V|%r|%s|%b" +# Allow streaming response +# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails +server.stream-response-body = 1 +#ssl.read-ahead = "disable" + index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 626a3d8d..79d5f3b2 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -37,6 +37,11 @@ server.port = 80 accesslog.filename = "/var/log/lighttpd/access.log" accesslog.format = "%{%s}t|%V|%r|%s|%b" +# Allow streaming response +# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails +server.stream-response-body = 1 +#ssl.read-ahead = "disable" + index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) From 48138d32b6acfe8c20dff097537e69a11df02fbf Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 16 Mar 2022 17:42:01 +0000 Subject: [PATCH 09/45] Adjust addOrEditKeyValPair to optionally take two or three arguments (adjust test to suit) Add a removeKey function with test update webpage.sh to reference functions in utils.sh (this can likely be abstracted/refactored further) Signed-off-by: Adam Warner --- advanced/Scripts/utils.sh | 50 +++++++++++++++++++++++++++++++------ advanced/Scripts/webpage.sh | 27 +++++++++----------- test/test_any_utils.py | 19 +++++++++++++- 3 files changed, 73 insertions(+), 23 deletions(-) diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index 97dca952..a006d43a 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -15,7 +15,10 @@ # - New functions must have a test added for them in test/test_any_utils.py ####################### -# Takes three arguments key, value, and file. +# Takes either +# - Three arguments: key, value, and file. +# - Two arguments: key, and file +# # Checks the target file for the existence of the key # - If it exists, it changes the value # - If it does not exist, it adds the value @@ -25,13 +28,46 @@ ####################### addOrEditKeyValPair() { local key="${1}" - local value="${2}" - local file="${3}" - if grep -q "^${key}=" "${file}"; then - sed -i "/^${key}=/c\\${key}=${value}" "${file}" - else - echo "${key}=${value}" >> "${file}" + local value + local file + + # If two arguments have been passed, then the second one is the file - there is no value + if [ $# -lt 3 ]; then + file="${2}" + else + value="${2}" + file="${3}" fi + + if [[ "${value}" != "" ]]; then + # value has a value, so it is a key pair + if grep -q "^${key}=" "${file}"; then + # Key already exists in file, modify the value + sed -i "/^${key}=/c\\${key}=${value}" "${file}" + else + # Key does not already exist, add it and it's value + echo "${key}=${value}" >> "${file}" + fi + else + # value has no value, so it is just a key. Add it if it does not already exist + if ! grep -q "^${key}" "${file}"; then + # Key does not exist, add it. + echo "${key}" >> "${file}" + fi + fi +} + +####################### +# Takes two arguments key, and file. +# Deletes a key from target file +# +# Example usage: +# removeKey "PIHOLE_DNS_1" "/etc/pihole/setupVars.conf" +####################### +removeKey() { + local key="${1}" + local file="${2}" + sed -i "/^${key}/d" "${file}" } ####################### diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 0f88c463..14cf5999 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -26,6 +26,9 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole" PH_TEST="true" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" +readonly utilsfile="/opt/pihole/utils.sh" +source "${utilsfile}" + coltable="/opt/pihole/COL_TABLE" if [[ -f ${coltable} ]]; then source ${coltable} @@ -51,41 +54,35 @@ Options: } add_setting() { - echo "${1}=${2}" >> "${setupVars}" + addOrEditKeyValPair "${1}" "${2}" "${setupVars}" } delete_setting() { - sed -i "/^${1}/d" "${setupVars}" + removeKey "${1}" "${setupVars}" } change_setting() { - delete_setting "${1}" - add_setting "${1}" "${2}" + addOrEditKeyValPair "${1}" "${2}" "${setupVars}" } addFTLsetting() { - echo "${1}=${2}" >> "${FTLconf}" + addOrEditKeyValPair "${1}" "${2}" "${FTLconf}" } deleteFTLsetting() { - sed -i "/^${1}/d" "${FTLconf}" + removeKey "${1}" "${FTLconf}" } changeFTLsetting() { - deleteFTLsetting "${1}" - addFTLsetting "${1}" "${2}" + addOrEditKeyValPair "${1}" "${2}" "${FTLconf}" } add_dnsmasq_setting() { - if [[ "${2}" != "" ]]; then - echo "${1}=${2}" >> "${dnsmasqconfig}" - else - echo "${1}" >> "${dnsmasqconfig}" - fi + addOrEditKeyValPair "${1}" "${2}" "${dnsmasqconfig}" } delete_dnsmasq_setting() { - sed -i "/^${1}/d" "${dnsmasqconfig}" + removeKey "${1}" "${dnsmasqconfig}" } SetTemperatureUnit() { @@ -183,7 +180,7 @@ ProcessDNSSettings() { fi delete_dnsmasq_setting "dnssec" - delete_dnsmasq_setting "trust-anchor=" + delete_dnsmasq_setting "trust-anchor" if [[ "${DNSSEC}" == true ]]; then echo "dnssec diff --git a/test/test_any_utils.py b/test/test_any_utils.py index 8ad27997..f73cc1b2 100644 --- a/test/test_any_utils.py +++ b/test/test_any_utils.py @@ -6,11 +6,28 @@ def test_key_val_replacement_works(host): addOrEditKeyValPair "KEY_TWO" "value2" "./testoutput" addOrEditKeyValPair "KEY_ONE" "value3" "./testoutput" addOrEditKeyValPair "KEY_FOUR" "value4" "./testoutput" + addOrEditKeyValPair "KEY_FIVE_NO_VALUE" "./testoutput" + addOrEditKeyValPair "KEY_FIVE_NO_VALUE" "./testoutput" ''') output = host.run(''' cat ./testoutput ''') - expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n' + expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\nKEY_FIVE_NO_VALUE\n' + assert expected_stdout == output.stdout + +def test_key_val_removal_works(host): + ''' Confirms addOrEditKeyValPair provides the expected output ''' + host.run(''' + source /opt/pihole/utils.sh + addOrEditKeyValPair "KEY_ONE" "value1" "./testoutput" + addOrEditKeyValPair "KEY_TWO" "value2" "./testoutput" + addOrEditKeyValPair "KEY_THREE" "value3" "./testoutput" + removeKey "KEY_TWO" "./testoutput" + ''') + output = host.run(''' + cat ./testoutput + ''') + expected_stdout = 'KEY_ONE=value1\nKEY_THREE=value3\n' assert expected_stdout == output.stdout From 59fc3804be28b3b26f3c6b333a36e04701be18d9 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 16 Mar 2022 20:30:31 +0000 Subject: [PATCH 10/45] Make utils.sh posix compatible per request Signed-off-by: Adam Warner --- advanced/Scripts/utils.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index a006d43a..86a7e0b4 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. @@ -39,7 +39,7 @@ addOrEditKeyValPair() { file="${3}" fi - if [[ "${value}" != "" ]]; then + if [ "${value}" != "" ]; then # value has a value, so it is a key pair if grep -q "^${key}=" "${file}"; then # Key already exists in file, modify the value @@ -74,23 +74,23 @@ removeKey() { # returns FTL's current telnet API port ####################### getFTLAPIPort(){ - local -r FTLCONFFILE="/etc/pihole/pihole-FTL.conf" - local -r DEFAULT_PORT_FILE="/run/pihole-FTL.port" - local -r DEFAULT_FTL_PORT=4711 + local FTLCONFFILE="/etc/pihole/pihole-FTL.conf" + local DEFAULT_PORT_FILE="/run/pihole-FTL.port" + local DEFAULT_FTL_PORT=4711 local PORTFILE local ftl_api_port - if [[ -f "$FTLCONFFILE" ]]; then + if [ -f "$FTLCONFFILE" ]; then # if PORTFILE is not set in pihole-FTL.conf, use the default path PORTFILE="$( (grep "^PORTFILE=" $FTLCONFFILE || echo "$DEFAULT_PORT_FILE") | cut -d"=" -f2-)" fi - if [[ -s "$PORTFILE" ]]; then + if [ -s "$PORTFILE" ]; then # -s: FILE exists and has a size greater than zero - ftl_api_port=$(<"$PORTFILE") + ftl_api_port=$(cat "${PORTFILE}") # Exploit prevention: unset the variable if there is malicious content - # Verify that the value read from the file is numeric - [[ "$ftl_api_port" =~ [^[:digit:]] ]] && unset ftl_api_port + # Verify that the value read from the file is numeric + expr "$ftl_api_port" : "[^[:digit:]]" > /dev/null && unset ftl_api_port fi # echo the port found in the portfile or default to the default port From 2ade05d60fc20dcbdd25fa57d105da08ca464683 Mon Sep 17 00:00:00 2001 From: Yang Bin Date: Thu, 17 Mar 2022 18:19:01 +0800 Subject: [PATCH 11/45] Fixed wrong words in `README.md` Signed-off-by: Yang Bin --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b993cfe9..20c707b1 100644 --- a/README.md +++ b/README.md @@ -161,4 +161,4 @@ Some notable features include: There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168): 1. `http://pi.hole/admin/` (when using Pi-hole as your DNS server) -2. `http:///admin/` +2. `http:///admin/` From 0d4c69cc6fc81a989c6ee3df50a3aa80f48a1ebc Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Mon, 21 Mar 2022 18:47:42 -0300 Subject: [PATCH 12/45] Add check to avoid error in PHP 8 and return some information about the unexpected value Signed-off-by: RD WebDesign --- advanced/index.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/advanced/index.php b/advanced/index.php index d0c5fc5d..95afcdff 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -170,7 +170,15 @@ function queryAds($serverName) { $serverName ); $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES); - $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds))); + + // $queryAds must be an array (to avoid PHP 8.0+ error) + if (is_array($queryAds)) { + $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds))); + } else { + // if not an array, return an error message + return array("0" => "error", "1" => "Not an array:
(".gettype($queryAds).")
".print_r($queryAds, true)); + } + $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime); // Exception Handling From c9809371abf89efe4f39c25170773eb2a5f39929 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Wed, 23 Mar 2022 18:33:15 -0300 Subject: [PATCH 13/45] Selecting the protocol Signed-off-by: RD WebDesign --- advanced/index.php | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index 95afcdff..054e8063 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -164,19 +164,34 @@ ini_set("default_socket_timeout", 3); function queryAds($serverName) { // Determine the time it takes while querying adlists $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]; + + // Determine which protocol should be used + $protocol = "http"; + if ( + (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || + (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') || + (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') + ) { + $protocol = "https"; + } + + // Format the URL $queryAdsURL = sprintf( - "http://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp", + "%s://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp", + $protocol, $_SERVER["SERVER_PORT"], $serverName ); - $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES); - // $queryAds must be an array (to avoid PHP 8.0+ error) - if (is_array($queryAds)) { - $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds))); + // Request the file and receive the response + $queryAdsFile = file($queryAdsURL, FILE_IGNORE_NEW_LINES); + + // $queryAdsFile must be an array (to avoid PHP 8.0+ error) + if (is_array($queryAdsFile)) { + $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAdsFile))); } else { // if not an array, return an error message - return array("0" => "error", "1" => "Not an array:
(".gettype($queryAds).")
".print_r($queryAds, true)); + return array("0" => "error", "1" => "
Not an array: (".gettype($queryAdsFile).")
".print_r($queryAdsFile, true)); } $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime); From f8e84b3c3f7031eaef1e2e72a03bbdda8a1e1b92 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Wed, 23 Mar 2022 18:45:18 -0300 Subject: [PATCH 14/45] Fix stickler Signed-off-by: RD WebDesign --- advanced/index.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index 054e8063..cf0ab854 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -167,8 +167,7 @@ function queryAds($serverName) { // Determine which protocol should be used $protocol = "http"; - if ( - (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || + if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ) { @@ -191,7 +190,7 @@ function queryAds($serverName) { $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAdsFile))); } else { // if not an array, return an error message - return array("0" => "error", "1" => "
Not an array: (".gettype($queryAdsFile).")
".print_r($queryAdsFile, true)); + return array("0" => "error", "1" => "
(".gettype($queryAdsFile).")
".print_r($queryAdsFile, true)); } $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime); From 54ce8c26224ea98fa330dac7307c6bf5df7d372e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 30 Mar 2022 21:04:36 +0200 Subject: [PATCH 15/45] Only use sudo power if needed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/pihole b/pihole index d73fd5aa..563cafd8 100755 --- a/pihole +++ b/pihole @@ -498,6 +498,14 @@ fi case "${1}" in "-h" | "help" | "--help" ) helpFunc;; + "-v" | "version" ) versionFunc "$@";; + "-c" | "chronometer" ) chronometerFunc "$@";; + "-d" | "debug" ) debugFunc "$@";; + "-q" | "query" ) queryFunc "$@";; + "status" ) statusFunc "$2";; + "-t" | "tail" ) tailFunc "$2";; + "tricorder" ) tricorderFunc;; + * ) helpFunc;; esac # Must be root to use this tool @@ -519,26 +527,17 @@ case "${1}" in "--regex" | "regex" ) listFunc "$@";; "--white-regex" | "white-regex" ) listFunc "$@";; "--white-wild" | "white-wild" ) listFunc "$@";; - "-d" | "debug" ) debugFunc "$@";; "-f" | "flush" ) flushFunc "$@";; "-up" | "updatePihole" ) updatePiholeFunc "$@";; "-r" | "reconfigure" ) reconfigurePiholeFunc;; "-g" | "updateGravity" ) updateGravityFunc "$@";; - "-c" | "chronometer" ) chronometerFunc "$@";; - "-h" | "help" ) helpFunc;; - "-v" | "version" ) versionFunc "$@";; - "-q" | "query" ) queryFunc "$@";; "-l" | "logging" ) piholeLogging "$@";; "uninstall" ) uninstallFunc;; "enable" ) piholeEnable 1;; "disable" ) piholeEnable 0 "$2";; - "status" ) statusFunc "$2";; "restartdns" ) restartDNS "$2";; "-a" | "admin" ) webpageFunc "$@";; - "-t" | "tail" ) tailFunc "$2";; "checkout" ) piholeCheckoutFunc "$@";; - "tricorder" ) tricorderFunc;; "updatechecker" ) updateCheckFunc "$@";; "arpflush" ) arpFunc "$@";; - * ) helpFunc;; esac From 614d18cd3dbf4a2635a05e54467abc8d62490db2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 30 Mar 2022 21:24:51 +0200 Subject: [PATCH 16/45] Debug need sudo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/pihole b/pihole index 563cafd8..dd589a8d 100755 --- a/pihole +++ b/pihole @@ -496,15 +496,37 @@ if [[ $# = 0 ]]; then helpFunc fi +# functions that do not requiere sudo power case "${1}" in "-h" | "help" | "--help" ) helpFunc;; "-v" | "version" ) versionFunc "$@";; "-c" | "chronometer" ) chronometerFunc "$@";; - "-d" | "debug" ) debugFunc "$@";; "-q" | "query" ) queryFunc "$@";; "status" ) statusFunc "$2";; "-t" | "tail" ) tailFunc "$2";; "tricorder" ) tricorderFunc;; + + # we need to add all arguments that require sudo power to not trigger the * argument + "-w" | "whitelist" ) ;; + "-b" | "blacklist" ) ;; + "--wild" | "wildcard" ) ;; + "--regex" | "regex" ) ;; + "--white-regex" | "white-regex" ) ;; + "--white-wild" | "white-wild" ) ;; + "-f" | "flush" ) ;; + "-up" | "updatePihole" ) ;; + "-r" | "reconfigure" ) ;; + "-g" | "updateGravity" ) ;; + "-l" | "logging" ) ;; + "uninstall" ) ;; + "enable" ) ;; + "disable" ) ;; + "-d" | "debug" ) ;; + "restartdns" ) ;; + "-a" | "admin" ) ;; + "checkout" ) ;; + "updatechecker" ) ;; + "arpflush" ) ;; * ) helpFunc;; esac @@ -535,6 +557,7 @@ case "${1}" in "uninstall" ) uninstallFunc;; "enable" ) piholeEnable 1;; "disable" ) piholeEnable 0 "$2";; + "-d" | "debug" ) debugFunc "$@";; "restartdns" ) restartDNS "$2";; "-a" | "admin" ) webpageFunc "$@";; "checkout" ) piholeCheckoutFunc "$@";; From 722a716de37282401996d7cc95b7e689df5b7d92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 30 Mar 2022 22:40:14 +0200 Subject: [PATCH 17/45] Add exit code to status function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- pihole | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pihole b/pihole index dd589a8d..1f283d0e 100755 --- a/pihole +++ b/pihole @@ -365,7 +365,7 @@ statusFunc() { # Enable blocking "${PI_HOLE_BIN_DIR}"/pihole enable fi - +exit 0 } tailFunc() { @@ -549,6 +549,7 @@ case "${1}" in "--regex" | "regex" ) listFunc "$@";; "--white-regex" | "white-regex" ) listFunc "$@";; "--white-wild" | "white-wild" ) listFunc "$@";; + "-d" | "debug" ) debugFunc "$@";; "-f" | "flush" ) flushFunc "$@";; "-up" | "updatePihole" ) updatePiholeFunc "$@";; "-r" | "reconfigure" ) reconfigurePiholeFunc;; @@ -557,7 +558,6 @@ case "${1}" in "uninstall" ) uninstallFunc;; "enable" ) piholeEnable 1;; "disable" ) piholeEnable 0 "$2";; - "-d" | "debug" ) debugFunc "$@";; "restartdns" ) restartDNS "$2";; "-a" | "admin" ) webpageFunc "$@";; "checkout" ) piholeCheckoutFunc "$@";; From 5cebceadda93ceb73038b6d248044933af2e0459 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Wed, 30 Mar 2022 21:32:18 -0300 Subject: [PATCH 18/45] Remove `@` and following character from interface name Signed-off-by: RD WebDesign --- advanced/Scripts/piholeDebug.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 7d3e7acf..c0efc767 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -906,9 +906,11 @@ dig_at() { # Removes all interfaces which are not UP # s/^[0-9]*: //g; # Removes interface index + # s/@.*//g; + # Removes everything after @ (if found) # s/: <.*//g; # Removes everything after the interface name - interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")" + interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/@.*//g;s/: <.*//g;")" while IFS= read -r iface ; do # Get addresses of current interface From 4230be0c8074dbbc286875986cfc2ea61399a2bb Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 1 Apr 2022 12:00:14 -0700 Subject: [PATCH 19/45] Hirsute buildpack EOL upstream. Adding impish. Signed-off-by: Dan Schaper --- test/_ubuntu_21.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/_ubuntu_21.Dockerfile b/test/_ubuntu_21.Dockerfile index afddbfa9..6d4d7fbc 100644 --- a/test/_ubuntu_21.Dockerfile +++ b/test/_ubuntu_21.Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:hirsute-scm +FROM buildpack-deps:impish-scm ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole From 69e4e9a2ae705da466711238b81837d0a3ce6f3d Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 1 Apr 2022 12:53:43 -0700 Subject: [PATCH 20/45] Bump to python action v3. v2 has many changes. Signed-off-by: Dan Schaper --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 17557a87..33ba6c8f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -37,7 +37,7 @@ jobs: uses: actions/checkout@v2 - name: Set up Python 3.8 - uses: actions/setup-python@v2 + uses: actions/setup-python@v3 with: python-version: 3.8 - From 7fa8cdd03ee1884b61add34d923d0741da8a6a3a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 16 Mar 2022 20:46:15 +0000 Subject: [PATCH 21/45] Address: - Review Comments - Stickler Complaints --- advanced/Scripts/utils.sh | 22 ++++++++-------------- advanced/Scripts/webpage.sh | 12 +++++++----- pihole | 8 ++++---- test/test_any_utils.py | 19 ++++++++++--------- 4 files changed, 29 insertions(+), 32 deletions(-) diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index 86a7e0b4..0906ce49 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -1,4 +1,6 @@ #!/usr/bin/env sh +# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions + # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. @@ -16,28 +18,20 @@ ####################### # Takes either -# - Three arguments: key, value, and file. -# - Two arguments: key, and file +# - Three arguments: file, key, and value. +# - Two arguments: file, and key. # # Checks the target file for the existence of the key # - If it exists, it changes the value # - If it does not exist, it adds the value # # Example usage: -# addOrEditKeyValuePair "BLOCKING_ENABLED" "true" "/etc/pihole/setupVars.conf" +# addOrEditKeyValuePair "/etc/pihole/setupVars.conf" "BLOCKING_ENABLED" "true" ####################### addOrEditKeyValPair() { - local key="${1}" - local value - local file - - # If two arguments have been passed, then the second one is the file - there is no value - if [ $# -lt 3 ]; then - file="${2}" - else - value="${2}" - file="${3}" - fi + local file="${1}" + local key="${2}" + local value="${3}" if [ "${value}" != "" ]; then # value has a value, so it is a key pair diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 14cf5999..f63fd0ca 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash # shellcheck disable=SC1090 +# shellcheck disable=SC2154 + # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) @@ -54,7 +56,7 @@ Options: } add_setting() { - addOrEditKeyValPair "${1}" "${2}" "${setupVars}" + addOrEditKeyValPair "${setupVars}" "${1}" "${2}" } delete_setting() { @@ -62,11 +64,11 @@ delete_setting() { } change_setting() { - addOrEditKeyValPair "${1}" "${2}" "${setupVars}" + addOrEditKeyValPair "${setupVars}" "${1}" "${2}" } addFTLsetting() { - addOrEditKeyValPair "${1}" "${2}" "${FTLconf}" + addOrEditKeyValPair "${FTLconf}" "${1}" "${2}" } deleteFTLsetting() { @@ -74,11 +76,11 @@ deleteFTLsetting() { } changeFTLsetting() { - addOrEditKeyValPair "${1}" "${2}" "${FTLconf}" + addOrEditKeyValPair "${FTLconf}" "${1}" "${2}" } add_dnsmasq_setting() { - addOrEditKeyValPair "${1}" "${2}" "${dnsmasqconfig}" + addOrEditKeyValPair "${dnsmasqconfig}" "${1}" "${2}" } delete_dnsmasq_setting() { diff --git a/pihole b/pihole index d73fd5aa..bdce6663 100755 --- a/pihole +++ b/pihole @@ -226,7 +226,7 @@ Time: fi local str="Pi-hole Disabled" - addOrEditKeyValPair "BLOCKING_ENABLED" "false" "${setupVars}" + addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "false" fi else # Enable Pi-hole @@ -238,7 +238,7 @@ Time: echo -e " ${INFO} Enabling blocking" local str="Pi-hole Enabled" - addOrEditKeyValPair "BLOCKING_ENABLED" "true" "${setupVars}" + addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "true" fi restartDNS reload-lists @@ -261,7 +261,7 @@ Options: elif [[ "${1}" == "off" ]]; then # Disable logging sed -i 's/^log-queries/#log-queries/' /etc/dnsmasq.d/01-pihole.conf - addOrEditKeyValPair "QUERY_LOGGING" "false" "${setupVars}" + addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "false" if [[ "${2}" != "noflush" ]]; then # Flush logs "${PI_HOLE_BIN_DIR}"/pihole -f @@ -271,7 +271,7 @@ Options: elif [[ "${1}" == "on" ]]; then # Enable logging sed -i 's/^#log-queries/log-queries/' /etc/dnsmasq.d/01-pihole.conf - addOrEditKeyValPair "QUERY_LOGGING" "true" "${setupVars}" + addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "true" echo -e " ${INFO} Enabling logging..." local str="Logging has been enabled!" else diff --git a/test/test_any_utils.py b/test/test_any_utils.py index f73cc1b2..1c8f9531 100644 --- a/test/test_any_utils.py +++ b/test/test_any_utils.py @@ -2,12 +2,12 @@ def test_key_val_replacement_works(host): ''' Confirms addOrEditKeyValPair provides the expected output ''' host.run(''' source /opt/pihole/utils.sh - addOrEditKeyValPair "KEY_ONE" "value1" "./testoutput" - addOrEditKeyValPair "KEY_TWO" "value2" "./testoutput" - addOrEditKeyValPair "KEY_ONE" "value3" "./testoutput" - addOrEditKeyValPair "KEY_FOUR" "value4" "./testoutput" - addOrEditKeyValPair "KEY_FIVE_NO_VALUE" "./testoutput" - addOrEditKeyValPair "KEY_FIVE_NO_VALUE" "./testoutput" + addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1" + addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2" + addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3" + addOrEditKeyValPair "./testoutput" "KEY_FOUR" "value4" + addOrEditKeyValPair "./testoutput" "KEY_FIVE_NO_VALUE" + addOrEditKeyValPair "./testoutput" "KEY_FIVE_NO_VALUE" ''') output = host.run(''' cat ./testoutput @@ -15,13 +15,14 @@ def test_key_val_replacement_works(host): expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\nKEY_FIVE_NO_VALUE\n' assert expected_stdout == output.stdout + def test_key_val_removal_works(host): ''' Confirms addOrEditKeyValPair provides the expected output ''' host.run(''' source /opt/pihole/utils.sh - addOrEditKeyValPair "KEY_ONE" "value1" "./testoutput" - addOrEditKeyValPair "KEY_TWO" "value2" "./testoutput" - addOrEditKeyValPair "KEY_THREE" "value3" "./testoutput" + addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1" + addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2" + addOrEditKeyValPair "./testoutput" "KEY_THREE" "value3" removeKey "KEY_TWO" "./testoutput" ''') output = host.run(''' From 6121c162ff31a74a3b24c13c9104af13627d1277 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 3 Apr 2022 13:49:43 +0200 Subject: [PATCH 22/45] Fix typo Co-authored-by: Marius Hanl <66004280+Maran23@users.noreply.github.com> --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 1f283d0e..dd41c5f2 100755 --- a/pihole +++ b/pihole @@ -496,7 +496,7 @@ if [[ $# = 0 ]]; then helpFunc fi -# functions that do not requiere sudo power +# functions that do not require sudo power case "${1}" in "-h" | "help" | "--help" ) helpFunc;; "-v" | "version" ) versionFunc "$@";; From e4a1f3a175b00b344f0d941a4cf7a97fbc1f8b2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 4 Apr 2022 13:52:26 +0200 Subject: [PATCH 23/45] Rename block lists to adlists within the query list functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/query.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 20c891bf..8f7bfea4 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -64,8 +64,8 @@ Example: 'pihole -q -exact domain.com' Query the adlists for a specified domain Options: - -exact Search the block lists for exact domain matches - -all Return all query matches within a block list + -exact Search the adlists for exact domain matches + -all Return all query matches within the adlists -h, --help Show this help dialog" exit 0 fi @@ -210,7 +210,7 @@ mapfile -t results <<< "$(scanDatabaseTable "${domainQuery}" "gravity")" # Handle notices if [[ -z "${wbMatch:-}" ]] && [[ -z "${wcMatch:-}" ]] && [[ -z "${results[*]}" ]]; then - echo -e " ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the block lists" + echo -e " ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the adlists" exit 0 elif [[ -z "${results[*]}" ]]; then # Result found in WL/BL/Wildcards From cd3c97f11326fda89fdc0d617aaf115160f6be61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 4 Apr 2022 16:38:30 +0200 Subject: [PATCH 24/45] Exit installer if dpkg lock is held for more then 30 seconds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 37 +++++++++++++++++------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a9235394..9d1eaccd 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -259,6 +259,27 @@ os_check() { fi } +# This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. +test_dpkg_lock() { + i=0 + # fuser is a program to show which processes use the named files, sockets, or filesystems + # So while the lock is held, + while fuser /var/lib/dpkg/lock >/dev/null 2>&1 + do + # we wait half a second, + sleep 0.5 + # increase the iterator, + ((i=i+1)) + # exit if waiting for more then 30 seconds + if [[ $i -gt 60 ]]; then + echo "*** Error: Could not verify package manager finished and released lock. Attempt to install packages manually and retry."; + exit 1; + fi + done + # and then report success once dpkg is unlocked. + return 0 +} + # Compatibility package_manager_detect() { # First check to see if apt-get is installed. @@ -302,22 +323,6 @@ package_manager_detect() { # and config file LIGHTTPD_CFG="lighttpd.conf.debian" - # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. - test_dpkg_lock() { - i=0 - # fuser is a program to show which processes use the named files, sockets, or filesystems - # So while the lock is held, - while fuser /var/lib/dpkg/lock >/dev/null 2>&1 - do - # we wait half a second, - sleep 0.5 - # increase the iterator, - ((i=i+1)) - done - # and then report success once dpkg is unlocked. - return 0 - } - # If apt-get is not found, check for rpm. elif is_command rpm ; then # Then check if dnf or yum is the package manager From 30ba79f6a01e331302f753a190b8d187610d374f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 4 Apr 2022 16:48:34 +0200 Subject: [PATCH 25/45] Let users know what's going on MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9d1eaccd..a51362ba 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -262,6 +262,7 @@ os_check() { # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. test_dpkg_lock() { i=0 + printf " %b Waiting for package manager to finish\\n" "${INFO}" # fuser is a program to show which processes use the named files, sockets, or filesystems # So while the lock is held, while fuser /var/lib/dpkg/lock >/dev/null 2>&1 @@ -272,7 +273,8 @@ test_dpkg_lock() { ((i=i+1)) # exit if waiting for more then 30 seconds if [[ $i -gt 60 ]]; then - echo "*** Error: Could not verify package manager finished and released lock. Attempt to install packages manually and retry."; + printf " %b %bError: Could not verify package manager finished and released lock. %b\\n" "${CROSS}" "${COL_LIGHT_RED}" "${COL_NC}" + printf " Attempt to install packages manually and retry.\\n" exit 1; fi done From c0a2ab7b77feaa64a25415ec674432fa22e423ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 4 Apr 2022 16:59:13 +0200 Subject: [PATCH 26/45] Fix indention MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a51362ba..5f2f327d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -262,7 +262,7 @@ os_check() { # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. test_dpkg_lock() { i=0 - printf " %b Waiting for package manager to finish\\n" "${INFO}" + printf " %b Waiting for package manager to finish\\n" "${INFO}" # fuser is a program to show which processes use the named files, sockets, or filesystems # So while the lock is held, while fuser /var/lib/dpkg/lock >/dev/null 2>&1 From 4d31d5ee1148f1de8e8608a7bf0fed255136a6e1 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 4 Apr 2022 22:02:26 +0100 Subject: [PATCH 27/45] Address review comments Signed-off-by: Adam Warner --- advanced/Scripts/utils.sh | 6 +++--- advanced/Scripts/webpage.sh | 6 +++--- pihole | 4 ++-- test/test_any_utils.py | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index 0906ce49..9d80e446 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -56,11 +56,11 @@ addOrEditKeyValPair() { # Deletes a key from target file # # Example usage: -# removeKey "PIHOLE_DNS_1" "/etc/pihole/setupVars.conf" +# removeKey "/etc/pihole/setupVars.conf" "PIHOLE_DNS_1" ####################### removeKey() { - local key="${1}" - local file="${2}" + local file="${1}" + local key="${2}" sed -i "/^${key}/d" "${file}" } diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index f63fd0ca..15418ee0 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -60,7 +60,7 @@ add_setting() { } delete_setting() { - removeKey "${1}" "${setupVars}" + removeKey "${setupVars}" "${1}" } change_setting() { @@ -72,7 +72,7 @@ addFTLsetting() { } deleteFTLsetting() { - removeKey "${1}" "${FTLconf}" + removeKey "${FTLconf}" "${1}" } changeFTLsetting() { @@ -84,7 +84,7 @@ add_dnsmasq_setting() { } delete_dnsmasq_setting() { - removeKey "${1}" "${dnsmasqconfig}" + removeKey "${dnsmasqconfig}" "${1}" } SetTemperatureUnit() { diff --git a/pihole b/pihole index bdce6663..83d1f45c 100755 --- a/pihole +++ b/pihole @@ -260,7 +260,7 @@ Options: exit 0 elif [[ "${1}" == "off" ]]; then # Disable logging - sed -i 's/^log-queries/#log-queries/' /etc/dnsmasq.d/01-pihole.conf + addOrEditKeyValPair /etc/dnsmasq.d/01-pihole.conf "log-queries" addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "false" if [[ "${2}" != "noflush" ]]; then # Flush logs @@ -270,7 +270,7 @@ Options: local str="Logging has been disabled!" elif [[ "${1}" == "on" ]]; then # Enable logging - sed -i 's/^#log-queries/log-queries/' /etc/dnsmasq.d/01-pihole.conf + removeKey /etc/dnsmasq.d/01-pihole.conf "log-queries" addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "true" echo -e " ${INFO} Enabling logging..." local str="Logging has been enabled!" diff --git a/test/test_any_utils.py b/test/test_any_utils.py index 1c8f9531..998c1c84 100644 --- a/test/test_any_utils.py +++ b/test/test_any_utils.py @@ -17,13 +17,13 @@ def test_key_val_replacement_works(host): def test_key_val_removal_works(host): - ''' Confirms addOrEditKeyValPair provides the expected output ''' + ''' Confirms removeKey provides the expected output ''' host.run(''' source /opt/pihole/utils.sh addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1" addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2" addOrEditKeyValPair "./testoutput" "KEY_THREE" "value3" - removeKey "KEY_TWO" "./testoutput" + removeKey "./testoutput" "KEY_TWO" ''') output = host.run(''' cat ./testoutput From 9b4f6c84cd770d333bca1579a8494472bfe5fa62 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Mon, 4 Apr 2022 23:14:10 +0200 Subject: [PATCH 28/45] Minor review comments --- advanced/Scripts/utils.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index 9d80e446..f457427f 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -34,7 +34,7 @@ addOrEditKeyValPair() { local value="${3}" if [ "${value}" != "" ]; then - # value has a value, so it is a key pair + # value has a value, so it is a key-value pair if grep -q "^${key}=" "${file}"; then # Key already exists in file, modify the value sed -i "/^${key}=/c\\${key}=${value}" "${file}" @@ -52,7 +52,7 @@ addOrEditKeyValPair() { } ####################### -# Takes two arguments key, and file. +# Takes two arguments file, and key. # Deletes a key from target file # # Example usage: From b33434d02a05e2777041ce853b0c09d5f9682bcf Mon Sep 17 00:00:00 2001 From: yubiuser Date: Thu, 7 Apr 2022 09:11:53 +0200 Subject: [PATCH 29/45] Let uses know how long they need to wait (max) Co-authored-by: Adam Warner --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5f2f327d..e1683993 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -262,7 +262,7 @@ os_check() { # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. test_dpkg_lock() { i=0 - printf " %b Waiting for package manager to finish\\n" "${INFO}" + printf " %b Waiting for package manager to finish (up to 30 seconds)\\n" "${INFO}" # fuser is a program to show which processes use the named files, sockets, or filesystems # So while the lock is held, while fuser /var/lib/dpkg/lock >/dev/null 2>&1 From 86dd61288288cdb57b8780c11a159e4cf8b8e1da Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 12 Apr 2022 17:13:50 +0100 Subject: [PATCH 30/45] remove `readonly` directive from declaration of `utilsfile`, it is unnecassery Signed-off-by: Adam Warner --- advanced/Scripts/webpage.sh | 2 +- pihole | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 15418ee0..c4d6570d 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -28,7 +28,7 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole" PH_TEST="true" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" -readonly utilsfile="/opt/pihole/utils.sh" +utilsfile="/opt/pihole/utils.sh" source "${utilsfile}" coltable="/opt/pihole/COL_TABLE" diff --git a/pihole b/pihole index 6beba316..6823b3b6 100755 --- a/pihole +++ b/pihole @@ -21,7 +21,7 @@ readonly FTL_PID_FILE="/run/pihole-FTL.pid" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" source "${colfile}" -readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" source "${utilsfile}" webpageFunc() { From 9356d7bbb122f3c69fc97a2b3aff828944ef84d6 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 12 Apr 2022 20:36:49 +0200 Subject: [PATCH 31/45] Remove unnecessary case in uninstall script (#4692) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove unnecessary case in uninstall script * Better answer Signed-off-by: Christian König --- automated install/uninstall.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 5e27514f..9d3fca31 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -11,10 +11,9 @@ source "/opt/pihole/COL_TABLE" while true; do - read -rp " ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " yn - case ${yn} in + read -rp " ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer + case ${answer} in [Yy]* ) break;; - [Nn]* ) echo -e "${OVER} ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;; * ) echo -e "${OVER} ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;; esac done @@ -76,8 +75,8 @@ removeAndPurge() { for i in "${DEPS[@]}"; do if package_check "${i}" > /dev/null; then while true; do - read -rp " ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " yn - case ${yn} in + read -rp " ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " answer + case ${answer} in [Yy]* ) echo -ne " ${INFO} Removing ${i}..."; ${SUDO} "${PKG_REMOVE[@]}" "${i}" &> /dev/null; @@ -215,8 +214,8 @@ while true; do echo -n "${i} " done echo "${COL_NC}" - read -rp " ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " yn - case ${yn} in + read -rp " ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " answer + case ${answer} in [Yy]* ) removeAndPurge; break;; [Nn]* ) removeNoPurge; break;; * ) removeAndPurge; break;; From 2b124b1c697f18c80369848823bce8f0a624fa30 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Wed, 13 Apr 2022 21:30:12 +0200 Subject: [PATCH 32/45] Do not pass whole environment for PIHOLE_SKIP_OS_CHECK=true With `sudo -E`, the whole environment is passed to the root shell, which is a potential security and/or privacy issue when command overrides/functions, PATH or private user info are passed. To pass `PIHOLE_SKIP_OS_CHECK=true`, it can be passed alone to the bash/script call within the sudo session, so the `-E` flag can be omitted. Signed-off-by: MichaIng --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e1683993..5e0d5e14 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -239,10 +239,10 @@ os_check() { printf " If you wish to attempt to continue anyway, you can try one of the following commands to skip this check:\\n" printf "\\n" printf " e.g: If you are seeing this message on a fresh install, you can run:\\n" - printf " %bcurl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}" + printf " %bcurl -sSL https://install.pi-hole.net | sudo PIHOLE_SKIP_OS_CHECK=true bash%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}" printf "\\n" printf " If you are seeing this message after having run pihole -up:\\n" - printf " %bPIHOLE_SKIP_OS_CHECK=true sudo -E pihole -r%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}" + printf " %bsudo PIHOLE_SKIP_OS_CHECK=true pihole -r%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}" printf " (In this case, your previous run of pihole -up will have already updated the local repository)\\n" printf "\\n" printf " It is possible that the installation will still fail at this stage due to an unsupported configuration.\\n" From db116971ce5182084c4eebc25b1088b1fad58e2e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 14 Apr 2022 22:53:38 +0100 Subject: [PATCH 33/45] I tried to do too many things in one function, vastly overcomplicating what should have been _this_ all along Signed-off-by: Adam Warner --- advanced/Scripts/utils.sh | 42 ++++++++++++++++++++++----------------- pihole | 4 ++-- test/test_any_utils.py | 4 ++-- 3 files changed, 28 insertions(+), 22 deletions(-) diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index f457427f..f0a7cc37 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -17,43 +17,49 @@ # - New functions must have a test added for them in test/test_any_utils.py ####################### -# Takes either -# - Three arguments: file, key, and value. -# - Two arguments: file, and key. +# Takes Three arguments: file, key, and value. # # Checks the target file for the existence of the key # - If it exists, it changes the value # - If it does not exist, it adds the value # # Example usage: -# addOrEditKeyValuePair "/etc/pihole/setupVars.conf" "BLOCKING_ENABLED" "true" +# addOrEditKeyValPair "/etc/pihole/setupVars.conf" "BLOCKING_ENABLED" "true" ####################### addOrEditKeyValPair() { local file="${1}" local key="${2}" local value="${3}" - if [ "${value}" != "" ]; then - # value has a value, so it is a key-value pair - if grep -q "^${key}=" "${file}"; then + if grep -q "^${key}=" "${file}"; then # Key already exists in file, modify the value sed -i "/^${key}=/c\\${key}=${value}" "${file}" - else - # Key does not already exist, add it and it's value - echo "${key}=${value}" >> "${file}" - fi else - # value has no value, so it is just a key. Add it if it does not already exist - if ! grep -q "^${key}" "${file}"; then - # Key does not exist, add it. - echo "${key}" >> "${file}" - fi + # Key does not already exist, add it and it's value + echo "${key}=${value}" >> "${file}" fi } ####################### -# Takes two arguments file, and key. -# Deletes a key from target file +# Takes two arguments: file, and key. +# Adds a key to target file +# +# Example usage: +# addKey "/etc/dnsmasq.d/01-pihole.conf" "log-queries" +####################### +addKey(){ + local file="${1}" + local key="${2}" + + if ! grep -q "^${key}" "${file}"; then + # Key does not exist, add it. + echo "${key}" >> "${file}" + fi +} + +####################### +# Takes two arguments: file, and key. +# Deletes a key or key/value pair from target file # # Example usage: # removeKey "/etc/pihole/setupVars.conf" "PIHOLE_DNS_1" diff --git a/pihole b/pihole index 6823b3b6..f51fd956 100755 --- a/pihole +++ b/pihole @@ -260,7 +260,7 @@ Options: exit 0 elif [[ "${1}" == "off" ]]; then # Disable logging - addOrEditKeyValPair /etc/dnsmasq.d/01-pihole.conf "log-queries" + removeKey /etc/dnsmasq.d/01-pihole.conf "log-queries" addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "false" if [[ "${2}" != "noflush" ]]; then # Flush logs @@ -270,7 +270,7 @@ Options: local str="Logging has been disabled!" elif [[ "${1}" == "on" ]]; then # Enable logging - removeKey /etc/dnsmasq.d/01-pihole.conf "log-queries" + addKey /etc/dnsmasq.d/01-pihole.conf "log-queries" addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "true" echo -e " ${INFO} Enabling logging..." local str="Logging has been enabled!" diff --git a/test/test_any_utils.py b/test/test_any_utils.py index 998c1c84..07feaf0f 100644 --- a/test/test_any_utils.py +++ b/test/test_any_utils.py @@ -6,8 +6,8 @@ def test_key_val_replacement_works(host): addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2" addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3" addOrEditKeyValPair "./testoutput" "KEY_FOUR" "value4" - addOrEditKeyValPair "./testoutput" "KEY_FIVE_NO_VALUE" - addOrEditKeyValPair "./testoutput" "KEY_FIVE_NO_VALUE" + addKey "./testoutput" "KEY_FIVE_NO_VALUE" + addKey "./testoutput" "KEY_FIVE_NO_VALUE" ''') output = host.run(''' cat ./testoutput From 23e6fa1ec56e7e24054d359ef5da0114e2f9b77f Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 15 Apr 2022 09:50:40 +0100 Subject: [PATCH 34/45] Replace wrapper function calls with direct utils.sh calls. Leave warpper functions until next release as docker currently uses them, and new changes to utils.sh need to be in the `master` branch before docker can use them Signed-off-by: Adam Warner --- advanced/Scripts/webpage.sh | 170 ++++++++++++++++++------------------ 1 file changed, 85 insertions(+), 85 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index c4d6570d..04c8cbee 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -88,7 +88,7 @@ delete_dnsmasq_setting() { } SetTemperatureUnit() { - change_setting "TEMPERATUREUNIT" "${unit}" + addOrEditKeyValPair "${setupVars}" "TEMPERATUREUNIT" "${unit}" echo -e " ${TICK} Set temperature unit to ${unit}" } @@ -123,7 +123,7 @@ SetWebPassword() { echo "" if [ "${PASSWORD}" == "" ]; then - change_setting "WEBPASSWORD" "" + addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" "" echo -e " ${TICK} Password Removed" exit 0 fi @@ -136,7 +136,7 @@ SetWebPassword() { # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax hash=$(HashPassword "$PASSWORD") # Save hash to file - change_setting "WEBPASSWORD" "${hash}" + addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" "${hash}" echo -e " ${TICK} New password set" else echo -e " ${CROSS} Passwords don't match. Your password has not been changed" @@ -147,7 +147,7 @@ SetWebPassword() { ProcessDNSSettings() { source "${setupVars}" - delete_dnsmasq_setting "server" + removeKey "${dnsmasqconfig}" "server" COUNTER=1 while true ; do @@ -155,34 +155,34 @@ ProcessDNSSettings() { if [ -z "${!var}" ]; then break; fi - add_dnsmasq_setting "server" "${!var}" + addOrEditKeyValPair "${dnsmasqconfig}" "server" "${!var}" (( COUNTER++ )) done # The option LOCAL_DNS_PORT is deprecated # We apply it once more, and then convert it into the current format if [ -n "${LOCAL_DNS_PORT}" ]; then - add_dnsmasq_setting "server" "127.0.0.1#${LOCAL_DNS_PORT}" - add_setting "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}" - delete_setting "LOCAL_DNS_PORT" + addOrEditKeyValPair "${dnsmasqconfig}" "server" "127.0.0.1#${LOCAL_DNS_PORT}" + addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}" + removeKey "${setupVars}" "LOCAL_DNS_PORT" fi - delete_dnsmasq_setting "domain-needed" - delete_dnsmasq_setting "expand-hosts" + removeKey "${dnsmasqconfig}" "domain-needed" + removeKey "${dnsmasqconfig}" "expand-hosts" if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then - add_dnsmasq_setting "domain-needed" - add_dnsmasq_setting "expand-hosts" + addKey "${dnsmasqconfig}" "domain-needed" + addKey "${dnsmasqconfig}" "expand-hosts" fi - delete_dnsmasq_setting "bogus-priv" + removeKey "${dnsmasqconfig}" "bogus-priv" if [[ "${DNS_BOGUS_PRIV}" == true ]]; then - add_dnsmasq_setting "bogus-priv" + addKey "${dnsmasqconfig}" "bogus-priv" fi - delete_dnsmasq_setting "dnssec" - delete_dnsmasq_setting "trust-anchor" + removeKey "${dnsmasqconfig}" "dnssec" + removeKey "${dnsmasqconfig}" "trust-anchor" if [[ "${DNSSEC}" == true ]]; then echo "dnssec @@ -190,24 +190,24 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 " >> "${dnsmasqconfig}" fi - delete_dnsmasq_setting "host-record" + removeKey "${dnsmasqconfig}" "host-record" if [ -n "${HOSTRECORD}" ]; then - add_dnsmasq_setting "host-record" "${HOSTRECORD}" + addOrEditKeyValPair "${dnsmasqconfig}" "host-record" "${HOSTRECORD}" fi # Setup interface listening behavior of dnsmasq - delete_dnsmasq_setting "interface" - delete_dnsmasq_setting "local-service" - delete_dnsmasq_setting "except-interface" - delete_dnsmasq_setting "bind-interfaces" + removeKey "${dnsmasqconfig}" "interface" + removeKey "${dnsmasqconfig}" "local-service" + removeKey "${dnsmasqconfig}" "except-interface" + removeKey "${dnsmasqconfig}" "bind-interfaces" if [[ "${DNSMASQ_LISTENING}" == "all" ]]; then # Listen on all interfaces, permit all origins - add_dnsmasq_setting "except-interface" "nonexisting" + addOrEditKeyValPair "${dnsmasqconfig}" "except-interface" "nonexisting" elif [[ "${DNSMASQ_LISTENING}" == "local" ]]; then # Listen only on all interfaces, but only local subnets - add_dnsmasq_setting "local-service" + addKey "${dnsmasqconfig}" "local-service" else # Options "bind" and "single" # Listen only on one interface @@ -216,30 +216,30 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 PIHOLE_INTERFACE="eth0" fi - add_dnsmasq_setting "interface" "${PIHOLE_INTERFACE}" + addOrEditKeyValPair "${dnsmasqconfig}" "interface" "${PIHOLE_INTERFACE}" if [[ "${DNSMASQ_LISTENING}" == "bind" ]]; then # Really bind to interface - add_dnsmasq_setting "bind-interfaces" + addKey "${dnsmasqconfig}" "bind-interfaces" fi fi if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then # Convert legacy "conditional forwarding" to rev-server configuration # Remove any existing REV_SERVER settings - delete_setting "REV_SERVER" - delete_setting "REV_SERVER_DOMAIN" - delete_setting "REV_SERVER_TARGET" - delete_setting "REV_SERVER_CIDR" + removeKey "${setupVars}" "REV_SERVER" + removeKey "${setupVars}" "REV_SERVER_DOMAIN" + removeKey "${setupVars}" "REV_SERVER_TARGET" + removeKey "${setupVars}" "REV_SERVER_CIDR" REV_SERVER=true - add_setting "REV_SERVER" "true" + addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true" REV_SERVER_DOMAIN="${CONDITIONAL_FORWARDING_DOMAIN}" - add_setting "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}" + addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}" REV_SERVER_TARGET="${CONDITIONAL_FORWARDING_IP}" - add_setting "REV_SERVER_TARGET" "${REV_SERVER_TARGET}" + addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${REV_SERVER_TARGET}" #Convert CONDITIONAL_FORWARDING_REVERSE if necessary e.g: # 1.1.168.192.in-addr.arpa to 192.168.1.1/32 @@ -266,28 +266,28 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 # shellcheck disable=2001 REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")" fi - add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}" + addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${REV_SERVER_CIDR}" # Remove obsolete settings from setupVars.conf - delete_setting "CONDITIONAL_FORWARDING" - delete_setting "CONDITIONAL_FORWARDING_REVERSE" - delete_setting "CONDITIONAL_FORWARDING_DOMAIN" - delete_setting "CONDITIONAL_FORWARDING_IP" + removeKey "${setupVars}" "CONDITIONAL_FORWARDING" + removeKey "${setupVars}" "CONDITIONAL_FORWARDING_REVERSE" + removeKey "${setupVars}" "CONDITIONAL_FORWARDING_DOMAIN" + removeKey "${setupVars}" "CONDITIONAL_FORWARDING_IP" fi - delete_dnsmasq_setting "rev-server" + removeKey "${dnsmasqconfig}" "rev-server" if [[ "${REV_SERVER}" == true ]]; then - add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" + addKey "${dnsmasqconfig}" "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then # Forward local domain names to the CF target, too - add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" + addKey "${dnsmasqconfig}" "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then # Forward unqualified names to the CF target only when the "never # forward non-FQDN" option is unticked - add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" + addKey "${dnsmasqconfig}" "server=//${REV_SERVER_TARGET}" fi fi @@ -302,7 +302,7 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 SetDNSServers() { # Save setting to file - delete_setting "PIHOLE_DNS" + removeKey "${setupVars}" "PIHOLE_DNS" IFS=',' read -r -a array <<< "${args[2]}" for index in "${!array[@]}" do @@ -311,7 +311,7 @@ SetDNSServers() { ip="${array[index]//\\#/#}" if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - add_setting "PIHOLE_DNS_$((index+1))" "${ip}" + addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_$((index+1))" "${ip}" else echo -e " ${CROSS} Invalid IP has been passed" exit 1 @@ -319,30 +319,30 @@ SetDNSServers() { done if [[ "${args[3]}" == "domain-needed" ]]; then - change_setting "DNS_FQDN_REQUIRED" "true" + addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "true" else - change_setting "DNS_FQDN_REQUIRED" "false" + addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "false" fi if [[ "${args[4]}" == "bogus-priv" ]]; then - change_setting "DNS_BOGUS_PRIV" "true" + addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "true" else - change_setting "DNS_BOGUS_PRIV" "false" + addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "false" fi if [[ "${args[5]}" == "dnssec" ]]; then - change_setting "DNSSEC" "true" + addOrEditKeyValPair "${setupVars}" "DNSSEC" "true" else - change_setting "DNSSEC" "false" + addOrEditKeyValPair "${setupVars}" "DNSSEC" "false" fi if [[ "${args[6]}" == "rev-server" ]]; then - change_setting "REV_SERVER" "true" - change_setting "REV_SERVER_CIDR" "${args[7]}" - change_setting "REV_SERVER_TARGET" "${args[8]}" - change_setting "REV_SERVER_DOMAIN" "${args[9]}" + addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true" + addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${args[7]}" + addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${args[8]}" + addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${args[9]}" else - change_setting "REV_SERVER" "false" + addOrEditKeyValPair "${setupVars}" "REV_SERVER" "false" fi ProcessDNSSettings @@ -352,11 +352,11 @@ SetDNSServers() { } SetExcludeDomains() { - change_setting "API_EXCLUDE_DOMAINS" "${args[2]}" + addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_DOMAINS" "${args[2]}" } SetExcludeClients() { - change_setting "API_EXCLUDE_CLIENTS" "${args[2]}" + addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_CLIENTS" "${args[2]}" } Poweroff(){ @@ -372,7 +372,7 @@ RestartDNS() { } SetQueryLogOptions() { - change_setting "API_QUERY_LOG_SHOW" "${args[2]}" + addOrEditKeyValPair "${setupVars}" "API_QUERY_LOG_SHOW" "${args[2]}" } ProcessDHCPSettings() { @@ -388,19 +388,19 @@ ProcessDHCPSettings() { if [[ "${PIHOLE_DOMAIN}" == "" ]]; then PIHOLE_DOMAIN="lan" - change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" + addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" fi if [[ "${DHCP_LEASETIME}" == "0" ]]; then leasetime="infinite" elif [[ "${DHCP_LEASETIME}" == "" ]]; then leasetime="24" - change_setting "DHCP_LEASETIME" "${leasetime}" + addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${leasetime}" elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then #Installation is affected by known bug, introduced in a previous version. #This will automatically clean up setupVars.conf and remove the unnecessary "h" leasetime="24" - change_setting "DHCP_LEASETIME" "${leasetime}" + addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${leasetime}" else leasetime="${DHCP_LEASETIME}h" fi @@ -453,24 +453,24 @@ ra-param=*,0,0 } EnableDHCP() { - change_setting "DHCP_ACTIVE" "true" - change_setting "DHCP_START" "${args[2]}" - change_setting "DHCP_END" "${args[3]}" - change_setting "DHCP_ROUTER" "${args[4]}" - change_setting "DHCP_LEASETIME" "${args[5]}" - change_setting "PIHOLE_DOMAIN" "${args[6]}" - change_setting "DHCP_IPv6" "${args[7]}" - change_setting "DHCP_rapid_commit" "${args[8]}" + addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "true" + addOrEditKeyValPair "${setupVars}" "DHCP_START" "${args[2]}" + addOrEditKeyValPair "${setupVars}" "DHCP_END" "${args[3]}" + addOrEditKeyValPair "${setupVars}" "DHCP_ROUTER" "${args[4]}" + addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${args[5]}" + addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${args[6]}" + addOrEditKeyValPair "${setupVars}" "DHCP_IPv6" "${args[7]}" + addOrEditKeyValPair "${setupVars}" "DHCP_rapid_commit" "${args[8]}" # Remove possible old setting from file - delete_dnsmasq_setting "dhcp-" - delete_dnsmasq_setting "quiet-dhcp" + removeKey "${dnsmasqconfig}" "dhcp-" + removeKey "${dnsmasqconfig}" "quiet-dhcp" # If a DHCP client claims that its name is "wpad", ignore that. # This fixes a security hole. see CERT Vulnerability VU#598349 # We also ignore "localhost" as Windows behaves strangely if a # device claims this host name - add_dnsmasq_setting "dhcp-name-match=set:hostname-ignore,wpad + addKey "${dnsmasqconfig}" "dhcp-name-match=set:hostname-ignore,wpad dhcp-name-match=set:hostname-ignore,localhost dhcp-ignore-names=tag:hostname-ignore" @@ -480,11 +480,11 @@ dhcp-ignore-names=tag:hostname-ignore" } DisableDHCP() { - change_setting "DHCP_ACTIVE" "false" + addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "false" # Remove possible old setting from file - delete_dnsmasq_setting "dhcp-" - delete_dnsmasq_setting "quiet-dhcp" + removeKey "${dnsmasqconfig}" "dhcp-" + removeKey "${dnsmasqconfig}" "quiet-dhcp" ProcessDHCPSettings @@ -492,11 +492,11 @@ DisableDHCP() { } SetWebUILayout() { - change_setting "WEBUIBOXEDLAYOUT" "${args[2]}" + addOrEditKeyValPair "${setupVars}" "WEBUIBOXEDLAYOUT" "${args[2]}" } SetWebUITheme() { - change_setting "WEBTHEME" "${args[2]}" + addOrEditKeyValPair "${setupVars}" "WEBTHEME" "${args[2]}" } CheckUrl(){ @@ -591,10 +591,10 @@ Options: exit 0 fi - change_setting "ADMIN_EMAIL" "${args[2]}" + addOrEditKeyValPair "${setupVars}" "ADMIN_EMAIL" "${args[2]}" echo -e " ${TICK} Setting admin contact to ${args[2]}" else - change_setting "ADMIN_EMAIL" "" + addOrEditKeyValPair "${setupVars}" "ADMIN_EMAIL" "" echo -e " ${TICK} Removing admin contact" fi } @@ -618,16 +618,16 @@ Interfaces: if [[ "${args[2]}" == "all" ]]; then echo -e " ${INFO} Listening on all interfaces, permitting all origins. Please use a firewall!" - change_setting "DNSMASQ_LISTENING" "all" + addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "all" elif [[ "${args[2]}" == "local" ]]; then echo -e " ${INFO} Listening on all interfaces, permitting origins from one hop away (LAN)" - change_setting "DNSMASQ_LISTENING" "local" + addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "local" elif [[ "${args[2]}" == "bind" ]]; then echo -e " ${INFO} Binding on interface ${PIHOLE_INTERFACE}" - change_setting "DNSMASQ_LISTENING" "bind" + addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "bind" else echo -e " ${INFO} Listening only on interface ${PIHOLE_INTERFACE}" - change_setting "DNSMASQ_LISTENING" "single" + addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "single" fi # Don't restart DNS server yet because other settings @@ -697,7 +697,7 @@ clearAudit() SetPrivacyLevel() { # Set privacy level. Minimum is 0, maximum is 3 if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then - changeFTLsetting "PRIVACYLEVEL" "${args[2]}" + addOrEditKeyValPair "${FTLconf}" "PRIVACYLEVEL" "${args[2]}" pihole restartdns reload-lists fi } @@ -815,7 +815,7 @@ SetRateLimit() { # Set rate-limit setting inf valid if [ "${rate_limit_count}" -ge 0 ] && [ "${rate_limit_interval}" -ge 0 ]; then - changeFTLsetting "RATE_LIMIT" "${rate_limit_count}/${rate_limit_interval}" + addOrEditKeyValPair "${FTLconf}" "RATE_LIMIT" "${rate_limit_count}/${rate_limit_interval}" fi # Restart FTL to update rate-limit settings only if $reload not false From 37cef84643e0f2ea151db334b2e20130a905bd83 Mon Sep 17 00:00:00 2001 From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Date: Fri, 15 Apr 2022 21:26:56 -0500 Subject: [PATCH 35/45] Set permissions for GitHub actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .github/workflows/test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 17557a87..ab6d4223 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -4,6 +4,9 @@ on: pull_request: types: [opened, synchronize, reopened, ready_for_review] +permissions: + contents: read + jobs: smoke-test: if: github.event.pull_request.draft == false From 2601162243028115768878f3bb0f5ec8fdde8393 Mon Sep 17 00:00:00 2001 From: spmfox Date: Sat, 16 Apr 2022 16:25:33 -0400 Subject: [PATCH 36/45] Changed ldd binary check from /bin/ls to /usr/bin/bash Signed-off-by: spmfox --- automated install/basic-install.sh | 2 +- test/test_any_automated_install.py | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e1683993..ced6ff2a 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2216,7 +2216,7 @@ get_binary_name() { local rev rev=$(uname -m | sed "s/[^0-9]//g;") local lib - lib=$(ldd /bin/ls | grep -E '^\s*/lib' | awk '{ print $1 }') + lib=$(ldd /bin/bash | grep -E '^\s*/lib' | awk '{ print $1 }') if [[ "${lib}" == "/lib/ld-linux-aarch64.so.1" ]]; then printf "%b %b Detected AArch64 (64 Bit ARM) processor\\n" "${OVER}" "${TICK}" # set the binary to be used diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index b7b4ccd8..1e65842b 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -679,7 +679,7 @@ def test_FTL_detect_aarch64_no_errors(host): mock_command( 'ldd', { - '/bin/ls': ( + '/bin/bash': ( '/lib/ld-linux-aarch64.so.1', '0' ) @@ -709,7 +709,7 @@ def test_FTL_detect_armv4t_no_errors(host): # mock uname to return armv4t platform mock_command('uname', {'-m': ('armv4t', '0')}, host) # mock ldd to respond with ld-linux shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host) + mock_command('ldd', {'/bin/bash': ('/lib/ld-linux.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -733,7 +733,7 @@ def test_FTL_detect_armv5te_no_errors(host): # mock uname to return armv5te platform mock_command('uname', {'-m': ('armv5te', '0')}, host) # mock ldd to respond with ld-linux shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host) + mock_command('ldd', {'/bin/bash': ('/lib/ld-linux.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -757,7 +757,7 @@ def test_FTL_detect_armv6l_no_errors(host): # mock uname to return armv6l platform mock_command('uname', {'-m': ('armv6l', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + mock_command('ldd', {'/bin/bash': ('/lib/ld-linux-armhf.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -782,7 +782,7 @@ def test_FTL_detect_armv7l_no_errors(host): # mock uname to return armv7l platform mock_command('uname', {'-m': ('armv7l', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + mock_command('ldd', {'/bin/bash': ('/lib/ld-linux-armhf.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -807,7 +807,7 @@ def test_FTL_detect_armv8a_no_errors(host): # mock uname to return armv8a platform mock_command('uname', {'-m': ('armv8a', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + mock_command('ldd', {'/bin/bash': ('/lib/ld-linux-armhf.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user From c9e76c978e1eaf0e0276258ee7188963e2aca771 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 17 Apr 2022 13:39:55 +0100 Subject: [PATCH 37/45] Update advanced/Scripts/webpage.sh Co-authored-by: yubiuser --- advanced/Scripts/webpage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 04c8cbee..de06d60c 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -155,7 +155,7 @@ ProcessDNSSettings() { if [ -z "${!var}" ]; then break; fi - addOrEditKeyValPair "${dnsmasqconfig}" "server" "${!var}" + addKey "${dnsmasqconfig}" "server=${!var}" (( COUNTER++ )) done From 9840148ba95678c7b9316e171fd2a4659a88c1d3 Mon Sep 17 00:00:00 2001 From: spmfox Date: Sun, 17 Apr 2022 14:52:05 -0400 Subject: [PATCH 38/45] Update automated install/basic-install.sh Co-authored-by: Dan Schaper --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ced6ff2a..79b6d1fa 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2216,7 +2216,7 @@ get_binary_name() { local rev rev=$(uname -m | sed "s/[^0-9]//g;") local lib - lib=$(ldd /bin/bash | grep -E '^\s*/lib' | awk '{ print $1 }') + lib=$(ldd $(which sh) | grep -E '^\s*/lib' | awk '{ print $1 }') if [[ "${lib}" == "/lib/ld-linux-aarch64.so.1" ]]; then printf "%b %b Detected AArch64 (64 Bit ARM) processor\\n" "${OVER}" "${TICK}" # set the binary to be used From 8de814ab34b34433e6faf3f74e43a67805ab1bd0 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 19 Apr 2022 18:35:00 +0100 Subject: [PATCH 39/45] Split the tests, too. Enhance the descriptions Signed-off-by: Adam Warner --- test/test_any_utils.py | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/test/test_any_utils.py b/test/test_any_utils.py index 07feaf0f..b30ff7fd 100644 --- a/test/test_any_utils.py +++ b/test/test_any_utils.py @@ -1,29 +1,47 @@ def test_key_val_replacement_works(host): - ''' Confirms addOrEditKeyValPair provides the expected output ''' + ''' Confirms addOrEditKeyValPair either adds or replaces a key value pair in a given file ''' host.run(''' source /opt/pihole/utils.sh addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1" addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2" addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3" addOrEditKeyValPair "./testoutput" "KEY_FOUR" "value4" - addKey "./testoutput" "KEY_FIVE_NO_VALUE" - addKey "./testoutput" "KEY_FIVE_NO_VALUE" ''') output = host.run(''' cat ./testoutput ''') - expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\nKEY_FIVE_NO_VALUE\n' + expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n' assert expected_stdout == output.stdout -def test_key_val_removal_works(host): - ''' Confirms removeKey provides the expected output ''' +def test_key_addition_works(host): + ''' Confirms addKey adds a key (no value) to a file without duplicating it ''' + host.run(''' + source /opt/pihole/utils.sh + addKey "./testoutput" "KEY_ONE" + addKey "./testoutput" "KEY_ONE" + addKey "./testoutput" "KEY_TWO" + addKey "./testoutput" "KEY_TWO" + addKey "./testoutput" "KEY_THREE" + addKey "./testoutput" "KEY_THREE" + ''') + output = host.run(''' + cat ./testoutput + ''') + expected_stdout = 'KEY_ONE\nKEY_TWO\nKEY_THREE\n' + assert expected_stdout == output.stdout + + +def test_key_removal_works(host): + ''' Confirms removeKey removes a key or key/value pair ''' host.run(''' source /opt/pihole/utils.sh addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1" addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2" addOrEditKeyValPair "./testoutput" "KEY_THREE" "value3" + addKey "./testoutput" "KEY_FOUR" removeKey "./testoutput" "KEY_TWO" + removeKey "./testoutput" "KEY_FOUR" ''') output = host.run(''' cat ./testoutput From aba5e884ebe2caaade5d923b7b1ad0e4542e0433 Mon Sep 17 00:00:00 2001 From: jpgpi250 Date: Wed, 20 Apr 2022 10:19:44 +0200 Subject: [PATCH 40/45] Update gravity.sh Signed-off-by: jpgpi250 --- gravity.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 9c11fa98..e347d334 100755 --- a/gravity.sh +++ b/gravity.sh @@ -528,7 +528,9 @@ parseList() { # 1. Remove all domains containing invalid characters. Valid are: a-z, A-Z, 0-9, dot (.), minus (-), underscore (_) # 2. Append ,adlistID to every line # 3. Ensures there is a newline on the last line - sed -e "/[^a-zA-Z0-9.\_-]/d;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" + # sed -e "/[^a-zA-Z0-9.\_-]/d;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" + # previous line modified 20/04/2022, see https://github.com/pi-hole/pi-hole/issues/4701 + sed -e "/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" # Find (up to) five domains containing invalid characters (see above) incorrect_lines="$(sed -e "/[^a-zA-Z0-9.\_-]/!d" "${src}" | head -n 5)" From 1c28da7bbd0a3da34787133a68fcf835847facb5 Mon Sep 17 00:00:00 2001 From: Peter Russell Date: Wed, 20 Apr 2022 10:43:39 +0200 Subject: [PATCH 41/45] Update gravity.sh Co-authored-by: yubiuser --- gravity.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index e347d334..5c1d2bc1 100755 --- a/gravity.sh +++ b/gravity.sh @@ -527,7 +527,8 @@ parseList() { # This sed does the following things: # 1. Remove all domains containing invalid characters. Valid are: a-z, A-Z, 0-9, dot (.), minus (-), underscore (_) # 2. Append ,adlistID to every line - # 3. Ensures there is a newline on the last line + # 3. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701) + # 4. Ensures there is a newline on the last line # sed -e "/[^a-zA-Z0-9.\_-]/d;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" # previous line modified 20/04/2022, see https://github.com/pi-hole/pi-hole/issues/4701 sed -e "/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" From 325f20d5c28ccb1ff4396b88b14b6a65b7dc7078 Mon Sep 17 00:00:00 2001 From: Peter Russell Date: Wed, 20 Apr 2022 10:43:56 +0200 Subject: [PATCH 42/45] Update gravity.sh Co-authored-by: yubiuser --- gravity.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 5c1d2bc1..d4880c24 100755 --- a/gravity.sh +++ b/gravity.sh @@ -529,7 +529,6 @@ parseList() { # 2. Append ,adlistID to every line # 3. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701) # 4. Ensures there is a newline on the last line - # sed -e "/[^a-zA-Z0-9.\_-]/d;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" # previous line modified 20/04/2022, see https://github.com/pi-hole/pi-hole/issues/4701 sed -e "/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" # Find (up to) five domains containing invalid characters (see above) From 052a1f294e73e0307b440ef3862a9e3e3f92d767 Mon Sep 17 00:00:00 2001 From: Peter Russell Date: Wed, 20 Apr 2022 10:44:05 +0200 Subject: [PATCH 43/45] Update gravity.sh Co-authored-by: yubiuser --- gravity.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index d4880c24..c5e9e414 100755 --- a/gravity.sh +++ b/gravity.sh @@ -529,7 +529,6 @@ parseList() { # 2. Append ,adlistID to every line # 3. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701) # 4. Ensures there is a newline on the last line - # previous line modified 20/04/2022, see https://github.com/pi-hole/pi-hole/issues/4701 sed -e "/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" # Find (up to) five domains containing invalid characters (see above) incorrect_lines="$(sed -e "/[^a-zA-Z0-9.\_-]/!d" "${src}" | head -n 5)" From 71072b4beb0e4356f64e3f24f5524c878d1cb756 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Wed, 20 Apr 2022 10:21:24 -0700 Subject: [PATCH 44/45] Stickler quoting --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 79b6d1fa..5bf4dedf 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2216,7 +2216,7 @@ get_binary_name() { local rev rev=$(uname -m | sed "s/[^0-9]//g;") local lib - lib=$(ldd $(which sh) | grep -E '^\s*/lib' | awk '{ print $1 }') + lib=$(ldd "$(which sh)" | grep -E '^\s*/lib' | awk '{ print $1 }') if [[ "${lib}" == "/lib/ld-linux-aarch64.so.1" ]]; then printf "%b %b Detected AArch64 (64 Bit ARM) processor\\n" "${OVER}" "${TICK}" # set the binary to be used From c19788dd18c27b7461402d0753062f0823452616 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Wed, 20 Apr 2022 10:35:18 -0700 Subject: [PATCH 45/45] Mock `which sh` to reutrn `/bin/sh`. Check for `/bin/sh` library Signed-off-by: Dan Schaper --- test/test_any_automated_install.py | 39 ++++++++++++++++++------------ 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 1e65842b..41a939e0 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -675,17 +675,10 @@ def test_FTL_detect_aarch64_no_errors(host): ''' # mock uname to return aarch64 platform mock_command('uname', {'-m': ('aarch64', '0')}, host) + # mock `which sh` to return `/bin/sh` + mock_command('which', {'sh': ('/bin/sh', '0')}, host) # mock ldd to respond with aarch64 shared library - mock_command( - 'ldd', - { - '/bin/bash': ( - '/lib/ld-linux-aarch64.so.1', - '0' - ) - }, - host - ) + mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-aarch64.so.1', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -708,8 +701,10 @@ def test_FTL_detect_armv4t_no_errors(host): ''' # mock uname to return armv4t platform mock_command('uname', {'-m': ('armv4t', '0')}, host) - # mock ldd to respond with ld-linux shared library - mock_command('ldd', {'/bin/bash': ('/lib/ld-linux.so.3', '0')}, host) + # mock `which sh` to return `/bin/sh` + mock_command('which', {'sh': ('/bin/sh', '0')}, host) + # mock ldd to respond with armv4t shared library + mock_command('ldd', {'/bin/sh': ('/lib/ld-linux.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -732,8 +727,10 @@ def test_FTL_detect_armv5te_no_errors(host): ''' # mock uname to return armv5te platform mock_command('uname', {'-m': ('armv5te', '0')}, host) + # mock `which sh` to return `/bin/sh` + mock_command('which', {'sh': ('/bin/sh', '0')}, host) # mock ldd to respond with ld-linux shared library - mock_command('ldd', {'/bin/bash': ('/lib/ld-linux.so.3', '0')}, host) + mock_command('ldd', {'/bin/sh': ('/lib/ld-linux.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -757,7 +754,9 @@ def test_FTL_detect_armv6l_no_errors(host): # mock uname to return armv6l platform mock_command('uname', {'-m': ('armv6l', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/bash': ('/lib/ld-linux-armhf.so.3', '0')}, host) + # mock `which sh` to return `/bin/sh` + mock_command('which', {'sh': ('/bin/sh', '0')}, host) + mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -782,7 +781,9 @@ def test_FTL_detect_armv7l_no_errors(host): # mock uname to return armv7l platform mock_command('uname', {'-m': ('armv7l', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/bash': ('/lib/ld-linux-armhf.so.3', '0')}, host) + # mock `which sh` to return `/bin/sh` + mock_command('which', {'sh': ('/bin/sh', '0')}, host) + mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -806,8 +807,10 @@ def test_FTL_detect_armv8a_no_errors(host): ''' # mock uname to return armv8a platform mock_command('uname', {'-m': ('armv8a', '0')}, host) + # mock `which sh` to return `/bin/sh` + mock_command('which', {'sh': ('/bin/sh', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/bash': ('/lib/ld-linux-armhf.so.3', '0')}, host) + mock_command('ldd', {'/bin/sh': ('/lib/ld-linux-armhf.so.3', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -828,6 +831,8 @@ def test_FTL_detect_x86_64_no_errors(host): ''' confirms only x86_64 package is downloaded for FTL engine ''' + # mock `which sh` to return `/bin/sh` + mock_command('which', {'sh': ('/bin/sh', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user @@ -848,6 +853,8 @@ def test_FTL_detect_unknown_no_errors(host): ''' confirms only generic package is downloaded for FTL engine ''' # mock uname to return generic platform mock_command('uname', {'-m': ('mips', '0')}, host) + # mock `which sh` to return `/bin/sh` + mock_command('which', {'sh': ('/bin/sh', '0')}, host) detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user