From 3261c2e2737590bab40c265e130850e8a597a99a Mon Sep 17 00:00:00 2001 From: Clayton Dobbs Date: Sat, 17 Nov 2018 22:57:01 -0700 Subject: [PATCH 01/30] Added check for universe repo on ubuntu bionic with user prompts. Signed-off-by: Clayton Dobbs --- automated install/basic-install.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c49edda8..d682516c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -165,6 +165,20 @@ if is_command apt-get ; then # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" # Some distros vary slightly so these fixes for dependencies may apply + # on Ubuntu 18.04.1 LTS we need to add the universe repository to gain access to dialog and dhcpcd5 + APT_SOURCES="/etc/apt/sources.list" + if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}' ${APT_SOURCES}; then + if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5\\n- dialog" ${r} ${c}; then + printf " %b Aborting installation: dependencies could not be installed.\\n" "${CROSS}" + exit # exit the installer + else + printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}" + cp ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list + printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup" + add-apt-repository universe + printf " %b Enabled %s\\n" "${TICK}" "'universe' repository" + fi + fi # Debian 7 doesn't have iproute2 so if the dry run install is successful, if ${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1; then # we can install it From a285ae65fb32619a3a41feb90014a53cd1d883a9 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Nov 2018 08:39:44 +0100 Subject: [PATCH 02/30] Backend changes for DHCPv4 rapid commit support Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 0b5c351e..ecc35dbe 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -327,6 +327,10 @@ dhcp-leasefile=/etc/pihole/dhcp.leases echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" fi + if [[ "${DHCP_rapid_commit}" == "true" ]]; then + echo "dhcp-rapid-commit" >> "${dhcpconfig}" + fi + if [[ "${DHCP_IPv6}" == "true" ]]; then echo "#quiet-dhcp6 #enable-ra @@ -351,6 +355,7 @@ EnableDHCP() { change_setting "DHCP_LEASETIME" "${args[5]}" change_setting "PIHOLE_DOMAIN" "${args[6]}" change_setting "DHCP_IPv6" "${args[7]}" + change_setting "DHCP_rapid_commit" "${args[8]}" # Remove possible old setting from file delete_dnsmasq_setting "dhcp-" From 9f672593bc0b44e668e959311d418e0b9e3d08d6 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 26 Nov 2018 20:01:41 +0100 Subject: [PATCH 03/30] Update advanced/Scripts/webpage.sh Co-Authored-By: DL6ER --- advanced/Scripts/webpage.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index ecc35dbe..7b73d243 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -327,6 +327,8 @@ dhcp-leasefile=/etc/pihole/dhcp.leases echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" fi + # Sourced from setupVars + # shellcheck disable=SC2154 if [[ "${DHCP_rapid_commit}" == "true" ]]; then echo "dhcp-rapid-commit" >> "${dhcpconfig}" fi From 1cad06905074a03c662c86f683a8a5ef7f248bd6 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 10 Dec 2018 10:18:25 -0500 Subject: [PATCH 04/30] Add privacy level 4 to all privacy level code Signed-off-by: Mcat12 --- advanced/Scripts/webpage.sh | 2 +- advanced/bash-completion/pihole | 2 +- manpages/pihole-FTL.conf.5 | 6 ++++-- manpages/pihole.8 | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 7b73d243..c6852896 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -36,7 +36,7 @@ Options: -e, email Set an administrative contact address for the Block Page -h, --help Show this help dialog -i, interface Specify dnsmasq's interface listening behavior - -l, privacylevel Set privacy level (0 = lowest, 3 = highest)" + -l, privacylevel Set privacy level (0 = lowest, 4 = highest)" exit 0 } diff --git a/advanced/bash-completion/pihole b/advanced/bash-completion/pihole index c25c570b..7ba0dad8 100644 --- a/advanced/bash-completion/pihole +++ b/advanced/bash-completion/pihole @@ -56,7 +56,7 @@ _pihole() { ;; "privacylevel") if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then - opts_privacy="0 1 2 3" + opts_privacy="0 1 2 3 4" COMPREPLY=( $(compgen -W "${opts_privacy}" -- ${cur}) ) else return 1 diff --git a/manpages/pihole-FTL.conf.5 b/manpages/pihole-FTL.conf.5 index 50536279..218f5e7a 100644 --- a/manpages/pihole-FTL.conf.5 +++ b/manpages/pihole-FTL.conf.5 @@ -64,7 +64,7 @@ pihole-FTL.conf - FTL's config file On which port should FTL be listening? .br -\fBPRIVACYLEVEL=0|1|2|3\fR +\fBPRIVACYLEVEL=0|1|2|3|4\fR .br Which privacy level is used? .br @@ -74,7 +74,9 @@ pihole-FTL.conf - FTL's config file .br 2 - hide domains and clients .br - 3 - paranoia mode (hide everything) + 3 - anonymous mode (hide everything) +.br + 4 - disable all statistics .br \fBIGNORE_LOCALHOST=no|yes\fR diff --git a/manpages/pihole.8 b/manpages/pihole.8 index e0845387..bd7d0933 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -134,7 +134,7 @@ Available commands and options: -i, interface Specify dnsmasq's interface listening behavior .br -l, privacylevel Set privacy level - (0 = lowest, 3 = highest) + (0 = lowest, 4 = highest) .br \fB-c, chronometer\fR [options] From be2d494fcf9fa7e82da23dda99c10566b8a3fb3a Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Wed, 12 Dec 2018 14:55:09 -0500 Subject: [PATCH 05/30] Don't show web version in pihole -v output if not installed Signed-off-by: Mcat12 --- advanced/Scripts/version.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 7dfa1a90..6d0e8c48 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -136,8 +136,16 @@ errorOutput() { } defaultOutput() { + # Source the setupvars config file + # shellcheck disable=SC1091 + . /etc/pihole/setupVars.conf + versionOutput "pi-hole" "$@" - versionOutput "AdminLTE" "$@" + + if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then + versionOutput "AdminLTE" "$@" + fi + versionOutput "FTL" "$@" } From 724afc000f127dae77bfe3d02e2260123527857b Mon Sep 17 00:00:00 2001 From: bcambl Date: Mon, 17 Dec 2018 21:03:54 -0600 Subject: [PATCH 06/30] add sqlite3 dependency for fedora `sqlite3` is provided by the `sqlite` package on CentOS & Fedora Signed-off-by: bcambl --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ac3bbffe..c0d32274 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -263,7 +263,7 @@ elif is_command rpm ; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute newt procps-ng which) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From 0ef4901e4859c500464092baf0abebe7387e9955 Mon Sep 17 00:00:00 2001 From: Florian Freund Date: Tue, 25 Dec 2018 09:02:12 +0100 Subject: [PATCH 07/30] Add a blank after printf to avoid 'Command not found' error > curl -L https://install.pi-hole.net | bash /dev/stdin --i_do_not_follow_recommendations ... /dev/stdin: Zeile 2449: printf %b Skipping free disk space verification\n: Command not found. Signed-off-by: Florian Freund --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c0d32274..a888233c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2460,7 +2460,7 @@ main() { # Start the installer # Verify there is enough disk space for the install if [[ "${skipSpaceCheck}" == true ]]; then - printf" %b Skipping free disk space verification\\n" "${INFO}" + printf " %b Skipping free disk space verification\\n" "${INFO}" else verifyFreeDiskSpace fi From ed5869646f518ebbd289a11016ad46e28297f724 Mon Sep 17 00:00:00 2001 From: Mark Drobnak Date: Thu, 27 Dec 2018 16:37:10 -0500 Subject: [PATCH 08/30] Use source instead of dot for setupVars Signed-off-by: Mark Drobnak --- advanced/Scripts/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 6d0e8c48..f6d4d344 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -138,7 +138,7 @@ errorOutput() { defaultOutput() { # Source the setupvars config file # shellcheck disable=SC1091 - . /etc/pihole/setupVars.conf + source /etc/pihole/setupVars.conf versionOutput "pi-hole" "$@" From 04fd296ffe8ea2411dc158c3a6f12cd6f48cc1be Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 1 Jan 2019 17:13:43 +0100 Subject: [PATCH 09/30] Add wpad vulnerability fix as suggested by dnsmasq.conf.example Signed-off-by: DL6ER --- advanced/01-pihole.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index 3f4e4bc5..af46e918 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -46,3 +46,8 @@ log-facility=/var/log/pihole.log local-ttl=2 log-async + +# If a DHCP client claims that its name is "wpad", ignore that. +# This fixes a security hole. see CERT Vulnerability VU#598349 +dhcp-name-match=set:wpad-ignore,wpad +dhcp-ignore-names=tag:wpad-ignore From 5ffc8c74439b31e45489d6d72480ba221783d84c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 1 Jan 2019 17:56:02 +0100 Subject: [PATCH 10/30] List content of /var/run/shm in debugger Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index cb66f97c..281425bf 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -76,6 +76,7 @@ WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd" HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" +SHM_DIRECTORY="/var/run/shm" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -976,6 +977,9 @@ list_files_in_dir() { [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" ]] || \ [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then : + elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then + # SHM file - we do not want to see the content, but we want to see the files and their sizes + log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do @@ -1019,6 +1023,7 @@ show_content_of_pihole_files() { show_content_of_files_in_dir "${CRON_D_DIRECTORY}" show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}" show_content_of_files_in_dir "${LOG_DIRECTORY}" + show_content_of_files_in_dir "${SHM_DIRECTORY}" } head_tail_log() { From d5fbe1b629c81a58c321148d165e5fb91ac8961a Mon Sep 17 00:00:00 2001 From: Ludovic Rousseau Date: Wed, 2 Jan 2019 23:41:04 +0100 Subject: [PATCH 11/30] Do not ask admin password just for help documentation It is not a good idea to ask for an admin password just to get the command documentation. "pihole -h" should return the arguments documentation with no need to enter a password. Without the patch I get: $ ./pihole -h Password: It is easy to reproduce by invalidating the sudo password using "sudo -k" before running pihole again. Signed-off-by: Ludovic Rousseau --- pihole | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/pihole b/pihole index d4681752..fff3417d 100755 --- a/pihole +++ b/pihole @@ -23,17 +23,6 @@ source "${colfile}" resolver="pihole-FTL" -# Must be root to use this tool -if [[ ! $EUID -eq 0 ]];then - if [[ -x "$(command -v sudo)" ]]; then - exec sudo bash "$0" "$@" - exit $? - else - echo -e " ${CROSS} sudo is needed to run pihole commands. Please run this script as root or install sudo." - exit 1 - fi -fi - webpageFunc() { source "${PI_HOLE_SCRIPT_DIR}/webpage.sh" main "$@" @@ -430,6 +419,21 @@ if [[ $# = 0 ]]; then helpFunc fi +case "${1}" in + "-h" | "help" | "--help" ) helpFunc;; +esac + +# Must be root to use this tool +if [[ ! $EUID -eq 0 ]];then + if [[ -x "$(command -v sudo)" ]]; then + exec sudo bash "$0" "$@" + exit $? + else + echo -e " ${CROSS} sudo is needed to run pihole commands. Please run this script as root or install sudo." + exit 1 + fi +fi + # Handle redirecting to specific functions based on arguments case "${1}" in "-w" | "whitelist" ) listFunc "$@";; From 486c41a69a56f539cd31c1eb8748d8e166789acc Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 3 Jan 2019 10:37:46 +0100 Subject: [PATCH 12/30] Add Debain dependency libcap2 needed for FTL's capability check on startup Signed-off-by: DL6ER --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a888233c..4fe5f658 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -221,7 +221,7 @@ if is_command apt-get ; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf) + PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) From c5da1bb952b09ad52556c46aa6037724e7386943 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 3 Jan 2019 10:39:46 +0100 Subject: [PATCH 13/30] Add libcap as Fedora dependency Signed-off-by: DL6ER --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4fe5f658..ce6cb076 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -263,7 +263,7 @@ elif is_command rpm ; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute newt procps-ng which) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From 3035fbf468dacc41762ec91015f5f15bea5c33fb Mon Sep 17 00:00:00 2001 From: bcambl Date: Fri, 4 Jan 2019 17:17:42 -0600 Subject: [PATCH 14/30] remove unused dependency (bc) Signed-off-by: bcambl --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ce6cb076..990b1f34 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -221,7 +221,7 @@ if is_command apt-get ; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2) + PIHOLE_DEPS=(cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) @@ -263,7 +263,7 @@ elif is_command rpm ; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute newt procps-ng which) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap) + PIHOLE_DEPS=(bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From a4ba8d4b8fd0e44e11deeecf33267c82c3d8735e Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:16:24 +0100 Subject: [PATCH 15/30] Prevent double disabling/enabling by checking BLOCKING_ENABLED value in setupVars.conf Signed-off-by: DL6ER --- pihole | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pihole b/pihole index fff3417d..84a5623f 100755 --- a/pihole +++ b/pihole @@ -144,6 +144,10 @@ Time: elif [[ "${1}" == "0" ]]; then # Disable Pi-hole + if grep -cq "BLOCKING_ENABLED=false" "${setupVars}"; then + echo -e " ${INFO} Blocking already disabled, nothing to do" + exit 0 + fi if [[ -e "${gravitylist}" ]]; then mv "${gravitylist}" "${gravitylist}.bck" echo "" > "${gravitylist}" @@ -193,6 +197,10 @@ Time: fi else # Enable Pi-hole + if grep -cq "BLOCKING_ENABLED=true" "${setupVars}"; then + echo -e " ${INFO} Blocking already enabled, nothing to do" + exit 0 + fi echo -e " ${INFO} Enabling blocking" local str="Pi-hole Enabled" From d996e9c9eee0f075ffa844044d86a62932193374 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:28:09 +0100 Subject: [PATCH 16/30] Fix inconsistent handling of binary variable. get_binary_variable() stores the result into a global variable we pass later on as argument to FTLinstall() and define a local variable with the same name. This is fixed by only using the globa variable in all places not. This is still not a very elegant solution but it is also not subject of the current PR. Signed-off-by: DL6ER --- automated install/basic-install.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 990b1f34..f91363c9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -115,6 +115,9 @@ else OVER="\\r\\033[K" fi +# Define global binary variable +binary="tbd" + # A simple function that just echoes out our logo in ASCII format # This lets users know that it is a Pi-hole, LLC product show_ascii_berry() { @@ -2130,7 +2133,6 @@ clone_or_update_repos() { # Download FTL binary to random temp directory and install FTL binary FTLinstall() { # Local, named variables - local binary="${1}" local latesttag local str="Downloading and Installing FTL" printf " %b %s..." "${INFO}" "${str}" @@ -2377,7 +2379,7 @@ FTLdetect() { printf "\\n %b FTL Checks...\\n\\n" "${INFO}" if FTLcheckUpdate ; then - FTLinstall "${binary}" || return 1 + FTLinstall || return 1 fi } From 3cdd6204c562254b9368ce5b3153fe99bdf788a2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:31:02 +0100 Subject: [PATCH 17/30] Move dnsmasq disabling and config file rewriting into a dedicated subroutine Signed-off-by: DL6ER --- automated install/basic-install.sh | 40 ++++++++++++++++-------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f91363c9..092dafef 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2184,25 +2184,6 @@ FTLinstall() { popd > /dev/null || { printf "Unable to return to original directory after FTL binary download.\\n"; return 1; } # Install the FTL service printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" - # dnsmasq can now be stopped and disabled if it exists - if which dnsmasq &> /dev/null; then - if check_service_active "dnsmasq";then - printf " %b FTL can now resolve DNS Queries without dnsmasq running separately\\n" "${INFO}" - stop_service dnsmasq - disable_service dnsmasq - fi - fi - - # Backup existing /etc/dnsmasq.conf if present and ensure that - # /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d" - local conffile="/etc/dnsmasq.conf" - if [[ -f "${conffile}" ]]; then - printf " %b Backing up %s to %s.old\\n" "${INFO}" "${conffile}" "${conffile}" - mv "${conffile}" "${conffile}.old" - fi - # Create /etc/dnsmasq.conf - echo "conf-dir=/etc/dnsmasq.d" > "${conffile}" - return 0 # Otherwise, else @@ -2222,6 +2203,27 @@ FTLinstall() { fi } +disable_dnsmasq() { + # dnsmasq can now be stopped and disabled if it exists + if which dnsmasq &> /dev/null; then + if check_service_active "dnsmasq";then + printf " %b FTL can now resolve DNS Queries without dnsmasq running separately\\n" "${INFO}" + stop_service dnsmasq + disable_service dnsmasq + fi + fi + + # Backup existing /etc/dnsmasq.conf if present and ensure that + # /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d" + local conffile="/etc/dnsmasq.conf" + if [[ -f "${conffile}" ]]; then + printf " %b Backing up %s to %s.old\\n" "${INFO}" "${conffile}" "${conffile}" + mv "${conffile}" "${conffile}.old" + fi + # Create /etc/dnsmasq.conf + echo "conf-dir=/etc/dnsmasq.d" > "${conffile}" +} + get_binary_name() { # This gives the machine architecture which may be different from the OS architecture... local machine From de6dc90575df32800155fb2ecd3c075503388bb0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:31:53 +0100 Subject: [PATCH 18/30] Don't diable pihole-FTL before calling install. root should be able to overwrite the binary in any case. The binary has already been downloaded and hash-verified here so we don't expect any errors in this binary. Signed-off-by: DL6ER --- automated install/basic-install.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 092dafef..03214f1a 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2176,8 +2176,6 @@ FTLinstall() { # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then printf "transferred... " - # Stop FTL - stop_service pihole-FTL &> /dev/null # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL # Move back into the original directory the user was in From d90d7b69273997be0285e79417b36a02f99f1485 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:36:27 +0100 Subject: [PATCH 19/30] Call FTL download/installation early on in the installation process. Signed-off-by: DL6ER --- automated install/basic-install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 03214f1a..83abc49e 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1909,8 +1909,9 @@ installPihole() { installCron # Install the logrotate file installLogrotate - # Check if FTL is installed - FTLdetect || printf " %b FTL Engine not installed\\n" "${CROSS}" + # Check if dnsmasq is present. If so, disable it and back up any possible + # config file + disable_dnsmasq # Configure the firewall if [[ "${useUpdateVars}" == false ]]; then configureFirewall @@ -2539,6 +2540,8 @@ main() { else LIGHTTPD_ENABLED=false fi + # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole + FTLdetect || printf " %b FTL Engine not installed\\n" "${CROSS}" # Install and log everything to a file installPihole | tee -a /proc/$$/fd/3 From cc657c0c263485c6c16e476db29236027ce0f598 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:37:03 +0100 Subject: [PATCH 20/30] Rename subroutine start_service() to restart_service() because this is what it does Signed-off-by: DL6ER --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 83abc49e..d823e923 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1437,7 +1437,7 @@ stop_service() { } # Start/Restart service passed in as argument -start_service() { +restart_service() { # Local, named variables local str="Starting ${1} service" printf " %b %s..." "${INFO}" "${str}" @@ -2572,7 +2572,7 @@ main() { if [[ "${INSTALL_WEB_SERVER}" == true ]]; then if [[ "${LIGHTTPD_ENABLED}" == true ]]; then - start_service lighttpd + restart_service lighttpd enable_service lighttpd else printf " %b Lighttpd is disabled, skipping service restart\\n" "${INFO}" @@ -2587,7 +2587,7 @@ main() { # Fixes a problem reported on Ubuntu 18.04 where trying to start # the service before enabling causes installer to exit enable_service pihole-FTL - start_service pihole-FTL + restart_service pihole-FTL # Download and compile the aggregated block list runGravity From d26f2dcb2c4e865a4e69c72e7e2c2db3778b1d40 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:47:28 +0100 Subject: [PATCH 21/30] Use global binary variable in tests for automated install Signed-off-by: DL6ER --- test/test_automated_install.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index a2593d83..ce0abfd2 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -484,7 +484,8 @@ def test_FTL_download_aarch64_no_errors(Pihole): # mock uname to return generic platform download_binary = Pihole.run(''' source /opt/pihole/basic-install.sh - FTLinstall pihole-FTL-aarch64-linux-gnu + binary="pihole-FTL-aarch64-linux-gnu" + FTLinstall ''') expected_stdout = tick_box + ' Downloading and Installing FTL' assert expected_stdout in download_binary.stdout @@ -498,7 +499,8 @@ def test_FTL_download_unknown_fails_no_errors(Pihole): # mock uname to return generic platform download_binary = Pihole.run(''' source /opt/pihole/basic-install.sh - FTLinstall pihole-FTL-mips + binary="pihole-FTL-mips" + FTLinstall ''') expected_stdout = cross_box + ' Downloading and Installing FTL' assert expected_stdout in download_binary.stdout From 7479485d4518e0fda8ea46d255e504d193013722 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 31 Jan 2019 20:00:26 +0100 Subject: [PATCH 22/30] Add test for the case the binary variable is unset (defaults to "tbd" in this case) Signed-off-by: DL6ER --- test/test_automated_install.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index ce0abfd2..853048d1 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -481,7 +481,6 @@ def test_FTL_download_aarch64_no_errors(Pihole): ''' confirms only aarch64 package is downloaded for FTL engine ''' - # mock uname to return generic platform download_binary = Pihole.run(''' source /opt/pihole/basic-install.sh binary="pihole-FTL-aarch64-linux-gnu" @@ -496,7 +495,6 @@ def test_FTL_download_unknown_fails_no_errors(Pihole): ''' confirms unknown binary is not downloaded for FTL engine ''' - # mock uname to return generic platform download_binary = Pihole.run(''' source /opt/pihole/basic-install.sh binary="pihole-FTL-mips" @@ -510,6 +508,22 @@ def test_FTL_download_unknown_fails_no_errors(Pihole): assert error2 in download_binary.stdout +def test_FTL_download_binary_unset_no_errors(Pihole): + ''' + confirms unset binary variable does not download FTL engine + ''' + download_binary = Pihole.run(''' + source /opt/pihole/basic-install.sh + FTLinstall + ''') + expected_stdout = cross_box + ' Downloading and Installing FTL' + assert expected_stdout in download_binary.stdout + error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/' + assert error1 in download_binary.stdout + error2 = 'not found' + assert error2 in download_binary.stdout + + def test_FTL_binary_installed_and_responsive_no_errors(Pihole): ''' confirms FTL binary is copied and functional in installed location From 4948862dced5a0ae9f9dba13f119277c533815db Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 31 Jan 2019 20:10:52 +0100 Subject: [PATCH 23/30] Fail hard if FTL binary could not be installed Signed-off-by: DL6ER --- automated install/basic-install.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d823e923..ac61783c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2541,7 +2541,10 @@ main() { LIGHTTPD_ENABLED=false fi # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole - FTLdetect || printf " %b FTL Engine not installed\\n" "${CROSS}" + if ! FTLdetect; then + printf " %b FTL Engine not installed\\n" "${CROSS}" + exit 1 + fi # Install and log everything to a file installPihole | tee -a /proc/$$/fd/3 From 9c0de0f73128da47378c18958bd04d37793be853 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 1 Feb 2019 17:39:12 +0100 Subject: [PATCH 24/30] Try to stop pihole-FTL before and (re)start pihole-FTL after the install command Signed-off-by: DL6ER --- automated install/basic-install.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ac61783c..2022a7bf 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2177,11 +2177,24 @@ FTLinstall() { # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then printf "transferred... " + + # Stop pihole-FTL service if available + # Allow failing without tripping set -e as the + # service might not be available (e.g. on first install) + service pihole-FTL stop > /dev/null 2>&1 || true + # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL + + # Start pihole-FTL service if available + # Allow failing without tripping set -e as the + # service might not be available (e.g. on first install) + service pihole-FTL restart > /dev/null 2>&1 || true + # Move back into the original directory the user was in popd > /dev/null || { printf "Unable to return to original directory after FTL binary download.\\n"; return 1; } - # Install the FTL service + + # Installed the FTL service printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" return 0 # Otherwise, From e8dabc71af52238726da2a0a9454a09dca5e66bb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 1 Feb 2019 17:54:21 +0100 Subject: [PATCH 25/30] Don't try to start pihole-FTL after it has been installed. This will be done a few moments later when gravity is invoked. Signed-off-by: DL6ER --- automated install/basic-install.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2022a7bf..865750ad 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2186,11 +2186,6 @@ FTLinstall() { # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL - # Start pihole-FTL service if available - # Allow failing without tripping set -e as the - # service might not be available (e.g. on first install) - service pihole-FTL restart > /dev/null 2>&1 || true - # Move back into the original directory the user was in popd > /dev/null || { printf "Unable to return to original directory after FTL binary download.\\n"; return 1; } From ec79e86bee709cbbf94b677a5c515212081e70a6 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 1 Feb 2019 18:06:57 +0100 Subject: [PATCH 26/30] We should really use stop_service as it also includes some nice output Signed-off-by: DL6ER --- automated install/basic-install.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 865750ad..cf73864b 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2179,9 +2179,7 @@ FTLinstall() { printf "transferred... " # Stop pihole-FTL service if available - # Allow failing without tripping set -e as the - # service might not be available (e.g. on first install) - service pihole-FTL stop > /dev/null 2>&1 || true + stop_service pihole-FTL &> /dev/null # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL From ae654730c4a54d7b7c9a7734e010bff1fda97c1a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 2 Feb 2019 08:00:58 +0100 Subject: [PATCH 27/30] Update automated install/basic-install.sh Co-Authored-By: DL6ER --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index cf73864b..51fb2810 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1439,7 +1439,7 @@ stop_service() { # Start/Restart service passed in as argument restart_service() { # Local, named variables - local str="Starting ${1} service" + local str="Restarting ${1} service" printf " %b %s..." "${INFO}" "${str}" # If systemctl exists, if is_command systemctl ; then From 5c4ee237959f0fd475d56d053f8cc0ddf1c0962e Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 2 Feb 2019 10:19:44 -0800 Subject: [PATCH 28/30] Fix missed start_service -> restart_service call start_service was changed to restart_service. Signed-off-by: Mcat12 --- advanced/Scripts/piholeCheckout.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 977d1552..1bfe5e21 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -167,7 +167,7 @@ checkout() { echo " ${TICK} Branch ${2} exists" echo "${2}" > /etc/pihole/ftlbranch FTLinstall "${binary}" - start_service pihole-FTL + restart_service pihole-FTL enable_service pihole-FTL else echo " ${CROSS} Requested branch \"${2}\" is not available" From 26f2410fe6f75688e133a2f96538516e4e025f54 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 2 Feb 2019 10:37:12 -0800 Subject: [PATCH 29/30] Change /var/run/shm to /dev/shm The /var directory may not exist (does not exist on Fedora 29), and is simply a symlink to /dev/shm. Signed-off-by: Mcat12 --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 281425bf..c840ed04 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -76,7 +76,7 @@ WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd" HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" -SHM_DIRECTORY="/var/run/shm" +SHM_DIRECTORY="/dev/shm" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 From 7a19d24058ef6ff88f9eedaa32de36f41c396497 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sun, 3 Feb 2019 10:55:18 -0800 Subject: [PATCH 30/30] Remove user/group from dnsmasq config In the case that FTL is started under root, dnsmasq changes the user to pihole due to this setting. The shared memory is created before this switch, and may cause issues such as failing to delete or reallocate the shared memory. These config lines were necessary before dnsmasq became part of FTL, but now since dnsmasq runs under FTL, we can configure the user/group through FTL. Signed-off-by: Mcat12 --- advanced/01-pihole.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index af46e918..502293bf 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -22,9 +22,6 @@ addn-hosts=/etc/pihole/gravity.list addn-hosts=/etc/pihole/black.list addn-hosts=/etc/pihole/local.list -user=pihole -group=pihole - domain-needed localise-queries