mirror of
https://github.com/pi-hole/pi-hole.git
synced 2024-11-15 02:42:58 +00:00
- Check file /etc/pihole/ftlbranch for current FTL branch, download from github if master, or pi-hole.net if other
- Check if downloaded binary file can resolve queries, if so stop and disable dnsmasq - Add service_disable function - Add dependency libcap2-bin on debian to enable setcap. Need to check other distos -Always download FTL binary if /etc/pihole/ftlbranch does not contain "master" - Change some strings/variables that reference dnsmasq and change them to pihole/pihole-FTL Signed-off-by: Adam Warner <adamw@rner.email>
This commit is contained in:
parent
cadab61a21
commit
8cf8da4c78
2 changed files with 121 additions and 41 deletions
|
@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then
|
||||||
# These programs are stored in an array so they can be looped through later
|
# These programs are stored in an array so they can be looped through later
|
||||||
INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail)
|
INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail)
|
||||||
# Pi-hole itself has several dependencies that also need to be installed
|
# Pi-hole itself has several dependencies that also need to be installed
|
||||||
PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3)
|
PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf)
|
||||||
# The Web dashboard has some that also need to be installed
|
# The Web dashboard has some that also need to be installed
|
||||||
# It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
|
# It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
|
||||||
PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite})
|
PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite})
|
||||||
|
@ -172,9 +172,7 @@ if command -v apt-get &> /dev/null; then
|
||||||
# group,
|
# group,
|
||||||
LIGHTTPD_GROUP="www-data"
|
LIGHTTPD_GROUP="www-data"
|
||||||
# and config file
|
# and config file
|
||||||
LIGHTTPD_CFG="lighttpd.conf.debian"
|
LIGHTTPD_CFG="lighttpd.conf.debian"
|
||||||
# The DNS server user
|
|
||||||
DNSMASQ_USER="dnsmasq"
|
|
||||||
|
|
||||||
# A function to check...
|
# A function to check...
|
||||||
test_dpkg_lock() {
|
test_dpkg_lock() {
|
||||||
|
@ -202,12 +200,12 @@ elif command -v rpm &> /dev/null; then
|
||||||
PKG_MANAGER="yum"
|
PKG_MANAGER="yum"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
|
# Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
|
||||||
UPDATE_PKG_CACHE=":"
|
UPDATE_PKG_CACHE=":"
|
||||||
PKG_INSTALL=(${PKG_MANAGER} install -y)
|
PKG_INSTALL=(${PKG_MANAGER} install -y)
|
||||||
PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
|
PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
|
||||||
INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng)
|
INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng)
|
||||||
PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc)
|
PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc libnettle.so.4)
|
||||||
PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo)
|
PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo)
|
||||||
# EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS
|
# EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS
|
||||||
if grep -qi 'centos' /etc/redhat-release; then
|
if grep -qi 'centos' /etc/redhat-release; then
|
||||||
|
@ -215,8 +213,7 @@ elif command -v rpm &> /dev/null; then
|
||||||
fi
|
fi
|
||||||
LIGHTTPD_USER="lighttpd"
|
LIGHTTPD_USER="lighttpd"
|
||||||
LIGHTTPD_GROUP="lighttpd"
|
LIGHTTPD_GROUP="lighttpd"
|
||||||
LIGHTTPD_CFG="lighttpd.conf.fedora"
|
LIGHTTPD_CFG="lighttpd.conf.fedora"
|
||||||
DNSMASQ_USER="nobody"
|
|
||||||
|
|
||||||
# If neither apt-get or rmp/dnf are found
|
# If neither apt-get or rmp/dnf are found
|
||||||
else
|
else
|
||||||
|
@ -984,6 +981,10 @@ version_check_dnsmasq() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -en " ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..."
|
echo -en " ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..."
|
||||||
|
# Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency)
|
||||||
|
if [[ ! -d "/etc/dnsmasq.d" ]];then
|
||||||
|
mkdir "/etc/dnsmasq.d"
|
||||||
|
fi
|
||||||
# Copy the new Pi-hole DNS config file into the dnsmasq.d directory
|
# Copy the new Pi-hole DNS config file into the dnsmasq.d directory
|
||||||
cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
|
cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
|
||||||
echo -e "${OVER} ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf"
|
echo -e "${OVER} ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf"
|
||||||
|
@ -1158,6 +1159,24 @@ enable_service() {
|
||||||
echo -e "${OVER} ${TICK} ${str}"
|
echo -e "${OVER} ${TICK} ${str}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Disable service so that it will not with next reboot
|
||||||
|
disable_service() {
|
||||||
|
# Local, named variables
|
||||||
|
local str="Disabling ${1} service"
|
||||||
|
echo ""
|
||||||
|
echo -ne " ${INFO} ${str}..."
|
||||||
|
# If systemctl exists,
|
||||||
|
if command -v systemctl &> /dev/null; then
|
||||||
|
# use that to disable the service
|
||||||
|
systemctl disable "${1}" &> /dev/null
|
||||||
|
# Othwerwise,
|
||||||
|
else
|
||||||
|
# use update-rc.d to accomplish this
|
||||||
|
update-rc.d "${1}" disable &> /dev/null
|
||||||
|
fi
|
||||||
|
echo -e "${OVER} ${TICK} ${str}"
|
||||||
|
}
|
||||||
|
|
||||||
update_package_cache() {
|
update_package_cache() {
|
||||||
# Running apt-get update/upgrade with minimal output can cause some issues with
|
# Running apt-get update/upgrade with minimal output can cause some issues with
|
||||||
# requiring user input (e.g password for phpmyadmin see #218)
|
# requiring user input (e.g password for phpmyadmin see #218)
|
||||||
|
@ -1286,7 +1305,7 @@ install_dependent_packages() {
|
||||||
|
|
||||||
# Create logfiles if necessary
|
# Create logfiles if necessary
|
||||||
CreateLogFile() {
|
CreateLogFile() {
|
||||||
local str="Creating log and changing owner to dnsmasq"
|
local str="Creating log and changing owner to pihole"
|
||||||
echo ""
|
echo ""
|
||||||
echo -ne " ${INFO} ${str}..."
|
echo -ne " ${INFO} ${str}..."
|
||||||
# If the pihole log does not exist,
|
# If the pihole log does not exist,
|
||||||
|
@ -1296,7 +1315,7 @@ CreateLogFile() {
|
||||||
# set the permissions,
|
# set the permissions,
|
||||||
chmod 644 /var/log/pihole.log
|
chmod 644 /var/log/pihole.log
|
||||||
# and owners
|
# and owners
|
||||||
chown "${DNSMASQ_USER}":root /var/log/pihole.log
|
chown pihole:root /var/log/pihole.log
|
||||||
echo -e "${OVER} ${TICK} ${str}"
|
echo -e "${OVER} ${TICK} ${str}"
|
||||||
# Otherwise,
|
# Otherwise,
|
||||||
else
|
else
|
||||||
|
@ -1423,7 +1442,7 @@ configureFirewall() {
|
||||||
# ask if the user wants to install Pi-hole's default firwall rules
|
# ask if the user wants to install Pi-hole's default firwall rules
|
||||||
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
|
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
|
||||||
{ echo -e " ${INFO} Not installing firewall rulesets."; return 0; }
|
{ echo -e " ${INFO} Not installing firewall rulesets."; return 0; }
|
||||||
echo -e " ${TICK} Configuring FirewallD for httpd and dnsmasq"
|
echo -e " ${TICK} Configuring FirewallD for httpd and pihole-FTL"
|
||||||
# Allow HTTP and DNS traffice
|
# Allow HTTP and DNS traffice
|
||||||
firewall-cmd --permanent --add-service=http --add-service=dns
|
firewall-cmd --permanent --add-service=http --add-service=dns
|
||||||
# Reload the firewall to apply these changes
|
# Reload the firewall to apply these changes
|
||||||
|
@ -1757,11 +1776,45 @@ FTLinstall() {
|
||||||
# Always replace pihole-FTL.service
|
# Always replace pihole-FTL.service
|
||||||
install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL"
|
install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL"
|
||||||
|
|
||||||
# If the download worked,
|
local ftlBranch
|
||||||
if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "${binary}"; then
|
local url
|
||||||
# get sha1 of the binary we just downloaded for verification.
|
local ftlBranch
|
||||||
curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "${binary}.sha1"
|
|
||||||
|
if [[ -f "/etc/pihole/ftlbranch" ]];then
|
||||||
|
ftlBranch=$(</etc/pihole/ftlbranch)
|
||||||
|
else
|
||||||
|
ftlBranch="master"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Determine which version of FTL to download
|
||||||
|
if [[ "${ftlBranch}" == "master" ]];then
|
||||||
|
url="https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}"
|
||||||
|
else
|
||||||
|
url="https://ftl.pi-hole.net/${ftlBranch}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If the download worked,
|
||||||
|
if curl -sSL --fail "${url}/${binary}" -o "${binary}"; then
|
||||||
|
# get sha1 of the binary we just downloaded for verification.
|
||||||
|
curl -sSL --fail "${url}/${binary}.sha1" -o "${binary}.sha1"
|
||||||
|
|
||||||
|
# Make the tempory binary executable so that we can test the --resolver flag
|
||||||
|
chmod +x "${binary}"
|
||||||
|
|
||||||
|
# If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq
|
||||||
|
if ./"${binary}" --resolver > /dev/null; then
|
||||||
|
if [[ $(which dnsmasq 2>/dev/null) ]]; then
|
||||||
|
stop_service dnsmasq
|
||||||
|
disable_service dnsmasq
|
||||||
|
#ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d`
|
||||||
|
confdir="conf-dir=/etc/dnsmasq.d"
|
||||||
|
conffile="/etc/dnsmasq.conf"
|
||||||
|
if ! grep -q "$confdir" "$conffile"; then
|
||||||
|
echo "$confdir" >> "$conffile"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# If we downloaded binary file (as opposed to text),
|
# If we downloaded binary file (as opposed to text),
|
||||||
if sha1sum --status --quiet -c "${binary}".sha1; then
|
if sha1sum --status --quiet -c "${binary}".sha1; then
|
||||||
echo -n "transferred... "
|
echo -n "transferred... "
|
||||||
|
@ -1865,30 +1918,42 @@ FTLdetect() {
|
||||||
echo -e " ${INFO} Checking for existing FTL binary..."
|
echo -e " ${INFO} Checking for existing FTL binary..."
|
||||||
|
|
||||||
local ftlLoc=$(which pihole-FTL 2>/dev/null)
|
local ftlLoc=$(which pihole-FTL 2>/dev/null)
|
||||||
|
|
||||||
|
local ftlBranch
|
||||||
|
|
||||||
|
if [[ -f "/etc/pihole/ftlbranch" ]];then
|
||||||
|
ftlBranch=$(</etc/pihole/ftlbranch)
|
||||||
|
else
|
||||||
|
ftlBranch="master"
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ ${ftlLoc} ]]; then
|
if [[ ! "${ftlBranch}" == "master" ]]; then
|
||||||
local FTLversion=$(/usr/bin/pihole-FTL tag)
|
|
||||||
local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
|
|
||||||
|
|
||||||
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
|
|
||||||
# Install FTL
|
|
||||||
FTLinstall "${binary}" || return 1
|
|
||||||
else
|
|
||||||
echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..."
|
|
||||||
|
|
||||||
local remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
|
|
||||||
local localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
|
|
||||||
|
|
||||||
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
|
||||||
echo -e " ${INFO} Corruption detected..."
|
|
||||||
FTLinstall "${binary}" || return 1
|
|
||||||
else
|
|
||||||
echo -e " ${INFO} Checksum correct. No need to download!"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
# Install FTL
|
|
||||||
FTLinstall "${binary}" || return 1
|
FTLinstall "${binary}" || return 1
|
||||||
|
else
|
||||||
|
if [[ ${ftlLoc} ]]; then
|
||||||
|
local FTLversion=$(/usr/bin/pihole-FTL tag)
|
||||||
|
local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
|
||||||
|
|
||||||
|
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
|
||||||
|
# Install FTL
|
||||||
|
FTLinstall "${binary}" || return 1
|
||||||
|
else
|
||||||
|
echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..."
|
||||||
|
|
||||||
|
local remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
|
||||||
|
local localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
|
||||||
|
|
||||||
|
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||||
|
echo -e " ${INFO} Corruption detected..."
|
||||||
|
FTLinstall "${binary}" || return 1
|
||||||
|
else
|
||||||
|
echo -e " ${INFO} Checksum correct. No need to download!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# Install FTL
|
||||||
|
FTLinstall "${binary}" || return 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2000,8 +2065,20 @@ main() {
|
||||||
welcomeDialogs
|
welcomeDialogs
|
||||||
# Create directory for Pi-hole storage
|
# Create directory for Pi-hole storage
|
||||||
mkdir -p /etc/pihole/
|
mkdir -p /etc/pihole/
|
||||||
|
|
||||||
|
#Do we need to stop pihole-FTL or dnsmasq(if coming from an old install)?
|
||||||
|
if [[ $(which pihole-FTL 2>/dev/null) ]]; then
|
||||||
|
if pihole-FTL --resolver > /dev/null; then
|
||||||
|
stop_service pihole-FTL
|
||||||
|
else
|
||||||
|
stop_service dnsmasq
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [[ $(which dnsmasq 2>/dev/null) ]]; then
|
||||||
|
stop_service dnsmasq
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
stop_service dnsmasq
|
|
||||||
if [[ "${INSTALL_WEB}" == true ]]; then
|
if [[ "${INSTALL_WEB}" == true ]]; then
|
||||||
stop_service lighttpd
|
stop_service lighttpd
|
||||||
fi
|
fi
|
||||||
|
@ -2094,8 +2171,11 @@ main() {
|
||||||
|
|
||||||
echo -e " ${INFO} Restarting services..."
|
echo -e " ${INFO} Restarting services..."
|
||||||
# Start services
|
# Start services
|
||||||
start_service dnsmasq
|
# Only start and enable dnsmasq if FTL does not have the --resolver switch
|
||||||
enable_service dnsmasq
|
if ! pihole-FTL --resolver > /dev/null; then
|
||||||
|
start_service dnsmasq
|
||||||
|
enable_service dnsmasq
|
||||||
|
fi
|
||||||
|
|
||||||
# If the Web server was installed,
|
# If the Web server was installed,
|
||||||
if [[ "${INSTALL_WEB}" == true ]]; then
|
if [[ "${INSTALL_WEB}" == true ]]; then
|
||||||
|
|
|
@ -80,7 +80,7 @@ def test_configureFirewall_firewalld_running_no_errors(Pihole):
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
configureFirewall
|
configureFirewall
|
||||||
''')
|
''')
|
||||||
expected_stdout = 'Configuring FirewallD for httpd and dnsmasq'
|
expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL'
|
||||||
assert expected_stdout in configureFirewall.stdout
|
assert expected_stdout in configureFirewall.stdout
|
||||||
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
|
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
|
||||||
assert 'firewall-cmd --state' in firewall_calls
|
assert 'firewall-cmd --state' in firewall_calls
|
||||||
|
|
Loading…
Reference in a new issue