From f552173be37d5ce1d58b31fa1ef7a0f4824a85f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 22:51:04 +0200 Subject: [PATCH 01/70] Resolve merge conflict MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4c75f246..3e31a097 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1110,6 +1110,10 @@ list_files_in_dir() { elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then # SHM file - we do not want to see the content, but we want to see the files and their sizes log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" + elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then + # in case of the dnsmasq directory inlcuede all files in the debug output + log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do From c99c86af7f161910f16eb98b2fef6b3f580dc8b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 22:53:30 +0200 Subject: [PATCH 02/70] Make all dir list output human readable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 3e31a097..c222491d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1112,14 +1112,14 @@ list_files_in_dir() { log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then # in case of the dnsmasq directory inlcuede all files in the debug output - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then # display the filename - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" # Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing) case "${dir_to_parse}/${each_file}" in # If it's Web server error log, give the first and last 25 lines From b05fc5bb2b39a38c0dfef45c03db2b9a24205063 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 23:01:18 +0200 Subject: [PATCH 03/70] Remove specific dnsmasq config files from requiered files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index c222491d..d3fc4fec 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -165,9 +165,6 @@ PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" ) # Store the required directories in an array so it can be parsed through REQUIRED_FILES=("${PIHOLE_CRON_FILE}" -"${PIHOLE_DNS_CONFIG_FILE}" -"${PIHOLE_DHCP_CONFIG_FILE}" -"${PIHOLE_WILDCARD_CONFIG_FILE}" "${WEB_SERVER_CONFIG_FILE}" "${WEB_SERVER_CUSTOM_CONFIG_FILE}" "${PIHOLE_INSTALL_LOG_FILE}" From aa2da807686b153818da5f825bfbab88c96945a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 Jul 2021 23:06:01 +0200 Subject: [PATCH 04/70] Remove traces of unused files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d3fc4fec..3bd86a29 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -83,10 +83,6 @@ SHM_DIRECTORY="/dev/shm" # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 PIHOLE_CRON_FILE="${CRON_D_DIRECTORY}/pihole" -PIHOLE_DNS_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/01-pihole.conf" -PIHOLE_DHCP_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/02-pihole-dhcp.conf" -PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf" - WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf" WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf" From 3ef90a9e47f8af7595506818d83f706624b56ff4 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 13 Aug 2021 20:37:42 +0200 Subject: [PATCH 05/70] Remove ineffective Access-Control-Allow-Origin header The Access-Control-Allow-Origin header has only relevance, when a resource is loaded from an external host, so one that does not match the host of the primary loaded website. As the fonts are reasonably loaded via local URLs without hostname or scheme from the blocking page style sheet, they are never seen as external resources, regardless whether the blocking page is shown to the browser from a blocked domain or from the Pi-hole domain/IP. For reference: https://github.com/pi-hole/pi-hole/issues/3462 Signed-off-by: MichaIng --- advanced/lighttpd.conf.debian | 5 ----- advanced/lighttpd.conf.fedora | 5 ----- 2 files changed, 10 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 9c892fc0..3ecd7213 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -78,11 +78,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index aae4a6a4..5a99a9bf 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -86,11 +86,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore From ea5a3bf0b22c204198c99d09b788719c98ec6d96 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 15 Aug 2021 11:17:09 +0200 Subject: [PATCH 06/70] Install RFC6761 config file Signed-off-by: DL6ER --- advanced/06-rfc6761.conf | 41 ++++++++++++++++++++++++++++++ automated install/basic-install.sh | 8 +++++- automated install/uninstall.sh | 1 + 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 advanced/06-rfc6761.conf diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf new file mode 100644 index 00000000..7fb9be00 --- /dev/null +++ b/advanced/06-rfc6761.conf @@ -0,0 +1,41 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2021 Pi-hole, LLC (https://pi-hole.net) +# Network-wide ad blocking via your own hardware. +# +# RFC 6761 config file for Pi-hole +# +# This file is copyright under the latest version of the EUPL. +# Please see LICENSE file for your rights under this license. + +############################################################################### +# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # +# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # +# # +# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # +# WITHIN /etc/dnsmasq.d/yourname.conf # +############################################################################### + +# RFC 6761: Caching DNS servers SHOULD recognize +# test, localhost, invalid +# names as special and SHOULD NOT attempt to look up NS records for them, or +# otherwise query authoritative DNS servers in an attempt to resolve these +# names. +server=/test/ +server=/localhost/ +server=/invalid/ + +# The same RFC requests something similar for +# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 27.172.in-addr.arpa. +# 17.172.in-addr.arpa. 30.172.in-addr.arpa. 28.172.in-addr.arpa. +# 18.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. +# 19.172.in-addr.arpa. 24.172.in-addr.arpa. 31.172.in-addr.arpa. +# 20.172.in-addr.arpa. 25.172.in-addr.arpa. 168.192.in-addr.arpa. +# Pi-hole implements this via the dnsmasq option "bogus-priv" (see +# 01-pihole.conf) because this also covers IPv6. + +# OpenWRT furthermore blocks bind, local, onion domains, this seems meaningful +# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD +# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +server=/bind/ +server=/local/ +server=/onion/ diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..51ff5dcf 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1249,6 +1249,8 @@ version_check_dnsmasq() { local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_config="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_location="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1284,7 +1286,7 @@ version_check_dnsmasq() { fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + printf "%b %b Copied 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" @@ -1315,6 +1317,10 @@ version_check_dnsmasq() { # Otherwise, enable it by uncommenting the directive in the DNS config file sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" fi + + printf " %b Copying 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf..." "${INFO}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_config}" "${dnsmasq_rfc6761_06_location}" + printf "%b %b Copied 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf\\n" "${OVER}" "${TICK}" } # Clean an existing installation to prepare for upgrade/reinstall diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 0f4c4ca6..5e27514f 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -145,6 +145,7 @@ removeNoPurge() { ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null + ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null ${SUDO} rm -rf /var/log/*pihole* &> /dev/null ${SUDO} rm -rf /etc/pihole/ &> /dev/null ${SUDO} rm -rf /etc/.pihole/ &> /dev/null From e1dca46423a003cc2bf4b114547dc4779c688ee9 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 16 Jul 2021 19:58:49 +0200 Subject: [PATCH 07/70] Hardcode whiptail dimensions to 20 rows and 70 chars width With the suggested way to call the installer via "curl -sSL https://install.pi-hole.net | bash", STDIN is no terminal, but overridden by the curl output, hence in most cases, the minimum dimensions were applied, even on larger screens. All whiptail calls are hence assured to work fine with those dimensions, aside of one case, making the calculations obsolete. This commit hardcodes the whiptail dimensions to the prior minimum and removes the calculations. This also helps with testing, as it does not matter anymore how the script is called, and developers have a clearly defined space to make dialogs look nice, including line breaks, menu and list heights. The only case which does not fit the 70 character width, the second menu entry of the "pihole -r" dialog, has been shortened accordingly. This was not an issue before, as "pihole -r" does not override the scripts STDIN and hence did allow larger dimensions based on the now removed calculations. See the following discussions for reference: - https://github.com/pi-hole/pi-hole/issues/3323 - https://github.com/pi-hole/pi-hole/pull/4197#issuecomment-876702380 Signed-off-by: MichaIng --- automated install/basic-install.sh | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..e68ee1eb 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -94,24 +94,9 @@ if [ -z "${USER}" ]; then USER="$(id -un)" fi - -# Check if we are running on a real terminal and find the rows and columns -# If there is no real terminal, we will default to 80x24 -if [ -t 0 ] ; then - screen_size=$(stty size) -else - screen_size="24 80" -fi -# Determine terminal rows and columns by parsing screen_size -printf -v rows '%d' "${screen_size%% *}" -printf -v columns '%d' "${screen_size##* }" - -# Divide by two so the dialogs take up half of the screen, which looks nice. -r=$(( rows / 2 )) -c=$(( columns / 2 )) -# Unless the screen is tiny -r=$(( r < 20 ? 20 : r )) -c=$(( c < 70 ? 70 : c )) +# whiptail dialog dimensions: 20 rows and 70 chars width assures to fit on small screens and is known to hold all content. +r=20 +c=70 ######## Undocumented Flags. Shhh ######## # These are undocumented flags; some of which we can use when repairing an installation @@ -2050,7 +2035,7 @@ update_dialogs() { strAdd="You will be updated to the latest version." fi opt2a="Reconfigure" - opt2b="This will reset your Pi-hole and allow you to enter new settings." + opt2b="Resets Pi-hole and allows re-selecting settings." # Display the information to the user UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\\n\\nWe have detected an existing install.\\n\\nPlease choose from the following options: \\n($strAdd)" "${r}" "${c}" 2 \ From e8e8104b36913b07101a4b3180b6a42b6d0af0e8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 15 Aug 2021 18:37:12 +0200 Subject: [PATCH 08/70] Remove server=/local/ because of https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 Signed-off-by: DL6ER --- advanced/06-rfc6761.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf index 7fb9be00..e03569e8 100644 --- a/advanced/06-rfc6761.conf +++ b/advanced/06-rfc6761.conf @@ -33,9 +33,9 @@ server=/invalid/ # Pi-hole implements this via the dnsmasq option "bogus-priv" (see # 01-pihole.conf) because this also covers IPv6. -# OpenWRT furthermore blocks bind, local, onion domains, this seems meaningful +# OpenWRT furthermore blocks bind, local, onion domains # see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD # and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 server=/bind/ -server=/local/ server=/onion/ From ff64d8cf4d20871b105f228185bef9464ad083b8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 16 Aug 2021 09:57:12 +0200 Subject: [PATCH 09/70] Use variable in user output, too Signed-off-by: DL6ER --- automated install/basic-install.sh | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 51ff5dcf..f4d9edc0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1247,10 +1247,10 @@ version_check_dnsmasq() { local dnsmasq_pihole_id_string="addn-hosts=/etc/pihole/gravity.list" local dnsmasq_pihole_id_string2="# Dnsmasq config for Pi-hole's FTLDNS" local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" - local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" - local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" - local dnsmasq_rfc6761_06_config="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" - local dnsmasq_rfc6761_06_location="/etc/dnsmasq.d/06-rfc6761.conf" + local dnsmasq_pihole_01_source="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" + local dnsmasq_pihole_01_target="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_source="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_target="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1279,48 +1279,48 @@ version_check_dnsmasq() { printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" fi - printf " %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." "${INFO}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_pihole_01_target}" # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) if [[ ! -d "/etc/dnsmasq.d" ]];then install -d -m 755 "/etc/dnsmasq.d" fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory - install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copied 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + install -D -m 644 -T "${dnsmasq_pihole_01_source}" "${dnsmasq_pihole_01_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_pihole_01_target}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, - sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" + sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_target}" if [[ "${PIHOLE_DNS_1}" != "" ]]; then # then swap in the primary DNS server. - sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_target}" else # Otherwise, remove the line which sets DNS1. - sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_target}" fi # Ditto if DNS2 is not empty if [[ "${PIHOLE_DNS_2}" != "" ]]; then - sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_target}" else - sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}" fi # Set the cache size - sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" ${dnsmasq_pihole_01_location} + sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}" # If the user does not want to enable logging, if [[ "${QUERY_LOGGING}" == false ]] ; then # disable it by commenting out the directive in the DNS config file - sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_target}" else # Otherwise, enable it by uncommenting the directive in the DNS config file - sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_target}" fi - printf " %b Copying 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf..." "${INFO}" - install -D -m 644 -T "${dnsmasq_rfc6761_06_config}" "${dnsmasq_rfc6761_06_location}" - printf "%b %b Copied 06-rfc6761.conf to /etc/dnsmasq.d/06-rfc6761.conf\\n" "${OVER}" "${TICK}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_rfc6761_06_source}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_source}" "${dnsmasq_rfc6761_06_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_rfc6761_06_target}" } # Clean an existing installation to prepare for upgrade/reinstall From c2f3477a824bf26f551ff1cb8ce510713b1ac394 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 20 Aug 2021 14:04:50 +0200 Subject: [PATCH 10/70] Ensure conditional forwarding will forward unqualified host names if we have no local answer for them. Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 744416e7..129bdb62 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -269,7 +269,10 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" + # Forward unqualified names to the CF target + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then + # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi fi From 06fd8123c3b3fd73d367fb1045e1a30c514f54e0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 20 Aug 2021 16:26:17 +0200 Subject: [PATCH 11/70] Also remove "rev-server" lines when rewriting 01-pihole.conf Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 129bdb62..fa2c044d 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -54,7 +54,7 @@ add_setting() { } delete_setting() { - sed -i "/${1}/d" "${setupVars}" + sed -i "/^${1}/d" "${setupVars}" } change_setting() { @@ -67,7 +67,7 @@ addFTLsetting() { } deleteFTLsetting() { - sed -i "/${1}/d" "${FTLconf}" + sed -i "/^${1}/d" "${FTLconf}" } changeFTLsetting() { @@ -84,7 +84,7 @@ add_dnsmasq_setting() { } delete_dnsmasq_setting() { - sed -i "/${1}/d" "${dnsmasqconfig}" + sed -i "/^${1}/d" "${dnsmasqconfig}" } SetTemperatureUnit() { @@ -267,6 +267,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 delete_setting "CONDITIONAL_FORWARDING_IP" fi + delete_dnsmasq_setting "rev-server" + if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" # Forward unqualified names to the CF target From 839a70cc3796731b075cb436f8fc400d71a90ad5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 27 Aug 2021 19:16:15 +0200 Subject: [PATCH 12/70] Add sudo to apt-get recommendation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5eda20ea..54397198 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1578,7 +1578,7 @@ update_package_cache() { else # Otherwise, show an error and exit printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "${UPDATE_PKG_CACHE}" "${COL_NC}" + printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" return 1 fi } From 31c7c019cb3c0678eeac4935cf770d7919587398 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 14:04:48 +0200 Subject: [PATCH 13/70] Fix piping to pihole tricorder Signed-off-by: DL6ER --- pihole | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/pihole b/pihole index e8fa9317..1fba6f4d 100755 --- a/pihole +++ b/pihole @@ -404,29 +404,10 @@ tricorderFunc() { exit 1 fi - if ! (echo > /dev/tcp/tricorder.pi-hole.net/9998) >/dev/null 2>&1; then - echo -e " ${CROSS} Unable to connect to Pi-hole's Tricorder server" - exit 1 - fi - - if command -v openssl &> /dev/null; then - openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin - exit "$?" - else - echo -e " ${INFO} ${COL_YELLOW}Security Notice${COL_NC}: ${COL_WHITE}openssl${COL_NC} is not installed - Your debug log will be transmitted unencrypted via plain-text - There is a possibility that this could be intercepted by a third party - If you wish to cancel, press Ctrl-C to exit within 10 seconds" - secs="10" - while [[ "$secs" -gt "0" ]]; do - echo -ne "." - sleep 1 - : $((secs--)) - done - echo " " - nc tricorder.pi-hole.net 9999 < /dev/stdin - exit "$?" - fi + curl --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin + ret=$? + echo "" + exit $ret } updateCheckFunc() { From 21897d7fbd1b7b9d2e3bab3fa94c29fd63625367 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 15:55:42 +0200 Subject: [PATCH 14/70] Add warning if curl failed Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 1 - pihole | 12 ++++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 26ef61fa..4e2a1ca8 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1336,7 +1336,6 @@ curl_to_tricorder() { # transmit he log via TLS and store the token returned in a variable tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) if [ -z "${tricorder_token}" ]; then - # curl failed, fallback to nc log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi } diff --git a/pihole b/pihole index 1fba6f4d..e7a6978b 100755 --- a/pihole +++ b/pihole @@ -399,15 +399,19 @@ Branches: } tricorderFunc() { + local tricorder_token if [[ ! -p "/dev/stdin" ]]; then echo -e " ${INFO} Please do not call Tricorder directly" exit 1 fi - curl --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin - ret=$? - echo "" - exit $ret + tricorder_token="$(curl --silent --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" + if [ -z "${tricorder_token}" ]; then + echo -e "${CROSS} uploading failed failed, contact Pi-hole support for assistance." + exit 1 + fi + echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" + exit 0 } updateCheckFunc() { From 115e3eeda9098e3d3499dfcedf6154b8ce77c78b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 20:20:45 +0200 Subject: [PATCH 15/70] Use --no-progress-meter instead of --silent so error reasons are printed Signed-off-by: DL6ER --- pihole | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pihole b/pihole index e7a6978b..7b1d5404 100755 --- a/pihole +++ b/pihole @@ -405,9 +405,9 @@ tricorderFunc() { exit 1 fi - tricorder_token="$(curl --silent --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" + tricorder_token="$(curl --no-progress-meter --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" if [ -z "${tricorder_token}" ]; then - echo -e "${CROSS} uploading failed failed, contact Pi-hole support for assistance." + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." exit 1 fi echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" From b241a19e8727c75e01c883136eb367d0550c9555 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 30 Aug 2021 21:19:47 +0200 Subject: [PATCH 16/70] Use --no-progress-meter instead of --silent so error reasons are printed Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4e2a1ca8..5113615d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1334,7 +1334,7 @@ curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." # transmit he log via TLS and store the token returned in a variable - tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net) + tricorder_token="$(curl --no-progress-meter --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net)" if [ -z "${tricorder_token}" ]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." fi From 6fec4acd827132936e27a5c2e20f3367ee9010a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 5 Sep 2021 20:44:39 +0200 Subject: [PATCH 17/70] Add content of /etc/resolv.conf to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4e2a1ca8..ab4b1515 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -73,6 +73,7 @@ HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" SHM_DIRECTORY="/dev/shm" +ETC="/etc" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -136,6 +137,8 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log" PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" +RESOLVCONF="${ETC}/resolv.conf" + # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS") @@ -180,7 +183,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_DEBUG_LOG}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" -"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") +"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" +"${RESOLVCONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. @@ -1118,6 +1122,7 @@ show_content_of_pihole_files() { show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}" show_content_of_files_in_dir "${LOG_DIRECTORY}" show_content_of_files_in_dir "${SHM_DIRECTORY}" + show_content_of_files_in_dir "${ETC}" } head_tail_log() { From 69411555721afb713defacb33d626ecd845f8b1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 6 Sep 2021 17:16:36 +0200 Subject: [PATCH 18/70] Add content of /etc/dnsmasq.conf to debug output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index ab4b1515..a12a79b3 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -138,6 +138,7 @@ PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" RESOLVCONF="${ETC}/resolv.conf" +DNSMASQ_CONF="${ETC}/dnsmasq.conf" # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value @@ -184,7 +185,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" -"${RESOLVCONF}") +"${RESOLVCONF}" +"${DNSMASQ_CONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. From a1ee7d92a9b2c3535b228d7af88990a0bd84250c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 6 Sep 2021 22:38:16 +0200 Subject: [PATCH 19/70] Add possibly missing capabilities Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 88f50539..0f96c8bd 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -40,7 +40,7 @@ start() { chmod 0644 /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db 2> /dev/null - if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "$(which pihole-FTL)"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" From 606b05eec19da6e076179e80174178ef79f084fa Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:13:09 +0200 Subject: [PATCH 20/70] Ensure curl is either storing a valid token or a meaningful error message Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 5113615d..6172dae2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1334,9 +1334,14 @@ curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." # transmit he log via TLS and store the token returned in a variable - tricorder_token="$(curl --no-progress-meter --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net)" - if [ -z "${tricorder_token}" ]; then + tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ ! -z "${tricorder_token}" ]; then + log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi fi } From be68a5339ceb3e5d522f469fe2c71eb3678d57ed Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:15:36 +0200 Subject: [PATCH 21/70] Apply same improvement to pihole tricorder feature Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 2 +- pihole | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 6172dae2..02e253a9 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1333,7 +1333,7 @@ analyze_pihole_log() { curl_to_tricorder() { # Users can submit their debug logs using curl (encrypted) log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." - # transmit he log via TLS and store the token returned in a variable + # transmit the log via TLS and store the token returned in a variable tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." diff --git a/pihole b/pihole index 7b1d5404..b30f6052 100755 --- a/pihole +++ b/pihole @@ -405,12 +405,17 @@ tricorderFunc() { exit 1 fi - tricorder_token="$(curl --no-progress-meter --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin)" - if [ -z "${tricorder_token}" ]; then - echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." - exit 1 + tricorder_token=$(curl --silent --fail --show-error --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ ! -z "${tricorder_token}" ]; then + echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi + exit 1 fi - echo "Upload successful, your token is: ${COL_BLUE}${tricorder_token}${COL_NC}" + echo "Upload successful, your token is: ${COL_GREEN}${tricorder_token}${COL_NC}" exit 0 } From cbc99d45c6a2ec243dc2e31e80d1681bd4b8e889 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Sep 2021 11:20:42 +0200 Subject: [PATCH 22/70] Small style change to finished debug upload display Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 15 +++++++-------- pihole | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 02e253a9..e2dba54a 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1338,7 +1338,7 @@ curl_to_tricorder() { if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." # Log curl error (if available) - if [ ! -z "${tricorder_token}" ]; then + if [ -n "${tricorder_token}" ]; then log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" tricorder_token="" fi @@ -1386,15 +1386,14 @@ upload_to_tricorder() { # Again, try to make this visually striking so the user realizes they need to do something with this information # Namely, provide the Pi-hole devs with the token log_write "" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}\\n" log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}" - log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}\\n" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" log_write "" - log_write " * Provide the token above to the Pi-hole team for assistance at" - log_write " * ${FORUMS_URL}" + log_write " * Provide the token above to the Pi-hole team for assistance at ${FORUMS_URL}" # If no token was generated else diff --git a/pihole b/pihole index b30f6052..31356671 100755 --- a/pihole +++ b/pihole @@ -409,7 +409,7 @@ tricorderFunc() { if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." # Log curl error (if available) - if [ ! -z "${tricorder_token}" ]; then + if [ -n "${tricorder_token}" ]; then echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" tricorder_token="" fi From d0e8b0c962bde2d538baa2f59111677176c04d55 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 9 Sep 2021 20:28:33 +0200 Subject: [PATCH 23/70] Forward unqualified names to the CF target only when the "Never forward non-FQDN" option is NOT ticked Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index fa2c044d..52c388f8 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -271,12 +271,17 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" - # Forward unqualified names to the CF target - add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi + + if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then + # Forward unqualified names to the CF target only when the "never + # forward non-FQDN" option is unticked + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" + fi + fi # We need to process DHCP settings here as well to account for possible From 343904522816623d420c761c103a8fea17292ae5 Mon Sep 17 00:00:00 2001 From: jpgpi250 Date: Sun, 12 Sep 2021 18:24:15 +0200 Subject: [PATCH 24/70] fix Pi-hole v5.4 update - syntax error #4322 Signed-off-by: jpgpi250 --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index ff02e9f3..99d1bcda 100755 --- a/gravity.sh +++ b/gravity.sh @@ -122,7 +122,7 @@ gravity_swap_databases() { gravityBlocks=$(stat --format "%b" ${gravityDBfile}) # Only keep the old database if available disk space is at least twice the size of the existing gravity.db. # Better be safe than sorry... - if [ "${availableBlocks}" -gt "$(("${gravityBlocks}" * 2))" ] && [ -f "${gravityDBfile}" ]; then + if [ "${availableBlocks}" -gt "$((gravityBlocks * 2))" ] && [ -f "${gravityDBfile}" ]; then echo -e " ${TICK} The old database remains available." mv "${gravityDBfile}" "${gravityOLDfile}" else From 6d670991c371478c66cc929109c93edede3ece71 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 12 Sep 2021 22:38:55 +0200 Subject: [PATCH 25/70] Perform a check of required packages befor updating pihole (#4326) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index f833fc2f..dae04861 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -95,6 +95,10 @@ main() { # shellcheck disable=1090,2154 source "${setupVars}" + # Install packages used by this installation script (necessary if users have removed e.g. git from their systems) + package_manager_detect + install_dependent_packages "${INSTALLER_DEPS[@]}" + # This is unlikely if ! is_repo "${PI_HOLE_FILES_DIR}" ; then echo -e "\\n ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!" From 1c286c7bc4458a10af65b88778724b96f9a96c57 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 12 Sep 2021 22:40:37 +0200 Subject: [PATCH 26/70] Select proper PHP version on RPM based OS after INSTALLER_DEPS have been installed (#4325) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Select proper PHP version on RPM based OS after INSTALLER_DEPS have been installed * Remove check for unsupported RPM distros as it is checked in os_check already * Add select_rpm_php function to tox tests Signed-off-by: Christian König --- automated install/basic-install.sh | 172 +++++++++++++++-------------- test/test_automated_install.py | 2 + test/test_centos_7_support.py | 3 + test/test_centos_8_support.py | 3 + test/test_centos_common_support.py | 5 + test/test_fedora_support.py | 1 + 6 files changed, 103 insertions(+), 83 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 34c0b4e7..697dd2e4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -379,89 +379,6 @@ elif is_command rpm ; then LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" LIGHTTPD_CFG="lighttpd.conf.fedora" - # If the host OS is Fedora, - if grep -qiE 'fedora|fedberry' /etc/redhat-release; then - # all required packages should be available by default with the latest fedora release - : # continue - # or if host OS is CentOS, - elif grep -qiE 'centos|scientific' /etc/redhat-release; then - # Pi-Hole currently supports CentOS 7+ with PHP7+ - SUPPORTED_CENTOS_VERSION=7 - SUPPORTED_CENTOS_PHP_VERSION=7 - # Check current CentOS major release version - CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release) - # Check if CentOS version is supported - if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then - printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" - printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" - # exit the installer - exit - fi - # php-json is not required on CentOS 7 as it is already compiled into php - # verifiy via `php -m | grep json` - if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then - # create a temporary array as arrays are not designed for use as mutable data structures - CENTOS7_PIHOLE_WEB_DEPS=() - for i in "${!PIHOLE_WEB_DEPS[@]}"; do - if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then - CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" ) - fi - done - # re-assign the clean dependency array back to PIHOLE_WEB_DEPS - PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}") - unset CENTOS7_PIHOLE_WEB_DEPS - fi - # CentOS requires the EPEL repository to gain access to Fedora packages - EPEL_PKG="epel-release" - rpm -q ${EPEL_PKG} &> /dev/null || rc=$? - if [[ $rc -ne 0 ]]; then - printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" - "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null - printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" - fi - - # The default php on CentOS 7.x is 5.4 which is EOL - # Check if the version of PHP available via installed repositories is >= to PHP 7 - AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1) - if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then - # Since PHP 7 is available by default, install via default PHP package names - : # do nothing as PHP is current - else - REMI_PKG="remi-release" - REMI_REPO="remi-php72" - rpm -q ${REMI_PKG} &> /dev/null || rc=$? - if [[ $rc -ne 0 ]]; then - # The PHP version available via default repositories is older than version 7 - if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then - # User decided to NOT update PHP from REMI, attempt to install the default available PHP version - printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" - : # continue with unsupported php version - else - printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" - "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null - # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) - "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null - yum-config-manager --enable ${REMI_REPO} &> /dev/null - printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" - # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI - if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then - printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" - else - printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" - exit 1 - fi - fi - fi - fi - else - # Warn user of unsupported version of Fedora or CentOS - if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then - printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" - exit - else - printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" - fi - fi # If neither apt-get or yum/dnf package managers were found else @@ -472,6 +389,90 @@ else fi } +select_rpm_php(){ +# If the host OS is Fedora, +if grep -qiE 'fedora|fedberry' /etc/redhat-release; then + # all required packages should be available by default with the latest fedora release + : # continue +# or if host OS is CentOS, +elif grep -qiE 'centos|scientific' /etc/redhat-release; then + # Pi-Hole currently supports CentOS 7+ with PHP7+ + SUPPORTED_CENTOS_VERSION=7 + SUPPORTED_CENTOS_PHP_VERSION=7 + # Check current CentOS major release version + CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release) + # Check if CentOS version is supported + if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then + printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" + printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" + # exit the installer + exit + fi + # php-json is not required on CentOS 7 as it is already compiled into php + # verifiy via `php -m | grep json` + if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then + # create a temporary array as arrays are not designed for use as mutable data structures + CENTOS7_PIHOLE_WEB_DEPS=() + for i in "${!PIHOLE_WEB_DEPS[@]}"; do + if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then + CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" ) + fi + done + # re-assign the clean dependency array back to PIHOLE_WEB_DEPS + PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}") + unset CENTOS7_PIHOLE_WEB_DEPS + fi + # CentOS requires the EPEL repository to gain access to Fedora packages + EPEL_PKG="epel-release" + rpm -q ${EPEL_PKG} &> /dev/null || rc=$? + if [[ $rc -ne 0 ]]; then + printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" + "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null + printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" + fi + + # The default php on CentOS 7.x is 5.4 which is EOL + # Check if the version of PHP available via installed repositories is >= to PHP 7 + AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1) + if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then + # Since PHP 7 is available by default, install via default PHP package names + : # do nothing as PHP is current + else + REMI_PKG="remi-release" + REMI_REPO="remi-php72" + rpm -q ${REMI_PKG} &> /dev/null || rc=$? + if [[ $rc -ne 0 ]]; then + # The PHP version available via default repositories is older than version 7 + if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then + # User decided to NOT update PHP from REMI, attempt to install the default available PHP version + printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" + : # continue with unsupported php version + else + printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" + "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null + # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) + "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null + yum-config-manager --enable ${REMI_REPO} &> /dev/null + printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" + # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI + if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then + printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" + else + printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" + exit 1 + fi + fi + fi # Warn user of unsupported version of Fedora or CentOS + if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then + printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" + exit + else + printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" + fi +fi +fi +} + # A function for checking if a directory is a git repository is_repo() { # Use a named, local variable instead of the vague $1, which is the first argument passed to this function @@ -2547,6 +2548,11 @@ main() { printf " %b Checking for / installing Required dependencies for this install script...\\n" "${INFO}" install_dependent_packages "${INSTALLER_DEPS[@]}" + #In case of RPM based distro, select the proper PHP version + if [[ "$PKG_MANAGER" == "yum" || "$PKG_MANAGER" == "dnf" ]] ; then + select_rpm_php + fi + # Check if SELinux is Enforcing checkSelinux diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 593c19d2..9938dd99 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -618,6 +618,7 @@ def test_package_manager_has_pihole_deps(Pihole): output = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php install_dependent_packages ${PIHOLE_DEPS[@]} ''') @@ -631,6 +632,7 @@ def test_package_manager_has_web_deps(Pihole): output = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php install_dependent_packages ${PIHOLE_WEB_DEPS[@]} ''') diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py index ed99231a..14f62637 100644 --- a/test/test_centos_7_support.py +++ b/test/test_centos_7_support.py @@ -12,6 +12,7 @@ def test_php_upgrade_default_optout_centos_eq_7(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') @@ -30,6 +31,7 @@ def test_php_upgrade_user_optout_centos_eq_7(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') @@ -48,6 +50,7 @@ def test_php_upgrade_user_optin_centos_eq_7(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') assert 'opt-out' not in package_manager_detect.stdout expected_stdout = info_box + (' Enabling Remi\'s RPM repository ' diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py index b8ad9607..bbdbb765 100644 --- a/test/test_centos_8_support.py +++ b/test/test_centos_8_support.py @@ -13,6 +13,7 @@ def test_php_upgrade_default_continue_centos_gte_8(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') @@ -33,6 +34,7 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') @@ -53,6 +55,7 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') assert 'opt-out' not in package_manager_detect.stdout unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository ' diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py index 8412173d..0b36cbae 100644 --- a/test/test_centos_common_support.py +++ b/test/test_centos_common_support.py @@ -16,6 +16,7 @@ def test_release_supported_version_check_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = cross_box + (' CentOS 6 is not supported.') assert expected_stdout in package_manager_detect.stdout @@ -30,6 +31,7 @@ def test_enable_epel_repository_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' Enabling EPEL package repository ' '(https://fedoraproject.org/wiki/EPEL)') @@ -54,6 +56,7 @@ def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') @@ -78,6 +81,7 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') @@ -102,6 +106,7 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php install_dependent_packages PIHOLE_WEB_DEPS[@] ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py index a2ac4c71..3ad84be5 100644 --- a/test/test_fedora_support.py +++ b/test/test_fedora_support.py @@ -6,6 +6,7 @@ def test_epel_and_remi_not_installed_fedora(Pihole): package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect + select_rpm_php ''') assert package_manager_detect.stdout == '' From a88a94c4f1983d457d5ab713bcdc2effe806382b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 13 Sep 2021 08:06:19 +0200 Subject: [PATCH 27/70] Export DNS_FQDN_REQUIRED and DNS_BOGUS_PRIV to setupVars.conf during installation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 697dd2e4..7fb39b83 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1814,6 +1814,8 @@ finalExports() { echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" echo "CACHE_SIZE=${CACHE_SIZE}" + echo "DNS_FQDN_REQUIRED=true" + echo "DNS_BOGUS_PRIV=true" }>> "${setupVars}" chmod 644 "${setupVars}" From b755330f4cf988ba4d8eba09e88276f84ed67813 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 24 Sep 2021 11:34:05 +0200 Subject: [PATCH 28/70] Remove local-ttl from set of default dnsmasq options. Signed-off-by: DL6ER --- advanced/01-pihole.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index e243e91a..02bc93bf 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -39,6 +39,4 @@ cache-size=@CACHE_SIZE@ log-queries log-facility=/var/log/pihole.log -local-ttl=2 - log-async From 841222fa2107943939a6ae98e02f9b51147044d6 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 26 Sep 2021 19:50:03 +0200 Subject: [PATCH 29/70] Add to INSTALLER_DEPS (#4343) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 7fb39b83..e4c168ea 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -327,7 +327,7 @@ if is_command apt-get ; then # Packages required to perfom the os_check (stored as an array) OS_CHECK_DEPS=(grep dnsutils) # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(git "${iproute_pkg}" whiptail) + INSTALLER_DEPS=(git "${iproute_pkg}" whiptail ca-certificates) # Packages required to run Pi-hole (stored as an array) PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) @@ -373,7 +373,7 @@ elif is_command rpm ; then PKG_INSTALL=("${PKG_MANAGER}" install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" OS_CHECK_DEPS=(grep bind-utils) - INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig) + INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates) PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap lsof) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) LIGHTTPD_USER="lighttpd" From fd050693a27c62d7845eaf555686ed9a17648b80 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Wed, 7 Apr 2021 21:53:52 +0200 Subject: [PATCH 30/70] Remove obsolete DEB package name checks The installer contains three checks for specific DEB package names, which did change in past Debian/Ubuntu versions. These checks are obsolete with the current set of supported distro versions: iproute vs iproute2: All distro versions down to Debian Jessie and Ubuntu Xenial ship the iproute2 package: - https://packages.debian.org/search?keywords=iproute - https://packages.ubuntu.com/search?suite=all&keywords=iproute php5 vs php: None of the Ubuntu version down to Xenial and only Debian Jessie ships the php5 package: - https://packages.debian.org/search?keywords=php5 - https://packages.ubuntu.com/search?suite=all&keywords=php5 Moreover, installs with PHP5 would fail anyway for a longer time, due to the added php-xml module package, which became a dedicated package with PHP7.0 while being part of the core package with PHP5: - https://packages.debian.org/search?keywords=php5-xml php-sqlite vs php-sqlite3: With PHP7, the SQLite module package name changed to sqlite3 prefix: - https://packages.debian.org/search?keywords=php-sqlite - https://packages.ubuntu.com/search?suite=all&keywords=php-sqlite Additionally the code comment about minimal apt-get call output was moved to the actual apt-get install call section, as if refers to issues with package installs that require interactive action and hence output about it to the console. The package cache update as well requires an interactive confirmation when the underlying suite code name changes, e.g. when "buster" becomes "oldstable" and "bullseye" becomes "stable". But that is not what the referred issue was about. The comments around the installer and Pi-hole package dependencies have been aligned with the current v6 branch as attempt to resolve merge conflicts in the first place. Signed-off-by: MichaIng --- automated install/basic-install.sh | 54 ++++-------------------------- 1 file changed, 6 insertions(+), 48 deletions(-) mode change 100755 => 100644 automated install/basic-install.sh diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh old mode 100755 new mode 100644 index e4c168ea..bf9ab680 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -273,66 +273,25 @@ if is_command apt-get ; then PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" - # Update package cache. This is required already here to assure apt-cache calls have package lists available. + # Update package cache update_package_cache || exit 1 - # Debian 7 doesn't have iproute2 so check if it's available first - if apt-cache show iproute2 > /dev/null 2>&1; then - iproute_pkg="iproute2" - # Otherwise, check if iproute is available - elif apt-cache show iproute > /dev/null 2>&1; then - iproute_pkg="iproute" - # Else print error and exit - else - printf " %b Aborting installation: iproute2 and iproute packages were not found in APT repository.\\n" "${CROSS}" - exit 1 - fi # Check for and determine version number (major and minor) of current php install + local phpVer="php" if is_command php ; then printf " %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "$(php <<< "")" printf -v phpInsMajor "%d" "$(php <<< "")" printf -v phpInsMinor "%d" "$(php <<< "")" - # Is installed php version 7.0 or greater - if [ "${phpInsMajor}" -ge 7 ]; then - phpInsNewer=true - fi - fi - # Several other packages depend on the version of PHP. If PHP is not installed, or an insufficient version, - # those packages should fall back to the default (latest?) - if [[ "$phpInsNewer" != true ]]; then - # Prefer the php metapackage if it's there - if apt-cache show php > /dev/null 2>&1; then - phpVer="php" - # Else fall back on the php5 package if it's there - elif apt-cache show php5 > /dev/null 2>&1; then - phpVer="php5" - # Else print error and exit - else - printf " %b Aborting installation: No PHP packages were found in APT repository.\\n" "${CROSS}" - exit 1 - fi - else - # Else, PHP is already installed at a version beyond v7.0, so the additional packages - # should match version with the current PHP version. phpVer="php$phpInsMajor.$phpInsMinor" fi - # We also need the correct version for `php-sqlite` (which differs across distros) - if apt-cache show "${phpVer}-sqlite3" > /dev/null 2>&1; then - phpSqlite="sqlite3" - elif apt-cache show "${phpVer}-sqlite" > /dev/null 2>&1; then - phpSqlite="sqlite" - else - printf " %b Aborting installation: No SQLite PHP module was found in APT repository.\\n" "${CROSS}" - exit 1 - fi # Packages required to perfom the os_check (stored as an array) OS_CHECK_DEPS=(grep dnsutils) # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(git "${iproute_pkg}" whiptail ca-certificates) + INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) # Packages required to run Pi-hole (stored as an array) PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then PIHOLE_WEB_DEPS+=("${phpVer}-json") @@ -1555,9 +1514,6 @@ disable_resolved_stublistener() { } update_package_cache() { - # Running apt-get update/upgrade with minimal output can cause some issues with - # requiring user input (e.g password for phpmyadmin see #218) - # Update package cache on apt based OSes. Do this every time since # it's quick and packages can be updated at any time. @@ -1622,6 +1578,8 @@ install_dependent_packages() { # If there's anything to install, install everything in the list. if [[ "${#installArray[@]}" -gt 0 ]]; then test_dpkg_lock + # Running apt-get install with minimal output can cause some issues with + # requiring user input (e.g password for phpmyadmin see #218) printf " %b Processing %s install(s) for: %s, please wait...\\n" "${INFO}" "${PKG_MANAGER}" "${installArray[*]}" printf '%*s\n' "$columns" '' | tr " " -; "${PKG_INSTALL[@]}" "${installArray[@]}" From a9b9718ffad011232b171ef546ec127c9332d7cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 2 Oct 2021 23:29:23 +0200 Subject: [PATCH 31/70] Do not let the user select if they want to blocking via IPv4 and/or IPv6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 73 ++++++------------------------ 1 file changed, 15 insertions(+), 58 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index bf9ab680..f6eeca8b 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -717,9 +717,8 @@ testIPv6() { fi } -# A dialog for showing the user about IPv6 blocking -useIPv6dialog() { - # Determine the IPv6 address used for blocking +find_IPv6_information() { + # Detects IPv6 address used for communication to WAN addresses. IPV6_ADDRESSES=($(ip -6 address | grep 'scope global' | awk '{print $2}')) # For each address in the array above, determine the type of IPv6 address it is @@ -739,76 +738,34 @@ useIPv6dialog() { # set the IPv6 address to the ULA address IPV6_ADDRESS="${ULA_ADDRESS}" # Show this info to the user - printf " %b Found IPv6 ULA address, using it for blocking IPv6 ads\\n" "${INFO}" + printf " %b Found IPv6 ULA address\\n" "${INFO}" # Otherwise, if the GUA_ADDRESS has a value, elif [[ ! -z "${GUA_ADDRESS}" ]]; then # Let the user know - printf " %b Found IPv6 GUA address, using it for blocking IPv6 ads\\n" "${INFO}" + printf " %b Found IPv6 GUA address\\n" "${INFO}" # And assign it to the global variable IPV6_ADDRESS="${GUA_ADDRESS}" # If none of those work, else - # explain that IPv6 blocking will not be used - printf " %b Unable to find IPv6 ULA/GUA address, IPv6 adblocking will not be enabled\\n" "${INFO}" + printf " %b Unable to find IPv6 ULA/GUA address\\n" "${INFO}" # So set the variable to be empty IPV6_ADDRESS="" fi - - # If the IPV6_ADDRESS contains a value - if [[ ! -z "${IPV6_ADDRESS}" ]]; then - # Display that IPv6 is supported and will be used - whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported" "$IPV6_ADDRESS will be used to block ads." "${r}" "${c}" - fi } -# A function to check if we should use IPv4 and/or IPv6 for blocking ads -use4andor6() { - # Named local variables - local useIPv4 - local useIPv6 - # Let user choose IPv4 and/or IPv6 via a checklist - cmd=(whiptail --separate-output --checklist "Select Protocols (press space to toggle selection)" "${r}" "${c}" 2) - # In an array, show the options available: - # IPv4 (on by default) - options=(IPv4 "Block ads over IPv4" on - # or IPv6 (on by default if available) - IPv6 "Block ads over IPv6" on) - # In a variable, show the choices available; exit if Cancel is selected - choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) || { printf " %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; } - # For each choice available, - for choice in ${choices} - do - # Set the values to true - case ${choice} in - IPv4 ) useIPv4=true;; - IPv6 ) useIPv6=true;; - esac - done - # If IPv4 is to be used, - if [[ "${useIPv4}" ]]; then - # Run our function to get the information we need - find_IPv4_information - if [[ -f "/etc/dhcpcd.conf" ]]; then +# A function to collect IPv4 and IPv6 information of the device +collect_v4andv6_information() { + find_IPv4_information + # Echo the information to the user + printf " %b IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" + # if `dhcpcd` is used offer to set this as static IP for the device + if [[ -f "/etc/dhcpcd.conf" ]]; then # configure networking via dhcpcd getStaticIPv4Settings setDHCPCD - fi fi - # If IPv6 is to be used, - if [[ "${useIPv6}" ]]; then - # Run our function to get this information - useIPv6dialog - fi - # Echo the information to the user - printf " %b IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" + find_IPv6_information printf " %b IPv6 address: %s\\n" "${INFO}" "${IPV6_ADDRESS}" - # If neither protocol is selected, - if [[ ! "${useIPv4}" ]] && [[ ! "${useIPv6}" ]]; then - # Show an error in red - printf " %bError: Neither IPv4 or IPv6 selected%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" - # and exit with an error - exit 1 - fi } getStaticIPv4Settings() { @@ -2544,8 +2501,8 @@ main() { setDNS # Give the user a choice of blocklists to include in their install. Or not. chooseBlocklists - # Let the user decide if they want to block ads over IPv4 and/or IPv6 - use4andor6 + # find IPv4 and IPv6 information of the device + collect_v4andv6_information # Let the user decide if they want the web interface to be installed automatically setAdminFlag # Let the user decide if they want query logging enabled... From 9dbcbdbe666f2ea81f31b9ef77248473b50cb296 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 2 Oct 2021 23:43:08 +0200 Subject: [PATCH 32/70] Adjust tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/test_automated_install.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 9938dd99..faf67c92 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -421,10 +421,9 @@ def test_IPv6_only_link_local(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = ('Unable to find IPv6 ULA/GUA address, ' - 'IPv6 adblocking will not be enabled') + expected_stdout = ('Unable to find IPv6 ULA/GUA address') assert expected_stdout in detectPlatform.stdout @@ -468,9 +467,9 @@ def test_IPv6_only_GUA(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = 'Found IPv6 GUA address, using it for blocking IPv6 ads' + expected_stdout = 'Found IPv6 GUA address' assert expected_stdout in detectPlatform.stdout From 466520366d2825f6596675003da8468c485f2ea7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 2 Oct 2021 23:47:13 +0200 Subject: [PATCH 33/70] Fogot to save... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/test_automated_install.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index faf67c92..eb1bfd2c 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -444,9 +444,9 @@ def test_IPv6_only_ULA(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads' + expected_stdout = 'Found IPv6 ULA address' assert expected_stdout in detectPlatform.stdout @@ -491,9 +491,9 @@ def test_IPv6_GUA_ULA_test(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads' + expected_stdout = 'Found IPv6 ULA address' assert expected_stdout in detectPlatform.stdout @@ -515,9 +515,9 @@ def test_IPv6_ULA_GUA_test(Pihole): ) detectPlatform = Pihole.run(''' source /opt/pihole/basic-install.sh - useIPv6dialog + find_IPv6_information ''') - expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads' + expected_stdout = 'Found IPv6 ULA address' assert expected_stdout in detectPlatform.stdout From 5b03160295103aa38a7b2554fc057fea03b04d97 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 4 Oct 2021 11:40:53 +0100 Subject: [PATCH 34/70] Install script comment tweaks (#4361) --- automated install/basic-install.sh | 12 ++++++------ test/test_automated_install.py | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f6eeca8b..c1a1c613 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -262,10 +262,10 @@ os_check() { # Compatibility package_manager_detect() { -# If apt-get is installed, then we know it's part of the Debian family +# First check to see if apt-get is installed. if is_command apt-get ; then # Set some global variables here - # We don't set them earlier since the family might be Red Hat, so these values would be different + # We don't set them earlier since the installed package manager might be rpm, so these values would be different PKG_MANAGER="apt-get" # A variable to store the command used to update the package cache UPDATE_PKG_CACHE="${PKG_MANAGER} update" @@ -319,7 +319,7 @@ if is_command apt-get ; then return 0 } -# If apt-get is not found, check for rpm to see if it's a Red Hat family OS +# If apt-get is not found, check for rpm. elif is_command rpm ; then # Then check if dnf or yum is the package manager if is_command dnf ; then @@ -328,7 +328,7 @@ elif is_command rpm ; then PKG_MANAGER="yum" fi - # These variable names match the ones in the Debian family. See above for an explanation of what they are for. + # These variable names match the ones for apt-get. See above for an explanation of what they are for. PKG_INSTALL=("${PKG_MANAGER}" install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" OS_CHECK_DEPS=(grep bind-utils) @@ -341,8 +341,8 @@ elif is_command rpm ; then # If neither apt-get or yum/dnf package managers were found else - # it's not an OS we can support, - printf " %b OS distribution not supported\\n" "${CROSS}" + # we cannot install required packages + printf " %b No supported package manager found\\n" "${CROSS}" # so exit the installer exit fi diff --git a/test/test_automated_install.py b/test/test_automated_install.py index eb1bfd2c..37ebdad2 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -11,18 +11,18 @@ from .conftest import ( ) -def test_supported_operating_system(Pihole): +def test_supported_package_manager(Pihole): ''' - confirm installer exists on unsupported distribution + confirm installer exits when no supported package manager found ''' - # break supported package managers to emulate an unsupported distribution + # break supported package managers Pihole.run('rm -rf /usr/bin/apt-get') Pihole.run('rm -rf /usr/bin/rpm') package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh package_manager_detect ''') - expected_stdout = cross_box + ' OS distribution not supported' + expected_stdout = cross_box + ' No supported package manager found' assert expected_stdout in package_manager_detect.stdout # assert package_manager_detect.rc == 1 From 0f246b8df522ce0eeccfd5ee47b5e714ba250b52 Mon Sep 17 00:00:00 2001 From: xanoni <77220130+xanoni@users.noreply.github.com> Date: Sun, 3 Oct 2021 23:16:19 -0400 Subject: [PATCH 35/70] Update upstream DNS server capability descriptions Mention that the below 3 upstream DNS support DNSSEC: - Cloudflare (see https://developers.cloudflare.com/1.1.1.1/faq#how-does-1111-work-with-dnssec) - DNS.WATCH (see https://dns.watch/index) - Google (see https://developers.google.com/speed/public-dns/faq#dnssec) - Quad9 (see https://www.quad9.net/support/faq/#dnssec) Other providers and capabilities (e.g., ECS) were not checked. Signed-off-by: xanoni <77220130+xanoni@users.noreply.github.com> --- automated install/basic-install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c1a1c613..63b060f2 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -34,15 +34,15 @@ export PATH+=':/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' # List of supported DNS servers DNS_SERVERS=$(cat << EOM -Google (ECS);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844 +Google (ECS, DNSSEC);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844 OpenDNS (ECS, DNSSEC);208.67.222.222;208.67.220.220;2620:119:35::35;2620:119:53::53 Level3;4.2.2.1;4.2.2.2;; Comodo;8.26.56.26;8.20.247.20;; -DNS.WATCH;84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b +DNS.WATCH (DNSSEC);84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b Quad9 (filtered, DNSSEC);9.9.9.9;149.112.112.112;2620:fe::fe;2620:fe::9 Quad9 (unfiltered, no DNSSEC);9.9.9.10;149.112.112.10;2620:fe::10;2620:fe::fe:10 -Quad9 (filtered + ECS);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11 -Cloudflare;1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001 +Quad9 (filtered, ECS, DNSSEC);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11 +Cloudflare (DNSSEC);1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001 EOM ) From 109340033eec06a89761914527d48a06f14e71cf Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 5 Oct 2021 02:22:27 +0200 Subject: [PATCH 36/70] Do not account for refactor anymore (#4355) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c1a1c613..5a036db9 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1778,27 +1778,6 @@ installLogrotate() { printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" } -# At some point in the future this list can be pruned, for now we'll need it to ensure updates don't break. -# Refactoring of install script has changed the name of a couple of variables. Sort them out here. -accountForRefactor() { - sed -i 's/piholeInterface/PIHOLE_INTERFACE/g' "${setupVars}" - sed -i 's/IPv4_address/IPV4_ADDRESS/g' "${setupVars}" - sed -i 's/IPv4addr/IPV4_ADDRESS/g' "${setupVars}" - sed -i 's/IPv6_address/IPV6_ADDRESS/g' "${setupVars}" - sed -i 's/piholeIPv6/IPV6_ADDRESS/g' "${setupVars}" - sed -i 's/piholeDNS1/PIHOLE_DNS_1/g' "${setupVars}" - sed -i 's/piholeDNS2/PIHOLE_DNS_2/g' "${setupVars}" - sed -i 's/^INSTALL_WEB=/INSTALL_WEB_INTERFACE=/' "${setupVars}" - # Add 'INSTALL_WEB_SERVER', if its not been applied already: https://github.com/pi-hole/pi-hole/pull/2115 - if ! grep -q '^INSTALL_WEB_SERVER=' ${setupVars}; then - local webserver_installed=false - if grep -q '^INSTALL_WEB_INTERFACE=true' ${setupVars}; then - webserver_installed=true - fi - echo -e "INSTALL_WEB_SERVER=$webserver_installed" >> "${setupVars}" - fi -} - # Install base files and web interface installPihole() { # If the user wants to install the Web interface, @@ -1829,10 +1808,6 @@ installPihole() { fi fi fi - # For updates and unattended install. - if [[ "${useUpdateVars}" == true ]]; then - accountForRefactor - fi # Install base files and web interface if ! installScripts; then printf " %b Failure in dependent script copy function.\\n" "${CROSS}" From 2b74b47b4a499f1838f098e95e10574ff80fe3df Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 5 Oct 2021 02:47:18 +0200 Subject: [PATCH 37/70] Remove netcat from dependencies (#4346) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5a036db9..98296e5e 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -288,7 +288,7 @@ if is_command apt-get ; then # Packages required to run this install script (stored as an array) INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(cron curl iputils-ping lsof psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") @@ -333,7 +333,7 @@ elif is_command rpm ; then PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" OS_CHECK_DEPS=(grep bind-utils) INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates) - PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap lsof) + PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc sqlite libcap lsof) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From 38bb4a49088febe3aa749ff197b30d5497f024f5 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 5 Oct 2021 14:09:16 +0200 Subject: [PATCH 38/70] Remove unused wildcard_regex_converter.sh (#4369) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove unused wildcard_regex_converter.sh Signed-off-by: Christian König * Remove regexconverter Signed-off-by: Christian König --- advanced/Scripts/wildcard_regex_converter.sh | 28 -------------------- gravity.sh | 2 -- 2 files changed, 30 deletions(-) delete mode 100644 advanced/Scripts/wildcard_regex_converter.sh diff --git a/advanced/Scripts/wildcard_regex_converter.sh b/advanced/Scripts/wildcard_regex_converter.sh deleted file mode 100644 index b4b6b4a1..00000000 --- a/advanced/Scripts/wildcard_regex_converter.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash -# Pi-hole: A black hole for Internet advertisements -# (c) 2017 Pi-hole, LLC (https://pi-hole.net) -# Network-wide ad blocking via your own hardware. -# -# Provides an automated migration subroutine to convert Pi-hole v3.x wildcard domains to Pi-hole v4.x regex filters -# -# This file is copyright under the latest version of the EUPL. -# Please see LICENSE file for your rights under this license. - -# regexFile set in gravity.sh - -wildcardFile="/etc/dnsmasq.d/03-pihole-wildcard.conf" - -convert_wildcard_to_regex() { - if [ ! -f "${wildcardFile}" ]; then - return - fi - local addrlines domains uniquedomains - # Obtain wildcard domains from old file - addrlines="$(grep -oE "/.*/" ${wildcardFile})" - # Strip "/" from domain names and convert "." to regex-compatible "\." - domains="$(sed 's/\///g;s/\./\\./g' <<< "${addrlines}")" - # Remove repeated domains (may have been inserted two times due to A and AAAA blocking) - uniquedomains="$(uniq <<< "${domains}")" - # Automatically generate regex filters and remove old wildcards file - awk '{print "(^|\\.)"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}" -} diff --git a/gravity.sh b/gravity.sh index 99d1bcda..dfaf4fea 100755 --- a/gravity.sh +++ b/gravity.sh @@ -15,8 +15,6 @@ export LC_ALL=C coltable="/opt/pihole/COL_TABLE" source "${coltable}" -regexconverter="/opt/pihole/wildcard_regex_converter.sh" -source "${regexconverter}" # shellcheck disable=SC1091 source "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" From 80560d4a4ace2db1389c78caab0971e397b4f476 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Tue, 5 Oct 2021 15:36:00 +0200 Subject: [PATCH 39/70] Do not export `DNS_FQDN_REQUIRED` and `DNS_BOGUS_PRIV` unconditionally (#4354) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Do not export unconditionally Signed-off-by: Christian König * Check if variable is unset instead of grep for it Signed-off-by: Christian König * Use bash's buld in word syntax Signed-off-by: Christian König * Move export back to their brothers Signed-off-by: Christian König --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 98296e5e..42e660a9 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1715,7 +1715,7 @@ finalExports() { # If the setup variable file exists, if [[ -e "${setupVars}" ]]; then # update the variables in the file - sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1\b/d;/PIHOLE_DNS_2\b/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;/CACHE_SIZE/d;' "${setupVars}" + sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1\b/d;/PIHOLE_DNS_2\b/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;/CACHE_SIZE/d;/DNS_FQDN_REQUIRED/d;/DNS_BOGUS_PRIV/d;' "${setupVars}" fi # echo the information to the user { @@ -1729,8 +1729,8 @@ finalExports() { echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" echo "CACHE_SIZE=${CACHE_SIZE}" - echo "DNS_FQDN_REQUIRED=true" - echo "DNS_BOGUS_PRIV=true" + echo "DNS_FQDN_REQUIRED=${DNS_FQDN_REQUIRED:-true}" + echo "DNS_BOGUS_PRIV=${DNS_BOGUS_PRIV:-true}" }>> "${setupVars}" chmod 644 "${setupVars}" From 541257849df1955c1de7c43f0ba1a537b17e00b5 Mon Sep 17 00:00:00 2001 From: Andras Tim Date: Tue, 5 Oct 2021 16:52:51 +0200 Subject: [PATCH 40/70] List fix: no reload (#3981) * scripts/list: Fixed --noreload options We should differentiate the ability and the needings. Signed-off-by: Andras Tim * scripts/list: Removed unnecessary tailing whitespaces Signed-off-by: Andras Tim * Update advanced/Scripts/list.sh Signed-off-by: Andras Tim * Merge bash conditions according to MichaIng suggestion Co-authored-by: micha@dietpi.com Signed-off-by: Andras Tim --- advanced/Scripts/list.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index e213b014..5bd42d55 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -23,7 +23,7 @@ fi # have changed gravityDBfile="${GRAVITYDB}" -reload=false +noReloadRequested=false addmode=true verbose=true wildcard=false @@ -35,6 +35,7 @@ typeId="" comment="" declare -i domaincount domaincount=0 +reload=false colfile="/opt/pihole/COL_TABLE" source ${colfile} @@ -242,13 +243,13 @@ Displaylist() { NukeList() { count=$(sqlite3 "${gravityDBfile}" "SELECT COUNT(1) FROM domainlist WHERE type = ${typeId};") - listname="$(GetListnameFromTypeId "${typeId}")" + listname="$(GetListnameFromTypeId "${typeId}")" if [ "$count" -gt 0 ];then sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};" echo " ${TICK} Removed ${count} domain(s) from the ${listname}" else echo " ${INFO} ${listname} already empty. Nothing to do!" - fi + fi exit 0; } @@ -268,7 +269,7 @@ while (( "$#" )); do "--white-wild" | "white-wild" ) typeId=2; wildcard=true;; "--wild" | "wildcard" ) typeId=3; wildcard=true;; "--regex" | "regex" ) typeId=3;; - "-nr"| "--noreload" ) reload=false;; + "-nr"| "--noreload" ) noReloadRequested=true;; "-d" | "--delmode" ) addmode=false;; "-q" | "--quiet" ) verbose=false;; "-h" | "--help" ) helpFunc;; @@ -294,6 +295,6 @@ if $web; then echo "DONE" fi -if [[ "${reload}" != false ]]; then +if [[ ${reload} == true && ${noReloadRequested} == false ]]; then pihole restartdns reload-lists fi From 77e322afa644e9c3a75182c263d92aaa722d874d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 5 Oct 2021 16:25:29 +0100 Subject: [PATCH 41/70] (docs) update README.md (#4371) - correct grammar - correct punctuation - correct pronoun usage Co-authored-by: Vladislav Doster Signed-off-by: Adam Warner Co-authored-by: Vladislav Doster --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 06f541f4..b993cfe9 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,9 @@

-The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software. +The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content without installing any client-side software. -- **Easy-to-install**: our versatile installer walks you through the process, and takes less than ten minutes +- **Easy-to-install**: our versatile installer walks you through the process and takes less than ten minutes - **Resolute**: content is blocked in _non-browser locations_, such as ad-laden mobile apps and smart TVs - **Responsive**: seamlessly speeds up the feel of everyday browsing by caching DNS queries - **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://docs.pi-hole.net/main/prerequisites/) @@ -22,7 +22,7 @@ The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) th - **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring *all* your devices are protected automatically - **Scalable**: [capable of handling hundreds of millions of queries](https://pi-hole.net/2017/05/24/how-much-traffic-can-pi-hole-handle/) when installed on server-grade hardware - **Modern**: blocks ads over both IPv4 and IPv6 -- **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy +- **Free**: open source software that helps ensure _you_ are the sole person in control of your privacy ----- @@ -57,21 +57,21 @@ Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-h Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention. -If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available). +If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); be sure to disable DHCP on your router first (if it has that feature available). -As a last resort, you can always manually set each device to use Pi-hole as their DNS server. +As a last resort, you can manually set each device to use Pi-hole as their DNS server. ----- -## Pi-hole is free, but powered by your support +## Pi-hole is free but powered by your support -There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. +There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software and the importance of keeping it maintained. Make no mistake: **your support is absolutely vital to help keep us innovating!** ### [Donations](https://pi-hole.net/donate) -Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses and rewarding our dedicated development team: +Donating using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses: ### Alternative support @@ -83,13 +83,13 @@ If you'd rather not donate (_which is okay!_), there are other ways you can help - [Digital Ocean](https://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_ - [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_ - [Amazon US](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ -- Spreading the word about our software, and how you have benefited from it +- Spreading the word about our software and how you have benefited from it ### Contributing via GitHub We welcome _everyone_ to contribute to issue reports, suggest new features, and create pull requests. -If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve. +If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions it asks will help the volunteers quickly understand what you're aiming to achieve. You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review. @@ -97,9 +97,9 @@ You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/ma ## Getting in touch with us -While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets. +While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on various social media outlets. -**Please be sure to check the FAQ's** before starting a new discussion. Many user questions already have answers and can be solved without any additional assistance. +**Please be sure to check the FAQs** before starting a new discussion, as we do not have the spare time to reply to every request for assistance. - [Frequently Asked Questions](https://discourse.pi-hole.net/c/faqs) - [Feature Requests](https://discourse.pi-hole.net/c/feature-requests?order=votes) @@ -125,15 +125,15 @@ Some of the statistics you can integrate include: - Queries cached - Unique clients -The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). +Access the API via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). ### The Command Line Interface -The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`. +The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`. Some notable features include: -- [Whitelisting, Blacklisting and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex) +- [Whitelisting, Blacklisting, and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex) - [Debugging utility](https://docs.pi-hole.net/core/pihole-command/#debugger) - [Viewing the live log file](https://docs.pi-hole.net/core/pihole-command/#tail) - [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity) @@ -149,7 +149,7 @@ This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to vie Some notable features include: -- Mobile friendly interface +- Mobile-friendly interface - Password protection - Detailed graphs and doughnut charts - Top lists of domains and clients From c5828df198cb54311ffdc1ecee1e17c3e3da9772 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Tue, 5 Oct 2021 17:40:12 +0200 Subject: [PATCH 42/70] Consequently use defined file path variables (#4105) The script defines variables for the most important file paths which are not always used to call the file paths. "lighttpdConfig" was never used in the script itself, so that a shellcheck exception needed to be used. With this change, the defined variables are consequently used, which makes the shellcheck exception obsolete as well. Additionally the assigned strings are quoted, which is not necessary here but aligns with the coding standard and highlights the strings in most editors and development platforms for developer convenience. Signed-off-by: MichaIng --- automated install/basic-install.sh | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 42e660a9..422c1904 100644 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -47,14 +47,13 @@ EOM ) # Location for final installation log storage -installLogLoc=/etc/pihole/install.log +installLogLoc="/etc/pihole/install.log" # This is an important file as it contains information specific to the machine it's being installed on -setupVars=/etc/pihole/setupVars.conf +setupVars="/etc/pihole/setupVars.conf" # Pi-hole uses lighttpd as a Web server, and this is the config file for it -# shellcheck disable=SC2034 -lighttpdConfig=/etc/lighttpd/lighttpd.conf +lighttpdConfig="/etc/lighttpd/lighttpd.conf" # This is a file used for the colorized output -coltable=/opt/pihole/COL_TABLE +coltable="/opt/pihole/COL_TABLE" # Root of the web server webroot="/var/www/html" @@ -1313,18 +1312,18 @@ installConfigs() { # make it and set the owners install -d -m 755 -o "${USER}" -g root /etc/lighttpd # Otherwise, if the config file already exists - elif [[ -f "/etc/lighttpd/lighttpd.conf" ]]; then + elif [[ -f "${lighttpdConfig}" ]]; then # back up the original - mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig + mv "${lighttpdConfig}"{,.orig} fi # and copy in the config file Pi-hole needs - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf + install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" # Make sure the external.conf file exists, as lighttpd v1.4.50 crashes without it touch /etc/lighttpd/external.conf chmod 644 /etc/lighttpd/external.conf # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config if [[ -f "${PI_HOLE_BLOCKPAGE_DIR}/custom.php" ]]; then - sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' /etc/lighttpd/lighttpd.conf + sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' "${lighttpdConfig}" fi # Make the directories if they do not exist and set the owners mkdir -p /run/lighttpd @@ -1892,7 +1891,7 @@ displayFinalMessage() { if [[ "${#1}" -gt 0 ]] ; then # set the password to the first argument. pwstring="$1" - elif [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) -gt 0 ]]; then + elif [[ $(grep 'WEBPASSWORD' -c "${setupVars}") -gt 0 ]]; then # Else if the password exists from previous setup, we'll load it later pwstring="unchanged" else @@ -2550,7 +2549,7 @@ main() { # Add password to web UI if there is none pw="" # If no password is set, - if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then + if [[ $(grep 'WEBPASSWORD' -c "${setupVars}") == 0 ]] ; then # generate a random password pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8) # shellcheck disable=SC1091 From 5bf35dc687008b7a6aa15330d4bd03329c37282c Mon Sep 17 00:00:00 2001 From: Jauder Ho Date: Tue, 5 Oct 2021 17:22:46 +0000 Subject: [PATCH 43/70] Add Dependabot and CodeQL support (#4286) Signed-off-by: Jauder Ho Co-authored-by: Adam Warner --- .github/dependabot.yml | 17 ++++++++++++ .github/workflows/codeql-analysis.yml | 40 +++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..bc08634e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: saturday + time: "10:00" + open-pull-requests-limit: 10 + target-branch: development + versioning-strategy: increase diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..a4f67b81 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,40 @@ +name: "CodeQL" + +on: + push: + branches: + - master + - development + pull_request: + branches: + - master + - development + schedule: + - cron: '32 11 * * 6' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + permissions: + actions: read + contents: read + security-events: write + + steps: + - + name: Checkout repository + uses: actions/checkout@v2 + # Initializes the CodeQL tools for scanning. + - + name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: 'python' + - + name: Autobuild + uses: github/codeql-action/autobuild@v1 + - + name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From 55dce14655a0188998c6ce5603092c387d130565 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 5 Oct 2021 19:34:51 +0100 Subject: [PATCH 44/70] Add execution bit accidentally dropped in #4106 (#4368) Add some smoke tests for the repository. - Add x bit to piholeCheckout.sh. Possibly not needed, but consistency is no bad thing - Ensure all files in script directorys have executable bit set Signed-off-by: Adam Warner --- .github/workflows/test.yml | 31 ++++++++++++++++--- .../Scripts/database_migration/gravity-db.sh | 0 advanced/Scripts/piholeCheckout.sh | 0 automated install/basic-install.sh | 0 4 files changed, 27 insertions(+), 4 deletions(-) mode change 100644 => 100755 advanced/Scripts/database_migration/gravity-db.sh mode change 100644 => 100755 advanced/Scripts/piholeCheckout.sh mode change 100644 => 100755 automated install/basic-install.sh diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 129caea4..c2b4dbbc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,21 +5,44 @@ on: types: [opened, synchronize, reopened, ready_for_review] jobs: + smoke-test: + if: github.event.pull_request.draft == false + runs-on: ubuntu-latest + steps: + - + name: Checkout repository + uses: actions/checkout@v2 + - + name: Run Smoke Tests + run: | + # Ensure scripts in repository are executable + IFS=$'\n'; + for f in $(find . -name '*.sh'); do if [[ ! -x $f ]]; then echo "$f is not executable" && FAIL=1; fi ;done + unset IFS; + # If FAIL is 1 then we fail. + [[ $FAIL == 1 ]] && exit 1 || echo "Smoke Tests Passed" + distro-test: if: github.event.pull_request.draft == false runs-on: ubuntu-latest + needs: smoke-test strategy: matrix: distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.7 + - + name: Checkout repository + uses: actions/checkout@v2 + - + name: Set up Python 3.7 uses: actions/setup-python@v2 with: python-version: 3.7 - - name: Install dependencies + - + name: Install dependencies run: pip install -r test/requirements.txt - - name: Test with tox + - + name: Test with tox run: tox -c test/tox.${DISTRO}.ini diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh old mode 100644 new mode 100755 diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh old mode 100644 new mode 100755 diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh old mode 100644 new mode 100755 From 0ea7344c309a81c64fe11769c0921cd0141b935e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Oct 2021 01:19:28 +0100 Subject: [PATCH 45/70] add --no-rebase to the git pull command(s) to squelch hint message in newer versions of git (#4226) Signed-off-by: Adam Warner --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 422c1904..9cba9339 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -514,7 +514,7 @@ update_repo() { git stash --all --quiet &> /dev/null || true # Okay for stash failure git clean --quiet --force -d || true # Okay for already clean directory # Pull the latest commits - git pull --quiet &> /dev/null || return $? + git pull --no-rebase --quiet &> /dev/null || return $? # Check current branch. If it is master, then reset to the latest available tag. # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks) curBranch=$(git rev-parse --abbrev-ref HEAD) @@ -2028,7 +2028,7 @@ checkout_pull_branch() { # Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git) chmod -R a+rX "${directory}" - git_pull=$(git pull || return 1) + git_pull=$(git pull --no-rebase || return 1) if [[ "$git_pull" == *"up-to-date"* ]]; then printf " %b %s\\n" "${INFO}" "${git_pull}" From 3cad8e4c5b4d226b9b85251b55647bd5aa1b2cc2 Mon Sep 17 00:00:00 2001 From: Frieder Bluemle Date: Wed, 6 Oct 2021 13:33:13 +0200 Subject: [PATCH 46/70] Remove .idea/ Signed-off-by: Frieder Bluemle --- .gitignore | 67 +--------------------------- .idea/codeStyleSettings.xml | 25 ----------- .idea/codeStyles/Project.xml | 7 --- .idea/codeStyles/codeStyleConfig.xml | 5 --- 4 files changed, 1 insertion(+), 103 deletions(-) delete mode 100644 .idea/codeStyleSettings.xml delete mode 100644 .idea/codeStyles/Project.xml delete mode 100644 .idea/codeStyles/codeStyleConfig.xml diff --git a/.gitignore b/.gitignore index b7ad1e41..c19555ed 100644 --- a/.gitignore +++ b/.gitignore @@ -7,70 +7,5 @@ __pycache__ .tox .eggs *.egg-info - - -# Created by https://www.gitignore.io/api/jetbrains+iml - -### JetBrains+iml ### -# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm -# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 - -# All idea files, with exceptions -.idea -!.idea/codeStyles/* -!.idea/codeStyleSettings.xml - - -# Sensitive or high-churn files: -.idea/**/dataSources/ -.idea/**/dataSources.ids -.idea/**/dataSources.xml -.idea/**/dataSources.local.xml -.idea/**/sqlDataSources.xml -.idea/**/dynamic.xml -.idea/**/uiDesigner.xml - -# Gradle: -.idea/**/gradle.xml -.idea/**/libraries - -# CMake -cmake-build-debug/ - -# Mongo Explorer plugin: -.idea/**/mongoSettings.xml - -## File-based project format: -*.iws - -## Plugin-specific files: - -# IntelliJ -/out/ - -# mpeltonen/sbt-idea plugin -.idea_modules/ - -# JIRA plugin -atlassian-ide-plugin.xml - -# Cursive Clojure plugin -.idea/replstate.xml - -# Ruby plugin and RubyMine -/.rakeTasks - -# Crashlytics plugin (for Android Studio and IntelliJ) -com_crashlytics_export_strings.xml -crashlytics.properties -crashlytics-build.properties -fabric.properties - -### JetBrains+iml Patch ### -# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023 - +.idea/ *.iml -.idea/misc.xml -*.ipr - -# End of https://www.gitignore.io/api/jetbrains+iml diff --git a/.idea/codeStyleSettings.xml b/.idea/codeStyleSettings.xml deleted file mode 100644 index 6ad75d68..00000000 --- a/.idea/codeStyleSettings.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml deleted file mode 100644 index 79a710fd..00000000 --- a/.idea/codeStyles/Project.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/.idea/codeStyles/codeStyleConfig.xml b/.idea/codeStyles/codeStyleConfig.xml deleted file mode 100644 index 79ee123c..00000000 --- a/.idea/codeStyles/codeStyleConfig.xml +++ /dev/null @@ -1,5 +0,0 @@ - - - - \ No newline at end of file From f3acc7c8393b8c038a448e2fff9a0840d67422fa Mon Sep 17 00:00:00 2001 From: yubiuser Date: Thu, 7 Oct 2021 00:19:25 +0200 Subject: [PATCH 47/70] Make debug log file size human readable (#4350) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d199b4f5..71e5c696 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1238,10 +1238,10 @@ show_messages() { } analyze_gravity_list() { - echo_current_diagnostic "Gravity List and Database" + echo_current_diagnostic "Gravity Database" local gravity_permissions - gravity_permissions=$(ls -ld "${PIHOLE_GRAVITY_DB_FILE}") + gravity_permissions=$(ls -lhd "${PIHOLE_GRAVITY_DB_FILE}") log_write "${COL_GREEN}${gravity_permissions}${COL_NC}" show_db_entries "Info table" "SELECT property,value FROM info" "20 40" @@ -1320,7 +1320,7 @@ analyze_pihole_log() { OLD_IFS="$IFS" # Get the lines that are in the file(s) and store them in an array for parsing later IFS=$'\r\n' - pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") + pihole_log_permissions=$(ls -lhd "${PIHOLE_LOG}") log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" From ab27a3bd452dac07f452f5a98e14c850b06ea63c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Oct 2021 23:30:29 +0100 Subject: [PATCH 48/70] Dependabot config tweak Signed-off-by: Adam Warner --- .github/dependabot.yml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bc08634e..e10beb30 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,17 +1,10 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - version: 2 updates: - # Maintain dependencies for GitHub Actions - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly day: saturday time: "10:00" open-pull-requests-limit: 10 - target-branch: development - versioning-strategy: increase + target-branch: developement \ No newline at end of file From f8af1a1baa5f0edee437e39c9a5fcf9a1ee6e944 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 7 Oct 2021 00:16:07 +0100 Subject: [PATCH 49/70] Allow iFrame for teleporter.php, see https://github.com/pi-hole/AdminLTE/pull/1231 Signed-off-by: Adam Warner --- advanced/lighttpd.conf.debian | 7 +++++++ advanced/lighttpd.conf.fedora | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 3ecd7213..a58b5a88 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -85,5 +85,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { url.access-deny = ("") } +# allow teleporter iframe on settings page +$HTTP["url"] =~ "/teleporter\.php$" { + $HTTP["referer"] =~ "/admin/settings\.php" { + setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + } +} + # Default expire header expire.url = ( "" => "access plus 0 seconds" ) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 5a99a9bf..ad336a93 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -93,5 +93,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { url.access-deny = ("") } +# allow teleporter iframe on settings page +$HTTP["url"] =~ "/teleporter\.php$" { + $HTTP["referer"] =~ "/admin/settings\.php" { + setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) + } +} + # Default expire header expire.url = ( "" => "access plus 0 seconds" ) From b30d729aa49e5ecdc260a8a43afeabcb5c164673 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 8 Oct 2021 21:03:21 +0200 Subject: [PATCH 50/70] Simplify vw_adlist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/database_migration/gravity-db.sh | 6 ++++++ .../database_migration/gravity/13_to_14.sql | 2 +- .../database_migration/gravity/14_to_15.sql | 15 +++++++++++++++ advanced/Templates/gravity.db.sql | 10 ++++------ 4 files changed, 26 insertions(+), 7 deletions(-) create mode 100644 advanced/Scripts/database_migration/gravity/14_to_15.sql diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh index 22f241dd..0fecf34a 100755 --- a/advanced/Scripts/database_migration/gravity-db.sh +++ b/advanced/Scripts/database_migration/gravity-db.sh @@ -122,4 +122,10 @@ upgrade_gravityDB(){ sqlite3 "${database}" < "${scriptPath}/13_to_14.sql" version=14 fi + if [[ "$version" == "14" ]]; then + # Changes the vw_adlist created in 5_to_6 + echo -e " ${INFO} Upgrading gravity database from version 14 to 15" + sqlite3 "${database}" < "${scriptPath}/14_to_15.sql" + version=15 +fi } diff --git a/advanced/Scripts/database_migration/gravity/13_to_14.sql b/advanced/Scripts/database_migration/gravity/13_to_14.sql index fa230865..0a465d1d 100644 --- a/advanced/Scripts/database_migration/gravity/13_to_14.sql +++ b/advanced/Scripts/database_migration/gravity/13_to_14.sql @@ -10,4 +10,4 @@ ALTER TABLE adlist ADD COLUMN status INTEGER NOT NULL DEFAULT 0; UPDATE info SET value = 14 WHERE property = 'version'; -COMMIT; \ No newline at end of file +COMMIT; diff --git a/advanced/Scripts/database_migration/gravity/14_to_15.sql b/advanced/Scripts/database_migration/gravity/14_to_15.sql new file mode 100644 index 00000000..41cb7517 --- /dev/null +++ b/advanced/Scripts/database_migration/gravity/14_to_15.sql @@ -0,0 +1,15 @@ +.timeout 30000 + +PRAGMA FOREIGN_KEYS=OFF; + +BEGIN TRANSACTION; +DROP VIEW vw_adlist; + +CREATE VIEW vw_adlist AS SELECT DISTINCT address, id + FROM adlist + WHERE enabled = 1 + ORDER BY id; + +UPDATE info SET value = 15 WHERE property = 'version'; + +COMMIT; diff --git a/advanced/Templates/gravity.db.sql b/advanced/Templates/gravity.db.sql index 5d7bafa9..3f696d6d 100644 --- a/advanced/Templates/gravity.db.sql +++ b/advanced/Templates/gravity.db.sql @@ -57,7 +57,7 @@ CREATE TABLE info value TEXT NOT NULL ); -INSERT INTO "info" VALUES('version','14'); +INSERT INTO "info" VALUES('version','15'); CREATE TABLE domain_audit ( @@ -143,12 +143,10 @@ CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id LEFT JOIN "group" ON "group".id = adlist_by_group.group_id WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1); -CREATE VIEW vw_adlist AS SELECT DISTINCT address, adlist.id AS id +CREATE VIEW vw_adlist AS SELECT DISTINCT address, id FROM adlist - LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = adlist.id - LEFT JOIN "group" ON "group".id = adlist_by_group.group_id - WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1) - ORDER BY adlist.id; + WHERE enabled = 1 + ORDER BY id; CREATE TRIGGER tr_domainlist_add AFTER INSERT ON domainlist BEGIN From a0ecfcc1dcb11e541456caeb76fc3c8758f1b785 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 8 Oct 2021 21:50:46 +0200 Subject: [PATCH 51/70] Include df -h in debug log MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 71e5c696..d8ef7f7e 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -585,6 +585,13 @@ processor_check() { fi } +disk_usage() { + local df + echo_current_diagnostic "Disk usage" + DF=$(df -h) + log_write "${DF}"; +} + parse_setup_vars() { echo_current_diagnostic "Setup variables" # If the file exists, @@ -1421,6 +1428,7 @@ diagnose_operating_system check_selinux check_firewalld processor_check +disk_usage check_networking check_name_resolution check_dhcp_servers From fdc4cf9869e11df5fed525b09684736c247b7e2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 8 Oct 2021 21:54:50 +0200 Subject: [PATCH 52/70] Fix stickler MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d8ef7f7e..01daaa9f 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -586,7 +586,7 @@ processor_check() { } disk_usage() { - local df + local DF echo_current_diagnostic "Disk usage" DF=$(df -h) log_write "${DF}"; From 3c41ec08a3dedf18ac8a6004aaa34bff534bc295 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Fri, 8 Oct 2021 23:54:23 +0200 Subject: [PATCH 53/70] Set file permission for querie database in pihole-FTL.service (#4328) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Set file permission for querie database in pihole-FTL.service Signed-off-by: Christian König * Use -f flag for chmod of the macvendor.db Signed-off-by: Christian König * Fix missing space Signed-off-by: Christian König * Fix spelling Signed-off-by: Christian König --- advanced/Templates/pihole-FTL.service | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 55a68b15..865e2cd9 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -24,9 +24,13 @@ start() { touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit all necessary files chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole - chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /etc/pihole/macvendor.db + chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases + # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist + chmod -f 0644 /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db + # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist + chmod -f 0664 /etc/pihole/pihole-FTL.db if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole else From 99981b5e662c489fb0840f2a0da666bddf43f8d3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 11 Sep 2021 22:43:27 +0100 Subject: [PATCH 54/70] now that whiptail size is fixed, lose a couple of lines from the final whiptail output Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2e86f024..a39f7381 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1914,8 +1914,6 @@ IPv6: ${IPV6_ADDRESS:-"Not Configured"} If you have not done so already, the above IP should be set to static. -The install log is in /etc/pihole. - ${additional}" "${r}" "${c}" } From 77a30ac0c25ca1f788e974b72d787e225a4ea82d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 11 Oct 2021 17:31:03 +0200 Subject: [PATCH 55/70] Use mapfile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 01daaa9f..1366c14b 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -586,10 +586,13 @@ processor_check() { } disk_usage() { - local DF + local file_system echo_current_diagnostic "Disk usage" - DF=$(df -h) - log_write "${DF}"; + mapfile -t file_system < <(df -h) + + for line in "${file_system[@]}"; do + log_write " ${line}" + done } parse_setup_vars() { From d84da7131000502a1b2d9792eab6124f6036081d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 11 Oct 2021 18:02:47 +0200 Subject: [PATCH 56/70] Only show lines not containing sensitive keywords MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 1366c14b..cd615825 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -587,11 +587,22 @@ processor_check() { disk_usage() { local file_system + local hide + echo_current_diagnostic "Disk usage" mapfile -t file_system < <(df -h) + # Some lines of df might contain sensitive information like usernames and passwords. + # E.g. curlftpfs filesystems (https://www.looklinux.com/mount-ftp-share-on-linux-using-curlftps/) + # We are not interested in those lines so we collect keyword, to remove them from the output + # Additinal keywords can be added, separated by "|" + hide="curlftpfs" + + # only show those lines not containg a sensitive phrase for line in "${file_system[@]}"; do + if [[ ! $line =~ $hide ]]; then log_write " ${line}" + fi done } From 04f9e92bffd316320266293106e1a596f90e4f6e Mon Sep 17 00:00:00 2001 From: MichaIng Date: Mon, 11 Oct 2021 21:43:12 +0200 Subject: [PATCH 57/70] Fix PHP8.0 detection (#4383) The phpInsNewer variable is not set anymore, so that the JSON module is now always tried to be installed. Instead of checking for phpInsNewer to derive whether PHP was installed already, phpInsMajor is now checked. If it is set, PHP is installed already, and only if the major version is lower than 8, the JSON module can be installed. Signed-off-by: MichaIng --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a39f7381..babb8213 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -292,7 +292,7 @@ if is_command apt-get ; then # It's useful to separate this from Pi-hole, since the two repos are also setup separately PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php - if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then + if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then PIHOLE_WEB_DEPS+=("${phpVer}-json") fi # The Web server user, From b7bba6a689d135a9de972393fee47a520e6c5406 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 12 Oct 2021 18:15:56 +0200 Subject: [PATCH 58/70] Validate when adding not when removing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 44 ++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 52c388f8..b651bed5 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -709,7 +709,13 @@ AddCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" - echo "${ip} ${host}" >> "${dnscustomfile}" + + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + echo "${ip} ${host}" >> "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi # Restart dnsmasq to load new custom DNS entries RestartDNS @@ -721,12 +727,7 @@ RemoveCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" - if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" - else - echo -e " ${CROSS} Invalid IP has been passed" - exit 1 - fi + sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" # Restart dnsmasq to update removed custom DNS entries RestartDNS @@ -738,8 +739,19 @@ AddCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" - echo "cname=${domain},${target}" >> "${dnscustomcnamefile}" - + validDomain="$(checkDomain "${domain}")" + if [[ -n "${validDomain}" ]]; then + validTarget="$(checkDomain "${target}")" + if [[ -n "${validTarget}" ]]; then + echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}" + else + echo " ${CROSS} Invalid Target Passed!" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 + fi # Restart dnsmasq to load new custom CNAME records RestartDNS } @@ -750,19 +762,7 @@ RemoveCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" - validDomain="$(checkDomain "${domain}")" - if [[ -n "${validDomain}" ]]; then - validTarget="$(checkDomain "${target}")" - if [[ -n "${validDomain}" ]]; then - sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" - else - echo " ${CROSS} Invalid Target Passed!" - exit 1 - fi - else - echo " ${CROSS} Invalid Domain passed!" - exit 1 - fi + sed -i "/cname=${domain},${target}$/d" "${dnscustomcnamefile}" # Restart dnsmasq to update removed custom CNAME records RestartDNS From bc21a7155de841b5f39ce8c3c3aa51a691d25fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 12 Oct 2021 19:49:36 +0200 Subject: [PATCH 59/70] Add option to not reload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index b651bed5..f382b4d1 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -709,6 +709,7 @@ AddCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" + reload="${args[4]}" if valid_ip "${ip}" || valid_ip6 "${ip}" ; then echo "${ip} ${host}" >> "${dnscustomfile}" @@ -717,8 +718,10 @@ AddCustomDNSAddress() { exit 1 fi - # Restart dnsmasq to load new custom DNS entries - RestartDNS + # Restart dnsmasq to load new custom DNS entries only if $reload not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi } RemoveCustomDNSAddress() { @@ -726,11 +729,14 @@ RemoveCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" + reload="${args[4]}" sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" - # Restart dnsmasq to update removed custom DNS entries - RestartDNS + # Restart dnsmasq to load new custom DNS entries only if reload is not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi } AddCustomCNAMERecord() { @@ -738,6 +744,7 @@ AddCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" + reload="${args[4]}" validDomain="$(checkDomain "${domain}")" if [[ -n "${validDomain}" ]]; then @@ -752,8 +759,10 @@ AddCustomCNAMERecord() { echo " ${CROSS} Invalid Domain passed!" exit 1 fi - # Restart dnsmasq to load new custom CNAME records - RestartDNS + # Restart dnsmasq to load new custom CNAME records only if reload is not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi } RemoveCustomCNAMERecord() { @@ -761,11 +770,14 @@ RemoveCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" + reload="${args[4]}" sed -i "/cname=${domain},${target}$/d" "${dnscustomcnamefile}" - # Restart dnsmasq to update removed custom CNAME records - RestartDNS + # Restart dnsmasq to update removed custom CNAME records only if $reload not false + if [[ ! $reload == "false" ]]; then + RestartDNS + fi } main() { From a872fabe7d8518a9d025887da70ad922251e2cf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 17 Oct 2021 20:51:59 +0200 Subject: [PATCH 60/70] Validate on removal as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index f382b4d1..463b12fe 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -731,7 +731,12 @@ RemoveCustomDNSAddress() { host="${args[3]}" reload="${args[4]}" - sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi # Restart dnsmasq to load new custom DNS entries only if reload is not false if [[ ! $reload == "false" ]]; then @@ -772,7 +777,19 @@ RemoveCustomCNAMERecord() { target="${args[3]}" reload="${args[4]}" - sed -i "/cname=${domain},${target}$/d" "${dnscustomcnamefile}" + validDomain="$(checkDomain "${domain}")" + if [[ -n "${validDomain}" ]]; then + validTarget="$(checkDomain "${target}")" + if [[ -n "${validTarget}" ]]; then + sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" + else + echo " ${CROSS} Invalid Target Passed!" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 + fi # Restart dnsmasq to update removed custom CNAME records only if $reload not false if [[ ! $reload == "false" ]]; then From 596689b4c99f794eba8ddd14b51e914d0eac5917 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 19 Oct 2021 21:34:16 +0200 Subject: [PATCH 61/70] Validate host/domain of Local DNS records as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 463b12fe..a739d898 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -711,12 +711,18 @@ AddCustomDNSAddress() { host="${args[3]}" reload="${args[4]}" - if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - echo "${ip} ${host}" >> "${dnscustomfile}" - else - echo -e " ${CROSS} Invalid IP has been passed" - exit 1 - fi + validHost="$(checkDomain "${host}")" + if [[ -n "${validHost}" ]]; then + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + echo "${ip} ${validHost}" >> "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 + fi # Restart dnsmasq to load new custom DNS entries only if $reload not false if [[ ! $reload == "false" ]]; then @@ -731,11 +737,17 @@ RemoveCustomDNSAddress() { host="${args[3]}" reload="${args[4]}" - if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" - else - echo -e " ${CROSS} Invalid IP has been passed" - exit 1 + validHost="$(checkDomain "${host}")" + if [[ -n "${validHost}" ]]; then + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + sed -i "/^${ip} ${validHost}$/d" "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 fi # Restart dnsmasq to load new custom DNS entries only if reload is not false From 8713135b018fd0464c55dee53393eaae23c195a0 Mon Sep 17 00:00:00 2001 From: Blayne Campbell Date: Sat, 23 Oct 2021 12:43:20 -0600 Subject: [PATCH 62/70] update tests: remove fedora 32, add fedora 34 (#4403) Signed-off-by: bcambl --- .github/workflows/test.yml | 2 +- test/{_fedora_32.Dockerfile => _fedora_34.Dockerfile} | 2 +- test/{tox.fedora_32.ini => tox.fedora_34.ini} | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename test/{_fedora_32.Dockerfile => _fedora_34.Dockerfile} (97%) rename test/{tox.fedora_32.ini => tox.fedora_34.ini} (78%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c2b4dbbc..49f139e1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: needs: smoke-test strategy: matrix: - distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33] + distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_33, fedora_34] env: DISTRO: ${{matrix.distro}} steps: diff --git a/test/_fedora_32.Dockerfile b/test/_fedora_34.Dockerfile similarity index 97% rename from test/_fedora_32.Dockerfile rename to test/_fedora_34.Dockerfile index e9c2ff2a..96de18da 100644 --- a/test/_fedora_32.Dockerfile +++ b/test/_fedora_34.Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:32 +FROM fedora:34 ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/tox.fedora_32.ini b/test/tox.fedora_34.ini similarity index 78% rename from test/tox.fedora_32.ini rename to test/tox.fedora_34.ini index c68e0757..154662cf 100644 --- a/test/tox.fedora_32.ini +++ b/test/tox.fedora_34.ini @@ -4,5 +4,5 @@ envlist = py37 [testenv] whitelist_externals = docker deps = -rrequirements.txt -commands = docker build -f _fedora_32.Dockerfile -t pytest_pihole:test_container ../ +commands = docker build -f _fedora_34.Dockerfile -t pytest_pihole:test_container ../ pytest {posargs:-vv -n auto} ./test_automated_install.py ./test_centos_fedora_common_support.py ./test_fedora_support.py From c6da1a39183573261642fdc38555cebcf9f753c0 Mon Sep 17 00:00:00 2001 From: David Irvine Date: Thu, 28 Oct 2021 12:09:34 +0200 Subject: [PATCH 63/70] Fix documentation; add some missing zones Signed-off-by: David Irvine --- advanced/06-rfc6761.conf | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf index e03569e8..fcdd0010 100644 --- a/advanced/06-rfc6761.conf +++ b/advanced/06-rfc6761.conf @@ -25,11 +25,12 @@ server=/localhost/ server=/invalid/ # The same RFC requests something similar for -# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 27.172.in-addr.arpa. -# 17.172.in-addr.arpa. 30.172.in-addr.arpa. 28.172.in-addr.arpa. -# 18.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. -# 19.172.in-addr.arpa. 24.172.in-addr.arpa. 31.172.in-addr.arpa. -# 20.172.in-addr.arpa. 25.172.in-addr.arpa. 168.192.in-addr.arpa. +# 10.in-addr.arpa. 21.172.in-addr.arpa. 27.172.in-addr.arpa. +# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 28.172.in-addr.arpa. +# 17.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. +# 18.172.in-addr.arpa. 24.172.in-addr.arpa. 30.172.in-addr.arpa. +# 19.172.in-addr.arpa. 25.172.in-addr.arpa. 31.172.in-addr.arpa. +# 20.172.in-addr.arpa. 26.172.in-addr.arpa. 168.192.in-addr.arpa. # Pi-hole implements this via the dnsmasq option "bogus-priv" (see # 01-pihole.conf) because this also covers IPv6. From e73355329542de074caace35fb38908343346955 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 2 Nov 2021 21:22:14 +0100 Subject: [PATCH 64/70] Remove unused code from webpage.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/webpage.sh | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index a739d898..2a406565 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -532,25 +532,6 @@ CustomizeAdLists() { fi } -SetPrivacyMode() { - if [[ "${args[2]}" == "true" ]]; then - change_setting "API_PRIVACY_MODE" "true" - else - change_setting "API_PRIVACY_MODE" "false" - fi -} - -ResolutionSettings() { - typ="${args[2]}" - state="${args[3]}" - - if [[ "${typ}" == "forward" ]]; then - change_setting "API_GET_UPSTREAM_DNS_HOSTNAME" "${state}" - elif [[ "${typ}" == "clients" ]]; then - change_setting "API_GET_CLIENT_HOSTNAME" "${state}" - fi -} - AddDHCPStaticAddress() { mac="${args[2]}" ip="${args[3]}" @@ -829,8 +810,6 @@ main() { "layout" ) SetWebUILayout;; "theme" ) SetWebUITheme;; "-h" | "--help" ) helpFunc;; - "privacymode" ) SetPrivacyMode;; - "resolve" ) ResolutionSettings;; "addstaticdhcp" ) AddDHCPStaticAddress;; "removestaticdhcp" ) RemoveDHCPStaticAddress;; "-e" | "email" ) SetAdminEmail "$3";; From 996f8fff28237d916ab44f7f039202ac32ccd75d Mon Sep 17 00:00:00 2001 From: yubiuser Date: Thu, 4 Nov 2021 23:55:16 +0100 Subject: [PATCH 65/70] Recommend apt instead of apt-get if updating the package cache failed (#4421) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Only change the recommendation to use apt Signed-off-by: Christian König --- automated install/basic-install.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index babb8213..0f9f8cc0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1481,8 +1481,14 @@ update_package_cache() { printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" else # Otherwise, show an error and exit + + # In case we used apt-get and apt is also available, we use this as recommendation as we have seen it + # gives more user-friendly (interactive) advice + if [[ ${PKG_MANAGER} == "apt-get" ]] && is_command apt ; then + UPDATE_PKG_CACHE="apt update" + fi printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" + printf " %bError: Unable to update package cache. Please try \"%s\"%b\\n" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" return 1 fi } From ac4a975be55a3533d6425eac72026d5b94dda5f1 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sat, 6 Nov 2021 21:32:03 +0100 Subject: [PATCH 66/70] Allow users to skip setting static IP adress (#4419) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Allow users to skip setting static IP adresss Signed-off-by: Christian König --- automated install/basic-install.sh | 85 +++++++++++++++++------------- 1 file changed, 48 insertions(+), 37 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 0f9f8cc0..c806a6ae 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -761,7 +761,6 @@ collect_v4andv6_information() { if [[ -f "/etc/dhcpcd.conf" ]]; then # configure networking via dhcpcd getStaticIPv4Settings - setDHCPCD fi find_IPv6_information printf " %b IPv6 address: %s\\n" "${INFO}" "${IPV6_ADDRESS}" @@ -770,47 +769,59 @@ collect_v4andv6_information() { getStaticIPv4Settings() { # Local, named variables local ipSettingsCorrect + local DHCPChoice # Ask if the user wants to use DHCP settings as their static IP # This is useful for users that are using DHCP reservations; then we can just use the information gathered via our functions - if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Do you want to use your current network settings as a static address? - IP address: ${IPV4_ADDRESS} - Gateway: ${IPv4gw}" "${r}" "${c}"; then + DHCPChoice=$(whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --menu --separate-output "Do you want to use your current network settings as a static address? \\n + IP address: ${IPV4_ADDRESS} \\n + Gateway: ${IPv4gw} \\n" "${r}" "${c}" 3\ + "Yes" "Set static IP using current values" \ + "No" "Set static IP using custom values" \ + "Skip" "I will set a static IP later, or have already done so" 3>&2 2>&1 1>&3) || \ + { printf " %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; } + + case ${DHCPChoice} in + "Yes") # If they choose yes, let the user know that the IP address will not be available via DHCP and may cause a conflict. whiptail --msgbox --backtitle "IP information" --title "FYI: IP Conflict" "It is possible your router could still try to assign this IP to a device, which would cause a conflict. But in most cases the router is smart enough to not do that. -If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want. -It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." "${r}" "${c}" - # Nothing else to do since the variables are already set above - else - # Otherwise, we need to ask the user to input their desired settings. - # Start by getting the IPv4 address (pre-filling it with info gathered from DHCP) - # Start a loop to let the user enter their information with the chance to go back and edit it if necessary - until [[ "${ipSettingsCorrect}" = True ]]; do + If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want. + It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." "${r}" "${c}" + # Nothing else to do since the variables are already set above + setDHCPCD + ;; - # Ask for the IPv4 address - IPV4_ADDRESS=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" "${r}" "${c}" "${IPV4_ADDRESS}" 3>&1 1>&2 2>&3) || \ - # Canceling IPv4 settings window - { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } - printf " %b Your static IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" + "No") + # Otherwise, we need to ask the user to input their desired settings. + # Start by getting the IPv4 address (pre-filling it with info gathered from DHCP) + # Start a loop to let the user enter their information with the chance to go back and edit it if necessary + until [[ "${ipSettingsCorrect}" = True ]]; do - # Ask for the gateway - IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" "${r}" "${c}" "${IPv4gw}" 3>&1 1>&2 2>&3) || \ - # Canceling gateway settings window - { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } - printf " %b Your static IPv4 gateway: %s\\n" "${INFO}" "${IPv4gw}" + # Ask for the IPv4 address + IPV4_ADDRESS=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" "${r}" "${c}" "${IPV4_ADDRESS}" 3>&1 1>&2 2>&3) || \ + # Canceling IPv4 settings window + { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } + printf " %b Your static IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" - # Give the user a chance to review their settings before moving on - if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct? - IP address: ${IPV4_ADDRESS} - Gateway: ${IPv4gw}" "${r}" "${c}"; then - # After that's done, the loop ends and we move on - ipSettingsCorrect=True - else - # If the settings are wrong, the loop continues - ipSettingsCorrect=False - fi - done - # End the if statement for DHCP vs. static - fi + # Ask for the gateway + IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" "${r}" "${c}" "${IPv4gw}" 3>&1 1>&2 2>&3) || \ + # Canceling gateway settings window + { ipSettingsCorrect=False; echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } + printf " %b Your static IPv4 gateway: %s\\n" "${INFO}" "${IPv4gw}" + + # Give the user a chance to review their settings before moving on + if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct? + IP address: ${IPV4_ADDRESS} + Gateway: ${IPv4gw}" "${r}" "${c}"; then + # After that's done, the loop ends and we move on + ipSettingsCorrect=True + else + # If the settings are wrong, the loop continues + ipSettingsCorrect=False + fi + done + setDHCPCD + ;; + esac } # Configure networking via dhcpcd @@ -2475,12 +2486,12 @@ main() { get_available_interfaces # Find interfaces and let the user choose one chooseInterface + # find IPv4 and IPv6 information of the device + collect_v4andv6_information # Decide what upstream DNS Servers to use setDNS # Give the user a choice of blocklists to include in their install. Or not. chooseBlocklists - # find IPv4 and IPv6 information of the device - collect_v4andv6_information # Let the user decide if they want the web interface to be installed automatically setAdminFlag # Let the user decide if they want query logging enabled... From cedd1a259105dc231744d58562f0bc80d4294c7a Mon Sep 17 00:00:00 2001 From: pvogt09 <50047961+pvogt09@users.noreply.github.com> Date: Thu, 11 Nov 2021 17:44:57 +0100 Subject: [PATCH 67/70] unit test for umask problems in #3177 and #2730 (#3191) * add test for file permissions of $webroot Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * changes sudo to su for running command as user www-data Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * installs PIHOLE_WEB_DEPS to create LIGHTTPD_USER Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * changes stdout to rc Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * use installPihole instead of installPiholeWeb in test Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * try installation process with main Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * mock systemctl Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * removes stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * start lighttpd and make webpage test optional Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * test all files and directories in $webroot Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * fix stickler and codefactor warnings Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * set permission for /var/cache if it did not exist before Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * add test case for pihole files Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * fix stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * revert "set permission for /var/cache if it did not exist before" and make lighttpd start work Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * add --add-cap=NET_ADMIN to enable FTL start Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * specify DNS server for cURL Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * check files created by FTL Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * reorder code and change nameserver in /etc/resolv.conf Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * resolve with dig instead of relying on /etc/resolv.conf Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * set IP to 127.0.0.1 in setupVars.conf for blockpage tests Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * resolve domain with dig and remove debug output Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * fix stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * no git pull in Github Action runs for pull requests Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * --cap-add=ALL test Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * fix stickler errors Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * remove debug code Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * update_repo patch for CentOS 7 in Github Actions Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * removes TODOs and stickler warnings Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * adds trailing slash to domain Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * use only first result from dig Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * domain name resolution does not work reliably in docker container Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * repair executable permission Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com> * Create mock_command_passthrough that allows intercepting of specific arguments - everything else is passed through to the proper command. Use this new command instead of making changes in basic-install.sh to make the tests pass. Signed-off-by: Adam Warner Co-authored-by: Adam Warner --- test/README.md | 4 +- test/conftest.py | 69 ++++- test/test_automated_install.py | 514 +++++++++++++++++++++++++++++++++ 3 files changed, 581 insertions(+), 6 deletions(-) diff --git a/test/README.md b/test/README.md index b4dd1122..692155b7 100644 --- a/test/README.md +++ b/test/README.md @@ -18,8 +18,8 @@ py.test -vv -n auto -m "build_stage" py.test -vv -n auto -m "not build_stage" ``` -The build_stage tests have to run first to create the docker images, followed by the actual tests which utilize said images. Unless you're changing your dockerfiles you shouldn't have to run the build_stage every time - but it's a good idea to rebuild at least once a day in case the base Docker images or packages change. +The build_stage tests have to run first to create the docker images, followed by the actual tests which utilize said images. Unless you're changing your dockerfiles you shouldn't have to run the build_stage every time - but it's a good idea to rebuild at least once a day in case the base Docker images or packages change. # How do I debug python? -Highly recommended: Setup PyCharm on a **Docker enabled** machine. Having a python debugger like PyCharm changes your life if you've never used it :) +Highly recommended: Setup PyCharm on a **Docker enabled** machine. Having a python debugger like PyCharm changes your life if you've never used it :) diff --git a/test/conftest.py b/test/conftest.py index 13731eb8..2d388fdd 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -64,7 +64,7 @@ def args(request): ''' -t became required when tput began being used ''' - return '-t -d' + return '-t -d --cap-add=ALL' @pytest.fixture(params=[ @@ -100,7 +100,7 @@ def mock_command(script, args, container): in unit tests ''' full_script_path = '/usr/local/bin/{}'.format(script) - mock_script = dedent('''\ + mock_script = dedent(r'''\ #!/bin/bash -e echo "\$0 \$@" >> /var/log/{script} case "\$1" in'''.format(script=script)) @@ -121,13 +121,75 @@ def mock_command(script, args, container): scriptlog=script)) +def mock_command_passthrough(script, args, container): + ''' + Per other mock_command* functions, allows intercepting of commands we don't want to run for real + in unit tests, however also allows only specific arguments to be mocked. Anything not defined will + be passed through to the actual command. + + Example use-case: mocking `git pull` but still allowing `git clone` to work as intended + ''' + orig_script_path = check_output('which {}'.format(script)) + full_script_path = '/usr/local/bin/{}'.format(script) + mock_script = dedent(r'''\ + #!/bin/bash -e + echo "\$0 \$@" >> /var/log/{script} + case "\$1" in'''.format(script=script)) + for k, v in args.items(): + case = dedent(''' + {arg}) + echo {res} + exit {retcode} + ;;'''.format(arg=k, res=v[0], retcode=v[1])) + mock_script += case + mock_script += dedent(r''' + *) + {orig_script_path} "\$@" + ;;'''.format(orig_script_path=orig_script_path)) + mock_script += dedent(''' + esac''') + container.run(''' + cat < {script}\n{content}\nEOF + chmod +x {script} + rm -f /var/log/{scriptlog}'''.format(script=full_script_path, + content=mock_script, + scriptlog=script)) + + +def mock_command_run(script, args, container): + ''' + Allows for setup of commands we don't really want to have to run for real + in unit tests + ''' + full_script_path = '/usr/local/bin/{}'.format(script) + mock_script = dedent(r'''\ + #!/bin/bash -e + echo "\$0 \$@" >> /var/log/{script} + case "\$1 \$2" in'''.format(script=script)) + for k, v in args.items(): + case = dedent(''' + \"{arg}\") + echo {res} + exit {retcode} + ;;'''.format(arg=k, res=v[0], retcode=v[1])) + mock_script += case + mock_script += dedent(''' + esac''') + container.run(''' + cat < {script}\n{content}\nEOF + chmod +x {script} + rm -f /var/log/{scriptlog}'''.format(script=full_script_path, + content=mock_script, + scriptlog=script)) + + def mock_command_2(script, args, container): ''' Allows for setup of commands we don't really want to have to run for real in unit tests ''' full_script_path = '/usr/local/bin/{}'.format(script) - mock_script = dedent('''\ + mock_script = dedent(r'''\ #!/bin/bash -e echo "\$0 \$@" >> /var/log/{script} case "\$1 \$2" in'''.format(script=script)) @@ -147,7 +209,6 @@ def mock_command_2(script, args, container): content=mock_script, scriptlog=script)) - def run_script(Pihole, script): result = Pihole.run(script) assert result.rc == 0 diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 37ebdad2..304a8783 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -1,3 +1,4 @@ +import pytest from textwrap import dedent import re from .conftest import ( @@ -6,7 +7,9 @@ from .conftest import ( info_box, cross_box, mock_command, + mock_command_run, mock_command_2, + mock_command_passthrough, run_script ) @@ -109,6 +112,7 @@ def test_installPiholeWeb_fresh_install_no_errors(Pihole): confirms all web page assets from Core repo are installed on a fresh build ''' installWeb = Pihole.run(''' + umask 0027 source /opt/pihole/basic-install.sh installPiholeWeb ''') @@ -129,6 +133,516 @@ def test_installPiholeWeb_fresh_install_no_errors(Pihole): assert 'blockingpage.css' in web_directory +def get_directories_recursive(Pihole, directory): + if directory is None: + return directory + ls = Pihole.run('ls -d {}'.format(directory + '/*/')) + directories = list(filter(bool, ls.stdout.splitlines())) + dirs = directories + for dirval in directories: + dir_rec = get_directories_recursive(Pihole, dirval) + if isinstance(dir_rec, str): + dirs.extend([dir_rec]) + else: + dirs.extend(dir_rec) + return dirs + + +def test_installPihole_fresh_install_readableFiles(Pihole): + ''' + confirms all neccessary files are readable by pihole user + ''' + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', {'*': ('', '0')}, Pihole) + # mock git pull + mock_command_passthrough('git', {'pull': ('', '0')}, Pihole) + # mock systemctl to not start lighttpd and FTL + mock_command_2( + 'systemctl', + { + 'enable lighttpd': ( + '', + '0' + ), + 'restart lighttpd': ( + '', + '0' + ), + 'start lighttpd': ( + '', + '0' + ), + 'enable pihole-FTL': ( + '', + '0' + ), + 'restart pihole-FTL': ( + '', + '0' + ), + 'start pihole-FTL': ( + '', + '0' + ), + '*': ( + 'echo "systemctl call with $@"', + '0' + ), + }, + Pihole + ) + # try to install man + Pihole.run('command -v apt-get > /dev/null && apt-get install -qq man') + Pihole.run('command -v dnf > /dev/null && dnf install -y man') + Pihole.run('command -v yum > /dev/null && yum install -y man') + # create configuration file + setup_var_file = 'cat < /etc/pihole/setupVars.conf\n' + for k, v in SETUPVARS.items(): + setup_var_file += "{}={}\n".format(k, v) + setup_var_file += "INSTALL_WEB_SERVER=true\n" + setup_var_file += "INSTALL_WEB_INTERFACE=true\n" + setup_var_file += "EOF\n" + Pihole.run(setup_var_file) + install = Pihole.run(''' + export TERM=xterm + export DEBIAN_FRONTEND=noninteractive + umask 0027 + runUnattended=true + useUpdateVars=true + source /opt/pihole/basic-install.sh > /dev/null + runUnattended=true + useUpdateVars=true + main + ''') + assert 0 == install.rc + maninstalled = True + if (info_box + ' man not installed') in install.stdout: + maninstalled = False + piholeuser = 'pihole' + exit_status_success = 0 + test_cmd = 'su --shell /bin/bash --command "test -{0} {1}" -p {2}' + # check files in /etc/pihole for read, write and execute permission + check_etc = test_cmd.format('r', '/etc/pihole', piholeuser) + actual_rc = Pihole.run(check_etc).rc + assert exit_status_success == actual_rc + check_etc = test_cmd.format('x', '/etc/pihole', piholeuser) + actual_rc = Pihole.run(check_etc).rc + assert exit_status_success == actual_rc + # readable and writable dhcp.leases + check_leases = test_cmd.format('r', '/etc/pihole/dhcp.leases', piholeuser) + actual_rc = Pihole.run(check_leases).rc + assert exit_status_success == actual_rc + check_leases = test_cmd.format('w', '/etc/pihole/dhcp.leases', piholeuser) + actual_rc = Pihole.run(check_leases).rc + # readable dns-servers.conf + assert exit_status_success == actual_rc + check_servers = test_cmd.format( + 'r', '/etc/pihole/dns-servers.conf', piholeuser) + actual_rc = Pihole.run(check_servers).rc + assert exit_status_success == actual_rc + # readable GitHubVersions + check_version = test_cmd.format( + 'r', '/etc/pihole/GitHubVersions', piholeuser) + actual_rc = Pihole.run(check_version).rc + assert exit_status_success == actual_rc + # readable install.log + check_install = test_cmd.format( + 'r', '/etc/pihole/install.log', piholeuser) + actual_rc = Pihole.run(check_install).rc + assert exit_status_success == actual_rc + # readable localbranches + check_localbranch = test_cmd.format( + 'r', '/etc/pihole/localbranches', piholeuser) + actual_rc = Pihole.run(check_localbranch).rc + assert exit_status_success == actual_rc + # readable localversions + check_localversion = test_cmd.format( + 'r', '/etc/pihole/localversions', piholeuser) + actual_rc = Pihole.run(check_localversion).rc + assert exit_status_success == actual_rc + # readable logrotate + check_logrotate = test_cmd.format( + 'r', '/etc/pihole/logrotate', piholeuser) + actual_rc = Pihole.run(check_logrotate).rc + assert exit_status_success == actual_rc + # readable macvendor.db + check_macvendor = test_cmd.format( + 'r', '/etc/pihole/macvendor.db', piholeuser) + actual_rc = Pihole.run(check_macvendor).rc + assert exit_status_success == actual_rc + # readable and writeable pihole-FTL.conf + check_FTLconf = test_cmd.format( + 'r', '/etc/pihole/pihole-FTL.conf', piholeuser) + actual_rc = Pihole.run(check_FTLconf).rc + assert exit_status_success == actual_rc + check_FTLconf = test_cmd.format( + 'w', '/etc/pihole/pihole-FTL.conf', piholeuser) + actual_rc = Pihole.run(check_FTLconf).rc + assert exit_status_success == actual_rc + # readable setupVars.conf + check_setup = test_cmd.format( + 'r', '/etc/pihole/setupVars.conf', piholeuser) + actual_rc = Pihole.run(check_setup).rc + assert exit_status_success == actual_rc + # check dnsmasq files + # readable /etc/dnsmasq.conf + check_dnsmasqconf = test_cmd.format( + 'r', '/etc/dnsmasq.conf', piholeuser) + actual_rc = Pihole.run(check_dnsmasqconf).rc + assert exit_status_success == actual_rc + # readable /etc/dnsmasq.d/01-pihole.conf + check_dnsmasqconf = test_cmd.format( + 'r', '/etc/dnsmasq.d', piholeuser) + actual_rc = Pihole.run(check_dnsmasqconf).rc + assert exit_status_success == actual_rc + check_dnsmasqconf = test_cmd.format( + 'x', '/etc/dnsmasq.d', piholeuser) + actual_rc = Pihole.run(check_dnsmasqconf).rc + assert exit_status_success == actual_rc + check_dnsmasqconf = test_cmd.format( + 'r', '/etc/dnsmasq.d/01-pihole.conf', piholeuser) + actual_rc = Pihole.run(check_dnsmasqconf).rc + assert exit_status_success == actual_rc + # check readable and executable /etc/init.d/pihole-FTL + check_init = test_cmd.format( + 'x', '/etc/init.d/pihole-FTL', piholeuser) + actual_rc = Pihole.run(check_init).rc + assert exit_status_success == actual_rc + check_init = test_cmd.format( + 'r', '/etc/init.d/pihole-FTL', piholeuser) + actual_rc = Pihole.run(check_init).rc + assert exit_status_success == actual_rc + # check readable /etc/lighttpd/lighttpd.conf + check_lighttpd = test_cmd.format( + 'r', '/etc/lighttpd/lighttpd.conf', piholeuser) + actual_rc = Pihole.run(check_lighttpd).rc + assert exit_status_success == actual_rc + # check readable and executable manpages + if maninstalled is True: + check_man = test_cmd.format( + 'x', '/usr/local/share/man', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'x', '/usr/local/share/man/man8', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man8', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'x', '/usr/local/share/man/man5', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man5', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man8/pihole.8', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man8/pihole-FTL.8', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + check_man = test_cmd.format( + 'r', '/usr/local/share/man/man5/pihole-FTL.conf.5', piholeuser) + actual_rc = Pihole.run(check_man).rc + assert exit_status_success == actual_rc + # check not readable sudoers file + check_sudo = test_cmd.format( + 'r', '/etc/sudoers.d/pihole', piholeuser) + actual_rc = Pihole.run(check_sudo).rc + assert exit_status_success != actual_rc + # check not readable cron file + check_sudo = test_cmd.format( + 'x', '/etc/cron.d/', piholeuser) + actual_rc = Pihole.run(check_sudo).rc + assert exit_status_success == actual_rc + check_sudo = test_cmd.format( + 'r', '/etc/cron.d/', piholeuser) + actual_rc = Pihole.run(check_sudo).rc + assert exit_status_success == actual_rc + check_sudo = test_cmd.format( + 'r', '/etc/cron.d/pihole', piholeuser) + actual_rc = Pihole.run(check_sudo).rc + assert exit_status_success == actual_rc + directories = get_directories_recursive(Pihole, '/etc/.pihole/') + for directory in directories: + check_pihole = test_cmd.format('r', directory, piholeuser) + actual_rc = Pihole.run(check_pihole).rc + check_pihole = test_cmd.format('x', directory, piholeuser) + actual_rc = Pihole.run(check_pihole).rc + findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;' + filelist = Pihole.run(findfiles.format(directory)) + files = list(filter(bool, filelist.stdout.splitlines())) + for file in files: + check_pihole = test_cmd.format('r', file, piholeuser) + actual_rc = Pihole.run(check_pihole).rc + + +@pytest.mark.parametrize("test_webpage", [True]) +def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): + ''' + confirms all web page assets from Core repo are readable + by $LIGHTTPD_USER on a fresh build + ''' + piholeWebpage = [ + "127.0.0.1", + # "pi.hole" + ] + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', {'*': ('', '0')}, Pihole) + # mock git pull + mock_command_passthrough('git', {'pull': ('', '0')}, Pihole) + # mock systemctl to start lighttpd and FTL + ligthttpdcommand = dedent(r'''\"\" + echo 'starting lighttpd with {}' + if [ command -v "apt-get" >/dev/null 2>&1 ]; then + LIGHTTPD_USER="www-data" + LIGHTTPD_GROUP="www-data" + else + LIGHTTPD_USER="lighttpd" + LIGHTTPD_GROUP="lighttpd" + fi + mkdir -p "{run}" + chown {usergroup} "{run}" + mkdir -p "{cache}" + chown {usergroup} "/var/cache" + chown {usergroup} "{cache}" + mkdir -p "{compress}" + chown {usergroup} "{compress}" + mkdir -p "{uploads}" + chown {usergroup} "{uploads}" + chmod 0777 /var + chmod 0777 /var/cache + chmod 0777 "{cache}" + find "{run}" -type d -exec chmod 0777 {chmodarg} \;; + find "{run}" -type f -exec chmod 0666 {chmodarg} \;; + find "{compress}" -type d -exec chmod 0777 {chmodarg} \;; + find "{compress}" -type f -exec chmod 0666 {chmodarg} \;; + find "{uploads}" -type d -exec chmod 0777 {chmodarg} \;; + find "{uploads}" -type f -exec chmod 0666 {chmodarg} \;; + /usr/sbin/lighttpd -tt -f '{config}' + /usr/sbin/lighttpd -f '{config}' + echo \"\"'''.format( + '{}', + usergroup='${{LIGHTTPD_USER}}:${{LIGHTTPD_GROUP}}', + chmodarg='{{}}', + config='/etc/lighttpd/lighttpd.conf', + run='/var/run/lighttpd', + cache='/var/cache/lighttpd', + uploads='/var/cache/lighttpd/uploads', + compress='/var/cache/lighttpd/compress' + ) + ) + FTLcommand = dedent('''\"\" + set -x + /etc/init.d/pihole-FTL restart + echo \"\"''') + mock_command_run( + 'systemctl', + { + 'enable lighttpd': ( + '', + '0' + ), + 'restart lighttpd': ( + ligthttpdcommand.format('restart'), + '0' + ), + 'start lighttpd': ( + ligthttpdcommand.format('start'), + '0' + ), + 'enable pihole-FTL': ( + '', + '0' + ), + 'restart pihole-FTL': ( + FTLcommand, + '0' + ), + 'start pihole-FTL': ( + FTLcommand, + '0' + ), + '*': ( + 'echo "systemctl call with $@"', + '0' + ), + }, + Pihole + ) + # create configuration file + setup_var_file = 'cat < /etc/pihole/setupVars.conf\n' + for k, v in SETUPVARS.items(): + setup_var_file += "{}={}\n".format(k, v) + setup_var_file += "INSTALL_WEB_SERVER=true\n" + setup_var_file += "INSTALL_WEB_INTERFACE=true\n" + setup_var_file += "IPV4_ADDRESS=127.0.0.1\n" + setup_var_file += "EOF\n" + Pihole.run(setup_var_file) + installWeb = Pihole.run(''' + export TERM=xterm + export DEBIAN_FRONTEND=noninteractive + umask 0027 + runUnattended=true + useUpdateVars=true + source /opt/pihole/basic-install.sh > /dev/null + runUnattended=true + useUpdateVars=true + main + echo "LIGHTTPD_USER=${LIGHTTPD_USER}" + echo "webroot=${webroot}" + echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" + echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}" + ''') + assert 0 == installWeb.rc + piholeuser = 'pihole' + webuser = '' + user = re.findall( + r"^\s*LIGHTTPD_USER=.*$", installWeb.stdout, re.MULTILINE) + for match in user: + webuser = match.replace('LIGHTTPD_USER=', '').strip() + webroot = '' + user = re.findall( + r"^\s*webroot=.*$", installWeb.stdout, re.MULTILINE) + for match in user: + webroot = match.replace('webroot=', '').strip() + if not webroot.strip(): + webroot = '/var/www/html' + installWebInterface = True + interface = re.findall( + r"^\s*INSTALL_WEB_INTERFACE=.*$", installWeb.stdout, re.MULTILINE) + for match in interface: + testvalue = match.replace('INSTALL_WEB_INTERFACE=', '').strip().lower() + if not testvalue.strip(): + installWebInterface = testvalue == "true" + installWebServer = True + server = re.findall( + r"^\s*INSTALL_WEB_SERVER=.*$", installWeb.stdout, re.MULTILINE) + for match in server: + testvalue = match.replace('INSTALL_WEB_SERVER=', '').strip().lower() + if not testvalue.strip(): + installWebServer = testvalue == "true" + # if webserver install was not requested + # at least pihole must be able to read files + if installWebServer is False: + webuser = piholeuser + exit_status_success = 0 + test_cmd = 'su --shell /bin/bash --command "test -{0} {1}" -p {2}' + # check files that need a running FTL to be created + # readable and writeable pihole-FTL.db + check_FTLconf = test_cmd.format( + 'r', '/etc/pihole/pihole-FTL.db', piholeuser) + actual_rc = Pihole.run(check_FTLconf).rc + assert exit_status_success == actual_rc + check_FTLconf = test_cmd.format( + 'w', '/etc/pihole/pihole-FTL.db', piholeuser) + actual_rc = Pihole.run(check_FTLconf).rc + assert exit_status_success == actual_rc + # check directories above $webroot for read and execute permission + check_var = test_cmd.format('r', '/var', webuser) + actual_rc = Pihole.run(check_var).rc + assert exit_status_success == actual_rc + check_var = test_cmd.format('x', '/var', webuser) + actual_rc = Pihole.run(check_var).rc + assert exit_status_success == actual_rc + check_www = test_cmd.format('r', '/var/www', webuser) + actual_rc = Pihole.run(check_www).rc + assert exit_status_success == actual_rc + check_www = test_cmd.format('x', '/var/www', webuser) + actual_rc = Pihole.run(check_www).rc + assert exit_status_success == actual_rc + check_html = test_cmd.format('r', '/var/www/html', webuser) + actual_rc = Pihole.run(check_html).rc + assert exit_status_success == actual_rc + check_html = test_cmd.format('x', '/var/www/html', webuser) + actual_rc = Pihole.run(check_html).rc + assert exit_status_success == actual_rc + # check directories below $webroot for read and execute permission + check_admin = test_cmd.format('r', webroot + '/admin', webuser) + actual_rc = Pihole.run(check_admin).rc + assert exit_status_success == actual_rc + check_admin = test_cmd.format('x', webroot + '/admin', webuser) + actual_rc = Pihole.run(check_admin).rc + assert exit_status_success == actual_rc + directories = get_directories_recursive(Pihole, webroot + '/admin/*/') + for directory in directories: + check_pihole = test_cmd.format('r', directory, webuser) + actual_rc = Pihole.run(check_pihole).rc + check_pihole = test_cmd.format('x', directory, webuser) + actual_rc = Pihole.run(check_pihole).rc + findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;' + filelist = Pihole.run(findfiles.format(directory)) + files = list(filter(bool, filelist.stdout.splitlines())) + for file in files: + check_pihole = test_cmd.format('r', file, webuser) + actual_rc = Pihole.run(check_pihole).rc + # check web interface files + # change nameserver to pi-hole + # setting nameserver in /etc/resolv.conf to pi-hole does + # not work here because of the way docker uses this file + ns = Pihole.run( + r"sed -i 's/nameserver.*/nameserver 127.0.0.1/' /etc/resolv.conf") + pihole_is_ns = ns.rc == 0 + + def is_ip(address): + m = re.match(r"(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})", address) + return bool(m) + if installWebInterface is True: + check_pihole = test_cmd.format('r', webroot + '/pihole', webuser) + actual_rc = Pihole.run(check_pihole).rc + assert exit_status_success == actual_rc + check_pihole = test_cmd.format('x', webroot + '/pihole', webuser) + actual_rc = Pihole.run(check_pihole).rc + assert exit_status_success == actual_rc + # check most important files in $webroot for read permission + check_index = test_cmd.format( + 'r', webroot + '/pihole/index.php', webuser) + actual_rc = Pihole.run(check_index).rc + assert exit_status_success == actual_rc + check_blockpage = test_cmd.format( + 'r', webroot + '/pihole/blockingpage.css', webuser) + actual_rc = Pihole.run(check_blockpage).rc + assert exit_status_success == actual_rc + if test_webpage is True: + # check webpage for unreadable files + noPHPfopen = re.compile( + (r"PHP Error(%d+):\s+fopen([^)]+):\s+" + + r"failed to open stream: " + + r"Permission denied in"), + re.I) + # using cURL option --dns-servers is not possible + status = ( + 'curl -s --head "{}" | ' + + 'head -n 1 | ' + + 'grep "HTTP/1.[01] [23].." > /dev/null') + digcommand = r"dig A +short {} @127.0.0.1 | head -n 1" + pagecontent = 'curl --verbose -L "{}"' + for page in piholeWebpage: + testpage = "http://" + page + "/admin/" + resolvesuccess = True + if is_ip(page) is False: + dig = Pihole.run(digcommand.format(page)) + testpage = "http://" + dig.stdout.strip() + "/admin/" + resolvesuccess = dig.rc == 0 + if resolvesuccess or pihole_is_ns: + # check HTTP status of blockpage + actual_rc = Pihole.run(status.format(testpage)) + assert exit_status_success == actual_rc.rc + # check for PHP error + actual_output = Pihole.run(pagecontent.format(testpage)) + assert noPHPfopen.match(actual_output.stdout) is None + + def test_update_package_cache_success_no_errors(Pihole): ''' confirms package cache was updated without any errors From cdd4d9ea9e51c8110df832d5fadeb44bc90b5085 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 18 Nov 2021 01:03:37 +0000 Subject: [PATCH 68/70] Update the tests (#4427) * unpin the requirements and update all to latest available - needs more work still. see notes in `def host()` Signed-off-by: Adam Warner * fix py3 monkey patch of testinfra docker using bash Signed-off-by: Adam Hill * update the other test files to use `host` instead of `Pihole` Address some sticklr and codefactor update python version from 3.7 to 3.8 preload `git` onto the centos/fedora test images, and switch which with command -v in the passthrough mock testinfra is deprecated, use pytest-testinfra Signed-off-by: Adam Warner Co-authored-by: Adam Hill --- .github/workflows/test.yml | 4 +- .gitignore | 1 + test/_centos_7.Dockerfile | 1 + test/_centos_8.Dockerfile | 1 + test/_fedora_33.Dockerfile | 1 + test/_fedora_34.Dockerfile | 1 + test/conftest.py | 101 ++----- test/requirements.txt | 12 +- test/test_automated_install.py | 339 +++++++++++----------- test/test_centos_7_support.py | 22 +- test/test_centos_8_support.py | 22 +- test/test_centos_common_support.py | 48 +-- test/test_centos_fedora_common_support.py | 24 +- test/test_fedora_support.py | 8 +- test/tox.centos_7.ini | 2 +- test/tox.centos_8.ini | 2 +- test/tox.debian_10.ini | 2 +- test/tox.debian_11.ini | 2 +- test/tox.debian_9.ini | 2 +- test/tox.fedora_33.ini | 2 +- test/tox.fedora_34.ini | 2 +- test/tox.ubuntu_16.ini | 2 +- test/tox.ubuntu_18.ini | 2 +- test/tox.ubuntu_20.ini | 2 +- test/tox.ubuntu_21.ini | 2 +- 25 files changed, 285 insertions(+), 322 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 49f139e1..17557a87 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -36,10 +36,10 @@ jobs: name: Checkout repository uses: actions/checkout@v2 - - name: Set up Python 3.7 + name: Set up Python 3.8 uses: actions/setup-python@v2 with: - python-version: 3.7 + python-version: 3.8 - name: Install dependencies run: pip install -r test/requirements.txt diff --git a/.gitignore b/.gitignore index c19555ed..8016472b 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ __pycache__ *.egg-info .idea/ *.iml +.vscode/ diff --git a/test/_centos_7.Dockerfile b/test/_centos_7.Dockerfile index 434242bf..355f4fdb 100644 --- a/test/_centos_7.Dockerfile +++ b/test/_centos_7.Dockerfile @@ -1,4 +1,5 @@ FROM centos:7 +RUN yum install -y git ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/_centos_8.Dockerfile b/test/_centos_8.Dockerfile index afd2dc8a..fddb3ed1 100644 --- a/test/_centos_8.Dockerfile +++ b/test/_centos_8.Dockerfile @@ -1,4 +1,5 @@ FROM centos:8 +RUN yum install -y git ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/_fedora_33.Dockerfile b/test/_fedora_33.Dockerfile index 9ae94c70..5cdd66ee 100644 --- a/test/_fedora_33.Dockerfile +++ b/test/_fedora_33.Dockerfile @@ -1,4 +1,5 @@ FROM fedora:33 +RUN dnf install -y git ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/_fedora_34.Dockerfile b/test/_fedora_34.Dockerfile index 96de18da..fbbaacd6 100644 --- a/test/_fedora_34.Dockerfile +++ b/test/_fedora_34.Dockerfile @@ -1,4 +1,5 @@ FROM fedora:34 +RUN dnf install -y git ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/conftest.py b/test/conftest.py index 2d388fdd..fb7e1eea 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -1,10 +1,9 @@ import pytest import testinfra +import testinfra.backend.docker +import subprocess from textwrap import dedent -check_output = testinfra.get_backend( - "local://" -).get_module("Command").check_output SETUPVARS = { 'PIHOLE_INTERFACE': 'eth99', @@ -12,85 +11,42 @@ SETUPVARS = { 'PIHOLE_DNS_2': '4.2.2.2' } +IMAGE = 'pytest_pihole:test_container' + tick_box = "[\x1b[1;32m\u2713\x1b[0m]" cross_box = "[\x1b[1;31m\u2717\x1b[0m]" info_box = "[i]" -@pytest.fixture -def Pihole(Docker): - ''' - used to contain some script stubbing, now pretty much an alias. - Also provides bash as the default run function shell - ''' - def run_bash(self, command, *args, **kwargs): - cmd = self.get_command(command, *args) - if self.user is not None: - out = self.run_local( - "docker exec -u %s %s /bin/bash -c %s", - self.user, self.name, cmd) - else: - out = self.run_local( - "docker exec %s /bin/bash -c %s", self.name, cmd) - out.command = self.encode(cmd) - return out +# Monkeypatch sh to bash, if they ever support non hard code /bin/sh this can go away +# https://github.com/pytest-dev/pytest-testinfra/blob/master/testinfra/backend/docker.py +def run_bash(self, command, *args, **kwargs): + cmd = self.get_command(command, *args) + if self.user is not None: + out = self.run_local( + "docker exec -u %s %s /bin/bash -c %s", self.user, self.name, cmd + ) + else: + out = self.run_local("docker exec %s /bin/bash -c %s", self.name, cmd) + out.command = self.encode(cmd) + return out - funcType = type(Docker.run) - Docker.run = funcType(run_bash, Docker) - return Docker + +testinfra.backend.docker.DockerBackend.run = run_bash @pytest.fixture -def Docker(request, args, image, cmd): - ''' - combine our fixtures into a docker run command and setup finalizer to - cleanup - ''' - assert 'docker' in check_output('id'), "Are you in the docker group?" - docker_run = "docker run {} {} {}".format(args, image, cmd) - docker_id = check_output(docker_run) +def host(): + # run a container + docker_id = subprocess.check_output( + ['docker', 'run', '-t', '-d', '--cap-add=ALL', IMAGE]).decode().strip() - def teardown(): - check_output("docker rm -f %s", docker_id) - request.addfinalizer(teardown) + # return a testinfra connection to the container + docker_host = testinfra.get_host("docker://" + docker_id) - docker_container = testinfra.get_backend("docker://" + docker_id) - docker_container.id = docker_id - return docker_container - - -@pytest.fixture -def args(request): - ''' - -t became required when tput began being used - ''' - return '-t -d --cap-add=ALL' - - -@pytest.fixture(params=[ - 'test_container' -]) -def tag(request): - ''' - consumed by image to make the test matrix - ''' - return request.param - - -@pytest.fixture() -def image(request, tag): - ''' - built by test_000_build_containers.py - ''' - return 'pytest_pihole:{}'.format(tag) - - -@pytest.fixture() -def cmd(request): - ''' - default to doing nothing by tailing null, but don't exit - ''' - return 'tail -f /dev/null' + yield docker_host + # at the end of the test suite, destroy the container + subprocess.check_call(['docker', 'rm', '-f', docker_id]) # Helper functions @@ -129,7 +85,7 @@ def mock_command_passthrough(script, args, container): Example use-case: mocking `git pull` but still allowing `git clone` to work as intended ''' - orig_script_path = check_output('which {}'.format(script)) + orig_script_path = container.check_output('command -v {}'.format(script)) full_script_path = '/usr/local/bin/{}'.format(script) mock_script = dedent(r'''\ #!/bin/bash -e @@ -209,6 +165,7 @@ def mock_command_2(script, args, container): content=mock_script, scriptlog=script)) + def run_script(Pihole, script): result = Pihole.run(script) assert result.rc == 0 diff --git a/test/requirements.txt b/test/requirements.txt index 17d62ad9..d65ee6a5 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,6 +1,6 @@ -docker-compose==1.23.2 -pytest==4.3.0 -pytest-xdist==1.26.1 -pytest-cov==2.6.1 -testinfra==1.19.0 -tox==3.7.0 +docker-compose +pytest +pytest-xdist +pytest-cov +pytest-testinfra +tox diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 304a8783..911407fc 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -14,14 +14,14 @@ from .conftest import ( ) -def test_supported_package_manager(Pihole): +def test_supported_package_manager(host): ''' confirm installer exits when no supported package manager found ''' # break supported package managers - Pihole.run('rm -rf /usr/bin/apt-get') - Pihole.run('rm -rf /usr/bin/rpm') - package_manager_detect = Pihole.run(''' + host.run('rm -rf /usr/bin/apt-get') + host.run('rm -rf /usr/bin/rpm') + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect ''') @@ -30,7 +30,7 @@ def test_supported_package_manager(Pihole): # assert package_manager_detect.rc == 1 -def test_setupVars_are_sourced_to_global_scope(Pihole): +def test_setupVars_are_sourced_to_global_scope(host): ''' currently update_dialogs sources setupVars with a dot, then various other functions use the variables. @@ -40,7 +40,7 @@ def test_setupVars_are_sourced_to_global_scope(Pihole): for k, v in SETUPVARS.items(): setup_var_file += "{}={}\n".format(k, v) setup_var_file += "EOF\n" - Pihole.run(setup_var_file) + host.run(setup_var_file) script = dedent('''\ set -e @@ -58,13 +58,13 @@ def test_setupVars_are_sourced_to_global_scope(Pihole): printSetupVars ''') - output = run_script(Pihole, script).stdout + output = run_script(host, script).stdout for k, v in SETUPVARS.items(): assert "{}={}".format(k, v) in output -def test_setupVars_saved_to_file(Pihole): +def test_setupVars_saved_to_file(host): ''' confirm saved settings are written to a file for future updates to re-use ''' @@ -72,7 +72,7 @@ def test_setupVars_saved_to_file(Pihole): set_setup_vars = '\n' for k, v in SETUPVARS.items(): set_setup_vars += " {}={}\n".format(k, v) - Pihole.run(set_setup_vars).stdout + host.run(set_setup_vars) script = dedent('''\ set -e @@ -87,17 +87,17 @@ def test_setupVars_saved_to_file(Pihole): cat /etc/pihole/setupVars.conf '''.format(set_setup_vars)) - output = run_script(Pihole, script).stdout + output = run_script(host, script).stdout for k, v in SETUPVARS.items(): assert "{}={}".format(k, v) in output -def test_selinux_not_detected(Pihole): +def test_selinux_not_detected(host): ''' confirms installer continues when SELinux configuration file does not exist ''' - check_selinux = Pihole.run(''' + check_selinux = host.run(''' rm -f /etc/selinux/config source /opt/pihole/basic-install.sh checkSelinux @@ -107,11 +107,11 @@ def test_selinux_not_detected(Pihole): assert check_selinux.rc == 0 -def test_installPiholeWeb_fresh_install_no_errors(Pihole): +def test_installPiholeWeb_fresh_install_no_errors(host): ''' confirms all web page assets from Core repo are installed on a fresh build ''' - installWeb = Pihole.run(''' + installWeb = host.run(''' umask 0027 source /opt/pihole/basic-install.sh installPiholeWeb @@ -128,19 +128,19 @@ def test_installPiholeWeb_fresh_install_no_errors(Pihole): assert expected_stdout in installWeb.stdout expected_stdout = tick_box + ' Installing sudoer file' assert expected_stdout in installWeb.stdout - web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout + web_directory = host.run('ls -r /var/www/html/pihole').stdout assert 'index.php' in web_directory assert 'blockingpage.css' in web_directory -def get_directories_recursive(Pihole, directory): +def get_directories_recursive(host, directory): if directory is None: return directory - ls = Pihole.run('ls -d {}'.format(directory + '/*/')) + ls = host.run('ls -d {}'.format(directory + '/*/')) directories = list(filter(bool, ls.stdout.splitlines())) dirs = directories for dirval in directories: - dir_rec = get_directories_recursive(Pihole, dirval) + dir_rec = get_directories_recursive(host, dirval) if isinstance(dir_rec, str): dirs.extend([dir_rec]) else: @@ -148,14 +148,14 @@ def get_directories_recursive(Pihole, directory): return dirs -def test_installPihole_fresh_install_readableFiles(Pihole): +def test_installPihole_fresh_install_readableFiles(host): ''' confirms all neccessary files are readable by pihole user ''' # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) + mock_command('whiptail', {'*': ('', '0')}, host) # mock git pull - mock_command_passthrough('git', {'pull': ('', '0')}, Pihole) + mock_command_passthrough('git', {'pull': ('', '0')}, host) # mock systemctl to not start lighttpd and FTL mock_command_2( 'systemctl', @@ -189,12 +189,12 @@ def test_installPihole_fresh_install_readableFiles(Pihole): '0' ), }, - Pihole + host ) # try to install man - Pihole.run('command -v apt-get > /dev/null && apt-get install -qq man') - Pihole.run('command -v dnf > /dev/null && dnf install -y man') - Pihole.run('command -v yum > /dev/null && yum install -y man') + host.run('command -v apt-get > /dev/null && apt-get install -qq man') + host.run('command -v dnf > /dev/null && dnf install -y man') + host.run('command -v yum > /dev/null && yum install -y man') # create configuration file setup_var_file = 'cat < /etc/pihole/setupVars.conf\n' for k, v in SETUPVARS.items(): @@ -202,8 +202,8 @@ def test_installPihole_fresh_install_readableFiles(Pihole): setup_var_file += "INSTALL_WEB_SERVER=true\n" setup_var_file += "INSTALL_WEB_INTERFACE=true\n" setup_var_file += "EOF\n" - Pihole.run(setup_var_file) - install = Pihole.run(''' + host.run(setup_var_file) + install = host.run(''' export TERM=xterm export DEBIAN_FRONTEND=noninteractive umask 0027 @@ -223,172 +223,172 @@ def test_installPihole_fresh_install_readableFiles(Pihole): test_cmd = 'su --shell /bin/bash --command "test -{0} {1}" -p {2}' # check files in /etc/pihole for read, write and execute permission check_etc = test_cmd.format('r', '/etc/pihole', piholeuser) - actual_rc = Pihole.run(check_etc).rc + actual_rc = host.run(check_etc).rc assert exit_status_success == actual_rc check_etc = test_cmd.format('x', '/etc/pihole', piholeuser) - actual_rc = Pihole.run(check_etc).rc + actual_rc = host.run(check_etc).rc assert exit_status_success == actual_rc # readable and writable dhcp.leases check_leases = test_cmd.format('r', '/etc/pihole/dhcp.leases', piholeuser) - actual_rc = Pihole.run(check_leases).rc + actual_rc = host.run(check_leases).rc assert exit_status_success == actual_rc check_leases = test_cmd.format('w', '/etc/pihole/dhcp.leases', piholeuser) - actual_rc = Pihole.run(check_leases).rc + actual_rc = host.run(check_leases).rc # readable dns-servers.conf assert exit_status_success == actual_rc check_servers = test_cmd.format( 'r', '/etc/pihole/dns-servers.conf', piholeuser) - actual_rc = Pihole.run(check_servers).rc + actual_rc = host.run(check_servers).rc assert exit_status_success == actual_rc # readable GitHubVersions check_version = test_cmd.format( 'r', '/etc/pihole/GitHubVersions', piholeuser) - actual_rc = Pihole.run(check_version).rc + actual_rc = host.run(check_version).rc assert exit_status_success == actual_rc # readable install.log check_install = test_cmd.format( 'r', '/etc/pihole/install.log', piholeuser) - actual_rc = Pihole.run(check_install).rc + actual_rc = host.run(check_install).rc assert exit_status_success == actual_rc # readable localbranches check_localbranch = test_cmd.format( 'r', '/etc/pihole/localbranches', piholeuser) - actual_rc = Pihole.run(check_localbranch).rc + actual_rc = host.run(check_localbranch).rc assert exit_status_success == actual_rc # readable localversions check_localversion = test_cmd.format( 'r', '/etc/pihole/localversions', piholeuser) - actual_rc = Pihole.run(check_localversion).rc + actual_rc = host.run(check_localversion).rc assert exit_status_success == actual_rc # readable logrotate check_logrotate = test_cmd.format( 'r', '/etc/pihole/logrotate', piholeuser) - actual_rc = Pihole.run(check_logrotate).rc + actual_rc = host.run(check_logrotate).rc assert exit_status_success == actual_rc # readable macvendor.db check_macvendor = test_cmd.format( 'r', '/etc/pihole/macvendor.db', piholeuser) - actual_rc = Pihole.run(check_macvendor).rc + actual_rc = host.run(check_macvendor).rc assert exit_status_success == actual_rc # readable and writeable pihole-FTL.conf check_FTLconf = test_cmd.format( 'r', '/etc/pihole/pihole-FTL.conf', piholeuser) - actual_rc = Pihole.run(check_FTLconf).rc + actual_rc = host.run(check_FTLconf).rc assert exit_status_success == actual_rc check_FTLconf = test_cmd.format( 'w', '/etc/pihole/pihole-FTL.conf', piholeuser) - actual_rc = Pihole.run(check_FTLconf).rc + actual_rc = host.run(check_FTLconf).rc assert exit_status_success == actual_rc # readable setupVars.conf check_setup = test_cmd.format( 'r', '/etc/pihole/setupVars.conf', piholeuser) - actual_rc = Pihole.run(check_setup).rc + actual_rc = host.run(check_setup).rc assert exit_status_success == actual_rc # check dnsmasq files # readable /etc/dnsmasq.conf check_dnsmasqconf = test_cmd.format( 'r', '/etc/dnsmasq.conf', piholeuser) - actual_rc = Pihole.run(check_dnsmasqconf).rc + actual_rc = host.run(check_dnsmasqconf).rc assert exit_status_success == actual_rc # readable /etc/dnsmasq.d/01-pihole.conf check_dnsmasqconf = test_cmd.format( 'r', '/etc/dnsmasq.d', piholeuser) - actual_rc = Pihole.run(check_dnsmasqconf).rc + actual_rc = host.run(check_dnsmasqconf).rc assert exit_status_success == actual_rc check_dnsmasqconf = test_cmd.format( 'x', '/etc/dnsmasq.d', piholeuser) - actual_rc = Pihole.run(check_dnsmasqconf).rc + actual_rc = host.run(check_dnsmasqconf).rc assert exit_status_success == actual_rc check_dnsmasqconf = test_cmd.format( 'r', '/etc/dnsmasq.d/01-pihole.conf', piholeuser) - actual_rc = Pihole.run(check_dnsmasqconf).rc + actual_rc = host.run(check_dnsmasqconf).rc assert exit_status_success == actual_rc # check readable and executable /etc/init.d/pihole-FTL check_init = test_cmd.format( 'x', '/etc/init.d/pihole-FTL', piholeuser) - actual_rc = Pihole.run(check_init).rc + actual_rc = host.run(check_init).rc assert exit_status_success == actual_rc check_init = test_cmd.format( 'r', '/etc/init.d/pihole-FTL', piholeuser) - actual_rc = Pihole.run(check_init).rc + actual_rc = host.run(check_init).rc assert exit_status_success == actual_rc # check readable /etc/lighttpd/lighttpd.conf check_lighttpd = test_cmd.format( 'r', '/etc/lighttpd/lighttpd.conf', piholeuser) - actual_rc = Pihole.run(check_lighttpd).rc + actual_rc = host.run(check_lighttpd).rc assert exit_status_success == actual_rc # check readable and executable manpages if maninstalled is True: check_man = test_cmd.format( 'x', '/usr/local/share/man', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'x', '/usr/local/share/man/man8', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man8', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'x', '/usr/local/share/man/man5', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man5', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man8/pihole.8', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man8/pihole-FTL.8', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc check_man = test_cmd.format( 'r', '/usr/local/share/man/man5/pihole-FTL.conf.5', piholeuser) - actual_rc = Pihole.run(check_man).rc + actual_rc = host.run(check_man).rc assert exit_status_success == actual_rc # check not readable sudoers file check_sudo = test_cmd.format( 'r', '/etc/sudoers.d/pihole', piholeuser) - actual_rc = Pihole.run(check_sudo).rc + actual_rc = host.run(check_sudo).rc assert exit_status_success != actual_rc # check not readable cron file check_sudo = test_cmd.format( 'x', '/etc/cron.d/', piholeuser) - actual_rc = Pihole.run(check_sudo).rc + actual_rc = host.run(check_sudo).rc assert exit_status_success == actual_rc check_sudo = test_cmd.format( 'r', '/etc/cron.d/', piholeuser) - actual_rc = Pihole.run(check_sudo).rc + actual_rc = host.run(check_sudo).rc assert exit_status_success == actual_rc check_sudo = test_cmd.format( 'r', '/etc/cron.d/pihole', piholeuser) - actual_rc = Pihole.run(check_sudo).rc + actual_rc = host.run(check_sudo).rc assert exit_status_success == actual_rc - directories = get_directories_recursive(Pihole, '/etc/.pihole/') + directories = get_directories_recursive(host, '/etc/.pihole/') for directory in directories: check_pihole = test_cmd.format('r', directory, piholeuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc check_pihole = test_cmd.format('x', directory, piholeuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;' - filelist = Pihole.run(findfiles.format(directory)) + filelist = host.run(findfiles.format(directory)) files = list(filter(bool, filelist.stdout.splitlines())) for file in files: check_pihole = test_cmd.format('r', file, piholeuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc @pytest.mark.parametrize("test_webpage", [True]) -def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): +def test_installPihole_fresh_install_readableBlockpage(host, test_webpage): ''' confirms all web page assets from Core repo are readable by $LIGHTTPD_USER on a fresh build @@ -398,9 +398,10 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): # "pi.hole" ] # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) + mock_command('whiptail', {'*': ('', '0')}, host) + # mock git pull - mock_command_passthrough('git', {'pull': ('', '0')}, Pihole) + mock_command_passthrough('git', {'pull': ('', '0')}, host) # mock systemctl to start lighttpd and FTL ligthttpdcommand = dedent(r'''\"\" echo 'starting lighttpd with {}' @@ -478,7 +479,7 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): '0' ), }, - Pihole + host ) # create configuration file setup_var_file = 'cat < /etc/pihole/setupVars.conf\n' @@ -488,8 +489,8 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): setup_var_file += "INSTALL_WEB_INTERFACE=true\n" setup_var_file += "IPV4_ADDRESS=127.0.0.1\n" setup_var_file += "EOF\n" - Pihole.run(setup_var_file) - installWeb = Pihole.run(''' + host.run(setup_var_file) + installWeb = host.run(''' export TERM=xterm export DEBIAN_FRONTEND=noninteractive umask 0027 @@ -542,55 +543,55 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): # readable and writeable pihole-FTL.db check_FTLconf = test_cmd.format( 'r', '/etc/pihole/pihole-FTL.db', piholeuser) - actual_rc = Pihole.run(check_FTLconf).rc + actual_rc = host.run(check_FTLconf).rc assert exit_status_success == actual_rc check_FTLconf = test_cmd.format( 'w', '/etc/pihole/pihole-FTL.db', piholeuser) - actual_rc = Pihole.run(check_FTLconf).rc + actual_rc = host.run(check_FTLconf).rc assert exit_status_success == actual_rc # check directories above $webroot for read and execute permission check_var = test_cmd.format('r', '/var', webuser) - actual_rc = Pihole.run(check_var).rc + actual_rc = host.run(check_var).rc assert exit_status_success == actual_rc check_var = test_cmd.format('x', '/var', webuser) - actual_rc = Pihole.run(check_var).rc + actual_rc = host.run(check_var).rc assert exit_status_success == actual_rc check_www = test_cmd.format('r', '/var/www', webuser) - actual_rc = Pihole.run(check_www).rc + actual_rc = host.run(check_www).rc assert exit_status_success == actual_rc check_www = test_cmd.format('x', '/var/www', webuser) - actual_rc = Pihole.run(check_www).rc + actual_rc = host.run(check_www).rc assert exit_status_success == actual_rc check_html = test_cmd.format('r', '/var/www/html', webuser) - actual_rc = Pihole.run(check_html).rc + actual_rc = host.run(check_html).rc assert exit_status_success == actual_rc check_html = test_cmd.format('x', '/var/www/html', webuser) - actual_rc = Pihole.run(check_html).rc + actual_rc = host.run(check_html).rc assert exit_status_success == actual_rc # check directories below $webroot for read and execute permission check_admin = test_cmd.format('r', webroot + '/admin', webuser) - actual_rc = Pihole.run(check_admin).rc + actual_rc = host.run(check_admin).rc assert exit_status_success == actual_rc check_admin = test_cmd.format('x', webroot + '/admin', webuser) - actual_rc = Pihole.run(check_admin).rc + actual_rc = host.run(check_admin).rc assert exit_status_success == actual_rc - directories = get_directories_recursive(Pihole, webroot + '/admin/*/') + directories = get_directories_recursive(host, webroot + '/admin/*/') for directory in directories: check_pihole = test_cmd.format('r', directory, webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc check_pihole = test_cmd.format('x', directory, webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;' - filelist = Pihole.run(findfiles.format(directory)) + filelist = host.run(findfiles.format(directory)) files = list(filter(bool, filelist.stdout.splitlines())) for file in files: check_pihole = test_cmd.format('r', file, webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc # check web interface files # change nameserver to pi-hole # setting nameserver in /etc/resolv.conf to pi-hole does # not work here because of the way docker uses this file - ns = Pihole.run( + ns = host.run( r"sed -i 's/nameserver.*/nameserver 127.0.0.1/' /etc/resolv.conf") pihole_is_ns = ns.rc == 0 @@ -599,19 +600,19 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): return bool(m) if installWebInterface is True: check_pihole = test_cmd.format('r', webroot + '/pihole', webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc assert exit_status_success == actual_rc check_pihole = test_cmd.format('x', webroot + '/pihole', webuser) - actual_rc = Pihole.run(check_pihole).rc + actual_rc = host.run(check_pihole).rc assert exit_status_success == actual_rc # check most important files in $webroot for read permission check_index = test_cmd.format( 'r', webroot + '/pihole/index.php', webuser) - actual_rc = Pihole.run(check_index).rc + actual_rc = host.run(check_index).rc assert exit_status_success == actual_rc check_blockpage = test_cmd.format( 'r', webroot + '/pihole/blockingpage.css', webuser) - actual_rc = Pihole.run(check_blockpage).rc + actual_rc = host.run(check_blockpage).rc assert exit_status_success == actual_rc if test_webpage is True: # check webpage for unreadable files @@ -631,23 +632,23 @@ def test_installPihole_fresh_install_readableBlockpage(Pihole, test_webpage): testpage = "http://" + page + "/admin/" resolvesuccess = True if is_ip(page) is False: - dig = Pihole.run(digcommand.format(page)) + dig = host.run(digcommand.format(page)) testpage = "http://" + dig.stdout.strip() + "/admin/" resolvesuccess = dig.rc == 0 if resolvesuccess or pihole_is_ns: # check HTTP status of blockpage - actual_rc = Pihole.run(status.format(testpage)) + actual_rc = host.run(status.format(testpage)) assert exit_status_success == actual_rc.rc # check for PHP error - actual_output = Pihole.run(pagecontent.format(testpage)) + actual_output = host.run(pagecontent.format(testpage)) assert noPHPfopen.match(actual_output.stdout) is None -def test_update_package_cache_success_no_errors(Pihole): +def test_update_package_cache_success_no_errors(host): ''' confirms package cache was updated without any errors ''' - updateCache = Pihole.run(''' + updateCache = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect update_package_cache @@ -657,12 +658,12 @@ def test_update_package_cache_success_no_errors(Pihole): assert 'error' not in updateCache.stdout.lower() -def test_update_package_cache_failure_no_errors(Pihole): +def test_update_package_cache_failure_no_errors(host): ''' confirms package cache was not updated ''' - mock_command('apt-get', {'update': ('', '1')}, Pihole) - updateCache = Pihole.run(''' + mock_command('apt-get', {'update': ('', '1')}, host) + updateCache = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect update_package_cache @@ -672,12 +673,12 @@ def test_update_package_cache_failure_no_errors(Pihole): assert 'Error: Unable to update package cache.' in updateCache.stdout -def test_FTL_detect_aarch64_no_errors(Pihole): +def test_FTL_detect_aarch64_no_errors(host): ''' confirms only aarch64 package is downloaded for FTL engine ''' # mock uname to return aarch64 platform - mock_command('uname', {'-m': ('aarch64', '0')}, Pihole) + mock_command('uname', {'-m': ('aarch64', '0')}, host) # mock ldd to respond with aarch64 shared library mock_command( 'ldd', @@ -687,9 +688,9 @@ def test_FTL_detect_aarch64_no_errors(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -705,15 +706,15 @@ def test_FTL_detect_aarch64_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv4t_no_errors(Pihole): +def test_FTL_detect_armv4t_no_errors(host): ''' confirms only armv4t package is downloaded for FTL engine ''' # mock uname to return armv4t platform - mock_command('uname', {'-m': ('armv4t', '0')}, Pihole) + mock_command('uname', {'-m': ('armv4t', '0')}, host) # mock ldd to respond with ld-linux shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -729,15 +730,15 @@ def test_FTL_detect_armv4t_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv5te_no_errors(Pihole): +def test_FTL_detect_armv5te_no_errors(host): ''' confirms only armv5te package is downloaded for FTL engine ''' # mock uname to return armv5te platform - mock_command('uname', {'-m': ('armv5te', '0')}, Pihole) + mock_command('uname', {'-m': ('armv5te', '0')}, host) # mock ldd to respond with ld-linux shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -753,15 +754,15 @@ def test_FTL_detect_armv5te_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv6l_no_errors(Pihole): +def test_FTL_detect_armv6l_no_errors(host): ''' confirms only armv6l package is downloaded for FTL engine ''' # mock uname to return armv6l platform - mock_command('uname', {'-m': ('armv6l', '0')}, Pihole) + mock_command('uname', {'-m': ('armv6l', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -778,15 +779,15 @@ def test_FTL_detect_armv6l_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv7l_no_errors(Pihole): +def test_FTL_detect_armv7l_no_errors(host): ''' confirms only armv7l package is downloaded for FTL engine ''' # mock uname to return armv7l platform - mock_command('uname', {'-m': ('armv7l', '0')}, Pihole) + mock_command('uname', {'-m': ('armv7l', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -803,15 +804,15 @@ def test_FTL_detect_armv7l_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_armv8a_no_errors(Pihole): +def test_FTL_detect_armv8a_no_errors(host): ''' confirms only armv8a package is downloaded for FTL engine ''' # mock uname to return armv8a platform - mock_command('uname', {'-m': ('armv8a', '0')}, Pihole) + mock_command('uname', {'-m': ('armv8a', '0')}, host) # mock ldd to respond with ld-linux-armhf shared library - mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -827,11 +828,11 @@ def test_FTL_detect_armv8a_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_x86_64_no_errors(Pihole): +def test_FTL_detect_x86_64_no_errors(host): ''' confirms only x86_64 package is downloaded for FTL engine ''' - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -847,11 +848,11 @@ def test_FTL_detect_x86_64_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_detect_unknown_no_errors(Pihole): +def test_FTL_detect_unknown_no_errors(host): ''' confirms only generic package is downloaded for FTL engine ''' # mock uname to return generic platform - mock_command('uname', {'-m': ('mips', '0')}, Pihole) - detectPlatform = Pihole.run(''' + mock_command('uname', {'-m': ('mips', '0')}, host) + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -863,18 +864,18 @@ def test_FTL_detect_unknown_no_errors(Pihole): assert expected_stdout in detectPlatform.stdout -def test_FTL_download_aarch64_no_errors(Pihole): +def test_FTL_download_aarch64_no_errors(host): ''' confirms only aarch64 package is downloaded for FTL engine ''' # mock whiptail answers and ensure installer dependencies - mock_command('whiptail', {'*': ('', '0')}, Pihole) - Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + host.run(''' source /opt/pihole/basic-install.sh package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') - download_binary = Pihole.run(''' + download_binary = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user FTLinstall "pihole-FTL-aarch64-linux-gnu" @@ -884,11 +885,11 @@ def test_FTL_download_aarch64_no_errors(Pihole): assert 'error' not in download_binary.stdout.lower() -def test_FTL_binary_installed_and_responsive_no_errors(Pihole): +def test_FTL_binary_installed_and_responsive_no_errors(host): ''' confirms FTL binary is copied and functional in installed location ''' - installed_binary = Pihole.run(''' + installed_binary = host.run(''' source /opt/pihole/basic-install.sh create_pihole_user funcOutput=$(get_binary_name) @@ -901,11 +902,11 @@ def test_FTL_binary_installed_and_responsive_no_errors(Pihole): assert expected_stdout in installed_binary.stdout -# def test_FTL_support_files_installed(Pihole): +# def test_FTL_support_files_installed(host): # ''' # confirms FTL support files are installed # ''' -# support_files = Pihole.run(''' +# support_files = host.run(''' # source /opt/pihole/basic-install.sh # FTLdetect # stat -c '%a %n' /var/log/pihole-FTL.log @@ -918,7 +919,7 @@ def test_FTL_binary_installed_and_responsive_no_errors(Pihole): # assert '644 /var/log/pihole-FTL.log' in support_files.stdout -def test_IPv6_only_link_local(Pihole): +def test_IPv6_only_link_local(host): ''' confirms IPv6 blocking is disabled for Link-local address ''' @@ -931,9 +932,9 @@ def test_IPv6_only_link_local(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -941,7 +942,7 @@ def test_IPv6_only_link_local(Pihole): assert expected_stdout in detectPlatform.stdout -def test_IPv6_only_ULA(Pihole): +def test_IPv6_only_ULA(host): ''' confirms IPv6 blocking is enabled for ULA addresses ''' @@ -954,9 +955,9 @@ def test_IPv6_only_ULA(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -964,7 +965,7 @@ def test_IPv6_only_ULA(Pihole): assert expected_stdout in detectPlatform.stdout -def test_IPv6_only_GUA(Pihole): +def test_IPv6_only_GUA(host): ''' confirms IPv6 blocking is enabled for GUA addresses ''' @@ -977,9 +978,9 @@ def test_IPv6_only_GUA(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -987,7 +988,7 @@ def test_IPv6_only_GUA(Pihole): assert expected_stdout in detectPlatform.stdout -def test_IPv6_GUA_ULA_test(Pihole): +def test_IPv6_GUA_ULA_test(host): ''' confirms IPv6 blocking is enabled for GUA and ULA addresses ''' @@ -1001,9 +1002,9 @@ def test_IPv6_GUA_ULA_test(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -1011,7 +1012,7 @@ def test_IPv6_GUA_ULA_test(Pihole): assert expected_stdout in detectPlatform.stdout -def test_IPv6_ULA_GUA_test(Pihole): +def test_IPv6_ULA_GUA_test(host): ''' confirms IPv6 blocking is enabled for GUA and ULA addresses ''' @@ -1025,9 +1026,9 @@ def test_IPv6_ULA_GUA_test(Pihole): '0' ) }, - Pihole + host ) - detectPlatform = Pihole.run(''' + detectPlatform = host.run(''' source /opt/pihole/basic-install.sh find_IPv6_information ''') @@ -1035,13 +1036,13 @@ def test_IPv6_ULA_GUA_test(Pihole): assert expected_stdout in detectPlatform.stdout -def test_validate_ip(Pihole): +def test_validate_ip(host): ''' Tests valid_ip for various IP addresses ''' def test_address(addr, success=True): - output = Pihole.run(''' + output = host.run(''' source /opt/pihole/basic-install.sh valid_ip "{addr}" '''.format(addr=addr)) @@ -1076,9 +1077,9 @@ def test_validate_ip(Pihole): test_address('0.0.0.0#00001', False) -def test_os_check_fails(Pihole): +def test_os_check_fails(host): ''' Confirms install fails on unsupported OS ''' - Pihole.run(''' + host.run(''' source /opt/pihole/basic-install.sh package_manager_detect install_dependent_packages ${OS_CHECK_DEPS[@]} @@ -1088,7 +1089,7 @@ def test_os_check_fails(Pihole): VERSION_ID="2" EOT ''') - detectOS = Pihole.run('''t + detectOS = host.run('''t source /opt/pihole/basic-install.sh os_check ''') @@ -1096,15 +1097,15 @@ def test_os_check_fails(Pihole): assert expected_stdout in detectOS.stdout -def test_os_check_passes(Pihole): +def test_os_check_passes(host): ''' Confirms OS meets the requirements ''' - Pihole.run(''' + host.run(''' source /opt/pihole/basic-install.sh package_manager_detect install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} ''') - detectOS = Pihole.run(''' + detectOS = host.run(''' source /opt/pihole/basic-install.sh os_check ''') @@ -1112,10 +1113,10 @@ def test_os_check_passes(Pihole): assert expected_stdout in detectOS.stdout -def test_package_manager_has_installer_deps(Pihole): +def test_package_manager_has_installer_deps(host): ''' Confirms OS is able to install the required packages for the installer''' - mock_command('whiptail', {'*': ('', '0')}, Pihole) - output = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + output = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} @@ -1125,10 +1126,10 @@ def test_package_manager_has_installer_deps(Pihole): assert output.rc == 0 -def test_package_manager_has_pihole_deps(Pihole): +def test_package_manager_has_pihole_deps(host): ''' Confirms OS is able to install the required packages for Pi-hole ''' - mock_command('whiptail', {'*': ('', '0')}, Pihole) - output = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + output = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -1139,10 +1140,10 @@ def test_package_manager_has_pihole_deps(Pihole): assert output.rc == 0 -def test_package_manager_has_web_deps(Pihole): +def test_package_manager_has_web_deps(host): ''' Confirms OS is able to install the required packages for web ''' - mock_command('whiptail', {'*': ('', '0')}, Pihole) - output = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + output = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py index 14f62637..f72740a6 100644 --- a/test/test_centos_7_support.py +++ b/test/test_centos_7_support.py @@ -5,11 +5,11 @@ from .conftest import ( ) -def test_php_upgrade_default_optout_centos_eq_7(Pihole): +def test_php_upgrade_default_optout_centos_eq_7(host): ''' confirms the default behavior to opt-out of installing PHP7 from REMI ''' - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -17,18 +17,18 @@ def test_php_upgrade_default_optout_centos_eq_7(Pihole): expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_upgrade_user_optout_centos_eq_7(Pihole): +def test_php_upgrade_user_optout_centos_eq_7(host): ''' confirms installer behavior when user opt-out of installing PHP7 from REMI (php not currently installed) ''' # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '1')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '1')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -36,18 +36,18 @@ def test_php_upgrade_user_optout_centos_eq_7(Pihole): expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_upgrade_user_optin_centos_eq_7(Pihole): +def test_php_upgrade_user_optin_centos_eq_7(host): ''' confirms installer behavior when user opt-in to installing PHP7 from REMI (php not currently installed) ''' # Whiptail dialog returns Continue for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -59,5 +59,5 @@ def test_php_upgrade_user_optin_centos_eq_7(Pihole): expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert remi_package.is_installed diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py index bbdbb765..464055b4 100644 --- a/test/test_centos_8_support.py +++ b/test/test_centos_8_support.py @@ -5,12 +5,12 @@ from .conftest import ( ) -def test_php_upgrade_default_continue_centos_gte_8(Pihole): +def test_php_upgrade_default_continue_centos_gte_8(host): ''' confirms the latest version of CentOS continues / does not optout (should trigger on CentOS7 only) ''' - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -19,19 +19,19 @@ def test_php_upgrade_default_continue_centos_gte_8(Pihole): ' Deprecated PHP may be in use.') assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): +def test_php_upgrade_user_optout_skipped_centos_gte_8(host): ''' confirms installer skips user opt-out of installing PHP7 from REMI on latest CentOS (should trigger on CentOS7 only) (php not currently installed) ''' # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '1')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '1')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -40,19 +40,19 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): ' Deprecated PHP may be in use.') assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): +def test_php_upgrade_user_optin_skipped_centos_gte_8(host): ''' confirms installer skips user opt-in to installing PHP7 from REMI on latest CentOS (should trigger on CentOS7 only) (php not currently installed) ''' # Whiptail dialog returns Continue for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -64,5 +64,5 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): unexpected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') assert unexpected_stdout not in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py index 0b36cbae..8903a7a0 100644 --- a/test/test_centos_common_support.py +++ b/test/test_centos_common_support.py @@ -7,13 +7,13 @@ from .conftest import ( ) -def test_release_supported_version_check_centos(Pihole): +def test_release_supported_version_check_centos(host): ''' confirms installer exits on unsupported releases of CentOS ''' # modify /etc/redhat-release to mock an unsupported CentOS release - Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release') - package_manager_detect = Pihole.run(''' + host.run('echo "CentOS Linux release 6.9" > /etc/redhat-release') + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -24,11 +24,11 @@ def test_release_supported_version_check_centos(Pihole): assert expected_stdout in package_manager_detect.stdout -def test_enable_epel_repository_centos(Pihole): +def test_enable_epel_repository_centos(host): ''' confirms the EPEL package repository is enabled when installed on CentOS ''' - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -38,22 +38,22 @@ def test_enable_epel_repository_centos(Pihole): assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + ' Installed epel-release' assert expected_stdout in package_manager_detect.stdout - epel_package = Pihole.package('epel-release') + epel_package = host.package('epel-release') assert epel_package.is_installed -def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): +def test_php_version_lt_7_detected_upgrade_default_optout_centos(host): ''' confirms the default behavior to opt-out of upgrading to PHP7 from REMI ''' # first we will install the default php version to test installer behavior - php_install = Pihole.run('yum install -y php') + php_install = host.run('yum install -y php') assert php_install.rc == 0 - php_package = Pihole.package('php') + php_package = host.package('php') default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -61,24 +61,24 @@ def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): +def test_php_version_lt_7_detected_upgrade_user_optout_centos(host): ''' confirms installer behavior when user opt-out to upgrade to PHP7 via REMI ''' # first we will install the default php version to test installer behavior - php_install = Pihole.run('yum install -y php') + php_install = host.run('yum install -y php') assert php_install.rc == 0 - php_package = Pihole.package('php') + php_package = host.package('php') default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Cancel for user prompt - mock_command('whiptail', {'*': ('', '1')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '1')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -86,24 +86,24 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed -def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): +def test_php_version_lt_7_detected_upgrade_user_optin_centos(host): ''' confirms installer behavior when user opt-in to upgrade to PHP7 via REMI ''' # first we will install the default php version to test installer behavior - php_install = Pihole.run('yum install -y php') + php_install = host.run('yum install -y php') assert php_install.rc == 0 - php_package = Pihole.package('php') + php_package = host.package('php') default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Continue for user prompt - mock_command('whiptail', {'*': ('', '0')}, Pihole) - package_manager_detect = Pihole.run(''' + mock_command('whiptail', {'*': ('', '0')}, host) + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php @@ -118,8 +118,8 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') assert expected_stdout in package_manager_detect.stdout - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert remi_package.is_installed - updated_php_package = Pihole.package('php') + updated_php_package = host.package('php') updated_php_version = updated_php_package.version.split('.')[0] assert int(updated_php_version) == 7 diff --git a/test/test_centos_fedora_common_support.py b/test/test_centos_fedora_common_support.py index 21ae6d1d..a2a13048 100644 --- a/test/test_centos_fedora_common_support.py +++ b/test/test_centos_fedora_common_support.py @@ -5,7 +5,7 @@ from .conftest import ( ) -def mock_selinux_config(state, Pihole): +def mock_selinux_config(state, host): ''' Creates a mock SELinux config file with expected content ''' @@ -13,20 +13,20 @@ def mock_selinux_config(state, Pihole): valid_states = ['enforcing', 'permissive', 'disabled'] assert state in valid_states # getenforce returns the running state of SELinux - mock_command('getenforce', {'*': (state.capitalize(), '0')}, Pihole) + mock_command('getenforce', {'*': (state.capitalize(), '0')}, host) # create mock configuration with desired content - Pihole.run(''' + host.run(''' mkdir /etc/selinux echo "SELINUX={state}" > /etc/selinux/config '''.format(state=state.lower())) -def test_selinux_enforcing_exit(Pihole): +def test_selinux_enforcing_exit(host): ''' confirms installer prompts to exit when SELinux is Enforcing by default ''' - mock_selinux_config("enforcing", Pihole) - check_selinux = Pihole.run(''' + mock_selinux_config("enforcing", host) + check_selinux = host.run(''' source /opt/pihole/basic-install.sh checkSelinux ''') @@ -37,12 +37,12 @@ def test_selinux_enforcing_exit(Pihole): assert check_selinux.rc == 1 -def test_selinux_permissive(Pihole): +def test_selinux_permissive(host): ''' confirms installer continues when SELinux is Permissive ''' - mock_selinux_config("permissive", Pihole) - check_selinux = Pihole.run(''' + mock_selinux_config("permissive", host) + check_selinux = host.run(''' source /opt/pihole/basic-install.sh checkSelinux ''') @@ -51,12 +51,12 @@ def test_selinux_permissive(Pihole): assert check_selinux.rc == 0 -def test_selinux_disabled(Pihole): +def test_selinux_disabled(host): ''' confirms installer continues when SELinux is Disabled ''' - mock_selinux_config("disabled", Pihole) - check_selinux = Pihole.run(''' + mock_selinux_config("disabled", host) + check_selinux = host.run(''' source /opt/pihole/basic-install.sh checkSelinux ''') diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py index 3ad84be5..63fde90e 100644 --- a/test/test_fedora_support.py +++ b/test/test_fedora_support.py @@ -1,16 +1,16 @@ -def test_epel_and_remi_not_installed_fedora(Pihole): +def test_epel_and_remi_not_installed_fedora(host): ''' confirms installer does not attempt to install EPEL/REMI repositories on Fedora ''' - package_manager_detect = Pihole.run(''' + package_manager_detect = host.run(''' source /opt/pihole/basic-install.sh package_manager_detect select_rpm_php ''') assert package_manager_detect.stdout == '' - epel_package = Pihole.package('epel-release') + epel_package = host.package('epel-release') assert not epel_package.is_installed - remi_package = Pihole.package('remi-release') + remi_package = host.package('remi-release') assert not remi_package.is_installed diff --git a/test/tox.centos_7.ini b/test/tox.centos_7.ini index c2752698..88940fdd 100644 --- a/test/tox.centos_7.ini +++ b/test/tox.centos_7.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.centos_8.ini b/test/tox.centos_8.ini index c8852bae..5088da16 100644 --- a/test/tox.centos_8.ini +++ b/test/tox.centos_8.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.debian_10.ini b/test/tox.debian_10.ini index e8c5d746..9c2a05d1 100644 --- a/test/tox.debian_10.ini +++ b/test/tox.debian_10.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.debian_11.ini b/test/tox.debian_11.ini index af3c6e36..f3cdbe84 100644 --- a/test/tox.debian_11.ini +++ b/test/tox.debian_11.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.debian_9.ini b/test/tox.debian_9.ini index b33e9927..b46e0a49 100644 --- a/test/tox.debian_9.ini +++ b/test/tox.debian_9.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.fedora_33.ini b/test/tox.fedora_33.ini index 00ea732a..d33fbf53 100644 --- a/test/tox.fedora_33.ini +++ b/test/tox.fedora_33.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.fedora_34.ini b/test/tox.fedora_34.ini index 154662cf..819291fa 100644 --- a/test/tox.fedora_34.ini +++ b/test/tox.fedora_34.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.ubuntu_16.ini b/test/tox.ubuntu_16.ini index 6f484b6b..bce948a2 100644 --- a/test/tox.ubuntu_16.ini +++ b/test/tox.ubuntu_16.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.ubuntu_18.ini b/test/tox.ubuntu_18.ini index 10d4ac09..cf7a3642 100644 --- a/test/tox.ubuntu_18.ini +++ b/test/tox.ubuntu_18.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.ubuntu_20.ini b/test/tox.ubuntu_20.ini index 8b405b28..03b605ce 100644 --- a/test/tox.ubuntu_20.ini +++ b/test/tox.ubuntu_20.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker diff --git a/test/tox.ubuntu_21.ini b/test/tox.ubuntu_21.ini index 651f933b..12b1ac0b 100644 --- a/test/tox.ubuntu_21.ini +++ b/test/tox.ubuntu_21.ini @@ -1,5 +1,5 @@ [tox] -envlist = py37 +envlist = py38 [testenv] whitelist_externals = docker From 996a2c74fa0004fdd40b172cd9eec695a2d31768 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Mon, 22 Nov 2021 13:25:13 +0100 Subject: [PATCH 69/70] Use a fixed list height for network interface selection This solves the issue reported here: https://github.com/pi-hole/pi-hole/issues/4196 It replaces the other suggested solution here: https://github.com/pi-hole/pi-hole/pull/4197 The benefit of using a fixed/limited list height, compared to allowing larger whiptail/dialogue dimension, is that it works on small screens as well, where the screen or console size itself is too small to hold the interface list + text above + whiptail frame. It the amount of list elements exceeds the defined list height, automatically a visual scroll bar is added and the list can be scrolled with up/down pageup/pagedown buttons, hence it is generally not required to adjust a list height based on the amount of elements. The fixed height of "6" is chosen since all other "--radiolist" calls use this fixed height as well, it fits and looks good within a 20 rows high whiptail dialogue, and in the common Pi-hole use cases there are no more than 6 network interfaces. Signed-off-by: MichaIng --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c806a6ae..5c317edc 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -674,7 +674,7 @@ chooseInterface() { # Feed the available interfaces into this while loop done <<< "${availableInterfaces}" # The whiptail command that will be run, stored in a variable - chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to toggle selection)" "${r}" "${c}" "${interfaceCount}") + chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to toggle selection)" "${r}" "${c}" 6) # Now run the command using the interfaces saved into the array chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty) || \ # If the user chooses Cancel, exit From bc8150adfa12b00b7f04ea0c15270e19de84b381 Mon Sep 17 00:00:00 2001 From: jbzdarkid Date: Wed, 24 Nov 2021 22:41:40 -0800 Subject: [PATCH 70/70] Clean up bash script formatting Done with the help of beautysh (a python-based bash formatter) Signed-off-by: jbzdarkid --- advanced/Scripts/chronometer.sh | 8 +- .../Scripts/database_migration/gravity-db.sh | 10 +- advanced/Scripts/list.sh | 42 +- advanced/Scripts/piholeDebug.sh | 2 +- advanced/Scripts/query.sh | 28 +- advanced/Scripts/update.sh | 2 +- advanced/Scripts/version.sh | 8 +- advanced/Scripts/webpage.sh | 150 +++---- automated install/basic-install.sh | 376 +++++++++--------- gravity.sh | 52 +-- 10 files changed, 339 insertions(+), 339 deletions(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 3f85bdfc..312c484f 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -329,8 +329,8 @@ get_sys_stats() { *) cpu_col="$COL_URG_RED";; esac - # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED - cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY" + # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED + cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY" elif [[ "$temp_unit" == "F" ]]; then cpu_temp=$(printf "%.0ff\\n" "$(calcFunc "($(< $temp_file) / 1000) * 9 / 5 + 32")") @@ -445,7 +445,7 @@ get_strings() { lan_info="Gateway: $net_gateway" dhcp_info="$leased_str$ph_dhcp_num of $ph_dhcp_max" - ads_info="$total_str$ads_blocked_today of $dns_queries_today" + ads_info="$total_str$ads_blocked_today of $dns_queries_today" dns_info="$dns_count DNS servers" [[ "$recent_blocked" == "0" ]] && recent_blocked="${COL_LIGHT_RED}FTL offline${COL_NC}" @@ -488,7 +488,7 @@ chronoFunc() { ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC} ${COL_DARK_GRAY}$scr_line_str${COL_NC}" else - echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}" + echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}" fi printFunc " Hostname: " "$sys_name" "$host_info" diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh index 0fecf34a..09dc1727 100755 --- a/advanced/Scripts/database_migration/gravity-db.sh +++ b/advanced/Scripts/database_migration/gravity-db.sh @@ -123,9 +123,9 @@ upgrade_gravityDB(){ version=14 fi if [[ "$version" == "14" ]]; then - # Changes the vw_adlist created in 5_to_6 - echo -e " ${INFO} Upgrading gravity database from version 14 to 15" - sqlite3 "${database}" < "${scriptPath}/14_to_15.sql" - version=15 -fi + # Changes the vw_adlist created in 5_to_6 + echo -e " ${INFO} Upgrading gravity database from version 14 to 15" + sqlite3 "${database}" < "${scriptPath}/14_to_15.sql" + version=15 + fi } diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 5bd42d55..bc254515 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -16,7 +16,7 @@ GRAVITYDB="${piholeDir}/gravity.db" # Source pihole-FTL from install script pihole_FTL="${piholeDir}/pihole-FTL.conf" if [[ -f "${pihole_FTL}" ]]; then - source "${pihole_FTL}" + source "${pihole_FTL}" fi # Set this only after sourcing pihole-FTL.conf as the gravity database path may @@ -133,7 +133,7 @@ ProcessDomainList() { else RemoveDomain "${dom}" fi - done + done } AddDomain() { @@ -145,19 +145,19 @@ AddDomain() { requestedListname="$(GetListnameFromTypeId "${typeId}")" if [[ "${num}" -ne 0 ]]; then - existingTypeId="$(sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")" - if [[ "${existingTypeId}" == "${typeId}" ]]; then - if [[ "${verbose}" == true ]]; then - echo -e " ${INFO} ${1} already exists in ${requestedListname}, no need to add!" + existingTypeId="$(sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")" + if [[ "${existingTypeId}" == "${typeId}" ]]; then + if [[ "${verbose}" == true ]]; then + echo -e " ${INFO} ${1} already exists in ${requestedListname}, no need to add!" + fi + else + existingListname="$(GetListnameFromTypeId "${existingTypeId}")" + sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';" + if [[ "${verbose}" == true ]]; then + echo -e " ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!" + fi fi - else - existingListname="$(GetListnameFromTypeId "${existingTypeId}")" - sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';" - if [[ "${verbose}" == true ]]; then - echo -e " ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!" - fi - fi - return + return fi # Domain not found in the table, add it! @@ -185,10 +185,10 @@ RemoveDomain() { requestedListname="$(GetListnameFromTypeId "${typeId}")" if [[ "${num}" -eq 0 ]]; then - if [[ "${verbose}" == true ]]; then - echo -e " ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!" - fi - return + if [[ "${verbose}" == true ]]; then + echo -e " ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!" + fi + return fi # Domain found in the table, remove it! @@ -256,8 +256,8 @@ NukeList() { GetComment() { comment="$1" if [[ "${comment}" =~ [^a-zA-Z0-9_\#:/\.,\ -] ]]; then - echo " ${CROSS} Found invalid characters in domain comment!" - exit + echo " ${CROSS} Found invalid characters in domain comment!" + exit fi } @@ -292,7 +292,7 @@ ProcessDomainList # Used on web interface if $web; then -echo "DONE" + echo "DONE" fi if [[ ${reload} == true && ${noReloadRequested} == false ]]; then diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index cd615825..ad58d6c7 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -27,7 +27,7 @@ PIHOLE_COLTABLE_FILE="${PIHOLE_SCRIPTS_DIRECTORY}/COL_TABLE" # These provide the colors we need for making the log more readable if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then - source ${PIHOLE_COLTABLE_FILE} + source ${PIHOLE_COLTABLE_FILE} else COL_NC='\e[0m' # No Color COL_RED='\e[1;91m' diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 26b4508e..0fd9871a 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -21,7 +21,7 @@ matchType="match" # Source pihole-FTL from install script pihole_FTL="${piholeDir}/pihole-FTL.conf" if [[ -f "${pihole_FTL}" ]]; then - source "${pihole_FTL}" + source "${pihole_FTL}" fi # Set this only after sourcing pihole-FTL.conf as the gravity database path may @@ -48,7 +48,7 @@ scanList(){ # Iterate through each regexp and check whether it matches the domainQuery # If it does, print the matching regexp and continue looping # Input 1 - regexps | Input 2 - domainQuery - "regex" ) + "regex" ) for list in ${lists}; do if [[ "${domain}" =~ ${list} ]]; then printf "%b\n" "${list}"; @@ -109,15 +109,15 @@ scanDatabaseTable() { # behavior. The "ESCAPE '\'" clause specifies that an underscore preceded by an '\' should be matched # as a literal underscore character. We pretreat the $domain variable accordingly to escape underscores. if [[ "${table}" == "gravity" ]]; then - case "${exact}" in - "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";; - * ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";; - esac + case "${exact}" in + "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";; + * ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";; + esac else - case "${exact}" in - "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";; - * ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";; - esac + case "${exact}" in + "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";; + * ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";; + esac fi # Send prepared query to gravity database @@ -128,8 +128,8 @@ scanDatabaseTable() { fi if [[ "${table}" == "gravity" ]]; then - echo "${result}" - return + echo "${result}" + return fi # Mark domain as having been white-/blacklist matched (global variable) @@ -233,9 +233,9 @@ for result in "${results[@]}"; do adlistAddress="${extra/|*/}" extra="${extra#*|}" if [[ "${extra}" == "0" ]]; then - extra="(disabled)" + extra="(disabled)" else - extra="" + extra="" fi if [[ -n "${blockpage}" ]]; then diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index dae04861..3fab9a95 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -200,7 +200,7 @@ main() { if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \ - echo -e "${basicError}" && exit 1 + echo -e "${basicError}" && exit 1 fi if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 86ac45bc..2cb0a2c9 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -92,9 +92,9 @@ getRemoteVersion(){ if [[ -f "$cachedVersions" ]]; then IFS=' ' read -r -a arrCache < "$cachedVersions" case $daemon in - "pi-hole" ) echo "${arrCache[0]}";; - "AdminLTE" ) echo "${arrCache[1]}";; - "FTL" ) echo "${arrCache[2]}";; + "pi-hole" ) echo "${arrCache[0]}";; + "AdminLTE" ) echo "${arrCache[1]}";; + "FTL" ) echo "${arrCache[2]}";; esac return 0 @@ -117,7 +117,7 @@ getLocalBranch(){ local directory="${1}" local branch - # Local FTL btranch is stored in /etc/pihole/ftlbranch + # Local FTL btranch is stored in /etc/pihole/ftlbranch if [[ "$1" == "FTL" ]]; then branch="$(pihole-FTL branch)" else diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 2a406565..ec9b2cac 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -122,14 +122,14 @@ SetWebPassword() { read -s -r -p "Enter New Password (Blank for no password): " PASSWORD echo "" - if [ "${PASSWORD}" == "" ]; then - change_setting "WEBPASSWORD" "" - echo -e " ${TICK} Password Removed" - exit 0 - fi + if [ "${PASSWORD}" == "" ]; then + change_setting "WEBPASSWORD" "" + echo -e " ${TICK} Password Removed" + exit 0 + fi - read -s -r -p "Confirm Password: " CONFIRM - echo "" + read -s -r -p "Confirm Password: " CONFIRM + echo "" fi if [ "${PASSWORD}" == "${CONFIRM}" ] ; then @@ -247,8 +247,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 3 ) REV_SERVER_CIDR="${arrRev[0]}.0.0.0/8";; esac else - # Set REV_SERVER_CIDR to whatever value it was set to - REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}" + # Set REV_SERVER_CIDR to whatever value it was set to + REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}" fi # If REV_SERVER_CIDR is not converted by the above, then use the REV_SERVER_TARGET variable to derive it @@ -371,34 +371,34 @@ ProcessDHCPSettings() { source "${setupVars}" if [[ "${DHCP_ACTIVE}" == "true" ]]; then - interface="${PIHOLE_INTERFACE}" + interface="${PIHOLE_INTERFACE}" - # Use eth0 as fallback interface - if [ -z ${interface} ]; then - interface="eth0" - fi + # Use eth0 as fallback interface + if [ -z ${interface} ]; then + interface="eth0" + fi - if [[ "${PIHOLE_DOMAIN}" == "" ]]; then - PIHOLE_DOMAIN="lan" - change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" - fi + if [[ "${PIHOLE_DOMAIN}" == "" ]]; then + PIHOLE_DOMAIN="lan" + change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" + fi - if [[ "${DHCP_LEASETIME}" == "0" ]]; then - leasetime="infinite" - elif [[ "${DHCP_LEASETIME}" == "" ]]; then - leasetime="24" - change_setting "DHCP_LEASETIME" "${leasetime}" - elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then - #Installation is affected by known bug, introduced in a previous version. - #This will automatically clean up setupVars.conf and remove the unnecessary "h" - leasetime="24" - change_setting "DHCP_LEASETIME" "${leasetime}" - else - leasetime="${DHCP_LEASETIME}h" - fi + if [[ "${DHCP_LEASETIME}" == "0" ]]; then + leasetime="infinite" + elif [[ "${DHCP_LEASETIME}" == "" ]]; then + leasetime="24" + change_setting "DHCP_LEASETIME" "${leasetime}" + elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then + #Installation is affected by known bug, introduced in a previous version. + #This will automatically clean up setupVars.conf and remove the unnecessary "h" + leasetime="24" + change_setting "DHCP_LEASETIME" "${leasetime}" + else + leasetime="${DHCP_LEASETIME}h" + fi - # Write settings to file - echo "############################################################################### + # Write settings to file + echo "############################################################################### # DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE. # # ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE # ############################################################################### @@ -408,34 +408,34 @@ dhcp-option=option:router,${DHCP_ROUTER} dhcp-leasefile=/etc/pihole/dhcp.leases #quiet-dhcp " > "${dhcpconfig}" - chmod 644 "${dhcpconfig}" + chmod 644 "${dhcpconfig}" - if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then - echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" + if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then + echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" - # When there is a Pi-hole domain set and "Never forward non-FQDNs" is - # ticked, we add `local=/domain/` to tell FTL that this domain is purely - # local and FTL may answer queries from /etc/hosts or DHCP but should - # never forward queries on that domain to any upstream servers - if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then - echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}" + # When there is a Pi-hole domain set and "Never forward non-FQDNs" is + # ticked, we add `local=/domain/` to tell FTL that this domain is purely + # local and FTL may answer queries from /etc/hosts or DHCP but should + # never forward queries on that domain to any upstream servers + if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then + echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}" + fi fi - fi - # Sourced from setupVars - # shellcheck disable=SC2154 - if [[ "${DHCP_rapid_commit}" == "true" ]]; then - echo "dhcp-rapid-commit" >> "${dhcpconfig}" - fi + # Sourced from setupVars + # shellcheck disable=SC2154 + if [[ "${DHCP_rapid_commit}" == "true" ]]; then + echo "dhcp-rapid-commit" >> "${dhcpconfig}" + fi - if [[ "${DHCP_IPv6}" == "true" ]]; then - echo "#quiet-dhcp6 + if [[ "${DHCP_IPv6}" == "true" ]]; then + echo "#quiet-dhcp6 #enable-ra dhcp-option=option6:dns-server,[::] dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600 ra-param=*,0,0 " >> "${dhcpconfig}" - fi + fi else if [[ -f "${dhcpconfig}" ]]; then @@ -605,7 +605,7 @@ Interfaces: single Listen only on ${PIHOLE_INTERFACE} interface all Listen on all interfaces, permit all origins" exit 0 - fi + fi if [[ "${args[2]}" == "all" ]]; then echo -e " ${INFO} Listening on all interfaces, permitting all origins. Please use a firewall!" @@ -654,18 +654,18 @@ addAudit() domains="" for domain in "$@" do - # Check domain to be added. Only continue if it is valid - validDomain="$(checkDomain "${domain}")" - if [[ -n "${validDomain}" ]]; then - # Put comma in between domains when there is - # more than one domains to be added - # SQL INSERT allows adding multiple rows at once using the format - ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st'); - if [[ -n "${domains}" ]]; then - domains="${domains}," + # Check domain to be added. Only continue if it is valid + validDomain="$(checkDomain "${domain}")" + if [[ -n "${validDomain}" ]]; then + # Put comma in between domains when there is + # more than one domains to be added + # SQL INSERT allows adding multiple rows at once using the format + ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st'); + if [[ -n "${domains}" ]]; then + domains="${domains}," + fi + domains="${domains}('${domain}')" fi - domains="${domains}('${domain}')" - fi done # Insert only the domain here. The date_added field will be # filled with its default value (date_added = current timestamp) @@ -707,7 +707,7 @@ AddCustomDNSAddress() { # Restart dnsmasq to load new custom DNS entries only if $reload not false if [[ ! $reload == "false" ]]; then - RestartDNS + RestartDNS fi } @@ -726,14 +726,14 @@ RemoveCustomDNSAddress() { echo -e " ${CROSS} Invalid IP has been passed" exit 1 fi - else - echo " ${CROSS} Invalid Domain passed!" - exit 1 + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 fi # Restart dnsmasq to load new custom DNS entries only if reload is not false if [[ ! $reload == "false" ]]; then - RestartDNS + RestartDNS fi } @@ -748,10 +748,10 @@ AddCustomCNAMERecord() { if [[ -n "${validDomain}" ]]; then validTarget="$(checkDomain "${target}")" if [[ -n "${validTarget}" ]]; then - echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}" + echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}" else - echo " ${CROSS} Invalid Target Passed!" - exit 1 + echo " ${CROSS} Invalid Target Passed!" + exit 1 fi else echo " ${CROSS} Invalid Domain passed!" @@ -759,7 +759,7 @@ AddCustomCNAMERecord() { fi # Restart dnsmasq to load new custom CNAME records only if reload is not false if [[ ! $reload == "false" ]]; then - RestartDNS + RestartDNS fi } @@ -776,8 +776,8 @@ RemoveCustomCNAMERecord() { if [[ -n "${validTarget}" ]]; then sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" else - echo " ${CROSS} Invalid Target Passed!" - exit 1 + echo " ${CROSS} Invalid Target Passed!" + exit 1 fi else echo " ${CROSS} Invalid Domain passed!" @@ -786,7 +786,7 @@ RemoveCustomCNAMERecord() { # Restart dnsmasq to update removed custom CNAME records only if $reload not false if [[ ! $reload == "false" ]]; then - RestartDNS + RestartDNS fi } diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5c317edc..cbb8ebae 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -76,7 +76,7 @@ PI_HOLE_CONFIG_DIR="/etc/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" PI_HOLE_BLOCKPAGE_DIR="${webroot}/pihole" if [ -z "$useUpdateVars" ]; then - useUpdateVars=false + useUpdateVars=false fi adlistFile="/etc/pihole/adlists.list" @@ -90,7 +90,7 @@ PRIVACY_LEVEL=0 CACHE_SIZE=10000 if [ -z "${USER}" ]; then - USER="$(id -un)" + USER="$(id -un)" fi # whiptail dialog dimensions: 20 rows and 70 chars width assures to fit on small screens and is known to hold all content. @@ -133,7 +133,7 @@ fi # A simple function that just echoes out our logo in ASCII format # This lets users know that it is a Pi-hole, LLC product show_ascii_berry() { - echo -e " + echo -e " ${COL_LIGHT_GREEN}.;;,. .ccccc:,. :cccclll:. ..,, @@ -261,174 +261,174 @@ os_check() { # Compatibility package_manager_detect() { -# First check to see if apt-get is installed. -if is_command apt-get ; then - # Set some global variables here - # We don't set them earlier since the installed package manager might be rpm, so these values would be different - PKG_MANAGER="apt-get" - # A variable to store the command used to update the package cache - UPDATE_PKG_CACHE="${PKG_MANAGER} update" - # The command we will use to actually install packages - PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) - # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. - PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" - # Update package cache - update_package_cache || exit 1 - # Check for and determine version number (major and minor) of current php install - local phpVer="php" - if is_command php ; then - printf " %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "$(php <<< "")" - printf -v phpInsMajor "%d" "$(php <<< "")" - printf -v phpInsMinor "%d" "$(php <<< "")" - phpVer="php$phpInsMajor.$phpInsMinor" - fi - # Packages required to perfom the os_check (stored as an array) - OS_CHECK_DEPS=(grep dnsutils) - # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) - # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) - # Packages required for the Web admin interface (stored as an array) - # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") - # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php - if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then - PIHOLE_WEB_DEPS+=("${phpVer}-json") - fi - # The Web server user, - LIGHTTPD_USER="www-data" - # group, - LIGHTTPD_GROUP="www-data" - # and config file - LIGHTTPD_CFG="lighttpd.conf.debian" + # First check to see if apt-get is installed. + if is_command apt-get ; then + # Set some global variables here + # We don't set them earlier since the installed package manager might be rpm, so these values would be different + PKG_MANAGER="apt-get" + # A variable to store the command used to update the package cache + UPDATE_PKG_CACHE="${PKG_MANAGER} update" + # The command we will use to actually install packages + PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) + # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. + PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" + # Update package cache + update_package_cache || exit 1 + # Check for and determine version number (major and minor) of current php install + local phpVer="php" + if is_command php ; then + printf " %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "$(php <<< "")" + printf -v phpInsMajor "%d" "$(php <<< "")" + printf -v phpInsMinor "%d" "$(php <<< "")" + phpVer="php$phpInsMajor.$phpInsMinor" + fi + # Packages required to perfom the os_check (stored as an array) + OS_CHECK_DEPS=(grep dnsutils) + # Packages required to run this install script (stored as an array) + INSTALLER_DEPS=(git iproute2 whiptail ca-certificates) + # Packages required to run Pi-hole (stored as an array) + PIHOLE_DEPS=(cron curl iputils-ping lsof psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) + # Packages required for the Web admin interface (stored as an array) + # It's useful to separate this from Pi-hole, since the two repos are also setup separately + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl") + # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php + if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then + PIHOLE_WEB_DEPS+=("${phpVer}-json") + fi + # The Web server user, + LIGHTTPD_USER="www-data" + # group, + LIGHTTPD_GROUP="www-data" + # and config file + LIGHTTPD_CFG="lighttpd.conf.debian" - # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. - test_dpkg_lock() { - i=0 - # fuser is a program to show which processes use the named files, sockets, or filesystems - # So while the lock is held, - while fuser /var/lib/dpkg/lock >/dev/null 2>&1 - do - # we wait half a second, - sleep 0.5 - # increase the iterator, - ((i=i+1)) - done - # and then report success once dpkg is unlocked. - return 0 - } + # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished. + test_dpkg_lock() { + i=0 + # fuser is a program to show which processes use the named files, sockets, or filesystems + # So while the lock is held, + while fuser /var/lib/dpkg/lock >/dev/null 2>&1 + do + # we wait half a second, + sleep 0.5 + # increase the iterator, + ((i=i+1)) + done + # and then report success once dpkg is unlocked. + return 0 + } -# If apt-get is not found, check for rpm. -elif is_command rpm ; then - # Then check if dnf or yum is the package manager - if is_command dnf ; then - PKG_MANAGER="dnf" + # If apt-get is not found, check for rpm. + elif is_command rpm ; then + # Then check if dnf or yum is the package manager + if is_command dnf ; then + PKG_MANAGER="dnf" + else + PKG_MANAGER="yum" + fi + + # These variable names match the ones for apt-get. See above for an explanation of what they are for. + PKG_INSTALL=("${PKG_MANAGER}" install -y) + PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" + OS_CHECK_DEPS=(grep bind-utils) + INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates) + PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc sqlite libcap lsof) + PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) + LIGHTTPD_USER="lighttpd" + LIGHTTPD_GROUP="lighttpd" + LIGHTTPD_CFG="lighttpd.conf.fedora" + + # If neither apt-get or yum/dnf package managers were found else - PKG_MANAGER="yum" + # we cannot install required packages + printf " %b No supported package manager found\\n" "${CROSS}" + # so exit the installer + exit fi - - # These variable names match the ones for apt-get. See above for an explanation of what they are for. - PKG_INSTALL=("${PKG_MANAGER}" install -y) - PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" - OS_CHECK_DEPS=(grep bind-utils) - INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates) - PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc sqlite libcap lsof) - PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) - LIGHTTPD_USER="lighttpd" - LIGHTTPD_GROUP="lighttpd" - LIGHTTPD_CFG="lighttpd.conf.fedora" - -# If neither apt-get or yum/dnf package managers were found -else - # we cannot install required packages - printf " %b No supported package manager found\\n" "${CROSS}" - # so exit the installer - exit -fi } select_rpm_php(){ -# If the host OS is Fedora, -if grep -qiE 'fedora|fedberry' /etc/redhat-release; then - # all required packages should be available by default with the latest fedora release - : # continue -# or if host OS is CentOS, -elif grep -qiE 'centos|scientific' /etc/redhat-release; then - # Pi-Hole currently supports CentOS 7+ with PHP7+ - SUPPORTED_CENTOS_VERSION=7 - SUPPORTED_CENTOS_PHP_VERSION=7 - # Check current CentOS major release version - CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release) - # Check if CentOS version is supported - if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then - printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" - printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" - # exit the installer - exit - fi - # php-json is not required on CentOS 7 as it is already compiled into php - # verifiy via `php -m | grep json` - if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then - # create a temporary array as arrays are not designed for use as mutable data structures - CENTOS7_PIHOLE_WEB_DEPS=() - for i in "${!PIHOLE_WEB_DEPS[@]}"; do - if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then - CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" ) - fi - done - # re-assign the clean dependency array back to PIHOLE_WEB_DEPS - PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}") - unset CENTOS7_PIHOLE_WEB_DEPS - fi - # CentOS requires the EPEL repository to gain access to Fedora packages - EPEL_PKG="epel-release" - rpm -q ${EPEL_PKG} &> /dev/null || rc=$? - if [[ $rc -ne 0 ]]; then - printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" - "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null - printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" - fi + # If the host OS is Fedora, + if grep -qiE 'fedora|fedberry' /etc/redhat-release; then + # all required packages should be available by default with the latest fedora release + : # continue + # or if host OS is CentOS, + elif grep -qiE 'centos|scientific' /etc/redhat-release; then + # Pi-Hole currently supports CentOS 7+ with PHP7+ + SUPPORTED_CENTOS_VERSION=7 + SUPPORTED_CENTOS_PHP_VERSION=7 + # Check current CentOS major release version + CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release) + # Check if CentOS version is supported + if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then + printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" + printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" + # exit the installer + exit + fi + # php-json is not required on CentOS 7 as it is already compiled into php + # verifiy via `php -m | grep json` + if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then + # create a temporary array as arrays are not designed for use as mutable data structures + CENTOS7_PIHOLE_WEB_DEPS=() + for i in "${!PIHOLE_WEB_DEPS[@]}"; do + if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then + CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" ) + fi + done + # re-assign the clean dependency array back to PIHOLE_WEB_DEPS + PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}") + unset CENTOS7_PIHOLE_WEB_DEPS + fi + # CentOS requires the EPEL repository to gain access to Fedora packages + EPEL_PKG="epel-release" + rpm -q ${EPEL_PKG} &> /dev/null || rc=$? + if [[ $rc -ne 0 ]]; then + printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" + "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null + printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" + fi - # The default php on CentOS 7.x is 5.4 which is EOL - # Check if the version of PHP available via installed repositories is >= to PHP 7 - AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1) - if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then - # Since PHP 7 is available by default, install via default PHP package names - : # do nothing as PHP is current - else - REMI_PKG="remi-release" - REMI_REPO="remi-php72" - rpm -q ${REMI_PKG} &> /dev/null || rc=$? - if [[ $rc -ne 0 ]]; then - # The PHP version available via default repositories is older than version 7 - if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then - # User decided to NOT update PHP from REMI, attempt to install the default available PHP version - printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" - : # continue with unsupported php version + # The default php on CentOS 7.x is 5.4 which is EOL + # Check if the version of PHP available via installed repositories is >= to PHP 7 + AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1) + if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then + # Since PHP 7 is available by default, install via default PHP package names + : # do nothing as PHP is current else - printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" - "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null - # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) - "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null - yum-config-manager --enable ${REMI_REPO} &> /dev/null - printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" - # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI - if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then - printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" + REMI_PKG="remi-release" + REMI_REPO="remi-php72" + rpm -q ${REMI_PKG} &> /dev/null || rc=$? + if [[ $rc -ne 0 ]]; then + # The PHP version available via default repositories is older than version 7 + if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then + # User decided to NOT update PHP from REMI, attempt to install the default available PHP version + printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" + : # continue with unsupported php version + else + printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" + "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null + # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) + "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null + yum-config-manager --enable ${REMI_REPO} &> /dev/null + printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" + # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI + if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then + printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" + else + printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" + exit 1 + fi + fi + fi # Warn user of unsupported version of Fedora or CentOS + if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then + printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" + exit else - printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" - exit 1 + printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" fi fi - fi # Warn user of unsupported version of Fedora or CentOS - if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then - printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" - exit - else - printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" fi -fi -fi } # A function for checking if a directory is a git repository @@ -519,7 +519,7 @@ update_repo() { # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks) curBranch=$(git rev-parse --abbrev-ref HEAD) if [[ "${curBranch}" == "master" ]]; then - git reset --hard "$(git describe --abbrev=0 --tags)" || return $? + git reset --hard "$(git describe --abbrev=0 --tags)" || return $? fi # Show a completion message printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" @@ -629,12 +629,12 @@ welcomeDialogs() { IMPORTANT: If you have not already done so, you must ensure that this device has a static IP. Either through DHCP reservation, or by manually assigning one. Depending on your operating system, there are many ways to achieve this. Choose yes to indicate that you have understood this message, and wish to continue" "${r}" "${c}"; then -#Nothing to do, continue - echo -else - printf " %b Installer exited at static IP message.\\n" "${INFO}" - exit 1 -fi + #Nothing to do, continue + echo + else + printf " %b Installer exited at static IP message.\\n" "${INFO}" + exit 1 + fi } # A function that lets the user pick an interface to use with Pi-hole @@ -759,8 +759,8 @@ collect_v4andv6_information() { printf " %b IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}" # if `dhcpcd` is used offer to set this as static IP for the device if [[ -f "/etc/dhcpcd.conf" ]]; then - # configure networking via dhcpcd - getStaticIPv4Settings + # configure networking via dhcpcd + getStaticIPv4Settings fi find_IPv6_information printf " %b IPv6 address: %s\\n" "${INFO}" "${IPV6_ADDRESS}" @@ -913,8 +913,8 @@ setDNS() { IFS=${OIFS} # In a whiptail dialog, show the options DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." "${r}" "${c}" 7 \ - "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \ - # Exit if the user selects "Cancel" + "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \ + # Exit if the user selects "Cancel" { printf " %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; } # Depending on the user's choice, set the GLOBAL variables to the IP of the respective provider @@ -1180,8 +1180,8 @@ version_check_dnsmasq() { install -D -m 644 -T "${dnsmasq_original_config}" "${dnsmasq_conf}" printf "%b %b Restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" else - # Otherwise, don't to anything - printf " it is not a Pi-hole file, leaving alone!\\n" + # Otherwise, don't to anything + printf " it is not a Pi-hole file, leaving alone!\\n" fi else # If a file cannot be found, @@ -1216,8 +1216,8 @@ version_check_dnsmasq() { sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}" fi - # Set the cache size - sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" + # Set the cache size + sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}" @@ -1565,7 +1565,7 @@ install_dependent_packages() { # Install Fedora/CentOS packages for i in "$@"; do - # For each package, check if it's already installed (and if so, don't add it to the installArray) + # For each package, check if it's already installed (and if so, don't add it to the installArray) printf " %b Checking for %s..." "${INFO}" "${i}" if "${PKG_MANAGER}" -q list installed "${i}" &> /dev/null; then printf "%b %b Checking for %s\\n" "${OVER}" "${TICK}" "${i}" @@ -1735,18 +1735,18 @@ finalExports() { fi # echo the information to the user { - echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}" - echo "IPV4_ADDRESS=${IPV4_ADDRESS}" - echo "IPV6_ADDRESS=${IPV6_ADDRESS}" - echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}" - echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}" - echo "QUERY_LOGGING=${QUERY_LOGGING}" - echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}" - echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" - echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" - echo "CACHE_SIZE=${CACHE_SIZE}" - echo "DNS_FQDN_REQUIRED=${DNS_FQDN_REQUIRED:-true}" - echo "DNS_BOGUS_PRIV=${DNS_BOGUS_PRIV:-true}" + echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}" + echo "IPV4_ADDRESS=${IPV4_ADDRESS}" + echo "IPV6_ADDRESS=${IPV6_ADDRESS}" + echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}" + echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}" + echo "QUERY_LOGGING=${QUERY_LOGGING}" + echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}" + echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" + echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" + echo "CACHE_SIZE=${CACHE_SIZE}" + echo "DNS_FQDN_REQUIRED=${DNS_FQDN_REQUIRED:-true}" + echo "DNS_BOGUS_PRIV=${DNS_BOGUS_PRIV:-true}" }>> "${setupVars}" chmod 644 "${setupVars}" @@ -1921,7 +1921,7 @@ displayFinalMessage() { additional="View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin Your Admin Webpage login password is ${pwstring}" - fi + fi # Final completion message to user whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using: @@ -2456,7 +2456,7 @@ main() { #In case of RPM based distro, select the proper PHP version if [[ "$PKG_MANAGER" == "yum" || "$PKG_MANAGER" == "dnf" ]] ; then - select_rpm_php + select_rpm_php fi # Check if SELinux is Enforcing diff --git a/gravity.sh b/gravity.sh index dfaf4fea..bb4f4e4b 100755 --- a/gravity.sh +++ b/gravity.sh @@ -213,7 +213,7 @@ database_table_from_file() { # Move source file to backup directory, create directory if not existing mkdir -p "${backup_path}" mv "${source}" "${backup_file}" 2> /dev/null || \ - echo -e " ${CROSS} Unable to backup ${source} to ${backup_path}" + echo -e " ${CROSS} Unable to backup ${source} to ${backup_path}" # Delete tmpFile rm "${tmpFile}" > /dev/null 2>&1 || \ @@ -430,9 +430,9 @@ gravity_DownloadBlocklists() { compression="--compressed" echo -e " ${INFO} Using libz compression\n" else - compression="" - echo -e " ${INFO} Libz compression not available\n" - fi + compression="" + echo -e " ${INFO} Libz compression not available\n" + fi # Loop through $sources and download each one for ((i = 0; i < "${#sources[@]}"; i++)); do url="${sources[$i]}" @@ -462,9 +462,9 @@ gravity_DownloadBlocklists() { check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$url" )" if [[ "${check_url}" =~ ${regex} ]]; then - echo -e " ${CROSS} Invalid Target" + echo -e " ${CROSS} Invalid Target" else - gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" + gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" fi echo "" done @@ -583,28 +583,28 @@ gravity_DownloadBlocklistFromUrl() { blocked=false case $BLOCKINGMODE in "IP-NODATA-AAAA"|"IP") - # Get IP address of this domain - ip="$(dig "${domain}" +short)" - # Check if this IP matches any IP of the system - if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then - blocked=true - fi;; + # Get IP address of this domain + ip="$(dig "${domain}" +short)" + # Check if this IP matches any IP of the system + if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then + blocked=true + fi;; "NXDOMAIN") - if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then - blocked=true - fi;; + if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then + blocked=true + fi;; "NULL"|*) - if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then - blocked=true - fi;; - esac + if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then + blocked=true + fi;; + esac if [[ "${blocked}" == true ]]; then printf -v ip_addr "%s" "${PIHOLE_DNS_1%#*}" if [[ ${PIHOLE_DNS_1} != *"#"* ]]; then - port=53 + port=53 else - printf -v port "%s" "${PIHOLE_DNS_1#*#}" + printf -v port "%s" "${PIHOLE_DNS_1#*#}" fi ip=$(dig "@${ip_addr}" -p "${port}" +short "${domain}" | tail -1) if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then @@ -623,11 +623,11 @@ gravity_DownloadBlocklistFromUrl() { case $url in # Did we "download" a local file? "file"*) - if [[ -s "${patternBuffer}" ]]; then - echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true - else - echo -e "${OVER} ${CROSS} ${str} Not found / empty list" - fi;; + if [[ -s "${patternBuffer}" ]]; then + echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true + else + echo -e "${OVER} ${CROSS} ${str} Not found / empty list" + fi;; # Did we "download" a remote file? *) # Determine "Status:" output based on HTTP response