From 49cf5bb221240525eea956cfdbd44de5ea5dd25b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 6 Feb 2025 21:26:14 +0100 Subject: [PATCH 01/23] Remove 'reconfigure' option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/update.sh | 2 +- advanced/bash-completion/pihole | 2 +- automated install/basic-install.sh | 52 +++++++++++------------------- pihole | 10 +++--- 4 files changed, 26 insertions(+), 40 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 9ea63b4c..6c6167c0 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -218,7 +218,7 @@ main() { fi if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ + ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --repair --unattended || \ echo -e "${basicError}" && exit 1 fi diff --git a/advanced/bash-completion/pihole b/advanced/bash-completion/pihole index 4343cf92..cf99ab73 100644 --- a/advanced/bash-completion/pihole +++ b/advanced/bash-completion/pihole @@ -7,7 +7,7 @@ _pihole() { case "${prev}" in "pihole") - opts="allow allow-regex allow-wild deny checkout debug disable enable flush help logging query reconfigure regex reloaddns reloadlists status tail uninstall updateGravity updatePihole version wildcard arpflush api" + opts="allow allow-regex allow-wild deny checkout debug disable enable flush help logging query repair regex reloaddns reloadlists status tail uninstall updateGravity updatePihole version wildcard arpflush api" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) ;; "allow"|"deny"|"wildcard"|"regex"|"allow-regex"|"allow-wild") diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 8b21ccf7..744f9d2c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -142,12 +142,12 @@ EOM ######## Undocumented Flags. Shhh ######## # These are undocumented flags; some of which we can use when repairing an installation # The runUnattended flag is one example of this -reconfigure=false +repair=false runUnattended=false # Check arguments for the undocumented flags for var in "$@"; do case "$var" in - "--reconfigure") reconfigure=true ;; + "--repair") repair=true ;; "--unattended") runUnattended=true ;; esac done @@ -1111,7 +1111,7 @@ setPrivacyLevel() { # A function to display a list of example blocklists for users to select chooseBlocklists() { - # Back up any existing adlist file, on the off chance that it exists. Useful in case of a reconfigure. + # Back up any existing adlist file, on the off chance that it exists. if [[ -f "${adlistFile}" ]]; then mv "${adlistFile}" "${adlistFile}.old" fi @@ -1787,21 +1787,12 @@ displayFinalMessage() { \\n${additional}" "${r}" "${c}" } -update_dialogs() { - # If pihole -r "reconfigure" option was selected, - if [[ "${reconfigure}" = true ]]; then - # set some variables that will be used - opt1a="Repair" - opt1b="This will retain existing settings" - strAdd="You will remain on the same version" - else - # Otherwise, set some variables with different values - opt1a="Update" - opt1b="This will retain existing settings." - strAdd="You will be updated to the latest version." - fi - opt2a="Reconfigure" - opt2b="Resets Pi-hole and allows re-selecting settings." +repair_dialog() { + # pihole -r/--repair option was selected + # set some variables that will be used + opt1a="Repair" + opt1b="This will retain existing settings" + strAdd="You will remain on the same version" # Display the information to the user UpdateCmd=$(dialog --no-shadow --keep-tite --output-fd 1 \ @@ -1810,9 +1801,8 @@ update_dialogs() { --menu "\\n\\nWe have detected an existing install.\ \\n\\nPlease choose from the following options:\ \\n($strAdd)" \ - "${r}" "${c}" 2 \ - "${opt1a}" "${opt1b}" \ - "${opt2a}" "${opt2b}") || result=$? + "${r}" "${c}" 1 \ + "${opt1a}" "${opt1b}") || result=$? case ${result} in "${DIALOG_CANCEL}" | "${DIALOG_ESC}") @@ -1823,16 +1813,11 @@ update_dialogs() { # Set the variable based on if the user chooses case ${UpdateCmd} in - # repair, or + # repair "${opt1a}") printf " %b %s option selected\\n" "${INFO}" "${opt1a}" useUpdateVars=true ;; - # reconfigure, - "${opt2a}") - printf " %b %s option selected\\n" "${INFO}" "${opt2a}" - useUpdateVars=false - ;; esac } @@ -1923,9 +1908,9 @@ checkout_pull_branch() { } clone_or_update_repos() { - # If the user wants to reconfigure, - if [[ "${reconfigure}" == true ]]; then - printf " %b Performing reconfiguration, skipping download of local repos\\n" "${INFO}" + # If the user wants to repair/update, + if [[ "${repair}" == true ]]; then + printf " %b Resetting local repos\\n" "${INFO}" # Reset the Core repo resetRepo ${PI_HOLE_LOCAL_REPO} || { @@ -1938,7 +1923,7 @@ clone_or_update_repos() { printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_LIGHT_RED}" "${webInterfaceDir}" "${COL_NC}" exit 1 } - # Otherwise, a repair is happening + # Otherwise, a fresh installation is happening else # so get git files for Core getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} || @@ -2455,8 +2440,9 @@ main() { # also disable debconf-apt-progress dialogs export DEBIAN_FRONTEND="noninteractive" else - # If running attended, show the available options (repair/reconfigure) - update_dialogs + # If running attended, show the available options (repair/cancel) + # if repair is selected useUpdateVars will be 'true' + repair_dialog fi fi diff --git a/pihole b/pihole index 6424c793..39cb3070 100755 --- a/pihole +++ b/pihole @@ -107,11 +107,11 @@ updatePiholeFunc() { fi } -reconfigurePiholeFunc() { +repairPiholeFunc() { if [ -n "${DOCKER_VERSION}" ]; then unsupportedFunc else - /etc/.pihole/automated\ install/basic-install.sh --reconfigure + /etc/.pihole/automated\ install/basic-install.sh --repair exit 0; fi } @@ -476,7 +476,7 @@ Debugging Options: Add '-c' or '--check-database' to include a Pi-hole database integrity check Add '-a' to automatically upload the log to tricorder.pi-hole.net -f, flush Flush the Pi-hole log - -r, reconfigure Reconfigure or Repair Pi-hole subsystems + -r, repair Repair Pi-hole subsystems -t, tail [arg] View the live output of the Pi-hole log. Add an optional argument to filter the log (regular expressions are supported) @@ -533,7 +533,7 @@ case "${1}" in "--allow-wild" | "allow-wild" ) need_root=0;; "-f" | "flush" ) ;; "-up" | "updatePihole" ) ;; - "-r" | "reconfigure" ) ;; + "-r" | "repair" ) ;; "-l" | "logging" ) ;; "uninstall" ) ;; "enable" ) need_root=0;; @@ -576,7 +576,7 @@ case "${1}" in "-d" | "debug" ) debugFunc "$@";; "-f" | "flush" ) flushFunc "$@";; "-up" | "updatePihole" ) updatePiholeFunc "$@";; - "-r" | "reconfigure" ) reconfigurePiholeFunc;; + "-r" | "repair" ) repairPiholeFunc;; "-g" | "updateGravity" ) updateGravityFunc "$@";; "-l" | "logging" ) piholeLogging "$@";; "uninstall" ) uninstallFunc;; From dfc2b32248bd0d74e68e4879a5f8fa331b77e46e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 6 Feb 2025 21:55:08 +0100 Subject: [PATCH 02/23] Use better function name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 744f9d2c..05219357 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1907,7 +1907,7 @@ checkout_pull_branch() { return 0 } -clone_or_update_repos() { +clone_or_reset_repos() { # If the user wants to repair/update, if [[ "${repair}" == true ]]; then printf " %b Resetting local repos\\n" "${INFO}" @@ -2469,8 +2469,8 @@ main() { # Setup adlist file if not exists installDefaultBlocklists fi - # Download or update the scripts by updating the appropriate git repos - clone_or_update_repos + # Download or reset the appropriate git repos depending on the 'repair' flag + clone_or_reset_repos # Create the pihole user From cd269cbca11d39201454bea33d0476fe4180d6fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 21 Feb 2025 22:02:03 +0100 Subject: [PATCH 03/23] If there are no files to change, don't print an error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 0a34599b..493f2b15 100755 --- a/gravity.sh +++ b/gravity.sh @@ -1082,7 +1082,7 @@ migrate_to_listsCache_dir() { fi # Update the list's paths in the corresponding .sha1 files to the new location - sed -i "s|${piholeDir}/|${listsCacheDir}/|g" "${listsCacheDir}"/*.sha1 + sed -i "s|${piholeDir}/|${listsCacheDir}/|g" "${listsCacheDir}"/*.sha1 2>/dev/null } helpFunc() { From cadee26dba433ec1ef6153329acb5fcac1af9fc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 22 Feb 2025 13:48:55 +0100 Subject: [PATCH 04/23] Improve dig error handlin in api.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/api.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index c9c2dd49..b8c7fe99 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -34,6 +34,12 @@ TestAPIAvailability() { exit 1 fi + # If an error occurred, the variable starts with ;; + if [ "${chaos_api_list#;;}" != "${chaos_api_list}" ]; then + echo "Communication error. Is FTL running?" + exit 1 + fi + # Iterate over space-separated list of URLs while [ -n "${chaos_api_list}" ]; do # Get the first URL From 5da5d0d4c16d96f1cae9fb56f85d1e49a104d9d7 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 23 Feb 2025 08:50:08 +0100 Subject: [PATCH 05/23] Use temp_store = FILE to avoid memory exhaustion on build the tree for very large databases Signed-off-by: DL6ER --- gravity.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 0a34599b..18a5c901 100755 --- a/gravity.sh +++ b/gravity.sh @@ -92,7 +92,8 @@ gravity_build_tree() { echo -ne " ${INFO} ${str}..." # The index is intentionally not UNIQUE as poor quality adlists may contain domains more than once - output=$({ pihole-FTL sqlite3 -ni "${gravityTEMPfile}" "CREATE INDEX idx_gravity ON gravity (domain, adlist_id);"; } 2>&1) + # We use temp_store = FILE to avoid memory exhaustion on large databases + output=$({ pihole-FTL sqlite3 -ni "${gravityTEMPfile}" "PRAGMA temp_store = FILE; CREATE INDEX idx_gravity ON gravity (domain, adlist_id);"; } 2>&1) status="$?" if [[ "${status}" -ne 0 ]]; then From 729a44f82ae1e21b6c8906490e46deb7591613b8 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Sun, 23 Feb 2025 15:48:32 +0100 Subject: [PATCH 06/23] Do not hide error messages when dealing with services If service start/stop/restart/enable/disable fails, it help to debug the issue, if STDERR is not hidden, hence the error message can be seen. systemctl furthermore has the `-q` option to suppress non-error output. It works as well for "is-enabled", but until a certain systemd version still throws an error, if the checked service does not exist at all. Once Debian Bullseye support is dropped by Pi-hole, also STDERR form systemctl is-enabled does not need to be suppressed anymore. Signed-off-by: MichaIng --- automated install/basic-install.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4a1df70c..8b4425bc 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1355,9 +1355,9 @@ stop_service() { local str="Stopping ${1} service" printf " %b %s..." "${INFO}" "${str}" if is_command systemctl; then - systemctl stop "${1}" &>/dev/null || true + systemctl -q stop "${1}" || true else - service "${1}" stop &>/dev/null || true + service "${1}" stop >/dev/null || true fi printf "%b %b %s...\\n" "${OVER}" "${TICK}" "${str}" } @@ -1370,10 +1370,10 @@ restart_service() { # If systemctl exists, if is_command systemctl; then # use that to restart the service - systemctl restart "${1}" &>/dev/null + systemctl -q restart "${1}" else # Otherwise, fall back to the service command - service "${1}" restart &>/dev/null + service "${1}" restart >/dev/null fi printf "%b %b %s...\\n" "${OVER}" "${TICK}" "${str}" } @@ -1386,10 +1386,10 @@ enable_service() { # If systemctl exists, if is_command systemctl; then # use that to enable the service - systemctl enable "${1}" &>/dev/null + systemctl -q enable "${1}" else # Otherwise, use update-rc.d to accomplish this - update-rc.d "${1}" defaults &>/dev/null + update-rc.d "${1}" defaults >/dev/null fi printf "%b %b %s...\\n" "${OVER}" "${TICK}" "${str}" } @@ -1402,10 +1402,10 @@ disable_service() { # If systemctl exists, if is_command systemctl; then # use that to disable the service - systemctl disable "${1}" &>/dev/null + systemctl -q disable "${1}" else # Otherwise, use update-rc.d to accomplish this - update-rc.d "${1}" disable &>/dev/null + update-rc.d "${1}" disable >/dev/null fi printf "%b %b %s...\\n" "${OVER}" "${TICK}" "${str}" } @@ -1414,7 +1414,7 @@ check_service_active() { # If systemctl exists, if is_command systemctl; then # use that to check the status of the service - systemctl is-enabled "${1}" &>/dev/null + systemctl -q is-enabled "${1}" 2>/dev/null else # Otherwise, fall back to service command service "${1}" status &>/dev/null @@ -1999,7 +1999,7 @@ FTLinstall() { curl -sSL "https://ftl.pi-hole.net/macvendor.db" -o "${PI_HOLE_CONFIG_DIR}/macvendor.db" || true # Stop pihole-FTL service if available - stop_service pihole-FTL &>/dev/null + stop_service pihole-FTL >/dev/null # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL From a0541dd7fbd04bc1e758634a2ab34301cf43be4d Mon Sep 17 00:00:00 2001 From: Jeroen Habets Date: Mon, 24 Feb 2025 10:45:17 +0100 Subject: [PATCH 07/23] Update README.md Fix Text+URL for allowlisting/denylisting. Keep former terms for when people search for them. Signed-off-by: Jeroen Habets --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7eb1fb3a..fddd3d2d 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,7 @@ The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the Some notable features include: -- [Whitelisting, Blacklisting, and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex) +- [Allowlisting, Denylisting (fka Whitelisting, Blacklisting), and Regex](https://docs.pi-hole.net/core/pihole-command/#allowlisting-denylisting-and-regex) - [Debugging utility](https://docs.pi-hole.net/core/pihole-command/#debugger) - [Viewing the live log file](https://docs.pi-hole.net/core/pihole-command/#tail) - [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity) From b59ab5852ae31ec8f8d642593193bfbf646372e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 24 Feb 2025 15:59:11 +0100 Subject: [PATCH 08/23] Add missing trailing / when setting permissions of /etc/pihole MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Templates/pihole-FTL-prestart.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index c604d5d4..f0bbe09a 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -25,7 +25,7 @@ chmod 0755 /etc/pihole /var/log/pihole # allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) # credits https://stackoverflow.com/a/11512211 -find /etc/pihole -type d -exec chmod 0755 {} \; +find /etc/pihole/ -type d -exec chmod 0755 {} \; # Touch files to ensure they exist (create if non-existing, preserve if existing) [ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" From e70981d80f3f9d4c42a5bbb74651ae2ed489e6da Mon Sep 17 00:00:00 2001 From: MichaIng Date: Mon, 24 Feb 2025 17:01:17 +0100 Subject: [PATCH 09/23] Do not overwrite TLS cert/key mode FTL correctly creates the cert and especially private key with 0600 mode. But the prestart scripts changes it to 0660. After removing the dedicated webserver from Pi-hole setups, the pihole group has no purpose anymore, and files should not be writable to any other user than pihole itself, and the private TLS key not reasable to anyone else either. Additionally, this commit consolidates the chmod calls, applying 0755 to all directories and 0640 to all files, but the TLS key and cert. Signed-off-by: MichaIng --- advanced/Templates/pihole-FTL-prestart.sh | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) mode change 100755 => 100644 advanced/Templates/pihole-FTL-prestart.sh diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh old mode 100755 new mode 100644 index f0bbe09a..ab449dfe --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -10,22 +10,14 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" FTL_PID_FILE="$(getFTLConfigValue files.pid)" # Ensure that permissions are set so that pihole-FTL can edit all necessary files -# shellcheck disable=SC2174 -mkdir -pm 0640 /var/log/pihole +mkdir -p /var/log/pihole chown -R pihole:pihole /etc/pihole /var/log/pihole -chmod -R 0640 /var/log/pihole -chmod -R 0660 /etc/pihole +find /etc/pihole /var/log/pihole -type d -exec chmod 0755 {} + +find /etc/pihole /var/log/pihole -type f ! \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0640 {} + +find /etc/pihole /var/log/pihole -type f -name '*.pem' -o -name '*.crt' -exec chmod 0600 {} + -# Logrotate config file need to be owned by root and must not be writable by group and others +# Logrotate config file need to be owned by root chown root:root /etc/pihole/logrotate -chmod 0644 /etc/pihole/logrotate - -# allow all users to enter the directories -chmod 0755 /etc/pihole /var/log/pihole - -# allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) -# credits https://stackoverflow.com/a/11512211 -find /etc/pihole/ -type d -exec chmod 0755 {} \; # Touch files to ensure they exist (create if non-existing, preserve if existing) [ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" From 65bcb24d0e461ddc87665b1f5f6a4e99f8446a5b Mon Sep 17 00:00:00 2001 From: MichaIng Date: Mon, 24 Feb 2025 17:28:33 +0100 Subject: [PATCH 10/23] Fix test Do not check whether the pihole user can read /etc/pihole/logrotate. It needs to be readable by root only, which is always true. Signed-off-by: MichaIng --- test/test_any_automated_install.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 73da7eef..c656fe88 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -127,10 +127,6 @@ def test_installPihole_fresh_install_readableFiles(host): check_localversion = test_cmd.format("r", "/etc/pihole/versions", piholeuser) actual_rc = host.run(check_localversion).rc assert exit_status_success == actual_rc - # readable logrotate - check_logrotate = test_cmd.format("r", "/etc/pihole/logrotate", piholeuser) - actual_rc = host.run(check_logrotate).rc - assert exit_status_success == actual_rc # readable macvendor.db check_macvendor = test_cmd.format("r", "/etc/pihole/macvendor.db", piholeuser) actual_rc = host.run(check_macvendor).rc From 0b380d671d273d529e6a0cece9fca7b7dc6e2e77 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Mon, 24 Feb 2025 17:34:32 +0100 Subject: [PATCH 11/23] Follow symlinks with find Incorporating https://github.com/pi-hole/pi-hole/pull/5997 Signed-off-by: MichaIng --- advanced/Templates/pihole-FTL-prestart.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) mode change 100644 => 100755 advanced/Templates/pihole-FTL-prestart.sh diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh old mode 100644 new mode 100755 index ab449dfe..8855481b --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -12,9 +12,9 @@ FTL_PID_FILE="$(getFTLConfigValue files.pid)" # Ensure that permissions are set so that pihole-FTL can edit all necessary files mkdir -p /var/log/pihole chown -R pihole:pihole /etc/pihole /var/log/pihole -find /etc/pihole /var/log/pihole -type d -exec chmod 0755 {} + -find /etc/pihole /var/log/pihole -type f ! \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0640 {} + -find /etc/pihole /var/log/pihole -type f -name '*.pem' -o -name '*.crt' -exec chmod 0600 {} + +find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + +find /etc/pihole/ /var/log/pihole/ -type f ! \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0640 {} + +find /etc/pihole/ /var/log/pihole/ -type f -name '*.pem' -o -name '*.crt' -exec chmod 0600 {} + # Logrotate config file need to be owned by root chown root:root /etc/pihole/logrotate From 232d581916aef4828288e5045e65263fc47b3519 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Wed, 26 Feb 2025 12:25:51 +0100 Subject: [PATCH 12/23] Re-add comment about execute bit on directory Co-authored-by: Dominik Signed-off-by: MichaIng --- advanced/Templates/pihole-FTL-prestart.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 8855481b..5c6bd909 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -12,6 +12,7 @@ FTL_PID_FILE="$(getFTLConfigValue files.pid)" # Ensure that permissions are set so that pihole-FTL can edit all necessary files mkdir -p /var/log/pihole chown -R pihole:pihole /etc/pihole /var/log/pihole +# allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + find /etc/pihole/ /var/log/pihole/ -type f ! \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0640 {} + find /etc/pihole/ /var/log/pihole/ -type f -name '*.pem' -o -name '*.crt' -exec chmod 0600 {} + From 83a38bb71d3cf849b8e968eb56b9404a42675395 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Wed, 26 Feb 2025 12:26:50 +0100 Subject: [PATCH 13/23] Add comment about file permissions Co-authored-by: Dominik Signed-off-by: MichaIng --- advanced/Templates/pihole-FTL-prestart.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 5c6bd909..07b28bbb 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -14,6 +14,7 @@ mkdir -p /var/log/pihole chown -R pihole:pihole /etc/pihole /var/log/pihole # allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + +# Set all files (except TLS-related ones) to u+rw g+r find /etc/pihole/ /var/log/pihole/ -type f ! \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0640 {} + find /etc/pihole/ /var/log/pihole/ -type f -name '*.pem' -o -name '*.crt' -exec chmod 0600 {} + From ad6a48b219ea24cb7069eff10e698c16cf80534d Mon Sep 17 00:00:00 2001 From: MichaIng Date: Wed, 26 Feb 2025 20:59:32 +0100 Subject: [PATCH 14/23] Add comment about TLS-related file permissions Co-authored-by: Dominik Signed-off-by: MichaIng --- advanced/Templates/pihole-FTL-prestart.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 07b28bbb..1abafd28 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -16,6 +16,7 @@ chown -R pihole:pihole /etc/pihole /var/log/pihole find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + # Set all files (except TLS-related ones) to u+rw g+r find /etc/pihole/ /var/log/pihole/ -type f ! \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0640 {} + +# Set TLS-related files to a more restrictive u+rw *only* (they may contain private keys) find /etc/pihole/ /var/log/pihole/ -type f -name '*.pem' -o -name '*.crt' -exec chmod 0600 {} + # Logrotate config file need to be owned by root From d1b5f95aa7c4ac88c6e9dd26dc0c30351e779800 Mon Sep 17 00:00:00 2001 From: UltChowsk Date: Wed, 26 Feb 2025 20:37:13 -0500 Subject: [PATCH 15/23] Removing kernel check based on discussion in Pi-Hole PR pi-hole#5957. Signed-off-by: UltChowsk --- automated install/basic-install.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 3bf14cc5..76c5765b 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1476,17 +1476,12 @@ notify_package_updates_available() { # Store the list of packages in a variable updatesToInstall=$(eval "${PKG_COUNT}") - if [[ -d "/lib/modules/$(uname -r)" ]]; then if [[ "${updatesToInstall}" -eq 0 ]]; then printf "%b %b %s... up to date!\\n\\n" "${OVER}" "${TICK}" "${str}" else printf "%b %b %s... %s updates available\\n" "${OVER}" "${TICK}" "${str}" "${updatesToInstall}" printf " %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}" fi - else - printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " Kernel update detected. If the install fails, please reboot and try again\\n" - fi } install_dependent_packages() { From 869411a51440cb236ff6d076a798cb58032ec02e Mon Sep 17 00:00:00 2001 From: UltChowsk Date: Thu, 27 Feb 2025 06:23:56 -0500 Subject: [PATCH 16/23] Fixing whitespaces after removing lines. Signed-off-by: UltChowsk --- automated install/basic-install.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 76c5765b..96ed17b2 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1476,12 +1476,12 @@ notify_package_updates_available() { # Store the list of packages in a variable updatesToInstall=$(eval "${PKG_COUNT}") - if [[ "${updatesToInstall}" -eq 0 ]]; then - printf "%b %b %s... up to date!\\n\\n" "${OVER}" "${TICK}" "${str}" - else - printf "%b %b %s... %s updates available\\n" "${OVER}" "${TICK}" "${str}" "${updatesToInstall}" - printf " %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}" - fi + if [[ "${updatesToInstall}" -eq 0 ]]; then + printf "%b %b %s... up to date!\\n\\n" "${OVER}" "${TICK}" "${str}" + else + printf "%b %b %s... %s updates available\\n" "${OVER}" "${TICK}" "${str}" "${updatesToInstall}" + printf " %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}" + fi } install_dependent_packages() { From 7282aada25704631987ed35ffbf5c5bdb7412404 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 28 Feb 2025 11:51:09 +0100 Subject: [PATCH 17/23] Don't show a warning before the repair is done MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 44 ++---------------------------- 1 file changed, 3 insertions(+), 41 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 05219357..1d154cfe 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1787,40 +1787,6 @@ displayFinalMessage() { \\n${additional}" "${r}" "${c}" } -repair_dialog() { - # pihole -r/--repair option was selected - # set some variables that will be used - opt1a="Repair" - opt1b="This will retain existing settings" - strAdd="You will remain on the same version" - - # Display the information to the user - UpdateCmd=$(dialog --no-shadow --keep-tite --output-fd 1 \ - --cancel-label Exit \ - --title "Existing Install Detected!" \ - --menu "\\n\\nWe have detected an existing install.\ -\\n\\nPlease choose from the following options:\ -\\n($strAdd)" \ - "${r}" "${c}" 1 \ - "${opt1a}" "${opt1b}") || result=$? - - case ${result} in - "${DIALOG_CANCEL}" | "${DIALOG_ESC}") - printf " %b Cancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" - exit 1 - ;; - esac - - # Set the variable based on if the user chooses - case ${UpdateCmd} in - # repair - "${opt1a}") - printf " %b %s option selected\\n" "${INFO}" "${opt1a}" - useUpdateVars=true - ;; - esac -} - check_download_exists() { # Check if the download exists and we can reach the server local status=$(curl --head --silent "https://ftl.pi-hole.net/${1}" | head -n 1) @@ -2430,19 +2396,15 @@ main() { exit 1 fi - # in case of an update (can be a v5 -> v6 or v6 -> v6 update) + # in case of an update (can be a v5 -> v6 or v6 -> v6 update) or repair if [[ -f "${PI_HOLE_V6_CONFIG}" ]] || [[ -f "/etc/pihole/setupVars.conf" ]]; then + # retain settings + useUpdateVars=true # if it's running unattended, if [[ "${runUnattended}" == true ]]; then printf " %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}" - # Use the setup variables - useUpdateVars=true # also disable debconf-apt-progress dialogs export DEBIAN_FRONTEND="noninteractive" - else - # If running attended, show the available options (repair/cancel) - # if repair is selected useUpdateVars will be 'true' - repair_dialog fi fi From a9650ae28736aedd62680f4f705525021185d519 Mon Sep 17 00:00:00 2001 From: Karol Kania <44871508+karolkania@users.noreply.github.com> Date: Fri, 28 Feb 2025 12:52:07 +0100 Subject: [PATCH 18/23] Update gravity.sh fix the `if statement` that doesn't seem to work for neither of alpine's ash / bash - applying some workaround with the `stat` command Signed-off-by: Karol Kania <44871508+karolkania@users.noreply.github.com> --- gravity.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index 0a34599b..cc8c6ba1 100755 --- a/gravity.sh +++ b/gravity.sh @@ -541,14 +541,18 @@ gravity_DownloadBlocklists() { # it (in case it doesn't exist) # First, check if the directory is writable directory="$(dirname -- "${saveLocation}")" - if [ ! -w "${directory}" ]; then + directory_permissions=$(stat -c %a ${directory}) + # echo "directory_permissions: ${directory_permissions}" + if [ $directory_permissions -lt 700 ]; then echo -e " ${CROSS} Unable to write to ${directory}" echo " Please run pihole -g as root" echo "" continue fi # Then, check if the file is writable (if it exists) - if [ -e "${saveLocation}" ] && [ ! -w "${saveLocation}" ]; then + saveLocation_permissions=$(stat -c %a ${saveLocation}) + # echo "saveLocation_permissions: ${saveLocation_permissions}" + if [ -e "${saveLocation}" ] && [ ${saveLocation_permissions} -lt 600 ]; then echo -e " ${CROSS} Unable to write to ${saveLocation}" echo " Please run pihole -g as root" echo "" From 887475795897b038879fa9a33a888203869462d9 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 28 Feb 2025 21:29:33 +0000 Subject: [PATCH 19/23] Start by renaming useUpdateVars to fresh_install and flipping the logic, the old name is not relevant any more Signed-off-by: Adam Warner --- automated install/basic-install.sh | 13 ++++--------- test/test_any_automated_install.py | 4 ++-- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d18d4e88..f78f0c02 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -81,9 +81,7 @@ PI_HOLE_INSTALL_DIR="/opt/pihole" PI_HOLE_CONFIG_DIR="/etc/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" PI_HOLE_V6_CONFIG="${PI_HOLE_CONFIG_DIR}/pihole.toml" -if [ -z "$useUpdateVars" ]; then - useUpdateVars=false -fi +fresh_install=true adlistFile="/etc/pihole/adlists.list" # Pi-hole needs an IP address; to begin, these variables are empty since we don't know what the IP is until this script can run @@ -93,7 +91,6 @@ IPV6_ADDRESS=${IPV6_ADDRESS} QUERY_LOGGING= WEBPORT= PRIVACY_LEVEL= -v5_to_v6_update=false # Where old configs go to if a v6 migration is performed V6_CONF_MIGRATION_DIR="/etc/pihole/migration_backup_v6" @@ -2290,8 +2287,6 @@ migrate_dnsmasq_configs() { # Print a blank line for separation printf "\\n" - - v5_to_v6_update=true } # Check for availability of either the "service" or "systemctl" commands @@ -2384,7 +2379,7 @@ main() { # in case of an update (can be a v5 -> v6 or v6 -> v6 update) or repair if [[ -f "${PI_HOLE_V6_CONFIG}" ]] || [[ -f "/etc/pihole/setupVars.conf" ]]; then # retain settings - useUpdateVars=true + fresh_install=false # if it's running unattended, if [[ "${runUnattended}" == true ]]; then printf " %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}" @@ -2393,7 +2388,7 @@ main() { fi fi - if [[ "${useUpdateVars}" == false ]]; then + if [[ "${fresh_install}" == true ]]; then # Display welcome dialogs welcomeDialogs # Create directory for Pi-hole storage (/etc/pihole/) @@ -2512,7 +2507,7 @@ main() { printf " %b This can be changed using 'pihole setpassword'\\n\\n" "${INFO}" fi - if [[ "${useUpdateVars}" == false ]]; then + if [[ "${fresh_install}" == true ]]; then # Get the Web interface port, return only the first port and strip all non-numeric characters WEBPORT=$(getFTLConfigValue webserver.port|cut -d, -f1 | tr -cd '0-9') diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index c656fe88..5fa0f065 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -89,10 +89,10 @@ def test_installPihole_fresh_install_readableFiles(host): export DEBIAN_FRONTEND=noninteractive umask 0027 runUnattended=true - useUpdateVars=true + fresh_install=false source /opt/pihole/basic-install.sh > /dev/null runUnattended=true - useUpdateVars=true + fresh_install=false main /opt/pihole/pihole-FTL-prestart.sh """ From ce73691082b24d5936059365c735d3567ef32fd9 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 28 Feb 2025 22:20:17 +0000 Subject: [PATCH 20/23] Juggle some code around: - Move random password generation block inside final "fresh install" if block, ensure password is ONLY generated on fresh installs. - Add additional check for fresh install around setting of PIHOLE_DNS1/2, QUERY_LOGGING, and PRIVACY_LEVEL - Remove dedicated displayFinalMessage function. Signed-off-by: Adam Warner --- automated install/basic-install.sh | 104 +++++++++++------------------ 1 file changed, 38 insertions(+), 66 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f78f0c02..d3038901 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -89,7 +89,6 @@ IPV4_ADDRESS=${IPV4_ADDRESS} IPV6_ADDRESS=${IPV6_ADDRESS} # Give settings their default values. These may be changed by prompts later in the script. QUERY_LOGGING= -WEBPORT= PRIVACY_LEVEL= # Where old configs go to if a v6 migration is performed @@ -1754,34 +1753,6 @@ checkSelinux() { fi } -# Installation complete message with instructions for the user -displayFinalMessage() { - # TODO: COME BACK TO THIS, WHAT IS GOING ON? - # If the number of arguments is > 0, - if [[ "${#1}" -gt 0 ]]; then - # set the password to the first argument. - pwstring="$1" - elif [[ -n $(pihole-FTL --config webserver.api.pwhash) ]]; then - # Else if the password exists from previous setup, we'll load it later - pwstring="unchanged" - else - # Else, inform the user that there is no set password. - pwstring="NOT SET" - fi - - # Store a message in a variable and display it - additional="View the web interface at http://pi.hole/admin:${WEBPORT} or http://${IPV4_ADDRESS%/*}:${WEBPORT}/admin\\n\\nYour Admin Webpage login password is ${pwstring}" - - # Final completion message to user - dialog --no-shadow --keep-tite \ - --title "Installation Complete!" \ - --msgbox "Configure your devices to use the Pi-hole as their DNS server using:\ -\\n\\nIPv4: ${IPV4_ADDRESS%/*}\ -\\nIPv6: ${IPV6_ADDRESS:-"Not Configured"}\ -\\nIf you have not done so already, the above IP should be set to static.\ -\\n${additional}" "${r}" "${c}" -} - check_download_exists() { # Check if the download exists and we can reach the server local status=$(curl --head --silent "https://ftl.pi-hole.net/${1}" | head -n 1) @@ -2414,7 +2385,6 @@ main() { # Download or reset the appropriate git repos depending on the 'repair' flag clone_or_reset_repos - # Create the pihole user create_pihole_user @@ -2443,11 +2413,9 @@ main() { # Copy the temp log file into final log location for storage copy_to_install_log - # Migrate existing install to v6.0 migrate_dnsmasq_configs - # Check for and disable systemd-resolved-DNSStubListener before reloading resolved # DNSStubListener needs to remain in place for installer to download needed files, # so this change needs to be made after installation is complete, @@ -2470,28 +2438,25 @@ main() { restart_service pihole-FTL - # Add password to web UI if there is none - pw="" - # If this is a fresh installation and no password is set, - if [[ ${v5_to_v6_update} = false && -z $(getFTLConfigValue webserver.api.pwhash) ]]; then - # generate a random password - pw=$(tr -dc _A-Z-a-z-0-9 0)); then - # display the password - printf " %b Web Interface password: %b%s%b\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${pw}" "${COL_NC}" - printf " %b This can be changed using 'pihole setpassword'\\n\\n" "${INFO}" - fi - if [[ "${fresh_install}" == true ]]; then + # Get the Web interface port, return only the first port and strip all non-numeric characters WEBPORT=$(getFTLConfigValue webserver.port|cut -d, -f1 | tr -cd '0-9') - # Display the completion dialog - displayFinalMessage "${pw}" - - # If the Web interface was installed, - printf " %b View the web interface at http://pi.hole:${WEBPORT}/admin or http://%s/admin\\n\\n" "${INFO}" "${IPV4_ADDRESS%/*}:${WEBPORT}" + # If this is a fresh install, we will set a random password. + # Users can change this password after installation if they wish + pw=$(tr -dc _A-Z-a-z-0-9 /dev/null # Explain to the user how to use Pi-hole as their DNS server - printf " %b You may now configure your devices to use the Pi-hole as their DNS server\\n" "${INFO}" + printf "\\n %b You may now configure your devices to use the Pi-hole as their DNS server\\n" "${INFO}" [[ -n "${IPV4_ADDRESS%/*}" ]] && printf " %b Pi-hole DNS (IPv4): %s\\n" "${INFO}" "${IPV4_ADDRESS%/*}" [[ -n "${IPV6_ADDRESS}" ]] && printf " %b Pi-hole DNS (IPv6): %s\\n" "${INFO}" "${IPV6_ADDRESS}" printf " %b If you have not done so already, the above IP should be set to static.\\n" "${INFO}" + + printf " %b View the web interface at http://pi.hole:${WEBPORT}/admin or http://%s/admin\\n\\n" "${INFO}" "${IPV4_ADDRESS%/*}:${WEBPORT}" + printf " %b Web Interface password: %b%s%b\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${pw}" "${COL_NC}" + printf " %b This can be changed using 'pihole setpassword'\\n\\n" "${INFO}" + + # Final dialog message to the user + dialog --no-shadow --keep-tite \ + --title "Installation Complete!" \ + --msgbox "Configure your devices to use the Pi-hole as their DNS server using:\ +\\n\\nIPv4: ${IPV4_ADDRESS%/*}\ +\\nIPv6: ${IPV6_ADDRESS:-"Not Configured"}\ +\\nIf you have not done so already, the above IP should be set to static.\ +\\nView the web interface at http://pi.hole/admin:${WEBPORT} or http://${IPV4_ADDRESS%/*}:${WEBPORT}/admin\\n\\nYour Admin Webpage login password is ${pw}" "${r}" "${c}" + INSTALL_TYPE="Installation" else INSTALL_TYPE="Update" From 0130f7be74f4f3efc2a6c243359a08fbb13dae54 Mon Sep 17 00:00:00 2001 From: Jack'lul <8418678+jacklul@users.noreply.github.com> Date: Sat, 1 Mar 2025 14:43:36 +0100 Subject: [PATCH 21/23] Fix find command syntax, remove log dir from search Signed-off-by: Jack'lul <8418678+jacklul@users.noreply.github.com> --- advanced/Templates/pihole-FTL-prestart.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 1abafd28..49b0f0d4 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -17,7 +17,7 @@ find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + # Set all files (except TLS-related ones) to u+rw g+r find /etc/pihole/ /var/log/pihole/ -type f ! \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0640 {} + # Set TLS-related files to a more restrictive u+rw *only* (they may contain private keys) -find /etc/pihole/ /var/log/pihole/ -type f -name '*.pem' -o -name '*.crt' -exec chmod 0600 {} + +find /etc/pihole/ -type f \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0600 {} + # Logrotate config file need to be owned by root chown root:root /etc/pihole/logrotate From 9c7e02f213654da2cbf83727bbaccd5bd1ff9907 Mon Sep 17 00:00:00 2001 From: Karol Kania <44871508+karolkania@users.noreply.github.com> Date: Sun, 2 Mar 2025 12:05:42 +0100 Subject: [PATCH 22/23] Update gravity.sh remove the left-over commented debug code Signed-off-by: Karol Kania <44871508+karolkania@users.noreply.github.com> --- gravity.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index cc8c6ba1..ad94ca54 100755 --- a/gravity.sh +++ b/gravity.sh @@ -542,7 +542,6 @@ gravity_DownloadBlocklists() { # First, check if the directory is writable directory="$(dirname -- "${saveLocation}")" directory_permissions=$(stat -c %a ${directory}) - # echo "directory_permissions: ${directory_permissions}" if [ $directory_permissions -lt 700 ]; then echo -e " ${CROSS} Unable to write to ${directory}" echo " Please run pihole -g as root" @@ -551,7 +550,6 @@ gravity_DownloadBlocklists() { fi # Then, check if the file is writable (if it exists) saveLocation_permissions=$(stat -c %a ${saveLocation}) - # echo "saveLocation_permissions: ${saveLocation_permissions}" if [ -e "${saveLocation}" ] && [ ${saveLocation_permissions} -lt 600 ]; then echo -e " ${CROSS} Unable to write to ${saveLocation}" echo " Please run pihole -g as root" From df814ece91ee1a348d2377890f62e002f5e2bb68 Mon Sep 17 00:00:00 2001 From: Dominik Date: Mon, 3 Mar 2025 09:00:17 +0100 Subject: [PATCH 23/23] Revert "Improve gravity on systems with low memory" --- gravity.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index 9814a777..493f2b15 100755 --- a/gravity.sh +++ b/gravity.sh @@ -92,8 +92,7 @@ gravity_build_tree() { echo -ne " ${INFO} ${str}..." # The index is intentionally not UNIQUE as poor quality adlists may contain domains more than once - # We use temp_store = FILE to avoid memory exhaustion on large databases - output=$({ pihole-FTL sqlite3 -ni "${gravityTEMPfile}" "PRAGMA temp_store = FILE; CREATE INDEX idx_gravity ON gravity (domain, adlist_id);"; } 2>&1) + output=$({ pihole-FTL sqlite3 -ni "${gravityTEMPfile}" "CREATE INDEX idx_gravity ON gravity (domain, adlist_id);"; } 2>&1) status="$?" if [[ "${status}" -ne 0 ]]; then