From e7589945a28f1c741a82423b7683b42d1c8b27ca Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 7 Oct 2017 16:41:30 -0400 Subject: [PATCH 01/26] Disable password field if no password is set For someone to actually whitelist a domain without a password, more changes will be needed on the PHP side. --- advanced/index.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index 911f3cc8..1fa6a53c 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -209,11 +209,17 @@ if (explode("-", $phVersion)[1] != "0") window.onload = function () { 0) echo '$("#bpBack").removeAttr("href");'; - // Enable whitelisting if $svPasswd is present & JS is available - if (!empty($svPasswd) && $featuredTotal > 0) { - echo '$("#bpWLPassword, #bpWhitelist").prop("disabled", false);'; + if ($featuredTotal > 0) { + echo '$("#bpBack").removeAttr("href");'; + + // Enable whitelisting if JS is available + echo '$("#bpWhitelist").prop("disabled", false);'; + + // Enable password input if necessary + if (!empty($svPasswd)) { echo '$("#bpWLPassword").attr("placeholder", "Password");'; + echo '$("#bpWLPassword").prop("disabled", false);'; + } } ?> } From 009fa2f1b7f44ce983eece60a19ec1c109dcdcfe Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Wed, 1 Nov 2017 21:30:14 -0400 Subject: [PATCH 02/26] Hide password textbox if there is no password --- advanced/index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/index.php b/advanced/index.php index 1fa6a53c..923aa7ce 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -218,6 +218,7 @@ if (explode("-", $phVersion)[1] != "0") // Enable password input if necessary if (!empty($svPasswd)) { echo '$("#bpWLPassword").attr("placeholder", "Password");'; + echo '$("#bpWLPassword").css("display", "inline-block");'; echo '$("#bpWLPassword").prop("disabled", false);'; } } @@ -273,7 +274,7 @@ if (explode("-", $phVersion)[1] != "0")
- +
From 607664c860e324af14b7c45cadf56ee8d9bf3724 Mon Sep 17 00:00:00 2001 From: ryanknapper Date: Sun, 14 Jan 2018 21:01:08 -0500 Subject: [PATCH 03/26] Update webpage.sh Updated webpage.sh to include conditional forwarding options. --- advanced/Scripts/webpage.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 588a88ae..d47eaff6 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -182,6 +182,10 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 add_dnsmasq_setting "interface" "${PIHOLE_INTERFACE}" fi + if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then + add_dnsmasq_setting "server=/${CONDITIONAL_FORWARDING_DOMAIN}/${CONDITIONAL_FORWARDING_IP}" + add_dnsmasq_setting "server=/${CONDITIONAL_FORWARDING_REVERSE}/${CONDITIONAL_FORWARDING_IP}" + fi } @@ -211,6 +215,17 @@ SetDNSServers() { else change_setting "DNSSEC" "false" fi + if [[ "${args[6]}" == "conditional_forwarding" ]]; then + change_setting "CONDITIONAL_FORWARDING" "true" + change_setting "CONDITIONAL_FORWARDING_IP" "${args[7]}" + change_setting "CONDITIONAL_FORWARDING_DOMAIN" "${args[8]}" + change_setting "CONDITIONAL_FORWARDING_REVERSE" "${args[9]}" + else + change_setting "CONDITIONAL_FORWARDING" "false" + delete_setting "CONDITIONAL_FORWARDING_IP" + delete_setting "CONDITIONAL_FORWARDING_DOMAIN" + delete_setting "CONDITIONAL_FORWARDING_REVERSE" + fi ProcessDNSSettings From 158ea1d43b6023574f71dc8665b194c05094b06b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 21 Jan 2018 11:54:49 +0100 Subject: [PATCH 04/26] Add sqlite3 dependency Signed-off-by: DL6ER --- advanced/Scripts/piholeLogFlush.sh | 1 + automated install/basic-install.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 2187f3ac..8685012d 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -41,6 +41,7 @@ else echo " " > /var/log/pihole.log.1 fi fi + # Delete most recent 24 hours from FTL's database fi if [[ "$@" != *"quiet"* ]]; then diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 550f26ad..de9eddf4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lsof netcat sudo unzip wget idn2) + PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) From 4c249a1186dfa1023567cfd250b689ff72996d92 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 21 Jan 2018 13:48:13 +0100 Subject: [PATCH 05/26] Flush most recent 24 hours from FTL's database Signed-off-by: DL6ER --- advanced/Scripts/piholeLogFlush.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 8685012d..0816678f 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -42,8 +42,11 @@ else fi fi # Delete most recent 24 hours from FTL's database + deleted=$(sqlite3 /etc/pihole/pihole-FTL.db "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1") + fi if [[ "$@" != *"quiet"* ]]; then echo -e "${OVER} ${TICK} Flushed /var/log/pihole.log" + echo -e " ${TICK} Deleted ${deleted} queries from database" fi From 1a5c86d32e1bd3b9214ed2845b4a3488682f7d62 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Tue, 23 Jan 2018 20:28:43 -0500 Subject: [PATCH 06/26] Revert "Hide password textbox if there is no password" This reverts commit 009fa2f1b7f44ce983eece60a19ec1c109dcdcfe. --- advanced/index.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index d3e2f768..45d9882a 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -245,7 +245,6 @@ setHeader(); // Enable password input if necessary if (!empty($svPasswd)) { echo '$("#bpWLPassword").attr("placeholder", "Password");'; - echo '$("#bpWLPassword").css("display", "inline-block");'; echo '$("#bpWLPassword").prop("disabled", false);'; } } @@ -301,7 +300,7 @@ setHeader();
- +
From c5a2ca5c98d9f40990768f73439d4700261cd989 Mon Sep 17 00:00:00 2001 From: Sebastian Pucilowski Date: Wed, 7 Feb 2018 16:45:23 +1100 Subject: [PATCH 07/26] Trivial spelling mistakes in basic-install.sh comments Signed-off-by: Sebastian Pucilowski --- automated install/basic-install.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c87d00a6..81209037 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -23,7 +23,7 @@ set -e ######## VARIABLES ######### # For better maintainability, we store as much information that can change in variables -# This allows us to make a change in one place that can propogate to all instances of the variable +# This allows us to make a change in one place that can propagate to all instances of the variable # These variables should all be GLOBAL variables, written in CAPS # Local variables will be in lowercase and will exist only within functions # It's still a work in progress, so you may see some variance in this guideline until it is complete @@ -43,7 +43,7 @@ webInterfaceGitUrl="https://github.com/pi-hole/AdminLTE.git" webInterfaceDir="/var/www/html/admin" piholeGitUrl="https://github.com/pi-hole/pi-hole.git" PI_HOLE_LOCAL_REPO="/etc/.pihole" -# These are the names of piholes files, stored in an array +# These are the names of pi-holes files, stored in an array PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage) # This folder is where the Pi-hole scripts will be installed PI_HOLE_INSTALL_DIR="/opt/pihole" @@ -81,7 +81,7 @@ runUnattended=false if [[ -f "${coltable}" ]]; then # source it source ${coltable} -# Othwerise, +# Otherwise, else # Set these values so the installer can still run in color COL_NC='\e[0m' # No Color @@ -918,7 +918,7 @@ setLogging() { esac } -# Funtion to ask the user if they want to install the dashboard +# Function to ask the user if they want to install the dashboard setAdminFlag() { # Local, named variables local WebToggleCommand @@ -946,7 +946,7 @@ setAdminFlag() { esac } -# Check if /etc/dnsmasq.conf is from pihole. If so replace with an original and install new in .d directory +# Check if /etc/dnsmasq.conf is from pi-hole. If so replace with an original and install new in .d directory version_check_dnsmasq() { # Local, named variables local dnsmasq_conf="/etc/dnsmasq.conf" From 2cf1f0e8fc96e346ccde2a643f263af0fc50f6dc Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sun, 11 Feb 2018 14:07:02 -0500 Subject: [PATCH 08/26] Hide the password input when there is no password Signed-off-by: Mcat12 --- advanced/index.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/advanced/index.php b/advanced/index.php index 45d9882a..4328714a 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -99,7 +99,7 @@ if ($serverName === "pi.hole") { /* Start processing Block Page from here */ // Determine placeholder text based off $svPasswd presence -$wlPlaceHolder = empty($svPasswd) ? "No admin password set" : "Javascript disabled"; +$wlPlaceHolder = empty($svPasswd) ? "" : "Javascript disabled"; // Define admin email address text based off $svEmail presence $bpAskAdmin = !empty($svEmail) ? '' : ""; @@ -247,6 +247,10 @@ setHeader(); echo '$("#bpWLPassword").attr("placeholder", "Password");'; echo '$("#bpWLPassword").prop("disabled", false);'; } + // Otherwise hide the input + else { + echo '$("#bpWLPassword").hide();'; + } } ?> } From 8a42ef431b86bd1a0bac8155e85c6e75899f6833 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sun, 11 Feb 2018 21:49:12 -0500 Subject: [PATCH 09/26] Fix Javascript warning when no password is set Signed-off-by: Mcat12 --- advanced/index.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index 4328714a..14da9ecf 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -98,9 +98,6 @@ if ($serverName === "pi.hole") { /* Start processing Block Page from here */ -// Determine placeholder text based off $svPasswd presence -$wlPlaceHolder = empty($svPasswd) ? "" : "Javascript disabled"; - // Define admin email address text based off $svEmail presence $bpAskAdmin = !empty($svEmail) ? '' : ""; @@ -304,7 +301,7 @@ setHeader();
- +
From a944b6ff79cf68687c34b6c9581376f41367f1d7 Mon Sep 17 00:00:00 2001 From: Florian Freund Date: Mon, 12 Feb 2018 21:28:43 +0100 Subject: [PATCH 10/26] Fixes https://github.com/pi-hole/pi-hole/issues/1772 --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 832fd77b..11aaaf5e 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1939,7 +1939,7 @@ main() { for var in "$@"; do case "$var" in "--reconfigure" ) reconfigure=true;; - "--i_do_not_follow_recommendations" ) skipSpaceCheck=false;; + "--i_do_not_follow_recommendations" ) skipSpaceCheck=true;; "--unattended" ) runUnattended=true;; esac done From fc5034696d201e6614ac69df0ca203ccfdd921e2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 16 Feb 2018 19:42:33 +0100 Subject: [PATCH 11/26] Don't auto-whitelist blocking list domains Signed-off-by: DL6ER --- gravity.sh | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/gravity.sh b/gravity.sh index 280ce6c1..ce2734fc 100755 --- a/gravity.sh +++ b/gravity.sh @@ -417,24 +417,6 @@ gravity_SortAndFilterConsolidatedList() { echo -e " ${INFO} Number of unique domains trapped in the Event Horizon: ${COL_BLUE}${num}${COL_NC}" } -# Whitelist unique blocklist domain sources -gravity_WhitelistBlocklistSourceUrls() { - local uniqDomains str - - echo "" - - # Create array of unique $sourceDomains - mapfile -t uniqDomains <<< "$(awk '{ if(!a[$1]++) { print $1 } }' <<< "$(printf '%s\n' "${sourceDomains[@]}")")" - - str="Number of blocklist source domains being added to the whitelist: ${#uniqDomains[@]}" - echo -ne " ${INFO} ${str}..." - - # Whitelist $uniqDomains - "${PIHOLE_COMMAND}" -w -nr -q ${uniqDomains[*]} &> /dev/null - - echo -e "${OVER} ${INFO} ${str}" -} - # Whitelist user-defined domains gravity_Whitelist() { local num str @@ -630,7 +612,6 @@ if [[ "${skipDownload}" == false ]]; then gravity_SetDownloadOptions gravity_ConsolidateDownloadedBlocklists gravity_SortAndFilterConsolidatedList - gravity_WhitelistBlocklistSourceUrls else # Gravity needs to modify Blacklist/Whitelist/Wildcards echo -e " ${INFO} Using cached Event Horizon list..." From 5d274008db4e38332538d0c25d6e49afd08d839d Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 17 Feb 2018 12:58:57 +0100 Subject: [PATCH 12/26] Use possibly user-defined database location when flushing Signed-off-by: DL6ER --- advanced/Scripts/piholeLogFlush.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 0816678f..bbe68c7e 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -11,6 +11,17 @@ colfile="/opt/pihole/COL_TABLE" source ${colfile} +# Determine database location +# Obtain DBFILE=... setting from pihole-FTL.db +# Constructed to return nothing when +# a) the setting is not present in the config file, or +# b) the setting is commented out (e.g. "#DBFILE=...") +DBFILE=$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf) +# Test for empty string. Use standard path in this case. +if [ -z $DBFILE ]; then + DBFILE="/etc/pihole/pihole-FTL.db" +fi + if [[ "$@" != *"quiet"* ]]; then echo -ne " ${INFO} Flushing /var/log/pihole.log ..." fi @@ -41,8 +52,8 @@ else echo " " > /var/log/pihole.log.1 fi fi - # Delete most recent 24 hours from FTL's database - deleted=$(sqlite3 /etc/pihole/pihole-FTL.db "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1") + # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) + deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1") fi From b8eaa9a52742437ba073927ee51bb7be2af9ced9 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 17 Feb 2018 13:01:00 +0100 Subject: [PATCH 13/26] Use double quotes to precent globbing and word splitting Signed-off-by: DL6ER --- advanced/Scripts/piholeLogFlush.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index bbe68c7e..5fd9832e 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -16,9 +16,9 @@ source ${colfile} # Constructed to return nothing when # a) the setting is not present in the config file, or # b) the setting is commented out (e.g. "#DBFILE=...") -DBFILE=$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf) +DBFILE="$(sed -n -e 's/^\s^.DBFILE\s*=\s*//p' /etc/pihole/pihole-FTL.conf)" # Test for empty string. Use standard path in this case. -if [ -z $DBFILE ]; then +if [ -z "$DBFILE" ]; then DBFILE="/etc/pihole/pihole-FTL.db" fi From 8b79017d0f05e84b5eac5ccc44477252c2ad928c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 18 Feb 2018 13:07:22 +0100 Subject: [PATCH 14/26] Always replace pihole-FTL.service Signed-off-by: DL6ER --- automated install/basic-install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 869dc57f..b694b527 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1754,6 +1754,9 @@ FTLinstall() { return 1 fi + # Always replace pihole-FTL.service + install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" + # If the download worked, if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "/tmp/${binary}"; then # get sha1 of the binary we just downloaded for verification. @@ -1773,7 +1776,6 @@ FTLinstall() { # Move back into the original directory the user was in cd "${orig_dir}" # Install the FTL service - install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" echo -e "${OVER} ${TICK} ${str}" return 0 # Otherise, From b7891f92a587287f7d28e21affa18fd7cae428ec Mon Sep 17 00:00:00 2001 From: Ludovic Rousseau Date: Sun, 18 Feb 2018 13:00:56 +0100 Subject: [PATCH 15/26] Create blacklist.txt if not existant Closes: https://github.com/pi-hole/pi-hole/issues/1888 Signed-off-by: Ludovic Rousseau --- advanced/Scripts/list.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 72250afd..106f5caf 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -84,6 +84,11 @@ PoplistFile() { touch ${whitelist} fi + # Check blacklist file exists, and if not, create it + if [[ ! -f ${blacklist} ]]; then + touch ${blacklist} + fi + for dom in "${domList[@]}"; do # Logic: If addmode then add to desired list and remove from the other; if delmode then remove from desired list but do not add to the other if ${addmode}; then From 47bbea9ba71faea5669aa75526e1ab66d1164b30 Mon Sep 17 00:00:00 2001 From: Ludovic Rousseau Date: Sun, 18 Feb 2018 21:18:52 +0100 Subject: [PATCH 16/26] Use " " to protect parameter substitution Signed-off-by: Ludovic Rousseau --- advanced/Scripts/list.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 106f5caf..1d96ea3c 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -10,9 +10,9 @@ # Globals basename=pihole -piholeDir=/etc/${basename} -whitelist=${piholeDir}/whitelist.txt -blacklist=${piholeDir}/blacklist.txt +piholeDir=/etc/"${basename}" +whitelist="${piholeDir}"/whitelist.txt +blacklist="${piholeDir}"/blacklist.txt readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf" reload=false addmode=true @@ -80,13 +80,13 @@ HandleOther() { PoplistFile() { # Check whitelist file exists, and if not, create it - if [[ ! -f ${whitelist} ]]; then - touch ${whitelist} + if [[ ! -f "${whitelist}" ]]; then + touch "${whitelist}" fi # Check blacklist file exists, and if not, create it - if [[ ! -f ${blacklist} ]]; then - touch ${blacklist} + if [[ ! -f "${blacklist}" ]]; then + touch "${blacklist}" fi for dom in "${domList[@]}"; do From d4ac818a0b285672a7725bcf4b8ea75c0b13a229 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 21 Feb 2018 11:23:07 +0000 Subject: [PATCH 17/26] Specifty `LC_ALL=C` when dealing with sorted lists. Signed-off-by: Adam Warner --- gravity.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index ce2734fc..71849380 100755 --- a/gravity.sh +++ b/gravity.sh @@ -330,7 +330,7 @@ gravity_ParseFileIntoDomains() { }' "${source}" > "${destination}.exceptionsFile.tmp" # Remove exceptions - comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" + LC_ALL=C comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" mv "${source}" "${destination}" fi @@ -409,7 +409,7 @@ gravity_SortAndFilterConsolidatedList() { str="Removing duplicate domains" echo -ne " ${INFO} ${str}..." - sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" + LC_ALL=C sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" echo -e "${OVER} ${TICK} ${str}" # Format $preEventHorizon line total as currency @@ -431,7 +431,7 @@ gravity_Whitelist() { echo -ne " ${INFO} ${str}..." # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile - comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" + LC_ALL=C comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" echo -e "${OVER} ${INFO} ${str}" } From 6b4685b33308f426ecd7c2b591b0713132a32525 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 21 Feb 2018 11:33:29 +0000 Subject: [PATCH 18/26] much more elegant to export LC_ALL at the beginning of the script! Signed-off-by: Adam Warner --- gravity.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index 71849380..cfc7566e 100755 --- a/gravity.sh +++ b/gravity.sh @@ -11,6 +11,8 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. +export LC_ALL=C + coltable="/opt/pihole/COL_TABLE" source "${coltable}" @@ -330,7 +332,7 @@ gravity_ParseFileIntoDomains() { }' "${source}" > "${destination}.exceptionsFile.tmp" # Remove exceptions - LC_ALL=C comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" + comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" mv "${source}" "${destination}" fi @@ -409,7 +411,7 @@ gravity_SortAndFilterConsolidatedList() { str="Removing duplicate domains" echo -ne " ${INFO} ${str}..." - LC_ALL=C sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" + sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" echo -e "${OVER} ${TICK} ${str}" # Format $preEventHorizon line total as currency @@ -431,7 +433,7 @@ gravity_Whitelist() { echo -ne " ${INFO} ${str}..." # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile - LC_ALL=C comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" + comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" echo -e "${OVER} ${INFO} ${str}" } From 4606693e62a16a40a5bd342ec237859e0d39dac3 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Thu, 22 Feb 2018 20:13:38 -0800 Subject: [PATCH 19/26] Use pushd/popd and create random temporary directory to prevent potential backdoor binary injection. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b694b527..bdf99ee3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1734,17 +1734,14 @@ clone_or_update_repos() { fi } -# Download and install FTL binary +# Download FTL binary to random temp directory and install FTL binary FTLinstall() { # Local, named variables local binary="${1}" local latesttag - local orig_dir local str="Downloading and Installing FTL" echo -ne " ${INFO} ${str}..." - # Get the current working directory - orig_dir="${PWD}" # Find the latest version tag for FTL latesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}') # Tags should always start with v, check for that. @@ -1754,44 +1751,44 @@ FTLinstall() { return 1 fi + # Move into the temp ftl directory + pushd "$(mktmp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; } + # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" # If the download worked, - if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "/tmp/${binary}"; then + if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "${binary}"; then # get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "/tmp/${binary}.sha1" + curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "${binary}.sha1" - # Move into the temp directory - cd /tmp # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then echo -n "transferred... " # Stop FTL stop_service pihole-FTL &> /dev/null # Install the new version with the correct permissions - install -T -m 0755 /tmp/${binary} /usr/bin/pihole-FTL - # Remove the tempoary file - rm /tmp/${binary} /tmp/${binary}.sha1 + install -T -m 0755 "${binary}" /usr/bin/pihole-FTL # Move back into the original directory the user was in - cd "${orig_dir}" + popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } # Install the FTL service echo -e "${OVER} ${TICK} ${str}" return 0 # Otherise, else + # the download failed, so just go back to the original directory + popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" - # the download failed, so just go back to the original directory - cd "${orig_dir}" return 1 fi # Otherwise, else - cd "${orig_dir}" + popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" # The URL could not be found echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" + return 1 fi } From 3425b9a82ecd6fde89437f15c1aa49e3fd7e5271 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 2 Mar 2018 12:28:53 -0800 Subject: [PATCH 20/26] Fix mktmp > mktemp Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index bdf99ee3..704055d5 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1752,7 +1752,7 @@ FTLinstall() { fi # Move into the temp ftl directory - pushd "$(mktmp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; } + pushd "$(mktemp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; } # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" From ad1f210528009c5655499ae6b75a47d43964423b Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 2 Mar 2018 20:47:01 +0000 Subject: [PATCH 21/26] As we no longer add source lists to the whitelist by default, gravity falls over on new installs. Signed-off-by: Adam Warner --- gravity.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index cfc7566e..395ea548 100755 --- a/gravity.sh +++ b/gravity.sh @@ -505,8 +505,13 @@ gravity_ParseBlacklistDomains() { # Empty $accretionDisc if it already exists, otherwise, create it : > "${piholeDir}/${accretionDisc}" - - gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" + + if [[ -f "${piholeDir}/${whitelistMatter}" ]]; then + gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" + else + # There was no whitelist file, so use preEventHorizon instead of whitelistMatter. + gravity_ParseDomainsIntoHosts "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}" + fi # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it output=$( { mv "${piholeDir}/${accretionDisc}" "${adList}"; } 2>&1 ) From 246d5cd5879863d7049d6f17832ea11e4b0b642b Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 21:41:00 +0000 Subject: [PATCH 22/26] store checked out FTL branch in /etc/pihole/ftlbranch Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 9e97c69c..423114b1 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -332,6 +332,7 @@ checkout() { if check_download_exists "$path"; then echo " ${TICK} Branch ${2} exists" + echo "${2}" > /etc/pihole/ftlbranch FTLinstall "${binary}" "${path}" else echo " ${CROSS} Requested branch \"${2}\" is not available" From 76cb129d3c9310077cbb29e2323fde35fbd2e0a0 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 21:48:09 +0000 Subject: [PATCH 23/26] don't forget `master` and `development` branches! Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 423114b1..21919ddf 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -256,6 +256,7 @@ checkout() { get_binary_name local path path="development/${binary}" + echo "development" > /etc/pihole/ftlbranch FTLinstall "${binary}" "${path}" elif [[ "${1}" == "master" ]] ; then # Shortcut to check out master branches @@ -270,6 +271,7 @@ checkout() { get_binary_name local path path="master/${binary}" + echo "master" > /etc/pihole/ftlbranch FTLinstall "${binary}" "${path}" elif [[ "${1}" == "core" ]] ; then str="Fetching branches from ${piholeGitUrl}" From 71d8f5f96fa8a8edf5618f58c6b1d28f77887c00 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 7 Mar 2018 22:00:14 +0000 Subject: [PATCH 24/26] remove PA YAML file Signed-off-by: Adam Warner --- .pullapprove.yml | 38 -------------------------------------- 1 file changed, 38 deletions(-) delete mode 100644 .pullapprove.yml diff --git a/.pullapprove.yml b/.pullapprove.yml deleted file mode 100644 index 30888234..00000000 --- a/.pullapprove.yml +++ /dev/null @@ -1,38 +0,0 @@ -version: 2 - -always_pending: - title_regex: '(WIP|wip)' - labels: - - wip - explanation: 'This PR is a work in progress...' - -group_defaults: - reset_on_push: - enabled: true - reject_value: -2 - approve_regex: '^(Approved|:shipit:|:\+1:|Engage|:taco:)' - reject_regex: '^(Rejected|:-1:|Borg)' - author_approval: - auto: true - - -groups: - development: - approve_by_comment: - enabled: true - conditions: - branches: - - development - required: 2 - teams: - - approvers - - master: - approve_by_comment: - enabled: true - conditions: - branches: - - master - required: 4 - teams: - - approvers From 2895b9bfb70e9fa10e0a8118ba163961b52c1ddb Mon Sep 17 00:00:00 2001 From: justinamcafee Date: Sat, 10 Mar 2018 17:33:31 -0600 Subject: [PATCH 25/26] Added support for FamilyShield from OpenDNS With a very minor code change, individuals can now implement restrictions on dangers, disturbing, or otherwise adult oriented content without the need for managed restrictions. This is a fairly non-invasive change and will benefit users who intend to use VPN for home or small business uses where access to such material may be undesirable. --- automated install/basic-install.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c87d00a6..ccdb479c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -771,6 +771,7 @@ setDNS() { Comodo "" DNSWatch "" Quad9 "" + FamilyShield "" Custom "") # In a whiptail dialog, show the options DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." ${r} ${c} 7 \ @@ -817,6 +818,10 @@ setDNS() { PIHOLE_DNS_1="9.9.9.9" PIHOLE_DNS_2="149.112.112.112" ;; + FamilyShield) + echo "FamilyShield servers" + PIHOLE_DNS_1="208.67.222.123" + PIHOLE_DNS_2="208.67.220.123" Custom) # Until the DNS settings are selected, until [[ "${DNSSettingsCorrect}" = True ]]; do From 30af6e73be1ac05dd05a274aea1f583fd098bc06 Mon Sep 17 00:00:00 2001 From: justinamcafee Date: Sat, 10 Mar 2018 17:36:47 -0600 Subject: [PATCH 26/26] added ;; to line 825 Misformated case. Updated correct case --- automated install/basic-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ccdb479c..29dc6cd1 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -822,6 +822,7 @@ setDNS() { echo "FamilyShield servers" PIHOLE_DNS_1="208.67.222.123" PIHOLE_DNS_2="208.67.220.123" + ;; Custom) # Until the DNS settings are selected, until [[ "${DNSSettingsCorrect}" = True ]]; do