From b87bcc8f5f876811aa2bf4bd572aeb609f72e94c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 24 Feb 2018 13:23:06 +0100 Subject: [PATCH 01/46] Modifications in pihole-FTL.service for FTLDNS Signed-off-by: DL6ER --- advanced/pihole-FTL.service | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index 959b7794..a21fd260 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -29,9 +29,11 @@ start() { mkdir -p /var/run/pihole mkdir -p /var/log/pihole chown pihole:pihole /var/run/pihole /var/log/pihole - rm /var/run/pihole/FTL.sock - chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole + rm /var/run/pihole/FTL.sock 2> /dev/null + chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port + chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + setcap CAP_NET_BIND_SERVICE=+eip "$(which pihole-FTL)" su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo fi From e8ec0dc701d00a2d8a8d5f5a0da5329a4748b059 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Feb 2018 09:34:04 +0100 Subject: [PATCH 02/46] Use pihole-FTL resolver in pihole and gravity Signed-off-by: DL6ER --- gravity.sh | 6 ++++-- pihole | 13 ++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/gravity.sh b/gravity.sh index ce2734fc..22c78201 100755 --- a/gravity.sh +++ b/gravity.sh @@ -42,6 +42,8 @@ preEventHorizon="list.preEventHorizon" skipDownload="false" +resolver="pihole-FTL" + # Source setupVars from install script setupVars="${piholeDir}/setupVars.conf" if [[ -f "${setupVars}" ]];then @@ -102,7 +104,7 @@ gravity_CheckDNSResolutionAvailable() { fi # Determine error output message - if pidof dnsmasq &> /dev/null; then + if pidof "${resolver}" &> /dev/null; then echo -e " ${CROSS} DNS resolution is currently unavailable" else echo -e " ${CROSS} DNS service is not running" @@ -560,7 +562,7 @@ gravity_Cleanup() { echo -e "${OVER} ${TICK} ${str}" # Only restart DNS service if offline - if ! pidof dnsmasq &> /dev/null; then + if ! pidof "${resolver}" &> /dev/null; then "${PIHOLE_COMMAND}" restartdns dnsWasOffline=true fi diff --git a/pihole b/pihole index 4421cb87..54701027 100755 --- a/pihole +++ b/pihole @@ -14,6 +14,8 @@ readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" source "${colfile}" +resolver="pihole-FTL" + # Must be root to use this tool if [[ ! $EUID -eq 0 ]];then if [[ -x "$(command -v sudo)" ]]; then @@ -332,18 +334,18 @@ restartDNS() { local svcOption svc str output status svcOption="${1:-}" - # Determine if we should reload or restart dnsmasq + # Determine if we should reload or restart restart if [[ "${svcOption}" =~ "reload" ]]; then # Using SIGHUP will NOT re-read any *.conf files - svc="killall -s SIGHUP dnsmasq" + svc="killall -s SIGHUP \"${resolver}\"" else - # Get PID of dnsmasq to determine if it needs to start or restart + # Get PID of resolver to determine if it needs to start or restart if pidof dnsmasq &> /dev/null; then svcOption="restart" else svcOption="start" fi - svc="service dnsmasq ${svcOption}" + svc="service \"${resolver}\" ${svcOption}" fi # Print output to Terminal, but not to Web Admin @@ -359,9 +361,6 @@ restartDNS() { [[ ! -t 1 ]] && local OVER="" echo -e "${OVER} ${CROSS} ${output}" fi - - # Send signal to FTL to have it re-parse the gravity files - killall -s SIGHUP pihole-FTL } piholeEnable() { From 09886a3f11889f485febcb16bd057a91496fe5ed Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Feb 2018 10:11:11 +0100 Subject: [PATCH 03/46] Add resolveconf config to pihole-FTL.service Signed-off-by: DL6ER --- advanced/pihole-FTL.service | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index a21fd260..5499cbe0 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -20,6 +20,7 @@ is_running() { ps "$(get_pid)" > /dev/null 2>&1 } + # Start the service start() { if is_running; then @@ -34,6 +35,7 @@ start() { chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log setcap CAP_NET_BIND_SERVICE=+eip "$(which pihole-FTL)" + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo fi @@ -42,6 +44,7 @@ start() { # Stop the service stop() { if is_running; then + /sbin/resolvconf -d lo.piholeFTL kill "$(get_pid)" for i in {1..5}; do if ! is_running; then From 56a2924a3360f4a5ecdc60c603f091e8848e23ca Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Feb 2018 23:38:34 +0100 Subject: [PATCH 04/46] Unprivileged processes are subject to full permission checking based on the process's credentials, we have to explicitly allow pihole-FTL to bind to ports < 1024 (port 53 for DNS) and for various advanced network-related operations (to allow for handling DHCP requests) Signed-off-by: DL6ER --- advanced/pihole-FTL.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index 5499cbe0..70d0b9d0 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -34,7 +34,7 @@ start() { chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log - setcap CAP_NET_BIND_SERVICE=+eip "$(which pihole-FTL)" + setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN+eip "$(which pihole-FTL)" echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo From fcdc85eab8c658166c1529e308b3067d7005f04e Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Feb 2018 23:47:11 +0100 Subject: [PATCH 05/46] Remove dnsmasq from dependencies Signed-off-by: DL6ER --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b694b527..eeccbf5d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) + PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) @@ -207,7 +207,7 @@ elif command -v rpm &> /dev/null; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget libidn2 psmisc) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo) # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS if grep -qi 'centos' /etc/redhat-release; then From 7ed45d26c29bd86e540779e324ad07928823bddb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 26 Feb 2018 17:26:51 +0100 Subject: [PATCH 06/46] Remove " " at some places where they shouldn't be Signed-off-by: DL6ER --- gravity.sh | 4 ++-- pihole | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gravity.sh b/gravity.sh index 22c78201..9d3bad95 100755 --- a/gravity.sh +++ b/gravity.sh @@ -104,7 +104,7 @@ gravity_CheckDNSResolutionAvailable() { fi # Determine error output message - if pidof "${resolver}" &> /dev/null; then + if pidof ${resolver} &> /dev/null; then echo -e " ${CROSS} DNS resolution is currently unavailable" else echo -e " ${CROSS} DNS service is not running" @@ -562,7 +562,7 @@ gravity_Cleanup() { echo -e "${OVER} ${TICK} ${str}" # Only restart DNS service if offline - if ! pidof "${resolver}" &> /dev/null; then + if ! pidof ${resolver} &> /dev/null; then "${PIHOLE_COMMAND}" restartdns dnsWasOffline=true fi diff --git a/pihole b/pihole index 54701027..c18ba12d 100755 --- a/pihole +++ b/pihole @@ -337,7 +337,7 @@ restartDNS() { # Determine if we should reload or restart restart if [[ "${svcOption}" =~ "reload" ]]; then # Using SIGHUP will NOT re-read any *.conf files - svc="killall -s SIGHUP \"${resolver}\"" + svc="killall -s SIGHUP ${resolver}" else # Get PID of resolver to determine if it needs to start or restart if pidof dnsmasq &> /dev/null; then @@ -345,7 +345,7 @@ restartDNS() { else svcOption="start" fi - svc="service \"${resolver}\" ${svcOption}" + svc="service ${resolver} ${svcOption}" fi # Print output to Terminal, but not to Web Admin From 0b87f489d53ceb11f9c37b523be53d74e8cc43a8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 3 Mar 2018 15:59:56 +0000 Subject: [PATCH 07/46] Look for pihole-FTL, not dnsmasq! Signed-off-by: Adam Warner --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index c18ba12d..3de16caf 100755 --- a/pihole +++ b/pihole @@ -340,7 +340,7 @@ restartDNS() { svc="killall -s SIGHUP ${resolver}" else # Get PID of resolver to determine if it needs to start or restart - if pidof dnsmasq &> /dev/null; then + if pidof pihole-FTL &> /dev/null; then svcOption="restart" else svcOption="start" From 8cf8da4c78cbcf92c3e196d90332a15395250520 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 6 Mar 2018 18:44:57 +0000 Subject: [PATCH 08/46] - Check file /etc/pihole/ftlbranch for current FTL branch, download from github if master, or pi-hole.net if other - Check if downloaded binary file can resolve queries, if so stop and disable dnsmasq - Add service_disable function - Add dependency libcap2-bin on debian to enable setcap. Need to check other distos -Always download FTL binary if /etc/pihole/ftlbranch does not contain "master" - Change some strings/variables that reference dnsmasq and change them to pihole/pihole-FTL Signed-off-by: Adam Warner --- automated install/basic-install.sh | 160 +++++++++++++++++++++-------- test/test_automated_install.py | 2 +- 2 files changed, 121 insertions(+), 41 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 32352306..39855a58 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) + PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) @@ -172,9 +172,7 @@ if command -v apt-get &> /dev/null; then # group, LIGHTTPD_GROUP="www-data" # and config file - LIGHTTPD_CFG="lighttpd.conf.debian" - # The DNS server user - DNSMASQ_USER="dnsmasq" + LIGHTTPD_CFG="lighttpd.conf.debian" # A function to check... test_dpkg_lock() { @@ -202,12 +200,12 @@ elif command -v rpm &> /dev/null; then PKG_MANAGER="yum" fi - # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. + # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. UPDATE_PKG_CACHE=":" PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc libnettle.so.4) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo) # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS if grep -qi 'centos' /etc/redhat-release; then @@ -215,8 +213,7 @@ elif command -v rpm &> /dev/null; then fi LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" - LIGHTTPD_CFG="lighttpd.conf.fedora" - DNSMASQ_USER="nobody" + LIGHTTPD_CFG="lighttpd.conf.fedora" # If neither apt-get or rmp/dnf are found else @@ -984,6 +981,10 @@ version_check_dnsmasq() { fi echo -en " ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." + # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) + if [[ ! -d "/etc/dnsmasq.d" ]];then + mkdir "/etc/dnsmasq.d" + fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location} echo -e "${OVER} ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf" @@ -1158,6 +1159,24 @@ enable_service() { echo -e "${OVER} ${TICK} ${str}" } +# Disable service so that it will not with next reboot +disable_service() { + # Local, named variables + local str="Disabling ${1} service" + echo "" + echo -ne " ${INFO} ${str}..." + # If systemctl exists, + if command -v systemctl &> /dev/null; then + # use that to disable the service + systemctl disable "${1}" &> /dev/null + # Othwerwise, + else + # use update-rc.d to accomplish this + update-rc.d "${1}" disable &> /dev/null + fi + echo -e "${OVER} ${TICK} ${str}" +} + update_package_cache() { # Running apt-get update/upgrade with minimal output can cause some issues with # requiring user input (e.g password for phpmyadmin see #218) @@ -1286,7 +1305,7 @@ install_dependent_packages() { # Create logfiles if necessary CreateLogFile() { - local str="Creating log and changing owner to dnsmasq" + local str="Creating log and changing owner to pihole" echo "" echo -ne " ${INFO} ${str}..." # If the pihole log does not exist, @@ -1296,7 +1315,7 @@ CreateLogFile() { # set the permissions, chmod 644 /var/log/pihole.log # and owners - chown "${DNSMASQ_USER}":root /var/log/pihole.log + chown pihole:root /var/log/pihole.log echo -e "${OVER} ${TICK} ${str}" # Otherwise, else @@ -1423,7 +1442,7 @@ configureFirewall() { # ask if the user wants to install Pi-hole's default firwall rules whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \ { echo -e " ${INFO} Not installing firewall rulesets."; return 0; } - echo -e " ${TICK} Configuring FirewallD for httpd and dnsmasq" + echo -e " ${TICK} Configuring FirewallD for httpd and pihole-FTL" # Allow HTTP and DNS traffice firewall-cmd --permanent --add-service=http --add-service=dns # Reload the firewall to apply these changes @@ -1757,11 +1776,45 @@ FTLinstall() { # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" - # If the download worked, - if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "${binary}"; then - # get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "${binary}.sha1" + local ftlBranch + local url + local ftlBranch + + if [[ -f "/etc/pihole/ftlbranch" ]];then + ftlBranch=$( /dev/null; then + if [[ $(which dnsmasq 2>/dev/null) ]]; then + stop_service dnsmasq + disable_service dnsmasq + #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` + confdir="conf-dir=/etc/dnsmasq.d" + conffile="/etc/dnsmasq.conf" + if ! grep -q "$confdir" "$conffile"; then + echo "$confdir" >> "$conffile" + fi + fi + fi + # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then echo -n "transferred... " @@ -1865,30 +1918,42 @@ FTLdetect() { echo -e " ${INFO} Checking for existing FTL binary..." local ftlLoc=$(which pihole-FTL 2>/dev/null) + + local ftlBranch + + if [[ -f "/etc/pihole/ftlbranch" ]];then + ftlBranch=$(/dev/null) ]]; then + if pihole-FTL --resolver > /dev/null; then + stop_service pihole-FTL + else + stop_service dnsmasq + fi + else + if [[ $(which dnsmasq 2>/dev/null) ]]; then + stop_service dnsmasq + fi + fi - stop_service dnsmasq if [[ "${INSTALL_WEB}" == true ]]; then stop_service lighttpd fi @@ -2094,8 +2171,11 @@ main() { echo -e " ${INFO} Restarting services..." # Start services - start_service dnsmasq - enable_service dnsmasq + # Only start and enable dnsmasq if FTL does not have the --resolver switch + if ! pihole-FTL --resolver > /dev/null; then + start_service dnsmasq + enable_service dnsmasq + fi # If the Web server was installed, if [[ "${INSTALL_WEB}" == true ]]; then diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 0e961c7f..2c65c660 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -80,7 +80,7 @@ def test_configureFirewall_firewalld_running_no_errors(Pihole): source /opt/pihole/basic-install.sh configureFirewall ''') - expected_stdout = 'Configuring FirewallD for httpd and dnsmasq' + expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL' assert expected_stdout in configureFirewall.stdout firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout assert 'firewall-cmd --state' in firewall_calls From 6584933e9297f82c90e68d4bff3167189fec5870 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 6 Mar 2018 18:49:38 +0000 Subject: [PATCH 09/46] fix stickler complaints Signed-off-by: Adam Warner --- automated install/basic-install.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 39855a58..f435e269 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1931,8 +1931,10 @@ FTLdetect() { FTLinstall "${binary}" || return 1 else if [[ ${ftlLoc} ]]; then - local FTLversion=$(/usr/bin/pihole-FTL tag) - local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') + local FTLversion + FTLversion=$(/usr/bin/pihole-FTL tag) + local FTLlatesttag + FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then # Install FTL @@ -1940,8 +1942,10 @@ FTLdetect() { else echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..." - local remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1) - local localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1) + local remoteSha1 + remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1) + local localSha1 + localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1) if [[ "${remoteSha1}" != "${localSha1}" ]]; then echo -e " ${INFO} Corruption detected..." From 512ec7fb8709aabb818a27d2d1390518c346eb6c Mon Sep 17 00:00:00 2001 From: Riley Avron Date: Tue, 6 Mar 2018 21:44:29 -0800 Subject: [PATCH 10/46] Remove unneeded ifs in awk Signed-off-by: Riley Avron --- gravity.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/gravity.sh b/gravity.sh index 395ea548..f1af8d9e 100755 --- a/gravity.sh +++ b/gravity.sh @@ -345,13 +345,14 @@ gravity_ParseFileIntoDomains() { # Scanning for "^IPv4$" is too slow with large (1M) lists on low-end hardware echo -ne " ${INFO} Format: URL" - awk '{ + awk ' # Remove URL protocol, optional "username:password@", and ":?/;" - if ($0 ~ /[:?\/;]/) { gsub(/(^.*:\/\/(.*:.*@)?|[:?\/;].*)/, "", $0) } - # Remove lines which are only IPv4 addresses - if ($0 ~ /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) { $0="" } - if ($0) { print $0 } - }' "${source}" 2> /dev/null > "${destination}" + /[:?\/;]/ { gsub(/(^.*:\/\/(.*:.*@)?|[:?\/;].*)/, "", $0) } + # Skip lines which are only IPv4 addresses + /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ { next } + # Print if nonempty + length { print $0 } + ' "${source}" 2> /dev/null > "${destination}" echo -e "${OVER} ${TICK} Format: URL" else From f390671018b46c9e60ca99bb6810ea43dfb6a9fc Mon Sep 17 00:00:00 2001 From: Riley Avron Date: Tue, 6 Mar 2018 21:48:12 -0800 Subject: [PATCH 11/46] Improve scheme matching to avoid inadvertent blocking Signed-off-by: Riley Avron --- gravity.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index f1af8d9e..011d2f8c 100755 --- a/gravity.sh +++ b/gravity.sh @@ -346,12 +346,16 @@ gravity_ParseFileIntoDomains() { echo -ne " ${INFO} Format: URL" awk ' - # Remove URL protocol, optional "username:password@", and ":?/;" - /[:?\/;]/ { gsub(/(^.*:\/\/(.*:.*@)?|[:?\/;].*)/, "", $0) } + # Remove URL scheme, optional "username:password@", and ":?/;" + # The scheme must be matched carefully to avoid blocking the wrong URL + # in cases like: + # http://www.evil.com?http://www.good.com + # See RFC 3986 section 3.1 for details. + /[:?\/;]/ { gsub(/(^[a-zA-Z][a-zA-Z0-9+.-]*:\/\/(.*:.*@)?|[:?\/;].*)/, "", $0) } # Skip lines which are only IPv4 addresses /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ { next } # Print if nonempty - length { print $0 } + length { print } ' "${source}" 2> /dev/null > "${destination}" echo -e "${OVER} ${TICK} Format: URL" From acd69fa4b07e55ec1ffc4e13af85d0fdd18ba1af Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 22:19:11 +0000 Subject: [PATCH 12/46] silence push/popd Signed-off-by: Adam Warner --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f435e269..4efa9f30 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1771,7 +1771,7 @@ FTLinstall() { fi # Move into the temp ftl directory - pushd "$(mktemp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; } + pushd "$(mktemp -d)" > /dev/null || { echo "Unable to make temporary directory for FTL binary download"; return 1; } # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" @@ -1830,14 +1830,14 @@ FTLinstall() { # Otherise, else # the download failed, so just go back to the original directory - popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } + popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" return 1 fi # Otherwise, else - popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } + popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" # The URL could not be found echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" From 7193f40b879b43d5493d18ad637a963a16b0fd3f Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 22:23:05 +0000 Subject: [PATCH 13/46] remove libnettle, missed a >/dev/null Signed-off-by: Adam Warner --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4efa9f30..de118052 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -205,7 +205,7 @@ elif command -v rpm &> /dev/null; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc libnettle.so.4) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo) # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS if grep -qi 'centos' /etc/redhat-release; then @@ -1823,7 +1823,7 @@ FTLinstall() { # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL # Move back into the original directory the user was in - popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } + popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } # Install the FTL service echo -e "${OVER} ${TICK} ${str}" return 0 From 84bd86f1eecb77e5b6a9b290657f15effc02a9a3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 23:31:28 +0000 Subject: [PATCH 14/46] - Test to see if dnsmasq service is enabled before stopping and disabling it. - Some formatting tweaks to the `start_service` `stop_`service` `disable_service` and `enable_service` commands Signed-off-by: Adam Warner --- automated install/basic-install.sh | 71 ++++++++++++++++++------------ 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index de118052..22d549e1 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1112,8 +1112,7 @@ installConfigs() { stop_service() { # Stop service passed in as argument. # Can softfail, as process may not be installed when this is called - local str="Stopping ${1} service" - echo "" + local str="Stopping ${1} service" echo -ne " ${INFO} ${str}..." if command -v systemctl &> /dev/null; then systemctl stop "${1}" &> /dev/null || true @@ -1126,8 +1125,7 @@ stop_service() { # Start/Restart service passed in as argument start_service() { # Local, named variables - local str="Starting ${1} service" - echo "" + local str="Starting ${1} service" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1144,8 +1142,7 @@ start_service() { # Enable service so that it will start with next reboot enable_service() { # Local, named variables - local str="Enabling ${1} service to start on reboot" - echo "" + local str="Enabling ${1} service to start on reboot" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1162,8 +1159,7 @@ enable_service() { # Disable service so that it will not with next reboot disable_service() { # Local, named variables - local str="Disabling ${1} service" - echo "" + local str="Disabling ${1} service" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1177,6 +1173,26 @@ disable_service() { echo -e "${OVER} ${TICK} ${str}" } +check_service_active() { + # If systemctl exists, + if command -v systemctl &> /dev/null; then + # use that to disable the service + if systemctl status "${1}" | grep -q "Active: active" > /dev/null; then + return 0 + else + return 1 + fi + # Othwerwise, + else + # fall back to service command + if service "${1}" status | grep "Active: active" > /dev/null; then + return 0 + else + return 1 + fi + fi +} + update_package_cache() { # Running apt-get update/upgrade with minimal output can cause some issues with # requiring user input (e.g password for phpmyadmin see #218) @@ -1796,25 +1812,8 @@ FTLinstall() { # If the download worked, if curl -sSL --fail "${url}/${binary}" -o "${binary}"; then # get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "${url}/${binary}.sha1" -o "${binary}.sha1" - - # Make the tempory binary executable so that we can test the --resolver flag - chmod +x "${binary}" + curl -sSL --fail "${url}/${binary}.sha1" -o "${binary}.sha1" - # If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq - if ./"${binary}" --resolver > /dev/null; then - if [[ $(which dnsmasq 2>/dev/null) ]]; then - stop_service dnsmasq - disable_service dnsmasq - #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` - confdir="conf-dir=/etc/dnsmasq.d" - conffile="/etc/dnsmasq.conf" - if ! grep -q "$confdir" "$conffile"; then - echo "$confdir" >> "$conffile" - fi - fi - fi - # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then echo -n "transferred... " @@ -1826,6 +1825,23 @@ FTLinstall() { popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } # Install the FTL service echo -e "${OVER} ${TICK} ${str}" + # If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq + if pihole-FTL --resolver > /dev/null; then + if [[ $(which dnsmasq 2>/dev/null) ]]; then + if check_service_active "dnsmasq";then + echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" + stop_service dnsmasq + disable_service dnsmasq + fi + fi + + #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` + confdir="conf-dir=/etc/dnsmasq.d" + conffile="/etc/dnsmasq.conf" + if ! grep -q "$confdir" "$conffile"; then + echo "$confdir" >> "$conffile" + fi + fi return 0 # Otherise, else @@ -1834,7 +1850,7 @@ FTLinstall() { echo -e "${OVER} ${CROSS} ${str}" echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" return 1 - fi + fi # Otherwise, else popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } @@ -1959,6 +1975,7 @@ FTLdetect() { FTLinstall "${binary}" || return 1 fi fi + echo "" } make_temporary_log() { From b92ccb2de4204299717b02b9c3291ed22dfdcc3d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 14 Mar 2018 20:01:06 +0000 Subject: [PATCH 15/46] Additionally `mask` the dnsmasq service on systems with systemctl Signed-off-by: Adam Warner --- automated install/basic-install.sh | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 22d549e1..47348775 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1173,6 +1173,25 @@ disable_service() { echo -e "${OVER} ${TICK} ${str}" } +# Mask service so that it cannot be started accidentally +mask_service() { + # Local, named variables + local str="Masking ${1} service" + echo -ne " ${INFO} ${str}..." + # If systemctl exists, + if command -v systemctl &> /dev/null; then + # use that to disable the service + systemctl mask "${1}" &> /dev/null + echo -e "${OVER} ${TICK} ${str}" + # Othwerwise, + else + # use update-rc.d to accomplish this + echo -e "${OVER} ${CROSS} ${str}" + echo -e " ${INFO} systemctl not detected. Cannot mask service." + fi + +} + check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1831,7 +1850,8 @@ FTLinstall() { if check_service_active "dnsmasq";then echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" stop_service dnsmasq - disable_service dnsmasq + disable_service dnsmasq + mask_service dnsmasq fi fi From 44d8cb77e3a56b897a3769b7fad14f4fded93233 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 17 Mar 2018 22:48:11 +0000 Subject: [PATCH 16/46] Kill off `mask_service` function Signed-off-by: Adam Warner --- automated install/basic-install.sh | 31 ++++++------------------------ 1 file changed, 6 insertions(+), 25 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 47348775..6a160be6 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1148,7 +1148,7 @@ enable_service() { if command -v systemctl &> /dev/null; then # use that to enable the service systemctl enable "${1}" &> /dev/null - # Othwerwise, + # Otherwise, else # use update-rc.d to accomplish this update-rc.d "${1}" defaults &> /dev/null @@ -1165,7 +1165,7 @@ disable_service() { if command -v systemctl &> /dev/null; then # use that to disable the service systemctl disable "${1}" &> /dev/null - # Othwerwise, + # Otherwise, else # use update-rc.d to accomplish this update-rc.d "${1}" disable &> /dev/null @@ -1173,25 +1173,6 @@ disable_service() { echo -e "${OVER} ${TICK} ${str}" } -# Mask service so that it cannot be started accidentally -mask_service() { - # Local, named variables - local str="Masking ${1} service" - echo -ne " ${INFO} ${str}..." - # If systemctl exists, - if command -v systemctl &> /dev/null; then - # use that to disable the service - systemctl mask "${1}" &> /dev/null - echo -e "${OVER} ${TICK} ${str}" - # Othwerwise, - else - # use update-rc.d to accomplish this - echo -e "${OVER} ${CROSS} ${str}" - echo -e " ${INFO} systemctl not detected. Cannot mask service." - fi - -} - check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1201,7 +1182,7 @@ check_service_active() { else return 1 fi - # Othwerwise, + # Otherwise, else # fall back to service command if service "${1}" status | grep "Active: active" > /dev/null; then @@ -1385,7 +1366,7 @@ installPiholeWeb() { # back it up mv /var/www/html/index.lighttpd.html /var/www/html/index.lighttpd.orig echo -e "${OVER} ${TICK} ${str}" - # Othwerwise, + # Otherwise, else # don't do anything echo -e "${OVER} ${CROSS} ${str} @@ -1458,7 +1439,7 @@ create_pihole_user() { if id -u pihole &> /dev/null; then # just show a success echo -ne "${OVER} ${TICK} ${str}" - # Othwerwise, + # Otherwise, else echo -ne "${OVER} ${CROSS} ${str}" local str="Creating user 'pihole'" @@ -1498,7 +1479,7 @@ configureFirewall() { iptables -C INPUT -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT return 0 fi - # Othwerwise, + # Otherwise, else # no firewall is running echo -e " ${INFO} No active firewall detected.. skipping firewall configuration" From f18bf35b208813e798affdb15ed4333e46b8030a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 17 Mar 2018 22:56:50 +0000 Subject: [PATCH 17/46] use `systemctl is-enabled` to check enabled status of service Signed-off-by: Adam Warner --- automated install/basic-install.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6a160be6..ddebe6fa 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1176,12 +1176,9 @@ disable_service() { check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then - # use that to disable the service - if systemctl status "${1}" | grep -q "Active: active" > /dev/null; then - return 0 - else - return 1 - fi + # use that to check the status of the service + systemctl is-enabled "${1}" > /dev/null + return $? # Otherwise, else # fall back to service command @@ -1832,7 +1829,6 @@ FTLinstall() { echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" stop_service dnsmasq disable_service dnsmasq - mask_service dnsmasq fi fi From e2e8b733a85a1f290269993823db138583e65265 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 18 Mar 2018 00:13:10 +0000 Subject: [PATCH 18/46] tidy up function Signed-off-by: Adam Warner --- automated install/basic-install.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ddebe6fa..2574b4a3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1177,17 +1177,12 @@ check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then # use that to check the status of the service - systemctl is-enabled "${1}" > /dev/null - return $? + systemctl is-enabled "${1}" > /dev/null # Otherwise, else # fall back to service command - if service "${1}" status | grep "Active: active" > /dev/null; then - return 0 - else - return 1 - fi - fi + service "${1}" status > /dev/null + fi } update_package_cache() { @@ -1824,12 +1819,12 @@ FTLinstall() { echo -e "${OVER} ${TICK} ${str}" # If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq if pihole-FTL --resolver > /dev/null; then - if [[ $(which dnsmasq 2>/dev/null) ]]; then + if which dnsmasq > /dev/null; then if check_service_active "dnsmasq";then echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" stop_service dnsmasq disable_service dnsmasq - fi + fi fi #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` From d26ea2b948b73865c9cdcd0c90ac0fb5b33bc7c8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 18 Mar 2018 00:38:34 +0000 Subject: [PATCH 19/46] remove trailing whitespace Signed-off-by: Adam Warner --- automated install/basic-install.sh | 38 +++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2574b4a3..a5d52309 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -172,7 +172,7 @@ if command -v apt-get &> /dev/null; then # group, LIGHTTPD_GROUP="www-data" # and config file - LIGHTTPD_CFG="lighttpd.conf.debian" + LIGHTTPD_CFG="lighttpd.conf.debian" # A function to check... test_dpkg_lock() { @@ -200,7 +200,7 @@ elif command -v rpm &> /dev/null; then PKG_MANAGER="yum" fi - # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. + # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. UPDATE_PKG_CACHE=":" PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" @@ -213,7 +213,7 @@ elif command -v rpm &> /dev/null; then fi LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" - LIGHTTPD_CFG="lighttpd.conf.fedora" + LIGHTTPD_CFG="lighttpd.conf.fedora" # If neither apt-get or rmp/dnf are found else @@ -1112,7 +1112,7 @@ installConfigs() { stop_service() { # Stop service passed in as argument. # Can softfail, as process may not be installed when this is called - local str="Stopping ${1} service" + local str="Stopping ${1} service" echo -ne " ${INFO} ${str}..." if command -v systemctl &> /dev/null; then systemctl stop "${1}" &> /dev/null || true @@ -1125,7 +1125,7 @@ stop_service() { # Start/Restart service passed in as argument start_service() { # Local, named variables - local str="Starting ${1} service" + local str="Starting ${1} service" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1142,7 +1142,7 @@ start_service() { # Enable service so that it will start with next reboot enable_service() { # Local, named variables - local str="Enabling ${1} service to start on reboot" + local str="Enabling ${1} service to start on reboot" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1159,7 +1159,7 @@ enable_service() { # Disable service so that it will not with next reboot disable_service() { # Local, named variables - local str="Disabling ${1} service" + local str="Disabling ${1} service" echo -ne " ${INFO} ${str}..." # If systemctl exists, if command -v systemctl &> /dev/null; then @@ -1177,11 +1177,11 @@ check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then # use that to check the status of the service - systemctl is-enabled "${1}" > /dev/null + systemctl is-enabled "${1}" > /dev/null # Otherwise, else # fall back to service command - service "${1}" status > /dev/null + service "${1}" status > /dev/null fi } @@ -1787,13 +1787,13 @@ FTLinstall() { local ftlBranch local url local ftlBranch - + if [[ -f "/etc/pihole/ftlbranch" ]];then ftlBranch=$( /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } @@ -1926,9 +1926,9 @@ FTLdetect() { echo -e " ${INFO} Checking for existing FTL binary..." local ftlLoc=$(which pihole-FTL 2>/dev/null) - + local ftlBranch - + if [[ -f "/etc/pihole/ftlbranch" ]];then ftlBranch=$(/dev/null) ]]; then - if pihole-FTL --resolver > /dev/null; then + if pihole-FTL --resolver > /dev/null; then stop_service pihole-FTL else stop_service dnsmasq @@ -2185,7 +2185,7 @@ main() { echo -e " ${INFO} Restarting services..." # Start services # Only start and enable dnsmasq if FTL does not have the --resolver switch - if ! pihole-FTL --resolver > /dev/null; then + if ! pihole-FTL --resolver > /dev/null; then start_service dnsmasq enable_service dnsmasq fi From 11f342587656937f0baa8960cbd785994ceeaaec Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Thu, 22 Mar 2018 23:51:12 -0500 Subject: [PATCH 20/46] update donation and affiliate links. also link to trademark guidelines. update an image. and add a project. Signed-off-by: Jacob Salmela --- README.md | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index b7f4f249..b5e24378 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ Network-wide ad blocking via your own Linux hardware

-The Pi-hole is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software. +The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software. - **Easy-to-install**: our versatile installer walks you through the process, and [takes less than ten minutes](https://www.youtube.com/watch?v=vKWjx1AQYgs) - **Resolute**: content is blocked in _non-browser locations_, such as ad-laden mobile apps and smart TVs @@ -27,7 +27,7 @@ Those who want to get started quickly and conveniently, may install Pi-hole usin #### `curl -sSL https://install.pi-hole.net | bash` ## Alternative Install Methods -[Piping to `bash` is controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash), as it prevents you from [reading code that is about to run](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) on your system. Therefore, we provide these alternative installation methods which allow code review before installation: +[Piping to `bash` is controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash), as it prevents you from [reading code that is about to run](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) on your system. Therefore, we provide these alternative installation methods which allow code review before installation: ### Method 1: Clone our repository and run ``` @@ -60,16 +60,21 @@ Make no mistake: **your support is absolutely vital to help keep us innovating!* ### Donations Sending a donation using our links below is **extremely helpful** in offsetting a portion of our monthly expenses: - PP Donate via PayPal
BTC Bitcoin Address: 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL +- PP Donate via PayPal
+- BTC [Bitcoin](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL
+- BTC [Bitcoin Cash](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): qqh25hlmqaj99xraw00e47xmf8sysnyxhyww2d7dnh
+- BTC [Ethereum](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): 0xF00aF43d2431BAD585056492b310e48eC40D87e8 ### Alternative support -If you'd rather not donate (_which is okay!_), there are other ways you can help support us: +If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us: -- [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) affiliate link -- [Vultr](http://www.vultr.com/?ref=7190426) affiliate link -- [UNIXstickers.com](http://unixstickers.refr.cc/jacobs) affiliate link -- [Pi-hole Swag Store](https://pi-hole.net/shop/) +- [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_ +- [UNIXstickers.com](http://unixstickers.refr.cc/jacobs) _save $5 when you spend $9 using our affiliate link_ +- [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_ +- [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ +- [Ho-ost](https://clients.ho-ost.com/aff.php?aff=19) _save 50% with our affiliate link_ +- [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_ +- [Vultr](http://www.vultr.com/?ref=7190426) _affiliate link_ - Spreading the word about our software, and how you have benefited from it ### Contributing via GitHub @@ -127,7 +132,7 @@ You can read our [Core Feature Breakdown](https://github.com/pi-hole/pi-hole/wik ### The Web Interface Dashboard This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve! -Pi-hole Dashboard +Pi-hole Dashboard Some notable features include: * Mobile friendly interface @@ -145,8 +150,8 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t 2. `http:/pi.hole/admin/` (when using Pi-hole as your DNS server) 3. `http://pi.hole/` (when using Pi-hole as your DNS server) -## The Faster-Than-Light Engine -The [FTL Engine](https://github.com/pi-hole/FTL) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTL does this all *very quickly*! +## Faster-than-light Engine +The FTLDNS[™](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! Some of the statistics you can integrate include: * Total number of domains being blocked @@ -194,6 +199,7 @@ While quite outdated at this point, [this original blog post about Pi-hole](http - [Magic Mirror with DNS Filtering](https://zonksec.com/blog/magic-mirror-dns-filtering/#dnssoftware) - [Pi-hole Droid: Android client](https://github.com/friimaind/pi-hole-droid) - [Windows DNS Swapper](https://github.com/roots84/DNS-Swapper), see [#1400](https://github.com/pi-hole/pi-hole/issues/1400) +- [Pi-hole Visualizer](https://www.reddit.com/r/pihole/comments/82ikgb/pihole_visualizer_update/) ----- ## Coverage From 7159ecb632dc623b0cd854e0dd4e372464fb14c0 Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Fri, 23 Mar 2018 00:11:21 -0500 Subject: [PATCH 21/46] reduce ping times for faster script completion Signed-off-by: Jacob Salmela --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index b668af94..d2e8951b 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -592,7 +592,7 @@ ping_gateway() { # Try to quietly ping the gateway 3 times, with a timeout of 3 seconds, using numeric output only, # on the pihole interface, and tail the last three lines of the output # If pinging the gateway is not successful, - if ! ${cmd} -c 3 -W 2 -n ${gateway} -I ${PIHOLE_INTERFACE} >/dev/null; then + if ! ${cmd} -c 1 -W 2 -n ${gateway} -I ${PIHOLE_INTERFACE} >/dev/null; then # let the user know log_write "${CROSS} ${COL_RED}Gateway did not respond.${COL_NC} ($FAQ_GATEWAY)\n" # and return an error code @@ -613,7 +613,7 @@ ping_internet() { ping_ipv4_or_ipv6 "${protocol}" log_write "* Checking Internet connectivity via IPv${protocol}..." # Try to ping the address 3 times - if ! ${cmd} -W 2 -c 3 -n ${public_address} -I ${PIHOLE_INTERFACE} >/dev/null; then + if ! ${cmd} -c 1 -W 2 -n ${public_address} -I ${PIHOLE_INTERFACE} >/dev/null; then # if it's unsuccessful, show an error log_write "${CROSS} ${COL_RED}Cannot reach the Internet.${COL_NC}\n" return 1 From 51765b1f659a5fe5023bb0c2001ebce4ed8be861 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 23 Mar 2018 10:15:40 +0000 Subject: [PATCH 22/46] chown pihole log to pihole:pihole, rather than pihole:root Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a5d52309..c2e44843 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1323,7 +1323,7 @@ CreateLogFile() { # set the permissions, chmod 644 /var/log/pihole.log # and owners - chown pihole:root /var/log/pihole.log + chown pihole:pihole /var/log/pihole.log echo -e "${OVER} ${TICK} ${str}" # Otherwise, else From 238a56cac3a0ca958900e4e465ed97b5e326ff77 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 23 Mar 2018 10:53:22 +0000 Subject: [PATCH 23/46] Remove CreateLogFile function, as this is handled by the FTL service Signed-off-by: Adam Warner --- automated install/basic-install.sh | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c2e44843..01a1aff0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1311,27 +1311,6 @@ install_dependent_packages() { return 0 } -# Create logfiles if necessary -CreateLogFile() { - local str="Creating log and changing owner to pihole" - echo "" - echo -ne " ${INFO} ${str}..." - # If the pihole log does not exist, - if [[ ! -f "/var/log/pihole.log" ]]; then - # Make it, - touch /var/log/pihole.log - # set the permissions, - chmod 644 /var/log/pihole.log - # and owners - chown pihole:pihole /var/log/pihole.log - echo -e "${OVER} ${TICK} ${str}" - # Otherwise, - else - # the file should already exist - echo -e " ${COL_LIGHT_GREEN}log already exists!${COL_NC}" - fi -} - # Install the Web interface dashboard installPiholeWeb() { echo "" @@ -1577,8 +1556,6 @@ installPihole() { installScripts # configs, installConfigs - # and create the log file - CreateLogFile # If the user wants to install the dashboard, if [[ "${INSTALL_WEB}" == true ]]; then # do so @@ -1614,9 +1591,7 @@ updatePihole() { # Install base files and web interface installScripts # Install config files - installConfigs - # Create the log file - CreateLogFile + installConfigs # If the user wants to install the dasboard, if [[ "${INSTALL_WEB}" == true ]]; then # do so From d9d3caec22e597d0b12ad9006bc1b9576c52a19f Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Fri, 23 Mar 2018 06:56:40 -0500 Subject: [PATCH 24/46] new head tail function and get head tail of pihole-FTL.log instead of just head Signed-off-by: Jacob Salmela --- advanced/Scripts/piholeDebug.sh | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d2e8951b..e1eb722b 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -958,7 +958,7 @@ list_files_in_dir() { "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") make_array_from_file "${dir_to_parse}/${each_file}" 25 ;; # Same for the FTL log - "${PIHOLE_FTL_LOG}") make_array_from_file "${dir_to_parse}/${each_file}" 25 + "${PIHOLE_FTL_LOG}") head_tail_log "${dir_to_parse}/${each_file}" 35 ;; # parse the file into an array in case we ever need to analyze it line-by-line *) make_array_from_file "${dir_to_parse}/${each_file}"; @@ -991,6 +991,34 @@ show_content_of_pihole_files() { show_content_of_files_in_dir "${LOG_DIRECTORY}" } +head_tail_log() { + # The file being processed + local filename="${1}" + # The number of lines to use for head and tail + local qty="${2}" + local head_line + local tail_line + # Put the current Internal Field Separator into another variable so it can be restored later + OLD_IFS="$IFS" + # Get the lines that are in the file(s) and store them in an array for parsing later + IFS=$'\r\n' + local log_head=() + log_head=( $(head -n ${qty} ${filename}) ) + log_write " ${COL_CYAN}-----head of $(basename ${filename})------${COL_NC}" + for head_line in "${log_head[@]}"; do + log_write " ${head_line}" + done + log_write "" + local log_tail=() + log_tail=( $(tail -n ${qty} ${filename}) ) + log_write " ${COL_CYAN}-----tail of $(basename ${filename})------${COL_NC}" + for tail_line in "${log_tail[@]}"; do + log_write " ${tail_line}" + done + # Set the IFS back to what it was + IFS="$OLD_IFS" +} + analyze_gravity_list() { echo_current_diagnostic "Gravity list" local head_line From fbab930cb19ca8a9c5f0afeadbb804f484837e77 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 23 Mar 2018 22:46:41 +0000 Subject: [PATCH 25/46] Allow install script to install FTL instead of the checkout script. Utilises the /etc/pihole/ftlbranch file. Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 45 +----------------------------- 1 file changed, 1 insertion(+), 44 deletions(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 21919ddf..81ea27b3 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -19,7 +19,6 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # setupVars set in basic-install.sh source "${setupVars}" -update="false" coltable="/opt/pihole/COL_TABLE" source ${coltable} @@ -33,40 +32,6 @@ check_download_exists() { fi } -FTLinstall() { - # Download and install FTL binary - local binary - binary="${1}" - local path - path="${2}" - local str - str="Installing FTL" - echo -ne " ${INFO} ${str}..." - - if curl -sSL --fail "https://ftl.pi-hole.net/${path}" -o "/tmp/${binary}"; then - # Get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "https://ftl.pi-hole.net/${path}.sha1" -o "/tmp/${binary}.sha1" - # Check if we just downloaded text, or a binary file. - cd /tmp || return 1 - if sha1sum --status --quiet -c "${binary}".sha1; then - echo -n "transferred... " - stop_service pihole-FTL &> /dev/null - install -T -m 0755 "/tmp/${binary}" "/usr/bin/pihole-FTL" - rm "/tmp/${binary}" "/tmp/${binary}.sha1" - start_service pihole-FTL &> /dev/null - echo -e "${OVER} ${TICK} ${str}" - return 0 - else - echo -e "${OVER} ${CROSS} ${str}" - echo -e " ${COL_LIGHT_RED}Error: Download of binary from ftl.pi-hole.net failed${COL_NC}" - return 1 - fi - else - echo -e "${OVER} ${CROSS} ${str}" - echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" - fi -} - get_binary_name() { local machine machine=$(uname -m) @@ -176,11 +141,6 @@ checkout_pull_branch() { git checkout "${branch}" --quiet || return 1 echo -e "${OVER} ${TICK} $str" - - if [[ "$(git diff "${oldbranch}" | grep -c "^")" -gt "0" ]]; then - update="true" - fi - git_pull=$(git pull || return 1) if [[ "$git_pull" == *"up-to-date"* ]]; then @@ -257,7 +217,6 @@ checkout() { local path path="development/${binary}" echo "development" > /etc/pihole/ftlbranch - FTLinstall "${binary}" "${path}" elif [[ "${1}" == "master" ]] ; then # Shortcut to check out master branches echo -e " ${INFO} Shortcut \"master\" detected - checking out master branches..." @@ -272,7 +231,6 @@ checkout() { local path path="master/${binary}" echo "master" > /etc/pihole/ftlbranch - FTLinstall "${binary}" "${path}" elif [[ "${1}" == "core" ]] ; then str="Fetching branches from ${piholeGitUrl}" echo -ne " ${INFO} $str" @@ -335,7 +293,6 @@ checkout() { if check_download_exists "$path"; then echo " ${TICK} Branch ${2} exists" echo "${2}" > /etc/pihole/ftlbranch - FTLinstall "${binary}" "${path}" else echo " ${CROSS} Requested branch \"${2}\" is not available" ftlbranches=( $(git ls-remote https://github.com/pi-hole/ftl | grep 'heads' | sed 's/refs\/heads\///;s/ //g' | awk '{print $2}') ) @@ -350,7 +307,7 @@ checkout() { fi # Force updating everything - if [[ ( ! "${1}" == "web" && ! "${1}" == "ftl" ) && "${update}" == "true" ]]; then + if [[ ! "${1}" == "web" ]]; then echo -e " ${INFO} Running installer to upgrade your installation" if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then exit 0 From 295ac49f838ee295cf5da6a7f69ea09e23b69424 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Mar 2018 09:58:22 +0200 Subject: [PATCH 26/46] Add capability CAP_NET_RAW to allow pihole-FTL to use RAW sockets for being able to create an ICMPv6 socket for IPv6 handling in the DHCP service Signed-off-by: DL6ER --- advanced/pihole-FTL.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index 70d0b9d0..ef8ee9c2 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -34,7 +34,7 @@ start() { chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log - setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN+eip "$(which pihole-FTL)" + setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)" echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo From ff47ab12fbc8bc9164c4c75d92f4cfba94d202d2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 30 Mar 2018 21:01:51 +0200 Subject: [PATCH 27/46] Save number of effectively blocked domains in /etc/pihole/numBlocked Signed-off-by: DL6ER --- gravity.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gravity.sh b/gravity.sh index 88ba8bb0..5806dea7 100755 --- a/gravity.sh +++ b/gravity.sh @@ -510,9 +510,11 @@ gravity_ParseBlacklistDomains() { if [[ -f "${piholeDir}/${whitelistMatter}" ]]; then gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" + grep -c "^" "${piholeDir}/${whitelistMatter}" > "${piholeDir}/numBlocked" 2> /dev/null else # There was no whitelist file, so use preEventHorizon instead of whitelistMatter. gravity_ParseDomainsIntoHosts "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}" + grep -c "^" "${piholeDir}/${preEventHorizon}" > "${piholeDir}/numBlocked" 2> /dev/null fi # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it From b1d6c0319091c22ee7a39ffd6e258dc3e09aff07 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Apr 2018 21:53:32 +0100 Subject: [PATCH 28/46] Break out binary name funtion to it's own function Remove duplicate code. get_binary_name is now in the install script Add some "version" checking to ftl download when using an alt branch, uses checksum Greatly simplify update process. Source pihole-FTL version checker from basic-install.sh Always run install script to finalise changes. Install script now outputs versions after an update (This is a Squash of previous work into one commit) Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 49 ------------ advanced/Scripts/update.sh | 117 ++++++++--------------------- automated install/basic-install.sh | 68 ++++++++++++----- gravity.sh | 2 + 4 files changed, 80 insertions(+), 156 deletions(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 81ea27b3..7b189bcc 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -32,55 +32,6 @@ check_download_exists() { fi } -get_binary_name() { - local machine - machine=$(uname -m) - - local str - str="Detecting architecture" - echo -ne " ${INFO} ${str}..." - if [[ "${machine}" == "arm"* || "${machine}" == *"aarch"* ]]; then - # ARM - local rev - rev=$(uname -m | sed "s/[^0-9]//g;") - local lib - lib=$(ldd /bin/ls | grep -E '^\s*/lib' | awk '{ print $1 }') - if [[ "${lib}" == "/lib/ld-linux-aarch64.so.1" ]]; then - echo -e "${OVER} ${TICK} Detected ARM-aarch64 architecture" - binary="pihole-FTL-aarch64-linux-gnu" - elif [[ "${lib}" == "/lib/ld-linux-armhf.so.3" ]]; then - if [[ "$rev" -gt "6" ]]; then - echo -e "${OVER} ${TICK} Detected ARM-hf architecture (armv7+)" - binary="pihole-FTL-arm-linux-gnueabihf" - else - echo -e "${OVER} ${TICK} Detected ARM-hf architecture (armv6 or lower) Using ARM binary" - binary="pihole-FTL-arm-linux-gnueabi" - fi - else - echo -e "${OVER} ${TICK} Detected ARM architecture" - binary="pihole-FTL-arm-linux-gnueabi" - fi - elif [[ "${machine}" == "ppc" ]]; then - # PowerPC - echo -e "${OVER} ${TICK} Detected PowerPC architecture" - binary="pihole-FTL-powerpc-linux-gnu" - elif [[ "${machine}" == "x86_64" ]]; then - # 64bit - echo -e "${OVER} ${TICK} Detected x86_64 architecture" - binary="pihole-FTL-linux-x86_64" - else - # Something else - we try to use 32bit executable and warn the user - if [[ ! "${machine}" == "i686" ]]; then - echo -e "${OVER} ${CROSS} ${str}... - ${COL_LIGHT_RED}Not able to detect architecture (unknown: ${machine}), trying 32bit executable - Contact support if you experience issues (e.g: FTL not running)${COL_NC}" - else - echo -e "${OVER} ${TICK} Detected 32bit (i686) architecture" - fi - binary="pihole-FTL-linux-x86_32" - fi -} - fully_fetch_repo() { # Add upstream branches to shallow clone local directory="${1}" diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index a4ada4c8..ee168fc4 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -77,24 +77,18 @@ GitCheckUpdateAvail() { fi } -FTLcheckUpdate() { - local FTLversion - FTLversion=$(/usr/bin/pihole-FTL tag) - local FTLlatesttag - FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') - - if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then - return 0 - else - return 1 - fi -} - main() { local pihole_version_current local web_version_current local basicError="\\n ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}" - + local core_update + local web_update + local FTL_update + + core_update=false + web_update=false + FTL_update=false + # shellcheck disable=1090,2154 source "${setupVars}" @@ -115,7 +109,9 @@ main() { echo -e " ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - if FTLcheckUpdate ; then + get_binary_name > /dev/null # Needed so that we have the correct binary name for the FTL Update check function + + if FTLcheckUpdate > /dev/null; then # Function is in sourced basic-install.sh FTL_update=true echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" else @@ -123,16 +119,6 @@ main() { echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - # Logic: Don't update FTL when there is a core update available - # since the core update will run the installer which will itself - # re-install (i.e. update) FTL - if ${FTL_update} && ! ${core_update}; then - echo "" - echo -e " ${INFO} FTL out of date" - FTLdetect - echo "" - fi - if [[ "${INSTALL_WEB}" == true ]]; then if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then echo -e "\\n ${COL_LIGHT_RED}Error: Web Admin repo is missing from system! @@ -147,80 +133,37 @@ main() { web_update=false echo -e " ${INFO} Web Interface:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - - # Logic - # If Core up to date AND web up to date: - # Do nothing - # If Core up to date AND web NOT up to date: - # Pull web repo - # If Core NOT up to date AND web up to date: - # pull pihole repo, run install --unattended -- reconfigure - # if Core NOT up to date AND web NOT up to date: - # pull pihole repo run install --unattended - - if ! ${core_update} && ! ${web_update} ; then - if ! ${FTL_update} ; then - echo "" - echo -e " ${TICK} Everything is up to date!" - exit 0 - fi - elif ! ${core_update} && ${web_update} ; then - echo "" - echo -e " ${INFO} Pi-hole Web Admin files out of date" - getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}" - elif ${core_update} && ! ${web_update} ; then - echo "" - echo -e " ${INFO} Pi-hole core files out of date" - getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ - echo -e "${basicError}" && exit 1 - elif ${core_update} && ${web_update} ; then - echo "" - echo -e " ${INFO} Updating Pi-hole core and web admin files" - getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --unattended || \ - echo -e "${basicError}" && exit 1 - else - echo -e " ${COL_LIGHT_RED}Update script has malfunctioned, please contact Pi-hole Support${COL_NC}" - exit 1 - fi - else # Web Admin not installed, so only verify if core is up to date - if ! ${core_update}; then - if ! ${FTL_update} ; then - echo "" - echo -e " ${INFO} Everything is up to date!" - exit 0 - fi - else - echo "" - echo -e " ${INFO} Pi-hole Core files out of date" - getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ - echo -e "${basicError}" && exit 1 - fi fi - if [[ "${web_update}" == true ]]; then - web_version_current="$(/usr/local/bin/pihole version --admin --current)" + if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then echo "" - echo -e " ${INFO} Web Admin version is now at ${web_version_current/* v/v} - ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'" + echo -e " ${TICK} Everything is up to date!" + exit 0 fi if [[ "${core_update}" == true ]]; then - pihole_version_current="$(/usr/local/bin/pihole version --pihole --current)" echo "" - echo -e " ${INFO} Pi-hole version is now at ${pihole_version_current/* v/v} - ${INFO} If you had made any changes in '/etc/.pihole/', they have been stashed using 'git stash'" + echo -e " ${INFO} Pi-hole core files out of date, updating local repo." + getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" + echo -e " ${INFO} If you had made any changes in '/etc/.pihole/', they have been stashed using 'git stash'" + fi + + if [[ "${web_update}" == true ]]; then + echo "" + echo -e " ${INFO} Pi-hole Web Admin files out of date, updating local repo." + getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}" + echo -e " ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'" fi if [[ "${FTL_update}" == true ]]; then - FTL_version_current="$(/usr/bin/pihole-FTL tag)" - echo -e "\\n ${INFO} FTL version is now at ${FTL_version_current/* v/v}" - start_service pihole-FTL - enable_service pihole-FTL + echo "" + echo -e " ${INFO} FTL out of date, it will be updated by the installer." fi + if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then + ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ + echo -e "${basicError}" && exit 1 + fi echo "" exit 0 } diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 01a1aff0..d9c4b8f9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1828,15 +1828,9 @@ FTLinstall() { fi } -# Detect suitable FTL binary platform -FTLdetect() { - echo "" - echo -e " ${INFO} FTL Checks..." - - # Local, named variables +get_binary_name() { +# Local, named variables local machine - local binary - # Store architecture in a variable machine=$(uname -m) @@ -1895,11 +1889,10 @@ FTLdetect() { fi binary="pihole-FTL-linux-x86_32" fi +} - #In the next section we check to see if FTL is already installed (in case of pihole -r). - #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download - echo -e " ${INFO} Checking for existing FTL binary..." - +FTLcheckUpdate() +{ local ftlLoc=$(which pihole-FTL 2>/dev/null) local ftlBranch @@ -1910,8 +1903,26 @@ FTLdetect() { ftlBranch="master" fi + local remoteSha1 + local localSha1 + if [[ ! "${ftlBranch}" == "master" ]]; then - FTLinstall "${binary}" || return 1 + if [[ ${ftlLoc} ]]; then + # We already have a pihole-FTL binary downloaded. + # Alt branches don't have a tagged version against them, so just confirm the checksum of the local vs remote to decide whether we download or not + remoteSha1=$(curl -sSL --fail "https://ftl.pi-hole.net/${ftlBranch}/${binary}.sha1" | cut -d ' ' -f 1) + localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1) + + if [[ "${remoteSha1}" != "${localSha1}" ]]; then + echo -e " ${INFO} Checksums do not match, downloading from ftl.pi-hole.net." + return 0 + else + echo -e " ${INFO} Checksum of installed binary matches remote. No need to download!" + return 1 + fi + else + return 0 + fi else if [[ ${ftlLoc} ]]; then local FTLversion @@ -1920,28 +1931,41 @@ FTLdetect() { FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then - # Install FTL - FTLinstall "${binary}" || return 1 + return 0 else echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..." - local remoteSha1 remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1) - local localSha1 localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1) if [[ "${remoteSha1}" != "${localSha1}" ]]; then echo -e " ${INFO} Corruption detected..." - FTLinstall "${binary}" || return 1 + return 0 else echo -e " ${INFO} Checksum correct. No need to download!" + return 1 fi fi else - # Install FTL - FTLinstall "${binary}" || return 1 + return 0 fi fi +} + +# Detect suitable FTL binary platform +FTLdetect() { + echo "" + echo -e " ${INFO} FTL Checks..." + + get_binary_name + + #In the next section we check to see if FTL is already installed (in case of pihole -r). + #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download + echo -e " ${INFO} Checking for existing FTL binary..." + if FTLcheckUpdate ; then + FTLinstall "${binary}" || return 1 + fi + echo "" } @@ -2225,6 +2249,10 @@ main() { echo -e "\\n ${INFO} The install log is located at: ${installLogLoc} ${COL_LIGHT_GREEN}${INSTALL_TYPE} Complete! ${COL_NC}" + if [[ "${INSTALL_TYPE}" == "Update" ]]; then + echo "" + /usr/local/bin/pihole version --current + fi } # diff --git a/gravity.sh b/gravity.sh index 88ba8bb0..5806dea7 100755 --- a/gravity.sh +++ b/gravity.sh @@ -510,9 +510,11 @@ gravity_ParseBlacklistDomains() { if [[ -f "${piholeDir}/${whitelistMatter}" ]]; then gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" + grep -c "^" "${piholeDir}/${whitelistMatter}" > "${piholeDir}/numBlocked" 2> /dev/null else # There was no whitelist file, so use preEventHorizon instead of whitelistMatter. gravity_ParseDomainsIntoHosts "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}" + grep -c "^" "${piholeDir}/${preEventHorizon}" > "${piholeDir}/numBlocked" 2> /dev/null fi # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it From 56278c6394b5954245c66a76c3a6fd5158b0ac5e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Apr 2018 22:06:36 +0100 Subject: [PATCH 29/46] Fix shellcheck complaints Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index ee168fc4..d80edca2 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -28,9 +28,12 @@ source "/opt/pihole/COL_TABLE" # make_repo() sourced from basic-install.sh # update_repo() source from basic-install.sh # getGitFiles() sourced from basic-install.sh +# get_binary_name() sourced from basic-install.sh +# FTLcheckUpdate() sourced from basic-install.sh GitCheckUpdateAvail() { - local directory="${1}" + local directory + directory="${1}" curdir=$PWD cd "${directory}" || return @@ -78,8 +81,6 @@ GitCheckUpdateAvail() { } main() { - local pihole_version_current - local web_version_current local basicError="\\n ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}" local core_update local web_update @@ -111,7 +112,7 @@ main() { get_binary_name > /dev/null # Needed so that we have the correct binary name for the FTL Update check function - if FTLcheckUpdate > /dev/null; then # Function is in sourced basic-install.sh + if FTLcheckUpdate > /dev/null; then FTL_update=true echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" else From f37b2bc7c18abfdfff802fa6dc45b3d259f39654 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Apr 2018 23:22:06 +0100 Subject: [PATCH 30/46] move call to `get_binary_name` into `FTLcheckUpdate()` to avoid having to run that first Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 2 -- automated install/basic-install.sh | 14 ++++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index d80edca2..0f9f9783 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -110,8 +110,6 @@ main() { echo -e " ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - get_binary_name > /dev/null # Needed so that we have the correct binary name for the FTL Update check function - if FTLcheckUpdate > /dev/null; then FTL_update=true echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d9c4b8f9..8ade6796 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1893,7 +1893,14 @@ get_binary_name() { FTLcheckUpdate() { - local ftlLoc=$(which pihole-FTL 2>/dev/null) + get_binary_name + + #In the next section we check to see if FTL is already installed (in case of pihole -r). + #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download + echo -e " ${INFO} Checking for existing FTL binary..." + + local ftlLoc + ftlLoc=$(which pihole-FTL 2>/dev/null) local ftlBranch @@ -1957,11 +1964,6 @@ FTLdetect() { echo "" echo -e " ${INFO} FTL Checks..." - get_binary_name - - #In the next section we check to see if FTL is already installed (in case of pihole -r). - #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download - echo -e " ${INFO} Checking for existing FTL binary..." if FTLcheckUpdate ; then FTLinstall "${binary}" || return 1 fi From 4941e0f8ad507e0b720b1a0cf13c5b66985043eb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 4 Apr 2018 13:12:39 +0200 Subject: [PATCH 31/46] Backend changes needed to be able to set the privacy level Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 5eb35e97..3116f878 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -13,6 +13,7 @@ readonly setupVars="/etc/pihole/setupVars.conf" readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf" readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf" +readonly FTLconf="/etc/pihole/pihole-FTL.conf" # 03 -> wildcards readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf" @@ -52,6 +53,19 @@ change_setting() { add_setting "${1}" "${2}" } +addFTLsetting() { + echo "${1}=${2}" >> "${FTLconf}" +} + +deleteFTLsetting() { + sed -i "/${1}/d" "${FTLconf}" +} + +changeFTLsetting() { + deleteFTLsetting "${1}" + addFTLsetting "${1}" "${2}" +} + add_dnsmasq_setting() { if [[ "${2}" != "" ]]; then echo "${1}=${2}" >> "${dnsmasqconfig}" @@ -505,6 +519,13 @@ audit() echo "${args[2]}" >> /etc/pihole/auditlog.list } +SetPrivacyLevel() { + # Set privacy level. Minimum is 0, maximum is 3 + if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then + changeFTLsetting "PRIVACYLEVEL" "${args[2]}" + fi +} + main() { args=("$@") @@ -534,6 +555,7 @@ main() { "-t" | "teleporter" ) Teleporter;; "adlist" ) CustomizeAdLists;; "audit" ) audit;; + "privacylevel" ) SetPrivacyLevel;; * ) helpFunc;; esac From 631f5b484846e8b2ecfd5cd6a4527e4617e672be Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 4 Apr 2018 16:34:31 +0100 Subject: [PATCH 32/46] Change order of updatable components to match the end output Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 0f9f9783..9dbdb680 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -110,14 +110,6 @@ main() { echo -e " ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" fi - if FTLcheckUpdate > /dev/null; then - FTL_update=true - echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" - else - FTL_update=false - echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}" - fi - if [[ "${INSTALL_WEB}" == true ]]; then if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then echo -e "\\n ${COL_LIGHT_RED}Error: Web Admin repo is missing from system! @@ -134,6 +126,14 @@ main() { fi fi + if FTLcheckUpdate > /dev/null; then + FTL_update=true + echo -e " ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}" + else + FTL_update=false + echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}" + fi + if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then echo "" echo -e " ${TICK} Everything is up to date!" From 6086614274eac0ccd2704a12c37abd7b8685dbeb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 4 Apr 2018 18:10:23 +0200 Subject: [PATCH 33/46] Add "-l, privacylevel" description to "pihole -a" Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 56 ++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 3116f878..ce6c34d2 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -36,7 +36,7 @@ Options: -e, email Set an administrative contact address for the Block Page -h, --help Show this help dialog -i, interface Specify dnsmasq's interface listening behavior - Add '-h' for more info on interface usage" + -l, privacylevel Set privacy level (0 = lowest, 3 = highest)" exit 0 } @@ -530,33 +530,33 @@ main() { args=("$@") case "${args[1]}" in - "-p" | "password" ) SetWebPassword;; - "-c" | "celsius" ) unit="C"; SetTemperatureUnit;; - "-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;; - "-k" | "kelvin" ) unit="K"; SetTemperatureUnit;; - "setdns" ) SetDNSServers;; - "setexcludedomains" ) SetExcludeDomains;; - "setexcludeclients" ) SetExcludeClients;; - "poweroff" ) Poweroff;; - "reboot" ) Reboot;; - "restartdns" ) RestartDNS;; - "setquerylog" ) SetQueryLogOptions;; - "enabledhcp" ) EnableDHCP;; - "disabledhcp" ) DisableDHCP;; - "layout" ) SetWebUILayout;; - "-h" | "--help" ) helpFunc;; - "privacymode" ) SetPrivacyMode;; - "resolve" ) ResolutionSettings;; - "addstaticdhcp" ) AddDHCPStaticAddress;; - "removestaticdhcp" ) RemoveDHCPStaticAddress;; - "-r" | "hostrecord" ) SetHostRecord "$3";; - "-e" | "email" ) SetAdminEmail "$3";; - "-i" | "interface" ) SetListeningMode "$@";; - "-t" | "teleporter" ) Teleporter;; - "adlist" ) CustomizeAdLists;; - "audit" ) audit;; - "privacylevel" ) SetPrivacyLevel;; - * ) helpFunc;; + "-p" | "password" ) SetWebPassword;; + "-c" | "celsius" ) unit="C"; SetTemperatureUnit;; + "-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;; + "-k" | "kelvin" ) unit="K"; SetTemperatureUnit;; + "setdns" ) SetDNSServers;; + "setexcludedomains" ) SetExcludeDomains;; + "setexcludeclients" ) SetExcludeClients;; + "poweroff" ) Poweroff;; + "reboot" ) Reboot;; + "restartdns" ) RestartDNS;; + "setquerylog" ) SetQueryLogOptions;; + "enabledhcp" ) EnableDHCP;; + "disabledhcp" ) DisableDHCP;; + "layout" ) SetWebUILayout;; + "-h" | "--help" ) helpFunc;; + "privacymode" ) SetPrivacyMode;; + "resolve" ) ResolutionSettings;; + "addstaticdhcp" ) AddDHCPStaticAddress;; + "removestaticdhcp" ) RemoveDHCPStaticAddress;; + "-r" | "hostrecord" ) SetHostRecord "$3";; + "-e" | "email" ) SetAdminEmail "$3";; + "-i" | "interface" ) SetListeningMode "$@";; + "-t" | "teleporter" ) Teleporter;; + "adlist" ) CustomizeAdLists;; + "audit" ) audit;; + "-l" | "privacylevel" ) SetPrivacyLevel;; + * ) helpFunc;; esac shift From 82d5afe9961a7964bc22e70f44ec8fdd504fa855 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 5 Apr 2018 22:28:55 +0200 Subject: [PATCH 34/46] Silence error in log flush subroutine when no pihole-FTL.conf can be found Signed-off-by: DL6ER --- advanced/Scripts/piholeLogFlush.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 5fd9832e..0bc998ac 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -16,7 +16,7 @@ source ${colfile} # Constructed to return nothing when # a) the setting is not present in the config file, or # b) the setting is commented out (e.g. "#DBFILE=...") -DBFILE="$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf)" +DBFILE="$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf 2> /dev/null)" # Test for empty string. Use standard path in this case. if [ -z "$DBFILE" ]; then DBFILE="/etc/pihole/pihole-FTL.db" From 284f9e3f2f9141e2a7a16b252abd447217b824d6 Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Wed, 11 Apr 2018 20:38:56 -0500 Subject: [PATCH 35/46] implement mcats request. removed 'the' Signed-off-by: Jacob Salmela --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b5e24378..ceeadb30 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t 3. `http://pi.hole/` (when using Pi-hole as your DNS server) ## Faster-than-light Engine -The FTLDNS[™](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! +FTLDNS[™](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! Some of the statistics you can integrate include: * Total number of domains being blocked From 8e82bf69d8b60dd784fe9f72fba3c1f4d6d149bd Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Wed, 11 Apr 2018 20:40:35 -0500 Subject: [PATCH 36/46] update wallet addresses Signed-off-by: Jacob Salmela --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ceeadb30..5119fd8c 100644 --- a/README.md +++ b/README.md @@ -61,9 +61,10 @@ Make no mistake: **your support is absolutely vital to help keep us innovating!* Sending a donation using our links below is **extremely helpful** in offsetting a portion of our monthly expenses: - PP Donate via PayPal
-- BTC [Bitcoin](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL
-- BTC [Bitcoin Cash](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): qqh25hlmqaj99xraw00e47xmf8sysnyxhyww2d7dnh
-- BTC [Ethereum](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): 0xF00aF43d2431BAD585056492b310e48eC40D87e8 +- BTC [Bitcoin](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): +3MDPzjXu2hjw5sGLJvKUi1uXbvQPzVrbpF
+- BTC [Bitcoin Cash](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): qzqsz4aju2eecc6uhs7tus4vlwhhela24sdruf4qp5
+- BTC [Ethereum](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): 0x79d4e90A4a0C732819526c93e21A3F1356A2FAe1 ### Alternative support If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us: From 8b5dcc3872de9a77833d2ed680cfac525350574c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 13 Apr 2018 16:53:57 +0100 Subject: [PATCH 37/46] Match change made by 7edab27 to prevent merge conflict Signed-off-by: Adam Warner --- advanced/Scripts/piholeLogFlush.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 0bc998ac..d9ac5ebd 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -16,12 +16,10 @@ source ${colfile} # Constructed to return nothing when # a) the setting is not present in the config file, or # b) the setting is commented out (e.g. "#DBFILE=...") -DBFILE="$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf 2> /dev/null)" -# Test for empty string. Use standard path in this case. -if [ -z "$DBFILE" ]; then - DBFILE="/etc/pihole/pihole-FTL.db" +FTLconf="/etc/pihole/pihole-FTL.conf" +if [ -e "$FTLconf" ]; then + DBFILE="$(sed -n -e 's/^\s*DBFILE\s*=\s*//p' ${FTLconf})" fi - if [[ "$@" != *"quiet"* ]]; then echo -ne " ${INFO} Flushing /var/log/pihole.log ..." fi From bca23dd896e743575e3b9925e3c63f320e421f09 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 18:25:35 +0100 Subject: [PATCH 38/46] Allow passing of --check-only to update script. Don't run installer for updating web files, it's handled by getGitFiles. I think this works... Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 14 +++++++++++++- pihole | 4 ++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 9dbdb680..f0deab2b 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -19,6 +19,9 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole" # shellcheck disable=SC2034 PH_TEST=true +# when --check-only is passed to this script, it will not perform the actual update +CHECK_ONLY=false + # shellcheck disable=SC1090 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # shellcheck disable=SC1091 @@ -140,6 +143,11 @@ main() { exit 0 fi + if [[ "${CHECK_ONLY}" == true ]]; then + echo "" + exit 0 + fi + if [[ "${core_update}" == true ]]; then echo "" echo -e " ${INFO} Pi-hole core files out of date, updating local repo." @@ -159,7 +167,7 @@ main() { echo -e " ${INFO} FTL out of date, it will be updated by the installer." fi - if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then + if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ echo -e "${basicError}" && exit 1 fi @@ -167,4 +175,8 @@ main() { exit 0 } +if [[ "$1" == "--check-only" ]]; then + CHECK_ONLY=true +fi + main diff --git a/pihole b/pihole index 4c824242..8ae85f00 100755 --- a/pihole +++ b/pihole @@ -71,7 +71,7 @@ flushFunc() { } updatePiholeFunc() { - "${PI_HOLE_SCRIPT_DIR}"/update.sh + "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@" exit 0 } @@ -644,7 +644,7 @@ case "${1}" in "-wild" | "wildcard" ) wildcardFunc "$@";; "-d" | "debug" ) debugFunc "$@";; "-f" | "flush" ) flushFunc "$@";; - "-up" | "updatePihole" ) updatePiholeFunc;; + "-up" | "updatePihole" ) updatePiholeFunc "$@";; "-r" | "reconfigure" ) reconfigurePiholeFunc;; "-g" | "updateGravity" ) updateGravityFunc "$@";; "-c" | "chronometer" ) chronometerFunc "$@";; From 33148ba8328a1646f4ed1b36a5a736a66a24b94d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 18:30:13 +0100 Subject: [PATCH 39/46] Add help text to pihole command to document new flag Signed-off-by: Adam Warner --- pihole | 1 + 1 file changed, 1 insertion(+) diff --git a/pihole b/pihole index 8ae85f00..3a15df7b 100755 --- a/pihole +++ b/pihole @@ -620,6 +620,7 @@ Options: -q, query Query the adlists for a specified domain Add '-h' for more info on query usage -up, updatePihole Update Pi-hole subsystems + Add '--check-only' to exit script before update is performed. -v, version Show installed versions of Pi-hole, Admin Console & FTL Add '-h' for more info on version usage uninstall Uninstall Pi-hole from your system From e49a9096a52124fbb61e1195f5d949156ad5e03d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 18:37:32 +0100 Subject: [PATCH 40/46] accidentally a 'shift' Signed-off-by: Adam Warner --- pihole | 1 + 1 file changed, 1 insertion(+) diff --git a/pihole b/pihole index 3a15df7b..cb75861b 100755 --- a/pihole +++ b/pihole @@ -71,6 +71,7 @@ flushFunc() { } updatePiholeFunc() { + shift "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@" exit 0 } From 20e0bca71d4005a99cbbe25430e9d5df62e928cc Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 23:45:36 +0100 Subject: [PATCH 41/46] add some more linters to stickler Signed-off-by: Adam Warner --- .stickler.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.stickler.yml b/.stickler.yml index b96fc2e7..d254899a 100644 --- a/.stickler.yml +++ b/.stickler.yml @@ -1,3 +1,6 @@ linters: shellcheck: shell: bash + phpcs: + css: + flake8: From 18b24535fe65e5ae1d878deaffab7edce7706456 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 15 Apr 2018 23:46:52 +0100 Subject: [PATCH 42/46] Lets try the correct name for csslint Signed-off-by: Adam Warner --- .stickler.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.stickler.yml b/.stickler.yml index d254899a..0eaae8cb 100644 --- a/.stickler.yml +++ b/.stickler.yml @@ -2,5 +2,5 @@ linters: shellcheck: shell: bash phpcs: - css: + csslint: flake8: From 24b8b4e904b976b1fb91cc9ef66cdf693dcf0966 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 18 Apr 2018 17:12:20 +0200 Subject: [PATCH 43/46] Add backend changes for supporting a local recursive DNS server Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index ce6c34d2..b04b55aa 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -149,6 +149,10 @@ ProcessDNSSettings() { let COUNTER=COUNTER+1 done + if [ ! -z "${LOCAL_RECURSIVE}" ]; then + add_dnsmasq_setting "server" "127.0.0.1#${LOCAL_RECURSIVE}" + fi + delete_dnsmasq_setting "domain-needed" if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then @@ -525,6 +529,16 @@ SetPrivacyLevel() { changeFTLsetting "PRIVACYLEVEL" "${args[2]}" fi } +SetLocalRecursivePort() { + # Ensure port is a natural number { 0, 1, 2, 3, ... } + if [[ "${1}" == "0" ]]; then + delete_setting "LOCAL_RECURSIVE" + ProcessDNSSettings + elif [[ "${1}" =~ ^[0-9]+$ ]]; then + change_setting "LOCAL_RECURSIVE" "${1}" + ProcessDNSSettings + fi +} main() { args=("$@") @@ -556,6 +570,7 @@ main() { "adlist" ) CustomizeAdLists;; "audit" ) audit;; "-l" | "privacylevel" ) SetPrivacyLevel;; + "localrecursivedns" ) SetLocalRecursivePort "$3";; * ) helpFunc;; esac From ce35509a40a08ed61b7788e49b4677826ab0e75f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 18 Apr 2018 17:30:51 +0200 Subject: [PATCH 44/46] Change command to "pihole -a localdnsport X" Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index b04b55aa..21623eea 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -149,8 +149,8 @@ ProcessDNSSettings() { let COUNTER=COUNTER+1 done - if [ ! -z "${LOCAL_RECURSIVE}" ]; then - add_dnsmasq_setting "server" "127.0.0.1#${LOCAL_RECURSIVE}" + if [ ! -z "${LOCAL_DNS_PORT}" ]; then + add_dnsmasq_setting "server" "127.0.0.1#${LOCAL_DNS_PORT}" fi delete_dnsmasq_setting "domain-needed" @@ -529,13 +529,13 @@ SetPrivacyLevel() { changeFTLsetting "PRIVACYLEVEL" "${args[2]}" fi } -SetLocalRecursivePort() { +SetLocalDNSport() { # Ensure port is a natural number { 0, 1, 2, 3, ... } if [[ "${1}" == "0" ]]; then - delete_setting "LOCAL_RECURSIVE" + delete_setting "LOCAL_DNS_PORT" ProcessDNSSettings elif [[ "${1}" =~ ^[0-9]+$ ]]; then - change_setting "LOCAL_RECURSIVE" "${1}" + change_setting "LOCAL_DNS_PORT" "${1}" ProcessDNSSettings fi } @@ -570,7 +570,7 @@ main() { "adlist" ) CustomizeAdLists;; "audit" ) audit;; "-l" | "privacylevel" ) SetPrivacyLevel;; - "localrecursivedns" ) SetLocalRecursivePort "$3";; + "localdnsport" ) SetLocalDNSport "$3";; * ) helpFunc;; esac From 255cfb7d626633fa99a9f00b6e1662b8b23a2fca Mon Sep 17 00:00:00 2001 From: Rowan Date: Thu, 19 Apr 2018 19:30:30 +0100 Subject: [PATCH 45/46] Fixed typo in README Signed-off-by: Rowan Wookey --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5119fd8c..60c54f87 100644 --- a/README.md +++ b/README.md @@ -148,7 +148,7 @@ Some notable features include: There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168): 1. `http:///admin/` -2. `http:/pi.hole/admin/` (when using Pi-hole as your DNS server) +2. `http://pi.hole/admin/` (when using Pi-hole as your DNS server) 3. `http://pi.hole/` (when using Pi-hole as your DNS server) ## Faster-than-light Engine From 55fce489bc46ffe9c977ca78ab3b79641bcb569c Mon Sep 17 00:00:00 2001 From: Michele Bologna Date: Thu, 19 Apr 2018 23:31:43 +0200 Subject: [PATCH 46/46] Fix: add psmisc as dependency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Debian 9.4 does not install `psmisc` by default and the following error will happen during installation: ``` [✗] /usr/local/bin/pihole: line 353: killall: command not found /usr/local/bin/pihole: line 364: killall: command not found ``` This patch adds `psmisc` (that contains `killall`) as dependency Signed-off-by: Michele Bologna --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 160039ce..c473d0c9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf) + PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) @@ -1589,7 +1589,7 @@ updatePihole() { # Install base files and web interface installScripts # Install config files - installConfigs + installConfigs # If the user wants to install the dasboard, if [[ "${INSTALL_WEB}" == true ]]; then # do so