mirror of
https://github.com/pi-hole/pi-hole.git
synced 2024-12-23 21:30:17 +00:00
- Check file /etc/pihole/ftlbranch for current FTL branch, download from github if master, or pi-hole.net if other
- Check if downloaded binary file can resolve queries, if so stop and disable dnsmasq - Add service_disable function - Add dependency libcap2-bin on debian to enable setcap. Need to check other distos -Always download FTL binary if /etc/pihole/ftlbranch does not contain "master" - Change some strings/variables that reference dnsmasq and change them to pihole/pihole-FTL Signed-off-by: Adam Warner <adamw@rner.email>
This commit is contained in:
parent
cadab61a21
commit
8cf8da4c78
2 changed files with 121 additions and 41 deletions
|
@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then
|
|||
# These programs are stored in an array so they can be looped through later
|
||||
INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail)
|
||||
# Pi-hole itself has several dependencies that also need to be installed
|
||||
PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3)
|
||||
PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf)
|
||||
# The Web dashboard has some that also need to be installed
|
||||
# It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
|
||||
PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite})
|
||||
|
@ -172,9 +172,7 @@ if command -v apt-get &> /dev/null; then
|
|||
# group,
|
||||
LIGHTTPD_GROUP="www-data"
|
||||
# and config file
|
||||
LIGHTTPD_CFG="lighttpd.conf.debian"
|
||||
# The DNS server user
|
||||
DNSMASQ_USER="dnsmasq"
|
||||
LIGHTTPD_CFG="lighttpd.conf.debian"
|
||||
|
||||
# A function to check...
|
||||
test_dpkg_lock() {
|
||||
|
@ -202,12 +200,12 @@ elif command -v rpm &> /dev/null; then
|
|||
PKG_MANAGER="yum"
|
||||
fi
|
||||
|
||||
# Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
|
||||
# Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
|
||||
UPDATE_PKG_CACHE=":"
|
||||
PKG_INSTALL=(${PKG_MANAGER} install -y)
|
||||
PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
|
||||
INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng)
|
||||
PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc)
|
||||
PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc libnettle.so.4)
|
||||
PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo)
|
||||
# EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS
|
||||
if grep -qi 'centos' /etc/redhat-release; then
|
||||
|
@ -215,8 +213,7 @@ elif command -v rpm &> /dev/null; then
|
|||
fi
|
||||
LIGHTTPD_USER="lighttpd"
|
||||
LIGHTTPD_GROUP="lighttpd"
|
||||
LIGHTTPD_CFG="lighttpd.conf.fedora"
|
||||
DNSMASQ_USER="nobody"
|
||||
LIGHTTPD_CFG="lighttpd.conf.fedora"
|
||||
|
||||
# If neither apt-get or rmp/dnf are found
|
||||
else
|
||||
|
@ -984,6 +981,10 @@ version_check_dnsmasq() {
|
|||
fi
|
||||
|
||||
echo -en " ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..."
|
||||
# Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency)
|
||||
if [[ ! -d "/etc/dnsmasq.d" ]];then
|
||||
mkdir "/etc/dnsmasq.d"
|
||||
fi
|
||||
# Copy the new Pi-hole DNS config file into the dnsmasq.d directory
|
||||
cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
|
||||
echo -e "${OVER} ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf"
|
||||
|
@ -1158,6 +1159,24 @@ enable_service() {
|
|||
echo -e "${OVER} ${TICK} ${str}"
|
||||
}
|
||||
|
||||
# Disable service so that it will not with next reboot
|
||||
disable_service() {
|
||||
# Local, named variables
|
||||
local str="Disabling ${1} service"
|
||||
echo ""
|
||||
echo -ne " ${INFO} ${str}..."
|
||||
# If systemctl exists,
|
||||
if command -v systemctl &> /dev/null; then
|
||||
# use that to disable the service
|
||||
systemctl disable "${1}" &> /dev/null
|
||||
# Othwerwise,
|
||||
else
|
||||
# use update-rc.d to accomplish this
|
||||
update-rc.d "${1}" disable &> /dev/null
|
||||
fi
|
||||
echo -e "${OVER} ${TICK} ${str}"
|
||||
}
|
||||
|
||||
update_package_cache() {
|
||||
# Running apt-get update/upgrade with minimal output can cause some issues with
|
||||
# requiring user input (e.g password for phpmyadmin see #218)
|
||||
|
@ -1286,7 +1305,7 @@ install_dependent_packages() {
|
|||
|
||||
# Create logfiles if necessary
|
||||
CreateLogFile() {
|
||||
local str="Creating log and changing owner to dnsmasq"
|
||||
local str="Creating log and changing owner to pihole"
|
||||
echo ""
|
||||
echo -ne " ${INFO} ${str}..."
|
||||
# If the pihole log does not exist,
|
||||
|
@ -1296,7 +1315,7 @@ CreateLogFile() {
|
|||
# set the permissions,
|
||||
chmod 644 /var/log/pihole.log
|
||||
# and owners
|
||||
chown "${DNSMASQ_USER}":root /var/log/pihole.log
|
||||
chown pihole:root /var/log/pihole.log
|
||||
echo -e "${OVER} ${TICK} ${str}"
|
||||
# Otherwise,
|
||||
else
|
||||
|
@ -1423,7 +1442,7 @@ configureFirewall() {
|
|||
# ask if the user wants to install Pi-hole's default firwall rules
|
||||
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
|
||||
{ echo -e " ${INFO} Not installing firewall rulesets."; return 0; }
|
||||
echo -e " ${TICK} Configuring FirewallD for httpd and dnsmasq"
|
||||
echo -e " ${TICK} Configuring FirewallD for httpd and pihole-FTL"
|
||||
# Allow HTTP and DNS traffice
|
||||
firewall-cmd --permanent --add-service=http --add-service=dns
|
||||
# Reload the firewall to apply these changes
|
||||
|
@ -1757,11 +1776,45 @@ FTLinstall() {
|
|||
# Always replace pihole-FTL.service
|
||||
install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL"
|
||||
|
||||
# If the download worked,
|
||||
if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "${binary}"; then
|
||||
# get sha1 of the binary we just downloaded for verification.
|
||||
curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "${binary}.sha1"
|
||||
local ftlBranch
|
||||
local url
|
||||
local ftlBranch
|
||||
|
||||
if [[ -f "/etc/pihole/ftlbranch" ]];then
|
||||
ftlBranch=$(</etc/pihole/ftlbranch)
|
||||
else
|
||||
ftlBranch="master"
|
||||
fi
|
||||
|
||||
# Determine which version of FTL to download
|
||||
if [[ "${ftlBranch}" == "master" ]];then
|
||||
url="https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}"
|
||||
else
|
||||
url="https://ftl.pi-hole.net/${ftlBranch}"
|
||||
fi
|
||||
|
||||
# If the download worked,
|
||||
if curl -sSL --fail "${url}/${binary}" -o "${binary}"; then
|
||||
# get sha1 of the binary we just downloaded for verification.
|
||||
curl -sSL --fail "${url}/${binary}.sha1" -o "${binary}.sha1"
|
||||
|
||||
# Make the tempory binary executable so that we can test the --resolver flag
|
||||
chmod +x "${binary}"
|
||||
|
||||
# If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq
|
||||
if ./"${binary}" --resolver > /dev/null; then
|
||||
if [[ $(which dnsmasq 2>/dev/null) ]]; then
|
||||
stop_service dnsmasq
|
||||
disable_service dnsmasq
|
||||
#ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d`
|
||||
confdir="conf-dir=/etc/dnsmasq.d"
|
||||
conffile="/etc/dnsmasq.conf"
|
||||
if ! grep -q "$confdir" "$conffile"; then
|
||||
echo "$confdir" >> "$conffile"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# If we downloaded binary file (as opposed to text),
|
||||
if sha1sum --status --quiet -c "${binary}".sha1; then
|
||||
echo -n "transferred... "
|
||||
|
@ -1865,30 +1918,42 @@ FTLdetect() {
|
|||
echo -e " ${INFO} Checking for existing FTL binary..."
|
||||
|
||||
local ftlLoc=$(which pihole-FTL 2>/dev/null)
|
||||
|
||||
local ftlBranch
|
||||
|
||||
if [[ -f "/etc/pihole/ftlbranch" ]];then
|
||||
ftlBranch=$(</etc/pihole/ftlbranch)
|
||||
else
|
||||
ftlBranch="master"
|
||||
fi
|
||||
|
||||
if [[ ${ftlLoc} ]]; then
|
||||
local FTLversion=$(/usr/bin/pihole-FTL tag)
|
||||
local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
|
||||
|
||||
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
|
||||
# Install FTL
|
||||
FTLinstall "${binary}" || return 1
|
||||
else
|
||||
echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..."
|
||||
|
||||
local remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
|
||||
local localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
|
||||
|
||||
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||
echo -e " ${INFO} Corruption detected..."
|
||||
FTLinstall "${binary}" || return 1
|
||||
else
|
||||
echo -e " ${INFO} Checksum correct. No need to download!"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
# Install FTL
|
||||
if [[ ! "${ftlBranch}" == "master" ]]; then
|
||||
FTLinstall "${binary}" || return 1
|
||||
else
|
||||
if [[ ${ftlLoc} ]]; then
|
||||
local FTLversion=$(/usr/bin/pihole-FTL tag)
|
||||
local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
|
||||
|
||||
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
|
||||
# Install FTL
|
||||
FTLinstall "${binary}" || return 1
|
||||
else
|
||||
echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..."
|
||||
|
||||
local remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
|
||||
local localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
|
||||
|
||||
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||
echo -e " ${INFO} Corruption detected..."
|
||||
FTLinstall "${binary}" || return 1
|
||||
else
|
||||
echo -e " ${INFO} Checksum correct. No need to download!"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
# Install FTL
|
||||
FTLinstall "${binary}" || return 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -2000,8 +2065,20 @@ main() {
|
|||
welcomeDialogs
|
||||
# Create directory for Pi-hole storage
|
||||
mkdir -p /etc/pihole/
|
||||
|
||||
#Do we need to stop pihole-FTL or dnsmasq(if coming from an old install)?
|
||||
if [[ $(which pihole-FTL 2>/dev/null) ]]; then
|
||||
if pihole-FTL --resolver > /dev/null; then
|
||||
stop_service pihole-FTL
|
||||
else
|
||||
stop_service dnsmasq
|
||||
fi
|
||||
else
|
||||
if [[ $(which dnsmasq 2>/dev/null) ]]; then
|
||||
stop_service dnsmasq
|
||||
fi
|
||||
fi
|
||||
|
||||
stop_service dnsmasq
|
||||
if [[ "${INSTALL_WEB}" == true ]]; then
|
||||
stop_service lighttpd
|
||||
fi
|
||||
|
@ -2094,8 +2171,11 @@ main() {
|
|||
|
||||
echo -e " ${INFO} Restarting services..."
|
||||
# Start services
|
||||
start_service dnsmasq
|
||||
enable_service dnsmasq
|
||||
# Only start and enable dnsmasq if FTL does not have the --resolver switch
|
||||
if ! pihole-FTL --resolver > /dev/null; then
|
||||
start_service dnsmasq
|
||||
enable_service dnsmasq
|
||||
fi
|
||||
|
||||
# If the Web server was installed,
|
||||
if [[ "${INSTALL_WEB}" == true ]]; then
|
||||
|
|
|
@ -80,7 +80,7 @@ def test_configureFirewall_firewalld_running_no_errors(Pihole):
|
|||
source /opt/pihole/basic-install.sh
|
||||
configureFirewall
|
||||
''')
|
||||
expected_stdout = 'Configuring FirewallD for httpd and dnsmasq'
|
||||
expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL'
|
||||
assert expected_stdout in configureFirewall.stdout
|
||||
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
|
||||
assert 'firewall-cmd --state' in firewall_calls
|
||||
|
|
Loading…
Reference in a new issue