From 81927334f25313f0807588a91fbfa061a9665932 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Sun, 18 Sep 2022 21:44:06 +0200 Subject: [PATCH 01/44] Add native systemd service Inspired by: https://github.com/pi-hole/pi-hole/pull/2112 A pre-start and a post-stop script are added to reduce doubled setup and cleanup code. Since systemd services do not natively support dynamic users, test once whether capabilities are supported during install/update, and remove User=pihole otherwise. Signed-off-by: MichaIng Co-authored-by: DL6ER --- advanced/Templates/pihole-FTL-poststop.sh | 13 +++++++ advanced/Templates/pihole-FTL-prestart.sh | 38 +++++++++++++++++++++ advanced/Templates/pihole-FTL.service | 40 +++++----------------- advanced/Templates/pihole-FTL.systemd | 41 +++++++++++++++++++++++ automated install/basic-install.sh | 25 ++++++++++++-- 5 files changed, 123 insertions(+), 34 deletions(-) create mode 100755 advanced/Templates/pihole-FTL-poststop.sh create mode 100755 advanced/Templates/pihole-FTL-prestart.sh create mode 100644 advanced/Templates/pihole-FTL.systemd diff --git a/advanced/Templates/pihole-FTL-poststop.sh b/advanced/Templates/pihole-FTL-poststop.sh new file mode 100755 index 00000000..ac3898d2 --- /dev/null +++ b/advanced/Templates/pihole-FTL-poststop.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env sh + +# Source utils.sh for getFTLPIDFile() +PI_HOLE_SCRIPT_DIR='/opt/pihole' +utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck disable=SC1090 +. "${utilsfile}" + +# Get file paths +FTL_PID_FILE="$(getFTLPIDFile)" + +# Cleanup +rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}" diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh new file mode 100755 index 00000000..ff4abf3a --- /dev/null +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env sh + +# Source utils.sh for getFTLPIDFile() +PI_HOLE_SCRIPT_DIR='/opt/pihole' +utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck disable=SC1090 +. "${utilsfile}" + +# Get file paths +FTL_PID_FILE="$(getFTLPIDFile)" + +# Touch files to ensure they exist (create if non-existing, preserve if existing) +# shellcheck disable=SC2174 +mkdir -pm 0755 /run/pihole /var/log/pihole +[ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" +[ -f /var/log/pihole/FTL.log ] || install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log +[ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log +[ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases +# Ensure that permissions are set so that pihole-FTL can edit all necessary files +chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases +# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist +chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log +chmod -f 0640 /var/log/pihole/pihole.log +# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist +chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db +# Chmod database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist +chmod -f 0664 /etc/pihole/pihole-FTL.db + +# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole +# Should be removed with Pi-hole v6.0 +if [ ! -f /var/log/pihole.log ]; then + ln -sf /var/log/pihole/pihole.log /var/log/pihole.log + chown -h pihole:pihole /var/log/pihole.log +fi +if [ ! -f /var/log/pihole-FTL.log ]; then + ln -sf /var/log/pihole/FTL.log /var/log/pihole-FTL.log + chown -h pihole:pihole /var/log/pihole-FTL.log +fi diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index bc1b1d20..15096972 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -9,9 +9,10 @@ # Description: Enable service provided by pihole-FTL daemon ### END INIT INFO -#source utils.sh for getFTLPIDFile(), getFTLPID () +# Source utils.sh for getFTLPIDFile(), getFTLPID() PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck disable=SC1090 . "${utilsfile}" @@ -28,33 +29,8 @@ start() { if is_running; then echo "pihole-FTL is already running" else - # Touch files to ensure they exist (create if non-existing, preserve if existing) - mkdir -pm 0755 /run/pihole /var/log/pihole - [ ! -f "${FTL_PID_FILE}" ] && install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" - [ ! -f /var/log/pihole/FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log - [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log - [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases - # Ensure that permissions are set so that pihole-FTL can edit all necessary files - chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases - # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist - chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log - chmod -f 0640 /var/log/pihole/pihole.log - # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist - chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db - # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist - chmod -f 0664 /etc/pihole/pihole-FTL.db - - # Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/ - # Should be removed with Pi-hole v6.0 - if [ ! -f /var/log/pihole.log ]; then - ln -s /var/log/pihole/pihole.log /var/log/pihole.log - chown -h pihole:pihole /var/log/pihole.log - - fi - if [ ! -f /var/log/pihole-FTL.log ]; then - ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log - chown -h pihole:pihole /var/log/pihole-FTL.log - fi + # Run pre-start script, which pre-creates all expected files with correct permissions + sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-prestart.sh" if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole || exit $? @@ -89,8 +65,8 @@ stop() { else echo "Not running" fi - # Cleanup - rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}" + # Run post-stop script, which does cleanup among runtime files + sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-poststop.sh" echo } @@ -108,11 +84,11 @@ status() { ### main logic ### -# Get file paths +# Get FTL's PID file path FTL_PID_FILE="$(getFTLPIDFile)" # Get FTL's current PID -FTL_PID="$(getFTLPID ${FTL_PID_FILE})" +FTL_PID="$(getFTLPID "${FTL_PID_FILE}")" case "$1" in stop) diff --git a/advanced/Templates/pihole-FTL.systemd b/advanced/Templates/pihole-FTL.systemd new file mode 100644 index 00000000..2a114199 --- /dev/null +++ b/advanced/Templates/pihole-FTL.systemd @@ -0,0 +1,41 @@ +[Unit] +Description=Pi-hole FTL +# This unit is supposed to indicate when network functionality is available, but it is only +# very weakly defined what that is supposed to mean, with one exception: at shutdown, a unit +# that is ordered after network-online.target will be stopped before the network +Wants=network-online.target +After=network-online.target +# A target that should be used as synchronization point for all host/network name service lookups. +# All services for which the availability of full host/network name resolution is essential should +# be ordered after this target, but not pull it in. +Wants=nss-lookup.target +Before=nss-lookup.target + +# Limit (re)start loop to 5 within 1 minute +StartLimitBurst=5 +StartLimitIntervalSec=60s + +[Service] +User=pihole +PermissionsStartOnly=true +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN + +ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh +ExecStart=/usr/bin/pihole-FTL -f +Restart=on-failure +RestartSec=5s +ExecReload=/bin/kill -HUP $MAINPID +ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh + +# Use graceful shutdown with a reasonable timeout +TimeoutStopSec=10s + +# Make /usr, /boot, /etc and possibly some more folders read-only... +ProtectSystem=full +# ... except /etc/pihole +# This merely retains r/w access rights, it does not add any new. +# Must still be writable on the host! +ReadWriteDirectories=/etc/pihole + +[Install] +WantedBy=multi-user.target diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d4c1ce77..2831e7ec 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1377,8 +1377,29 @@ installConfigs() { fi fi - # Install pihole-FTL.service - install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.service" "/etc/init.d/pihole-FTL" + # Install pihole-FTL systemd or init.d service, based on whether systemd is the init system or not + # Follow debhelper logic, which checks for /run/systemd/system to derive whether systemd is the init system + if [[ -d '/run/systemd/system' ]]; then + install -T -m 0644 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.systemd" '/etc/systemd/system/pihole-FTL.service' + + # Set net admin permissions so that FTL can serve DNS, DHCP and IMAP (for DHCPv6). If this does not work, run FTL as root user. + if ! setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip '/usr/bin/pihole-FTL'; then + sed -i '/^User=/d' '/etc/systemd/system/pihole-FTL.service' + fi + + # Remove init.d service if present + if [[ -e '/etc/init.d/pihole-FTL' ]]; then + rm '/etc/init.d/pihole-FTL' + update-rc.d pihole-FTL remove + fi + + # Load final service + systemctl daemon-reload + else + install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.service" '/etc/init.d/pihole-FTL' + fi + install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL-prestart.sh" "${PI_HOLE_INSTALL_DIR}/pihole-FTL-prestart.sh" + install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL-poststop.sh" "${PI_HOLE_INSTALL_DIR}/pihole-FTL-poststop.sh" # If the user chose to install the dashboard, if [[ "${INSTALL_WEB_SERVER}" == true ]]; then From ea26171c187f07efed8a1233859d35afe9c5b7a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 24 Nov 2022 20:39:02 +0100 Subject: [PATCH 02/44] Do not require man pages to be present in test script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/test_any_automated_install.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index e6673bb5..2ea619f7 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -211,6 +211,8 @@ def test_installPihole_fresh_install_readableFiles(host): maninstalled = True if (info_box + " man not installed") in install.stdout: maninstalled = False + if (info_box + " man pages not installed") in install.stdout: + maninstalled = False piholeuser = "pihole" exit_status_success = 0 test_cmd = 'su --shell /bin/bash --command "test -{0} {1}" -p {2}' From 33d2163f1901b8abf5e8409d9e4b1610c5797558 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 24 Nov 2022 22:06:04 +0100 Subject: [PATCH 03/44] Explicitly create group pihole on installation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 841a04f4..4d663282 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1760,20 +1760,35 @@ create_pihole_user() { else # If the pihole user doesn't exist, printf "%b %b %s" "${OVER}" "${CROSS}" "${str}" - local str="Creating user 'pihole'" - printf "%b %b %s..." "${OVER}" "${INFO}" "${str}" - # create her with the useradd command, + local str="Checking for group 'pihole'" + printf " %b %s..." "${INFO}" "${str}" if getent group pihole > /dev/null 2>&1; then - # then add her to the pihole group (as it already exists) + # group pihole exists + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + # then create and add her to the pihole group + local str="Creating user 'pihole'" + printf "%b %b %s..." "${OVER}" "${INFO}" "${str}" if useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole; then printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" else printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" fi else - # add user pihole with default group settings - if useradd -r -s /usr/sbin/nologin pihole; then + # group pihole does not exist + printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" + local str="Creating group 'pihole'" + # if group can be created + if groupadd pihole; then printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + # create and add pihole user to the pihole group + local str="Creating user 'pihole'" + printf "%b %b %s..." "${OVER}" "${INFO}" "${str}" + if useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole; then + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" + else + printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" + fi + else printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" fi From 06de1729525f82da44ba924e8232197877fd613a Mon Sep 17 00:00:00 2001 From: MichaIng Date: Mon, 28 Nov 2022 19:28:51 +0100 Subject: [PATCH 04/44] Skip setcap on installs with systemd since the systemd unit uses "AmbientCapabilities" to grant capabilities. Signed-off-by: MichaIng Signed-off-by: MichaIng --- automated install/basic-install.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index bdb354ec..c715eb52 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1385,11 +1385,6 @@ installConfigs() { if [[ -d '/run/systemd/system' ]]; then install -T -m 0644 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.systemd" '/etc/systemd/system/pihole-FTL.service' - # Set net admin permissions so that FTL can serve DNS, DHCP and IMAP (for DHCPv6). If this does not work, run FTL as root user. - if ! setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip '/usr/bin/pihole-FTL'; then - sed -i '/^User=/d' '/etc/systemd/system/pihole-FTL.service' - fi - # Remove init.d service if present if [[ -e '/etc/init.d/pihole-FTL' ]]; then rm '/etc/init.d/pihole-FTL' From e0e0baf0766a6aff5f98cae94d15caff86bf6154 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 4 Dec 2022 09:32:23 +0100 Subject: [PATCH 05/44] Install wheel before other python packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index daa18c85..7a4cc9b7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -70,7 +70,7 @@ jobs: python-version: "3.10" - name: Install dependencies - run: pip install -r test/requirements.txt + run: pip install wheel && pip install -r test/requirements.txt - name: Test with tox run: tox -c test/tox.${DISTRO}.ini From 6b146ed2d1a2e94ebb9a3882facdc46ebe884af0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 5 Dec 2022 23:13:24 +0100 Subject: [PATCH 06/44] Use two-step approach MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7a4cc9b7..45c44e24 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -69,8 +69,11 @@ jobs: with: python-version: "3.10" + - name: Install wheel + run: pip install wheel + - name: Install dependencies - run: pip install wheel && pip install -r test/requirements.txt + run: pip install -r test/requirements.txt - name: Test with tox run: tox -c test/tox.${DISTRO}.ini From 126da094bdaf8374a5f4dac0bb19d987eb2ea819 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Dec 2022 10:00:58 +0000 Subject: [PATCH 07/44] Bump actions/setup-python from 4.3.0 to 4.3.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.3.0...v4.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 45c44e24..d78f92c8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -65,7 +65,7 @@ jobs: uses: actions/checkout@v3.1.0 - name: Set up Python 3.10 - uses: actions/setup-python@v4.3.0 + uses: actions/setup-python@v4.3.1 with: python-version: "3.10" From b8eae60fcc6a3ca7b0b91aaf60cded3fb912e162 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 11 Dec 2022 11:39:11 +0000 Subject: [PATCH 08/44] Disable a few commands for Docker. Currently this is done by monkeypatching the the `pihole` file on Docker install, however if someone was to run pihole checkout, these patches are removed. Signed-off-by: Adam Warner --- pihole | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/pihole b/pihole index ca80bff8..a99a37e7 100755 --- a/pihole +++ b/pihole @@ -23,6 +23,9 @@ source "${colfile}" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" source "${utilsfile}" +versionsfile="/etc/pihole/versions" +source "${versionsfile}" + webpageFunc() { source "${PI_HOLE_SCRIPT_DIR}/webpage.sh" main "$@" @@ -63,14 +66,22 @@ arpFunc() { } updatePiholeFunc() { - shift - "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@" - exit 0 + if [ -n "${DOCKER_VERSION}" ]; then + unsupportedFunc + else + shift + "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@" + exit 0 + fi } reconfigurePiholeFunc() { - /etc/.pihole/automated\ install/basic-install.sh --reconfigure - exit 0; + if [ -n "${DOCKER_VERSION}" ]; then + unsupportedFunc + else + /etc/.pihole/automated\ install/basic-install.sh --reconfigure + exit 0; + fi } updateGravityFunc() { @@ -91,8 +102,12 @@ chronometerFunc() { uninstallFunc() { - "${PI_HOLE_SCRIPT_DIR}"/uninstall.sh - exit 0 + if [ -n "${DOCKER_VERSION}" ]; then + unsupportedFunc + else + "${PI_HOLE_SCRIPT_DIR}"/uninstall.sh + exit 0 + fi } versionFunc() { @@ -429,6 +444,11 @@ updateCheckFunc() { exit 0 } +unsupportedFunc(){ + echo "Function not supported in Docker images" + exit 0 +} + helpFunc() { echo "Usage: pihole [options] Example: 'pihole -w -h' From 4004a93d1a9ba1f927e4ed62c54b033296f0214d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 9 Nov 2022 19:10:37 +0100 Subject: [PATCH 09/44] Don't double check for lines containing no domains in gravity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index 14732f31..9063e7d8 100755 --- a/gravity.sh +++ b/gravity.sh @@ -731,13 +731,11 @@ gravity_ParseFileIntoDomains() { # 3) Remove comments (text starting with "#", include possible spaces before the hash sign) # 4) Remove lines containing "/" # 5) Remove leading tabs, spaces, etc. - # 6) Delete lines not matching domain names < "${src}" tr -d '\r' | \ tr '[:upper:]' '[:lower:]' | \ sed 's/\s*#.*//g' | \ sed -r '/(\/).*$/d' | \ - sed -r 's/^.*\s+//g' | \ - sed -r '/([^\.]+\.)+[^\.]{2,}/!d' > "${destination}" + sed -r 's/^.*\s+//g' > "${destination}" chmod 644 "${destination}" } From 372070ab391660720d345c4a90b489e989ad5fa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 28 Nov 2022 23:33:13 +0100 Subject: [PATCH 10/44] Improve detection of incorrecr lines during gravity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/gravity.sh b/gravity.sh index 9063e7d8..a342cb27 100755 --- a/gravity.sh +++ b/gravity.sh @@ -524,15 +524,20 @@ num_target_lines=0 num_source_lines=0 num_invalid=0 parseList() { - local adlistID="${1}" src="${2}" target="${3}" incorrect_lines + local adlistID="${1}" src="${2}" target="${3}" incorrect_lines sample_incorrect_lines # This sed does the following things: + # 0. Remove all lines containing no domains # 1. Remove all domains containing invalid characters. Valid are: a-z, A-Z, 0-9, dot (.), minus (-), underscore (_) # 2. Append ,adlistID to every line # 3. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701) # 4. Ensures there is a newline on the last line - sed -e "/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" - # Find (up to) five domains containing invalid characters (see above) - incorrect_lines="$(sed -e "/[^a-zA-Z0-9.\_-]/!d" "${src}" | head -n 5)" + sed -r "/([^\.]+\.)+[^\.]{2,}/!d;/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" + + # Find lines containing no domains or with invalid characters (see above) + # Remove duplicates and limit to 5 domains + mapfile -t incorrect_lines <<< "$(sed -r "/([^\.]+\.)+[^\.]{2,}/d" < "${src}")" + mapfile -t -O "${#incorrect_lines[@]}" incorrect_lines <<< "$(sed -r "/[^a-zA-Z0-9.\_-]/!d" < "${src}")" + IFS=" " read -r -a sample_incorrect_lines <<< "$(tr ' ' '\n' <<< "${incorrect_lines[@]}" | sort -u | head -n 5| tr '\n' ' ')" local num_target_lines_new num_correct_lines # Get number of lines in source file @@ -551,11 +556,12 @@ parseList() { fi # Display sample of invalid lines if we found some - if [[ -n "${incorrect_lines}" ]]; then + if [ ${#sample_incorrect_lines[@]} -ne 0 ]; then echo " Sample of invalid domains:" - while IFS= read -r line; do - echo " - ${line}" - done <<< "${incorrect_lines}" + for each in "${sample_incorrect_lines[@]}" + do + echo " - ${each}" + done fi } compareLists() { @@ -731,11 +737,13 @@ gravity_ParseFileIntoDomains() { # 3) Remove comments (text starting with "#", include possible spaces before the hash sign) # 4) Remove lines containing "/" # 5) Remove leading tabs, spaces, etc. + # 6) Remove empty lines < "${src}" tr -d '\r' | \ tr '[:upper:]' '[:lower:]' | \ sed 's/\s*#.*//g' | \ sed -r '/(\/).*$/d' | \ - sed -r 's/^.*\s+//g' > "${destination}" + sed -r 's/^.*\s+//g' | \ + sed '/^$/d'> "${destination}" chmod 644 "${destination}" } From 14ab58660306d9f15ee7396ef4992f9eb70539a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 11 Dec 2022 15:12:11 +0100 Subject: [PATCH 11/44] Start counting with 1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gravity.sh b/gravity.sh index a342cb27..a5c944ce 100755 --- a/gravity.sh +++ b/gravity.sh @@ -526,11 +526,11 @@ num_invalid=0 parseList() { local adlistID="${1}" src="${2}" target="${3}" incorrect_lines sample_incorrect_lines # This sed does the following things: - # 0. Remove all lines containing no domains - # 1. Remove all domains containing invalid characters. Valid are: a-z, A-Z, 0-9, dot (.), minus (-), underscore (_) - # 2. Append ,adlistID to every line - # 3. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701) - # 4. Ensures there is a newline on the last line + # 1. Remove all lines containing no domains + # 2. Remove all domains containing invalid characters. Valid are: a-z, A-Z, 0-9, dot (.), minus (-), underscore (_) + # 3. Append ,adlistID to every line + # 4. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701) + # 5. Ensures there is a newline on the last line sed -r "/([^\.]+\.)+[^\.]{2,}/!d;/[^a-zA-Z0-9.\_-]/d;s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}" # Find lines containing no domains or with invalid characters (see above) From 67f04787d6fc687809bc07d2d69e07ac8a265456 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Tue, 6 Dec 2022 14:39:06 -0300 Subject: [PATCH 12/44] Only compare OS versions if `dig` was successful Signed-off-by: RD WebDesign --- advanced/Scripts/piholeDebug.sh | 67 ++++++++++++++++++--------------- 1 file changed, 36 insertions(+), 31 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 3cd782bf..979f5fb3 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -394,41 +394,46 @@ os_check() { # Extract dig response response="${cmdResult%%$'\n'*}" - IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"') - for distro_and_versions in "${supportedOS[@]}" - do - distro_part="${distro_and_versions%%=*}" - versions_part="${distro_and_versions##*=}" - - if [[ "${detected_os^^}" =~ ${distro_part^^} ]]; then - valid_os=true - IFS="," read -r -a supportedVer <<<"${versions_part}" - for version in "${supportedVer[@]}" - do - if [[ "${detected_version}" =~ $version ]]; then - valid_version=true - break - fi - done - break - fi - done - log_write "${INFO} dig return code: ${digReturnCode}" log_write "${INFO} dig response: ${response}" - if [ "$valid_os" = true ]; then - log_write "${TICK} Distro: ${COL_GREEN}${detected_os^}${COL_NC}" - - if [ "$valid_version" = true ]; then - log_write "${TICK} Version: ${COL_GREEN}${detected_version}${COL_NC}" - else - log_write "${CROSS} Version: ${COL_RED}${detected_version}${COL_NC}" - log_write "${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" - fi + if [ "${response}" -ne 0 ]; then + log_write "${CROSS} Distro: ${COL_RED}${detected_os^}${COL_NC}" + log_write "${CROSS} Error: ${COL_RED}dig command failed - Unable to check OS${COL_NC}" else - log_write "${CROSS} Distro: ${COL_RED}${detected_os^}${COL_NC}" - log_write "${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" + IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"') + for distro_and_versions in "${supportedOS[@]}" + do + distro_part="${distro_and_versions%%=*}" + versions_part="${distro_and_versions##*=}" + + if [[ "${detected_os^^}" =~ ${distro_part^^} ]]; then + valid_os=true + IFS="," read -r -a supportedVer <<<"${versions_part}" + for version in "${supportedVer[@]}" + do + if [[ "${detected_version}" =~ $version ]]; then + valid_version=true + break + fi + done + break + fi + done + + if [ "$valid_os" = true ]; then + log_write "${TICK} Distro: ${COL_GREEN}${detected_os^}${COL_NC}" + + if [ "$valid_version" = true ]; then + log_write "${TICK} Version: ${COL_GREEN}${detected_version}${COL_NC}" + else + log_write "${CROSS} Version: ${COL_RED}${detected_version}${COL_NC}" + log_write "${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" + fi + else + log_write "${CROSS} Distro: ${COL_RED}${detected_os^}${COL_NC}" + log_write "${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" + fi fi } From b4349b41ce88beeeabadc212cf05dd01bceb6f18 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Tue, 6 Dec 2022 15:42:36 -0300 Subject: [PATCH 13/44] Use the correct variable `digReturnCode` also use INFO instead of CROSS, because it's not an error. Signed-off-by: RD WebDesign --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 979f5fb3..17447873 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -397,8 +397,8 @@ os_check() { log_write "${INFO} dig return code: ${digReturnCode}" log_write "${INFO} dig response: ${response}" - if [ "${response}" -ne 0 ]; then - log_write "${CROSS} Distro: ${COL_RED}${detected_os^}${COL_NC}" + if [ "${digReturnCode}" -ne 0 ]; then + log_write "${INFO} Distro: ${COL_RED}${detected_os^}${COL_NC}" log_write "${CROSS} Error: ${COL_RED}dig command failed - Unable to check OS${COL_NC}" else IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"') From 8c2f56b0e6b6f65189af942b7fabb78610c49277 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Tue, 6 Dec 2022 17:38:38 -0300 Subject: [PATCH 14/44] Imporving the output from `os_check()` function - add red color to dig errors - reorder some output lines - add "Distro and version supported" on success Signed-off-by: RD WebDesign --- advanced/Scripts/piholeDebug.sh | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 17447873..f370bd9f 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -394,12 +394,11 @@ os_check() { # Extract dig response response="${cmdResult%%$'\n'*}" - log_write "${INFO} dig return code: ${digReturnCode}" - log_write "${INFO} dig response: ${response}" - if [ "${digReturnCode}" -ne 0 ]; then - log_write "${INFO} Distro: ${COL_RED}${detected_os^}${COL_NC}" - log_write "${CROSS} Error: ${COL_RED}dig command failed - Unable to check OS${COL_NC}" + log_write "${INFO} Distro: ${detected_os^}" + log_write "${CROSS} dig return code: ${COL_RED}${digReturnCode}${COL_NC}" + log_write "${CROSS} dig response: ${response}" + log_write "${CROSS} Error: ${COL_RED}dig command failed - Unable to check OS${COL_NC}" else IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"') for distro_and_versions in "${supportedOS[@]}" @@ -421,19 +420,26 @@ os_check() { fi done + local finalmsg if [ "$valid_os" = true ]; then log_write "${TICK} Distro: ${COL_GREEN}${detected_os^}${COL_NC}" if [ "$valid_version" = true ]; then log_write "${TICK} Version: ${COL_GREEN}${detected_version}${COL_NC}" + finalmsg="${TICK} ${COL_GREEN}Distro and version supported${COL_NC}" else log_write "${CROSS} Version: ${COL_RED}${detected_version}${COL_NC}" - log_write "${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" + finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" fi else log_write "${CROSS} Distro: ${COL_RED}${detected_os^}${COL_NC}" - log_write "${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" + finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" fi + + # Print dig response and the final check result + log_write "${INFO} dig return code: ${COL_RED}${digReturnCode}${COL_NC}" + log_write "${INFO} dig response: ${response}" + log_write "${finalmsg}" fi } From a2069802426857b5ef788996d824dd6abcbeb3f4 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Tue, 6 Dec 2022 20:34:18 -0300 Subject: [PATCH 15/44] Fix parenthesis color Signed-off-by: RD WebDesign --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f370bd9f..c067682b 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -429,11 +429,11 @@ os_check() { finalmsg="${TICK} ${COL_GREEN}Distro and version supported${COL_NC}" else log_write "${CROSS} Version: ${COL_RED}${detected_version}${COL_NC}" - finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" + finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported ${COL_NC}(${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" fi else log_write "${CROSS} Distro: ${COL_RED}${detected_os^}${COL_NC}" - finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" + finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro ${COL_NC}(${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" fi # Print dig response and the final check result From 1550f29f06a1925b51d183316f383d52b45e99f6 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Thu, 8 Dec 2022 19:58:00 -0300 Subject: [PATCH 16/44] Use GREEN if dig was successful Signed-off-by: RD WebDesign --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index c067682b..9042e718 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -437,7 +437,7 @@ os_check() { fi # Print dig response and the final check result - log_write "${INFO} dig return code: ${COL_RED}${digReturnCode}${COL_NC}" + log_write "${INFO} dig return code: ${COL_GREEN}${digReturnCode}${COL_NC}" log_write "${INFO} dig response: ${response}" log_write "${finalmsg}" fi From fc83883934fab83cb6ec04978f711ef58701ac6e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 11 Dec 2022 14:31:44 +0000 Subject: [PATCH 17/44] Apply suggestions from code review Co-authored-by: yubiuser Signed-off-by: Adam Warner --- advanced/Scripts/piholeDebug.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 9042e718..c0264d1a 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -396,6 +396,7 @@ os_check() { if [ "${digReturnCode}" -ne 0 ]; then log_write "${INFO} Distro: ${detected_os^}" + log_write "${INFO} Version: ${detected_version}" log_write "${CROSS} dig return code: ${COL_RED}${digReturnCode}${COL_NC}" log_write "${CROSS} dig response: ${response}" log_write "${CROSS} Error: ${COL_RED}dig command failed - Unable to check OS${COL_NC}" @@ -437,7 +438,7 @@ os_check() { fi # Print dig response and the final check result - log_write "${INFO} dig return code: ${COL_GREEN}${digReturnCode}${COL_NC}" + log_write "${TICK} dig return code: ${COL_GREEN}${digReturnCode}${COL_NC}" log_write "${INFO} dig response: ${response}" log_write "${finalmsg}" fi From d245226053b3db5ba820a9fc115aa6a9a4123409 Mon Sep 17 00:00:00 2001 From: Neill Wolf Date: Fri, 16 Dec 2022 15:37:19 -0600 Subject: [PATCH 18/44] set X-XSS-Protection headers to 0 in lighttpd.conf Signed-off-by: Neill Wolf --- advanced/lighttpd.conf.debian | 2 +- advanced/lighttpd.conf.fedora | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 21e48d6c..74761303 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -90,7 +90,7 @@ $HTTP["url"] =~ "^/admin/" { setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY", - "X-XSS-Protection" => "1; mode=block", + "X-XSS-Protection" => "0", "X-Content-Type-Options" => "nosniff", "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';", "X-Permitted-Cross-Domain-Policies" => "none", diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 3da62839..7a6a39c5 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -98,7 +98,7 @@ $HTTP["url"] =~ "^/admin/" { setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY", - "X-XSS-Protection" => "1; mode=block", + "X-XSS-Protection" => "0", "X-Content-Type-Options" => "nosniff", "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';", "X-Permitted-Cross-Domain-Policies" => "none", From e7e7a817bb332361c703ef623c00586cf57940f4 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Thu, 15 Dec 2022 00:31:34 -0500 Subject: [PATCH 19/44] add Fedora 37 to distro-test Signed-off-by: Glenn Strauss --- .github/workflows/test.yml | 1 + test/_fedora_37.Dockerfile | 18 ++++++++++++++++++ test/tox.fedora_37.ini | 8 ++++++++ 3 files changed, 27 insertions(+) create mode 100644 test/_fedora_37.Dockerfile create mode 100644 test/tox.fedora_37.ini diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d78f92c8..82d96524 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -57,6 +57,7 @@ jobs: centos_9, fedora_35, fedora_36, + fedora_37, ] env: DISTRO: ${{matrix.distro}} diff --git a/test/_fedora_37.Dockerfile b/test/_fedora_37.Dockerfile new file mode 100644 index 00000000..b4f939ba --- /dev/null +++ b/test/_fedora_37.Dockerfile @@ -0,0 +1,18 @@ +FROM fedora:37 +RUN dnf install -y git initscripts + +ENV GITDIR /etc/.pihole +ENV SCRIPTDIR /opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/ +ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV SKIP_INSTALL true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/tox.fedora_37.ini b/test/tox.fedora_37.ini new file mode 100644 index 00000000..d6f44533 --- /dev/null +++ b/test/tox.fedora_37.ini @@ -0,0 +1,8 @@ +[tox] +envlist = py3 + +[testenv] +allowlist_externals = docker +deps = -rrequirements.txt +commands = docker build -f _fedora_37.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_fedora_support.py From 661433c1158843fc19f0166ef1a1bd69bcdd8277 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Dec 2022 10:00:40 +0000 Subject: [PATCH 20/44] Bump actions/checkout from 3.1.0 to 3.2.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...v3.2.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/sync-back-to-dev.yml | 2 +- .github/workflows/test.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b0ebb90e..41fd5b1b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.2.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/sync-back-to-dev.yml b/.github/workflows/sync-back-to-dev.yml index 3a5133f9..889f9622 100644 --- a/.github/workflows/sync-back-to-dev.yml +++ b/.github/workflows/sync-back-to-dev.yml @@ -11,7 +11,7 @@ jobs: name: Syncing branches steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.2.0 - name: Opening pull request run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal' env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d78f92c8..71951444 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.2.0 - name: Check scripts in repository are executable run: | @@ -62,7 +62,7 @@ jobs: DISTRO: ${{matrix.distro}} steps: - name: Checkout repository - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.2.0 - name: Set up Python 3.10 uses: actions/setup-python@v4.3.1 From da8893f47709e68f7da62667cf7541c5e4079372 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 18 Dec 2022 12:45:14 +0100 Subject: [PATCH 21/44] Try bandaid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements.txt b/test/requirements.txt index 0eb22a1b..9315800c 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -2,4 +2,4 @@ docker-compose pytest pytest-xdist pytest-testinfra -tox +tox <= 4.0.12 From c8e69c61392f0841b8f1026ceca80874d2d0700c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 18 Dec 2022 14:22:44 +0100 Subject: [PATCH 22/44] Set testenv explicitly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/tox.centos_8.ini | 6 +++--- test/tox.centos_9.ini | 2 +- test/tox.debian_10.ini | 2 +- test/tox.debian_11.ini | 2 +- test/tox.fedora_35.ini | 2 +- test/tox.fedora_36.ini | 2 +- test/tox.ubuntu_20.ini | 2 +- test/tox.ubuntu_22.ini | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/test/tox.centos_8.ini b/test/tox.centos_8.ini index dc160d2a..dac10e97 100644 --- a/test/tox.centos_8.ini +++ b/test/tox.centos_8.ini @@ -1,8 +1,8 @@ [tox] envlist = py3 -[testenv] +[testenv:py3] allowlist_externals = docker deps = -rrequirements.txt -commands = docker build -f _centos_8.Dockerfile -t pytest_pihole:test_container ../ - pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py +commands = docker build -f _centos_8.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py diff --git a/test/tox.centos_9.ini b/test/tox.centos_9.ini index 633fc5c4..aa7009e1 100644 --- a/test/tox.centos_9.ini +++ b/test/tox.centos_9.ini @@ -1,7 +1,7 @@ [tox] envlist = py3 -[testenv] +[testenv:py3] allowlist_externals = docker deps = -rrequirements.txt commands = docker build -f _centos_9.Dockerfile -t pytest_pihole:test_container ../ diff --git a/test/tox.debian_10.ini b/test/tox.debian_10.ini index ef9fa7a0..a012bda4 100644 --- a/test/tox.debian_10.ini +++ b/test/tox.debian_10.ini @@ -1,7 +1,7 @@ [tox] envlist = py3 -[testenv] +[testenv:py3] allowlist_externals = docker deps = -rrequirements.txt commands = docker build -f _debian_10.Dockerfile -t pytest_pihole:test_container ../ diff --git a/test/tox.debian_11.ini b/test/tox.debian_11.ini index 6d25a0c8..48dc9df1 100644 --- a/test/tox.debian_11.ini +++ b/test/tox.debian_11.ini @@ -1,7 +1,7 @@ [tox] envlist = py3 -[testenv] +[testenv:py3] allowlist_externals = docker deps = -rrequirements.txt commands = docker build -f _debian_11.Dockerfile -t pytest_pihole:test_container ../ diff --git a/test/tox.fedora_35.ini b/test/tox.fedora_35.ini index 5e90426d..c571a564 100644 --- a/test/tox.fedora_35.ini +++ b/test/tox.fedora_35.ini @@ -1,7 +1,7 @@ [tox] envlist = py3 -[testenv] +[testenv:py3] allowlist_externals = docker deps = -rrequirements.txt commands = docker build -f _fedora_35.Dockerfile -t pytest_pihole:test_container ../ diff --git a/test/tox.fedora_36.ini b/test/tox.fedora_36.ini index 1d250f82..0cc6f29c 100644 --- a/test/tox.fedora_36.ini +++ b/test/tox.fedora_36.ini @@ -1,7 +1,7 @@ [tox] envlist = py3 -[testenv] +[testenv:py3] allowlist_externals = docker deps = -rrequirements.txt commands = docker build -f _fedora_36.Dockerfile -t pytest_pihole:test_container ../ diff --git a/test/tox.ubuntu_20.ini b/test/tox.ubuntu_20.ini index 4ae79a0c..88ee0b54 100644 --- a/test/tox.ubuntu_20.ini +++ b/test/tox.ubuntu_20.ini @@ -1,7 +1,7 @@ [tox] envlist = py3 -[testenv] +[testenv:py3] allowlist_externals = docker deps = -rrequirements.txt commands = docker build -f _ubuntu_20.Dockerfile -t pytest_pihole:test_container ../ diff --git a/test/tox.ubuntu_22.ini b/test/tox.ubuntu_22.ini index 3ddf7eca..cb5527ab 100644 --- a/test/tox.ubuntu_22.ini +++ b/test/tox.ubuntu_22.ini @@ -1,7 +1,7 @@ [tox] envlist = py3 -[testenv] +[testenv:py3] allowlist_externals = docker deps = -rrequirements.txt commands = docker build -f _ubuntu_22.Dockerfile -t pytest_pihole:test_container ../ From dafc9983f56177b4c831d193ceaf8dcf13fadd5b Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Fri, 7 Aug 2020 23:53:14 -0400 Subject: [PATCH 23/44] lighttpd include external.conf using file glob lighttpd 1.4.40 and later support 'include' using file glob (The prior code for compatibility was presumably for Debian Jessie and earlier, now obsolete. Debian Stretch -- currently oldstable -- ships with lighttpd 1.4.45) Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 5 ++--- advanced/lighttpd.conf.fedora | 5 ++--- automated install/basic-install.sh | 4 ---- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 74761303..f57bad2d 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -67,9 +67,8 @@ mimetype.assign = ( ".woff2" => "font/woff2" ) -# Add user chosen options held in external file -# This uses include_shell instead of an include wildcard for compatibility -include_shell "cat external.conf 2>/dev/null" +# Add user chosen options held in (optional) external file +include "external*.conf" # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 7a6a39c5..34056672 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -68,9 +68,8 @@ mimetype.assign = ( ".woff2" => "font/woff2" ) -# Add user chosen options held in external file -# This uses include_shell instead of an include wildcard for compatibility -include_shell "cat external.conf 2>/dev/null" +# Add user chosen options held in (optional) external file +include "external*.conf" # default listening port for IPv6 falls back to the IPv4 port #include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 50ce584d..7462e2f0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1412,10 +1412,6 @@ installConfigs() { fi # and copy in the config file Pi-hole needs install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" - # Make sure the external.conf file exists, as lighttpd v1.4.50 crashes without it - if [ ! -f /etc/lighttpd/external.conf ]; then - install -m 644 /dev/null /etc/lighttpd/external.conf - fi # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}" From 62bf9957dc39f6bfbb1fb4d493c657889793cdf1 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Fri, 7 Aug 2020 23:57:20 -0400 Subject: [PATCH 24/44] lighttpd conf: collect ^/admin/ conditions move a sub-condition to be a nested condition under ^/admin/ Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 18 +++++++++--------- advanced/lighttpd.conf.fedora | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index f57bad2d..cb52cf38 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -95,17 +95,17 @@ $HTTP["url"] =~ "^/admin/" { "X-Permitted-Cross-Domain-Policies" => "none", "Referrer-Policy" => "same-origin" ) -} -# Block . files from being served, such as .git, .github, .gitignore -$HTTP["url"] =~ "^/admin/\.(.*)" { - url.access-deny = ("") -} + # Block . files from being served, such as .git, .github, .gitignore + $HTTP["url"] =~ "^/admin/\." { + url.access-deny = ("") + } -# allow teleporter and API qr code iframe on settings page -$HTTP["url"] =~ "/(teleporter|api_token)\.php$" { - $HTTP["referer"] =~ "/admin/settings\.php" { - setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + # allow teleporter and API qr code iframe on settings page + $HTTP["url"] =~ "/(teleporter|api_token)\.php$" { + $HTTP["referer"] =~ "/admin/settings\.php" { + setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + } } } diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 34056672..39c665f5 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -103,17 +103,17 @@ $HTTP["url"] =~ "^/admin/" { "X-Permitted-Cross-Domain-Policies" => "none", "Referrer-Policy" => "same-origin" ) -} -# Block . files from being served, such as .git, .github, .gitignore -$HTTP["url"] =~ "^/admin/\.(.*)" { - url.access-deny = ("") -} + # Block . files from being served, such as .git, .github, .gitignore + $HTTP["url"] =~ "^/admin/\." { + url.access-deny = ("") + } -# allow teleporter and API qr code iframe on settings page -$HTTP["url"] =~ "/(teleporter|api_token)\.php$" { - $HTTP["referer"] =~ "/admin/settings\.php" { - setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + # allow teleporter and API qr code iframe on settings page + $HTTP["url"] =~ "/(teleporter|api_token)\.php$" { + $HTTP["referer"] =~ "/admin/settings\.php" { + setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + } } } From 08c7691d1eef900feeda8a8fa2353a8aef5280a6 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 14 Dec 2022 21:18:04 -0500 Subject: [PATCH 25/44] lighttpd pihole-admin.conf for admin interface Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 35 -------------- advanced/lighttpd.conf.fedora | 35 +------------- advanced/pihole-admin.conf | 75 ++++++++++++++++++++++++++++++ automated install/basic-install.sh | 14 ++++++ automated install/uninstall.sh | 13 ++++++ 5 files changed, 103 insertions(+), 69 deletions(-) create mode 100644 advanced/pihole-admin.conf diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index cb52cf38..706b00a8 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -76,38 +76,3 @@ include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port # Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain #include_shell "/usr/share/lighttpd/include-conf-enabled.pl" include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null" - -# If the URL starts with /admin, it is the Web interface -$HTTP["url"] =~ "^/admin/" { - # X-Pi-hole is a response header for debugging using curl -I - # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >. - # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. - # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code. - # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS). - # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains. - # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all. - setenv.add-response-header = ( - "X-Pi-hole" => "The Pi-hole Web interface is working!", - "X-Frame-Options" => "DENY", - "X-XSS-Protection" => "0", - "X-Content-Type-Options" => "nosniff", - "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';", - "X-Permitted-Cross-Domain-Policies" => "none", - "Referrer-Policy" => "same-origin" - ) - - # Block . files from being served, such as .git, .github, .gitignore - $HTTP["url"] =~ "^/admin/\." { - url.access-deny = ("") - } - - # allow teleporter and API qr code iframe on settings page - $HTTP["url"] =~ "/(teleporter|api_token)\.php$" { - $HTTP["referer"] =~ "/admin/settings\.php" { - setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) - } - } -} - -# Default expire header -expire.url = ( "" => "access plus 0 seconds" ) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 39c665f5..05dfc7ec 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -85,37 +85,4 @@ fastcgi.server = ( ) ) -# If the URL starts with /admin, it is the Web interface -$HTTP["url"] =~ "^/admin/" { - # X-Pi-hole is a response header for debugging using curl -I - # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >. - # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. - # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code. - # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS). - # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains. - # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all. - setenv.add-response-header = ( - "X-Pi-hole" => "The Pi-hole Web interface is working!", - "X-Frame-Options" => "DENY", - "X-XSS-Protection" => "0", - "X-Content-Type-Options" => "nosniff", - "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';", - "X-Permitted-Cross-Domain-Policies" => "none", - "Referrer-Policy" => "same-origin" - ) - - # Block . files from being served, such as .git, .github, .gitignore - $HTTP["url"] =~ "^/admin/\." { - url.access-deny = ("") - } - - # allow teleporter and API qr code iframe on settings page - $HTTP["url"] =~ "/(teleporter|api_token)\.php$" { - $HTTP["referer"] =~ "/admin/settings\.php" { - setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) - } - } -} - -# Default expire header -expire.url = ( "" => "access plus 0 seconds" ) +include "/etc/lighttpd/conf.d/pihole-admin.conf" diff --git a/advanced/pihole-admin.conf b/advanced/pihole-admin.conf new file mode 100644 index 00000000..7d321831 --- /dev/null +++ b/advanced/pihole-admin.conf @@ -0,0 +1,75 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2017 Pi-hole, LLC (https://pi-hole.net) +# Network-wide ad blocking via your own hardware. +# +# Lighttpd config for Pi-hole +# +# This file is copyright under the latest version of the EUPL. +# Please see LICENSE file for your rights under this license. + +############################################################################### +# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. # +# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # +############################################################################### + +$HTTP["url"] =~ "^/admin/" { + server.document-root = "/var/www/html" + server.stream-response-body = 1 + fastcgi.server = ( + ".php" => ( + "localhost" => ( + "socket" => "/tmp/pihole-php-fastcgi.socket", + "bin-path" => "/usr/bin/php-cgi", + "min-procs" => 0, + "max-procs" => 1, + ) + ) + ) + + # X-Pi-hole is a response header for debugging using curl -I + # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >. + # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled) + # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code. + # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS). + # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains. + # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all. + setenv.add-response-header = ( + "X-Pi-hole" => "The Pi-hole Web interface is working!", + "X-Frame-Options" => "DENY", + "X-XSS-Protection" => "0", + "X-Content-Type-Options" => "nosniff", + "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';", + "X-Permitted-Cross-Domain-Policies" => "none", + "Referrer-Policy" => "same-origin" + ) + + # Block . files from being served, such as .git, .github, .gitignore + $HTTP["url"] =~ "^/admin/\." { + url.access-deny = ("") + } + + # allow teleporter and API qr code iframe on settings page + $HTTP["url"] =~ "/(teleporter|api_token)\.php$" { + $HTTP["referer"] =~ "/admin/settings\.php" { + setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + } + } +} +else $HTTP["url"] == "/admin" { + url.redirect = ("" => "/admin/") +} + +$HTTP["host"] == "pi.hole" { + $HTTP["url"] == "/" { + url.redirect = ("" => "/admin/") + } +} + +# (safe to enable after pihole ceases to support Debian 10 (Buster)) +# (For lighttpd 1.4.56+ which ignores duplicated server.modules entries) +#server.modules += ( +# "mod_access", +# "mod_redirect", +# "mod_fastcgi", +# "mod_setenv", +#) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 7462e2f0..39d7ced4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1416,6 +1416,20 @@ installConfigs() { if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}" fi + # Copy the config file to include for pihole admin interface + if [[ -d "/etc/lighttpd/conf.d" ]]; then + install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf /etc/lighttpd/conf.d/pihole-admin.conf + elif [[ -d "/etc/lighttpd/conf-available" ]]; then + conf=/etc/lighttpd/conf-available/15-pihole-admin.conf + install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf $conf + if is_command lighty-enable-mod ; then + lighty-enable-mod pihole-admin > /dev/null || true + fi + else + # lighttpd config include dir not found + printf " %b Warning: lighttpd config include dir not found\\n" "${INFO}" + printf " Please manually install pihole-admin.conf\\n" + fi # Make the directories if they do not exist and set the owners mkdir -p /run/lighttpd chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 0b516d0f..541c0a76 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -139,6 +139,19 @@ removeNoPurge() { ${SUDO} rm /etc/lighttpd/external.conf fi + # Fedora-based + if [[ -f /etc/lighttpd/conf.d/pihole-admin.conf ]]; then + ${SUDO} rm /etc/lighttpd/conf.d/pihole-admin.conf + fi + + # Debian-based + if [[ -f /etc/lighttpd/conf-available/pihole-admin.conf ]]; then + if is_command lighty-disable-mod ; then + ${SUDO} lighty-disable-mod pihole-admin > /dev/null || true + fi + ${SUDO} rm /etc/lighttpd/conf-available/15-pihole-admin.conf + fi + echo -e " ${TICK} Removed lighttpd configs" fi From 78f9e3842536d14f04acc093540c54b83fbcbd1e Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 18 Dec 2022 00:58:08 -0500 Subject: [PATCH 26/44] lighttpd: test for /etc/lighttpd/conf*/pihole-admin.conf Signed-off-by: Glenn Strauss --- test/test_any_automated_install.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 2ea619f7..0b039593 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -289,6 +289,24 @@ def test_installPihole_fresh_install_readableFiles(host): check_lighttpd = test_cmd.format("r", "/etc/lighttpd/lighttpd.conf", piholeuser) actual_rc = host.run(check_lighttpd).rc assert exit_status_success == actual_rc + # check readable /etc/lighttpd/conf*/pihole-admin.conf + check_lighttpd = test_cmd.format("r", "/etc/lighttpd/conf.d", piholeuser) + if host.run(check_lighttpd).rc == exit_status_success: + check_lighttpd = test_cmd.format( + "r", "/etc/lighttpd/conf.d/pihole-admin.conf", piholeuser + ) + actual_rc = host.run(check_lighttpd).rc + assert exit_status_success == actual_rc + else: + check_lighttpd = test_cmd.format( + "r", "/etc/lighttpd/conf-available", piholeuser + ) + if host.run(check_lighttpd).rc == exit_status_success: + check_lighttpd = test_cmd.format( + "r", "/etc/lighttpd/conf-available/15-pihole-admin.conf", piholeuser + ) + actual_rc = host.run(check_lighttpd).rc + assert exit_status_success == actual_rc # check readable and executable manpages if maninstalled is True: check_man = test_cmd.format("x", "/usr/local/share/man", piholeuser) From 0d5d3a1b2209bacbbdb09c069ce81cf2f3dafb28 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 14 Dec 2022 22:22:52 -0500 Subject: [PATCH 27/44] lighttpd: remove obsolete exclusion of letsencrypt.conf Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 706b00a8..0bc1ae11 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -72,7 +72,4 @@ include "external*.conf" # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port - -# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain -#include_shell "/usr/share/lighttpd/include-conf-enabled.pl" -include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null" +include "/etc/lighttpd/conf-enabled/*.conf" From c6342ed84c6b433019fb3277df662e0c02c22381 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Mon, 19 Dec 2022 02:52:29 -0500 Subject: [PATCH 28/44] lighttpd: do not overwrite /etc/lighttpd/lighttpd.conf Signed-off-by: Glenn Strauss --- advanced/pihole-admin.conf | 10 +--- automated install/basic-install.sh | 74 +++++++++++++++++------------- automated install/uninstall.sh | 11 +++++ test/test_any_automated_install.py | 2 +- 4 files changed, 57 insertions(+), 40 deletions(-) diff --git a/advanced/pihole-admin.conf b/advanced/pihole-admin.conf index 7d321831..8e3508da 100644 --- a/advanced/pihole-admin.conf +++ b/advanced/pihole-admin.conf @@ -65,11 +65,5 @@ $HTTP["host"] == "pi.hole" { } } -# (safe to enable after pihole ceases to support Debian 10 (Buster)) -# (For lighttpd 1.4.56+ which ignores duplicated server.modules entries) -#server.modules += ( -# "mod_access", -# "mod_redirect", -# "mod_fastcgi", -# "mod_setenv", -#) +# (keep this on one line for basic-install.sh filtering during install) +server.modules += ( "mod_access", "mod_redirect", "mod_fastcgi", "mod_setenv" ) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 39d7ced4..a65bbdc7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1401,42 +1401,63 @@ installConfigs() { # If the user chose to install the dashboard, if [[ "${INSTALL_WEB_SERVER}" == true ]]; then - # and if the Web server conf directory does not exist, - if [[ ! -d "/etc/lighttpd" ]]; then - # make it and set the owners - install -d -m 755 -o "${USER}" -g root /etc/lighttpd - # Otherwise, if the config file already exists - elif [[ -f "${lighttpdConfig}" ]]; then - # back up the original - mv "${lighttpdConfig}"{,.orig} - fi - # and copy in the config file Pi-hole needs - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" - # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config - if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then - sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}" + if grep -q -F "FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE" "${lighttpdConfig}"; then + # Attempt to preserve backwards compatibility with older versions + install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" + # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config + if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then + sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}" + fi + # Make the directories if they do not exist and set the owners + mkdir -p /run/lighttpd + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd + mkdir -p /var/cache/lighttpd/compress + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress + mkdir -p /var/cache/lighttpd/uploads + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads fi # Copy the config file to include for pihole admin interface if [[ -d "/etc/lighttpd/conf.d" ]]; then install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf /etc/lighttpd/conf.d/pihole-admin.conf + if grep -q -F 'include "/etc/lighttpd/conf.d/pihole-admin.conf"' "${lighttpdConfig}"; then + : + else + echo 'include "/etc/lighttpd/conf.d/pihole-admin.conf"' >> "${lighttpdConfig}" + fi + # Avoid some warnings trace from lighttpd, which might break tests + conf=/etc/lighttpd/conf.d/pihole-admin.conf + if lighttpd -f "${lighttpdConfig}" -tt 2>&1 | grep -q -F "WARNING: unknown config-key: dir-listing\."; then + echo '# Avoid some warnings trace from lighttpd, which might break tests' >> $conf + echo 'server.modules += ( "mod_dirlisting" )' >> $conf + fi + if lighttpd -f "${lighttpdConfig}" -tt 2>&1 | grep -q -F "warning: please use server.use-ipv6"; then + echo '# Avoid some warnings trace from lighttpd, which might break tests' >> $conf + echo 'server.use-ipv6 := "disable"' >> $conf + fi elif [[ -d "/etc/lighttpd/conf-available" ]]; then conf=/etc/lighttpd/conf-available/15-pihole-admin.conf install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf $conf + # disable server.modules += ( ... ) in $conf to avoid module dups + # (needed until Debian 10 no longer supported by pi-hole) + # (server.modules duplication is ignored in lighttpd 1.4.56+) + if awk '!/^server\.modules/{print}' $conf > $conf.$$ && mv $conf.$$ $conf; then + : + else + rm $conf.$$ + fi + chmod 644 $conf if is_command lighty-enable-mod ; then - lighty-enable-mod pihole-admin > /dev/null || true + lighty-enable-mod pihole-admin access redirect fastcgi setenv > /dev/null || true + else + # Otherwise, show info about installing them + printf " %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}" + printf " Please ensure fastcgi is enabled if you experience issues\\n" fi else # lighttpd config include dir not found printf " %b Warning: lighttpd config include dir not found\\n" "${INFO}" printf " Please manually install pihole-admin.conf\\n" fi - # Make the directories if they do not exist and set the owners - mkdir -p /run/lighttpd - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd - mkdir -p /var/cache/lighttpd/compress - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress - mkdir -p /var/cache/lighttpd/uploads - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads fi } @@ -1913,15 +1934,6 @@ installPihole() { # Give lighttpd access to the pihole group so the web interface can # manage the gravity.db database usermod -a -G pihole ${LIGHTTPD_USER} - # If the lighttpd command is executable, - if is_command lighty-enable-mod ; then - # enable fastcgi and fastcgi-php - lighty-enable-mod fastcgi fastcgi-php > /dev/null || true - else - # Otherwise, show info about installing them - printf " %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}" - printf " Please ensure fastcgi is enabled if you experience issues\\n" - fi fi fi # Install base files and web interface diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 541c0a76..c36027fc 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -131,6 +131,7 @@ removeNoPurge() { fi if package_check lighttpd > /dev/null; then + # Attempt to preserve backwards compatibility with older versions if [[ -f /etc/lighttpd/lighttpd.conf.orig ]]; then ${SUDO} mv /etc/lighttpd/lighttpd.conf.orig /etc/lighttpd/lighttpd.conf fi @@ -142,6 +143,16 @@ removeNoPurge() { # Fedora-based if [[ -f /etc/lighttpd/conf.d/pihole-admin.conf ]]; then ${SUDO} rm /etc/lighttpd/conf.d/pihole-admin.conf + conf=/etc/lighttpd/lighttpd.conf + tconf=/tmp/lighttpd.conf.$$ + if awk '!/^include "\/etc\/lighttpd\/conf\.d\/pihole-admin\.conf"$/{print}' \ + $conf > $tconf && mv $tconf $conf; then + : + else + rm $tconf + fi + ${SUDO} chown root:root $conf + ${SUDO} chmod 644 $conf fi # Debian-based diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 0b039593..98a9f8f7 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -416,7 +416,7 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage): usergroup="${{LIGHTTPD_USER}}:${{LIGHTTPD_GROUP}}", chmodarg="{{}}", config="/etc/lighttpd/lighttpd.conf", - run="/var/run/lighttpd", + run="/run/lighttpd", cache="/var/cache/lighttpd", uploads="/var/cache/lighttpd/uploads", compress="/var/cache/lighttpd/compress", From 539f9d4da07281cb25683dec9edafe7eb0d89e4c Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 14 Dec 2022 22:26:17 -0500 Subject: [PATCH 29/44] lighttpd: remove pihole block page error handler remove obsolete pihole block page error handler x-ref: Remove the advanced functionality of the 404 page (Blockpage) https://github.com/pi-hole/pi-hole/pull/3910 Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 1 - advanced/lighttpd.conf.fedora | 1 - 2 files changed, 2 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 0bc1ae11..06c284fe 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -26,7 +26,6 @@ server.modules = ( ) server.document-root = "/var/www/html" -server.error-handler-404 = "/pihole/index.php" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error-pihole.log" server.pid-file = "/run/lighttpd.pid" diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 05dfc7ec..04f3ee01 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -27,7 +27,6 @@ server.modules = ( ) server.document-root = "/var/www/html" -server.error-handler-404 = "/pihole/index.php" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error-pihole.log" server.pid-file = "/run/lighttpd.pid" From 34f45d011db3ca11ecc4b4de5b2a278d4eb0edba Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Thu, 15 Dec 2022 00:06:37 -0500 Subject: [PATCH 30/44] lighttpd: do not install obsolete 404 handler (/var/www/html/pihole/ dir and contents are still removed in uninstall) (/var/www/html/index.lighttpd.orig is still removed in uninstall) Signed-off-by: Glenn Strauss --- advanced/index.php | 81 ------------------------------ automated install/basic-install.sh | 29 ----------- test/test_any_automated_install.py | 22 -------- 3 files changed, 132 deletions(-) delete mode 100644 advanced/index.php diff --git a/advanced/index.php b/advanced/index.php deleted file mode 100644 index f3f2ce1c..00000000 --- a/advanced/index.php +++ /dev/null @@ -1,81 +0,0 @@ - "true") is configured in lighttpd, - // append $serverName to $authorizedHosts - array_push($authorizedHosts, $serverName); -} else if (!empty($_SERVER["VIRTUAL_HOST"])) { - // Append virtual hostname to $authorizedHosts - array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]); -} - -// Determine block page type -if ($serverName === "pi.hole" - || (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) { - // Redirect to Web Interface - header("Location: /admin"); - exit(); -} elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) { - // When directly browsing via IP or authorized hostname - // Render splash/landing page based off presence of $landPage file - // Unset variables so as to not be included in $landPage or $splashPage - unset($authorizedHosts); - // If $landPage file is present - if (is_file(getcwd()."/$landPage")) { - unset($serverName, $viewPort); // unset extra variables not to be included in $landpage - include $landPage; - exit(); - } - // If $landPage file was not present, Set Splash Page output - $splashPage = << - - - - - ● $serverName - - - - -
- Pi-hole logo -
-

Pi-hole: Your black hole for Internet advertisements

- Did you mean to go to the admin panel? -
- - -EOT; - exit($splashPage); -} - -header("HTTP/1.1 404 Not Found"); -exit(); -?> diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a65bbdc7..e29afad9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -82,7 +82,6 @@ PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update versi PI_HOLE_INSTALL_DIR="/opt/pihole" PI_HOLE_CONFIG_DIR="/etc/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" -PI_HOLE_404_DIR="${webroot}/pihole" FTL_CONFIG_FILE="${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" if [ -z "$useUpdateVars" ]; then useUpdateVars=false @@ -1404,10 +1403,6 @@ installConfigs() { if grep -q -F "FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE" "${lighttpdConfig}"; then # Attempt to preserve backwards compatibility with older versions install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" - # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config - if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then - sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}" - fi # Make the directories if they do not exist and set the owners mkdir -p /run/lighttpd chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd @@ -1708,30 +1703,6 @@ install_dependent_packages() { # Install the Web interface dashboard installPiholeWeb() { - printf "\\n %b Installing 404 page...\\n" "${INFO}" - - local str="Creating directory for 404 page, and copying files" - printf " %b %s..." "${INFO}" "${str}" - # Install the directory - install -d -m 0755 ${PI_HOLE_404_DIR} - # and the 404 handler - install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/index.php ${PI_HOLE_404_DIR}/ - - printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" - - local str="Backing up index.lighttpd.html" - printf " %b %s..." "${INFO}" "${str}" - # If the default index file exists, - if [[ -f "${webroot}/index.lighttpd.html" ]]; then - # back it up - mv ${webroot}/index.lighttpd.html ${webroot}/index.lighttpd.orig - printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" - else - # Otherwise, don't do anything - printf "%b %b %s\\n" "${OVER}" "${INFO}" "${str}" - printf " No default index.lighttpd.html file found... not backing up\\n" - fi - # Install Sudoers file local str="Installing sudoer file" printf "\\n %b %s..." "${INFO}" "${str}" diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 98a9f8f7..4dcb1737 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -129,20 +129,8 @@ def test_installPiholeWeb_fresh_install_no_errors(host): installPiholeWeb """ ) - expected_stdout = info_box + " Installing 404 page..." - assert expected_stdout in installWeb.stdout - expected_stdout = tick_box + ( - " Creating directory for 404 page, " "and copying files" - ) - assert expected_stdout in installWeb.stdout - expected_stdout = info_box + " Backing up index.lighttpd.html" - assert expected_stdout in installWeb.stdout - expected_stdout = "No default index.lighttpd.html file found... " "not backing up" - assert expected_stdout in installWeb.stdout expected_stdout = tick_box + " Installing sudoer file" assert expected_stdout in installWeb.stdout - web_directory = host.run("ls -r /var/www/html/pihole").stdout - assert "index.php" in web_directory def get_directories_recursive(host, directory): @@ -556,16 +544,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage): return bool(m) if installWebInterface is True: - check_pihole = test_cmd.format("r", webroot + "/pihole", webuser) - actual_rc = host.run(check_pihole).rc - assert exit_status_success == actual_rc - check_pihole = test_cmd.format("x", webroot + "/pihole", webuser) - actual_rc = host.run(check_pihole).rc - assert exit_status_success == actual_rc - # check most important files in $webroot for read permission - check_index = test_cmd.format("r", webroot + "/pihole/index.php", webuser) - actual_rc = host.run(check_index).rc - assert exit_status_success == actual_rc if test_webpage is True: # check webpage for unreadable files noPHPfopen = re.compile( From 12674c0824e07f321e28dc301d0ff1a8d6ae6f3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 22 Dec 2022 22:27:03 +0100 Subject: [PATCH 31/44] Shorten no merge conflict message MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/merge-conflict.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/merge-conflict.yml b/.github/workflows/merge-conflict.yml index 5674fca1..d86e9cd1 100644 --- a/.github/workflows/merge-conflict.yml +++ b/.github/workflows/merge-conflict.yml @@ -18,4 +18,4 @@ jobs: dirtyLabel: "PR: Merge Conflict" repoToken: "${{ secrets.GITHUB_TOKEN }}" commentOnDirty: "This pull request has conflicts, please resolve those before we can evaluate the pull request." - commentOnClean: "Conflicts have been resolved. A maintainer will review the pull request shortly." + commentOnClean: "Conflicts have been resolved." From 20ad03fe158b1bbe7623cf60030551efb396c4f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Dec 2022 10:00:43 +0000 Subject: [PATCH 32/44] Bump actions/stale from 6.0.1 to 7.0.0 Bumps [actions/stale](https://github.com/actions/stale) from 6.0.1 to 7.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v6.0.1...v7.0.0) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index a17d5a94..58a2e647 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: issues: write steps: - - uses: actions/stale@v6.0.1 + - uses: actions/stale@v7.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 30 From 2bb7c05ed1309e2dd4ae283583201ca4000db7d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Dec 2022 10:00:47 +0000 Subject: [PATCH 33/44] Bump actions/setup-python from 4.3.1 to 4.4.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.3.1...v4.4.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f4eaba55..ab89867b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -66,7 +66,7 @@ jobs: uses: actions/checkout@v3.2.0 - name: Set up Python 3.10 - uses: actions/setup-python@v4.3.1 + uses: actions/setup-python@v4.4.0 with: python-version: "3.10" From 64d0621d2b1f61f31478373f67d0c2ea1a7f6d8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 26 Dec 2022 12:15:16 +0100 Subject: [PATCH 34/44] Update and set test suite python dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/requirements.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/test/requirements.txt b/test/requirements.txt index 9315800c..1972e2ba 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,5 +1,6 @@ -docker-compose -pytest -pytest-xdist -pytest-testinfra -tox <= 4.0.12 +docker-compose == 1.29.2 +pytest == 7.2.0 +pytest-xdist == 3.1.0 +pytest-testinfra == 7.0.0 +tox == 4.0.17 + From 09977fdfec45511b4942a35ae8d6fad580728048 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Dec 2022 14:33:36 +0100 Subject: [PATCH 35/44] Add pihole tail [arg] to man page MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- manpages/pihole.8 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/manpages/pihole.8 b/manpages/pihole.8 index 11c21b28..1cf8ab35 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -23,7 +23,7 @@ Pi-hole : A black-hole for internet advertisements .br pihole -r .br -pihole -t +\fBpihole\fR \fB-t\fR [arg] .br pihole -g\fR .br @@ -113,11 +113,15 @@ Available commands and options: Reconfigure or Repair Pi-hole subsystems .br -\fB-t, tail\fR +\fB-t, tail\fR [arg] .br View the live output of the Pi-hole log .br + [arg] Optional argument to filter the log for + (regular expressions are supported) +.br + \fB-a, admin\fR [options] .br From f73b965fcd33c67e8822b572a4aef073feeed473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 29 Dec 2022 21:59:23 +0100 Subject: [PATCH 36/44] Create versions file before sourcing it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e29afad9..cf27e3ac 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2717,12 +2717,12 @@ main() { restart_service pihole-FTL - # Download and compile the aggregated block list - runGravity - # Update local and remote versions via updatechecker /opt/pihole/updatecheck.sh + # Download and compile the aggregated block list + runGravity + if [[ "${useUpdateVars}" == false ]]; then displayFinalMessage "${pw}" fi From d87cad76fb944c7439693f8d19f626de4bf1b2df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 4 Jan 2023 12:31:49 +0100 Subject: [PATCH 37/44] Tweak get_directories_recursive MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/test_any_automated_install.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 4dcb1737..c1288287 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -136,15 +136,9 @@ def test_installPiholeWeb_fresh_install_no_errors(host): def get_directories_recursive(host, directory): if directory is None: return directory - ls = host.run("ls -d {}".format(directory + "/*/")) - directories = list(filter(bool, ls.stdout.splitlines())) - dirs = directories - for dirval in directories: - dir_rec = get_directories_recursive(host, dirval) - if isinstance(dir_rec, str): - dirs.extend([dir_rec]) - else: - dirs.extend(dir_rec) + # returns all non-hidden subdirs of 'directory' + dirs_raw = host.run("find {} -type d -not -path '*/.*'".format(directory)) + dirs = list(filter(bool, dirs_raw.stdout.splitlines())) return dirs @@ -520,7 +514,7 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage): check_admin = test_cmd.format("x", webroot + "/admin", webuser) actual_rc = host.run(check_admin).rc assert exit_status_success == actual_rc - directories = get_directories_recursive(host, webroot + "/admin/*/") + directories = get_directories_recursive(host, webroot + "/admin/") for directory in directories: check_pihole = test_cmd.format("r", directory, webuser) actual_rc = host.run(check_pihole).rc From e05ef73011cb49b91d3fe6cd9618b8f3e6ead2c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Jan 2023 10:00:41 +0000 Subject: [PATCH 38/44] Bump actions/checkout from 3.2.0 to 3.3.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.2.0...v3.3.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/sync-back-to-dev.yml | 2 +- .github/workflows/test.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 41fd5b1b..5539cec9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.2.0 + uses: actions/checkout@v3.3.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/sync-back-to-dev.yml b/.github/workflows/sync-back-to-dev.yml index 889f9622..89b6323f 100644 --- a/.github/workflows/sync-back-to-dev.yml +++ b/.github/workflows/sync-back-to-dev.yml @@ -11,7 +11,7 @@ jobs: name: Syncing branches steps: - name: Checkout - uses: actions/checkout@v3.2.0 + uses: actions/checkout@v3.3.0 - name: Opening pull request run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal' env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ab89867b..40a92080 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3.2.0 + uses: actions/checkout@v3.3.0 - name: Check scripts in repository are executable run: | @@ -63,7 +63,7 @@ jobs: DISTRO: ${{matrix.distro}} steps: - name: Checkout repository - uses: actions/checkout@v3.2.0 + uses: actions/checkout@v3.3.0 - name: Set up Python 3.10 uses: actions/setup-python@v4.4.0 From d349a4640f95ab150de7666a684de2daf4c4984d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 12 Jan 2023 20:24:08 +0100 Subject: [PATCH 39/44] Remoce leftover from query.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/query.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index ae266ec0..d48e9363 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -77,7 +77,7 @@ fi # Strip valid options, leaving only the domain and invalid options # This allows users to place the options before or after the domain -options=$(sed -E 's/ ?-(adlists?|all|exact) ?//g' <<< "${options}") +options=$(sed -E 's/ ?-(all|exact) ?//g' <<< "${options}") # Handle remaining options # If $options contain non ASCII characters, convert to punycode From 4a53e56bd2adcdafeeb89b9783cc15bc0aee6fe4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Jan 2023 10:00:35 +0000 Subject: [PATCH 40/44] Bump actions/setup-python from 4.4.0 to 4.5.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 40a92080..cf84a28a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -66,7 +66,7 @@ jobs: uses: actions/checkout@v3.3.0 - name: Set up Python 3.10 - uses: actions/setup-python@v4.4.0 + uses: actions/setup-python@v4.5.0 with: python-version: "3.10" From c85e4227cf75ae99b0851b487c5baf95967bb67a Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Tue, 3 Jan 2023 17:07:34 -0300 Subject: [PATCH 41/44] Remove duplicated `fastcgi.server` config Signed-off-by: RD WebDesign --- advanced/pihole-admin.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/advanced/pihole-admin.conf b/advanced/pihole-admin.conf index 8e3508da..1cd3da91 100644 --- a/advanced/pihole-admin.conf +++ b/advanced/pihole-admin.conf @@ -15,6 +15,7 @@ $HTTP["url"] =~ "^/admin/" { server.document-root = "/var/www/html" server.stream-response-body = 1 + fastcgi.server = ( ".php" => ( "localhost" => ( @@ -22,6 +23,14 @@ $HTTP["url"] =~ "^/admin/" { "bin-path" => "/usr/bin/php-cgi", "min-procs" => 0, "max-procs" => 1, + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "4", + "PHP_FCGI_MAX_REQUESTS" => "10000", + ), + "bin-copy-environment" => ( + "PATH", "SHELL", "USER" + ), + "broken-scriptfilename" => "enable", ) ) ) From be8f25f8b8ad3ea82f79d090d1734321405820d4 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Tue, 10 Jan 2023 15:57:20 -0300 Subject: [PATCH 42/44] Adding errorlog and accesslog options Signed-off-by: RD WebDesign --- advanced/pihole-admin.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advanced/pihole-admin.conf b/advanced/pihole-admin.conf index 1cd3da91..2809d339 100644 --- a/advanced/pihole-admin.conf +++ b/advanced/pihole-admin.conf @@ -12,9 +12,13 @@ # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # ############################################################################### +server.errorlog := "/var/log/lighttpd/error-pihole.log" + $HTTP["url"] =~ "^/admin/" { server.document-root = "/var/www/html" server.stream-response-body = 1 + accesslog.filename = "/var/log/lighttpd/access-pihole.log" + accesslog.format = "%{%s}t|%h|%V|%r|%s|%b" fastcgi.server = ( ".php" => ( From 318ee3b7d3490550337f60da47f0e9539285030b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Jan 2023 17:54:02 +0000 Subject: [PATCH 43/44] Bump tox from 4.0.17 to 4.2.8 in /test Bumps [tox](https://github.com/tox-dev/tox) from 4.0.17 to 4.2.8. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/4.0.17...4.2.8) --- updated-dependencies: - dependency-name: tox dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements.txt b/test/requirements.txt index 1972e2ba..c681142b 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -2,5 +2,5 @@ docker-compose == 1.29.2 pytest == 7.2.0 pytest-xdist == 3.1.0 pytest-testinfra == 7.0.0 -tox == 4.0.17 +tox == 4.2.8 From eb1f2ac01c7dd19ad74973fc87106160289204f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Jan 2023 18:08:40 +0000 Subject: [PATCH 44/44] Bump pytest from 7.2.0 to 7.2.1 in /test Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.2.0 to 7.2.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.2.0...7.2.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- test/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements.txt b/test/requirements.txt index c681142b..e891242c 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,5 +1,5 @@ docker-compose == 1.29.2 -pytest == 7.2.0 +pytest == 7.2.1 pytest-xdist == 3.1.0 pytest-testinfra == 7.0.0 tox == 4.2.8