Merge pull request #2025 from pi-hole/FTLDNSremoveDnsmasq

Disable dnsmasq FTLDNS
This commit is contained in:
Adam Warner 2018-03-16 11:27:52 +00:00 committed by GitHub
commit fc10e3fcac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 189 additions and 64 deletions

View file

@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then
# These programs are stored in an array so they can be looped through later # These programs are stored in an array so they can be looped through later
INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail)
# Pi-hole itself has several dependencies that also need to be installed # Pi-hole itself has several dependencies that also need to be installed
PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf)
# The Web dashboard has some that also need to be installed # The Web dashboard has some that also need to be installed
# It's useful to separate the two since our repos are also setup as "Core" code and "Web" code # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite})
@ -173,8 +173,6 @@ if command -v apt-get &> /dev/null; then
LIGHTTPD_GROUP="www-data" LIGHTTPD_GROUP="www-data"
# and config file # and config file
LIGHTTPD_CFG="lighttpd.conf.debian" LIGHTTPD_CFG="lighttpd.conf.debian"
# The DNS server user
DNSMASQ_USER="dnsmasq"
# A function to check... # A function to check...
test_dpkg_lock() { test_dpkg_lock() {
@ -216,7 +214,6 @@ elif command -v rpm &> /dev/null; then
LIGHTTPD_USER="lighttpd" LIGHTTPD_USER="lighttpd"
LIGHTTPD_GROUP="lighttpd" LIGHTTPD_GROUP="lighttpd"
LIGHTTPD_CFG="lighttpd.conf.fedora" LIGHTTPD_CFG="lighttpd.conf.fedora"
DNSMASQ_USER="nobody"
# If neither apt-get or rmp/dnf are found # If neither apt-get or rmp/dnf are found
else else
@ -984,6 +981,10 @@ version_check_dnsmasq() {
fi fi
echo -en " ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." echo -en " ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..."
# Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency)
if [[ ! -d "/etc/dnsmasq.d" ]];then
mkdir "/etc/dnsmasq.d"
fi
# Copy the new Pi-hole DNS config file into the dnsmasq.d directory # Copy the new Pi-hole DNS config file into the dnsmasq.d directory
cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location} cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
echo -e "${OVER} ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf" echo -e "${OVER} ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf"
@ -1112,7 +1113,6 @@ stop_service() {
# Stop service passed in as argument. # Stop service passed in as argument.
# Can softfail, as process may not be installed when this is called # Can softfail, as process may not be installed when this is called
local str="Stopping ${1} service" local str="Stopping ${1} service"
echo ""
echo -ne " ${INFO} ${str}..." echo -ne " ${INFO} ${str}..."
if command -v systemctl &> /dev/null; then if command -v systemctl &> /dev/null; then
systemctl stop "${1}" &> /dev/null || true systemctl stop "${1}" &> /dev/null || true
@ -1126,7 +1126,6 @@ stop_service() {
start_service() { start_service() {
# Local, named variables # Local, named variables
local str="Starting ${1} service" local str="Starting ${1} service"
echo ""
echo -ne " ${INFO} ${str}..." echo -ne " ${INFO} ${str}..."
# If systemctl exists, # If systemctl exists,
if command -v systemctl &> /dev/null; then if command -v systemctl &> /dev/null; then
@ -1144,7 +1143,6 @@ start_service() {
enable_service() { enable_service() {
# Local, named variables # Local, named variables
local str="Enabling ${1} service to start on reboot" local str="Enabling ${1} service to start on reboot"
echo ""
echo -ne " ${INFO} ${str}..." echo -ne " ${INFO} ${str}..."
# If systemctl exists, # If systemctl exists,
if command -v systemctl &> /dev/null; then if command -v systemctl &> /dev/null; then
@ -1158,6 +1156,62 @@ enable_service() {
echo -e "${OVER} ${TICK} ${str}" echo -e "${OVER} ${TICK} ${str}"
} }
# Disable service so that it will not with next reboot
disable_service() {
# Local, named variables
local str="Disabling ${1} service"
echo -ne " ${INFO} ${str}..."
# If systemctl exists,
if command -v systemctl &> /dev/null; then
# use that to disable the service
systemctl disable "${1}" &> /dev/null
# Othwerwise,
else
# use update-rc.d to accomplish this
update-rc.d "${1}" disable &> /dev/null
fi
echo -e "${OVER} ${TICK} ${str}"
}
# Mask service so that it cannot be started accidentally
mask_service() {
# Local, named variables
local str="Masking ${1} service"
echo -ne " ${INFO} ${str}..."
# If systemctl exists,
if command -v systemctl &> /dev/null; then
# use that to disable the service
systemctl mask "${1}" &> /dev/null
echo -e "${OVER} ${TICK} ${str}"
# Othwerwise,
else
# use update-rc.d to accomplish this
echo -e "${OVER} ${CROSS} ${str}"
echo -e " ${INFO} systemctl not detected. Cannot mask service."
fi
}
check_service_active() {
# If systemctl exists,
if command -v systemctl &> /dev/null; then
# use that to disable the service
if systemctl status "${1}" | grep -q "Active: active" > /dev/null; then
return 0
else
return 1
fi
# Othwerwise,
else
# fall back to service command
if service "${1}" status | grep "Active: active" > /dev/null; then
return 0
else
return 1
fi
fi
}
update_package_cache() { update_package_cache() {
# Running apt-get update/upgrade with minimal output can cause some issues with # Running apt-get update/upgrade with minimal output can cause some issues with
# requiring user input (e.g password for phpmyadmin see #218) # requiring user input (e.g password for phpmyadmin see #218)
@ -1286,7 +1340,7 @@ install_dependent_packages() {
# Create logfiles if necessary # Create logfiles if necessary
CreateLogFile() { CreateLogFile() {
local str="Creating log and changing owner to dnsmasq" local str="Creating log and changing owner to pihole"
echo "" echo ""
echo -ne " ${INFO} ${str}..." echo -ne " ${INFO} ${str}..."
# If the pihole log does not exist, # If the pihole log does not exist,
@ -1296,7 +1350,7 @@ CreateLogFile() {
# set the permissions, # set the permissions,
chmod 644 /var/log/pihole.log chmod 644 /var/log/pihole.log
# and owners # and owners
chown "${DNSMASQ_USER}":root /var/log/pihole.log chown pihole:root /var/log/pihole.log
echo -e "${OVER} ${TICK} ${str}" echo -e "${OVER} ${TICK} ${str}"
# Otherwise, # Otherwise,
else else
@ -1423,7 +1477,7 @@ configureFirewall() {
# ask if the user wants to install Pi-hole's default firwall rules # ask if the user wants to install Pi-hole's default firwall rules
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \ whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
{ echo -e " ${INFO} Not installing firewall rulesets."; return 0; } { echo -e " ${INFO} Not installing firewall rulesets."; return 0; }
echo -e " ${TICK} Configuring FirewallD for httpd and dnsmasq" echo -e " ${TICK} Configuring FirewallD for httpd and pihole-FTL"
# Allow HTTP and DNS traffice # Allow HTTP and DNS traffice
firewall-cmd --permanent --add-service=http --add-service=dns firewall-cmd --permanent --add-service=http --add-service=dns
# Reload the firewall to apply these changes # Reload the firewall to apply these changes
@ -1734,17 +1788,14 @@ clone_or_update_repos() {
fi fi
} }
# Download and install FTL binary # Download FTL binary to random temp directory and install FTL binary
FTLinstall() { FTLinstall() {
# Local, named variables # Local, named variables
local binary="${1}" local binary="${1}"
local latesttag local latesttag
local orig_dir
local str="Downloading and Installing FTL" local str="Downloading and Installing FTL"
echo -ne " ${INFO} ${str}..." echo -ne " ${INFO} ${str}..."
# Get the current working directory
orig_dir="${PWD}"
# Find the latest version tag for FTL # Find the latest version tag for FTL
latesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}') latesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}')
# Tags should always start with v, check for that. # Tags should always start with v, check for that.
@ -1754,44 +1805,79 @@ FTLinstall() {
return 1 return 1
fi fi
# Move into the temp ftl directory
pushd "$(mktemp -d)" > /dev/null || { echo "Unable to make temporary directory for FTL binary download"; return 1; }
# Always replace pihole-FTL.service # Always replace pihole-FTL.service
install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL"
# If the download worked, local ftlBranch
if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "/tmp/${binary}"; then local url
# get sha1 of the binary we just downloaded for verification. local ftlBranch
curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "/tmp/${binary}.sha1"
if [[ -f "/etc/pihole/ftlbranch" ]];then
ftlBranch=$(</etc/pihole/ftlbranch)
else
ftlBranch="master"
fi
# Determine which version of FTL to download
if [[ "${ftlBranch}" == "master" ]];then
url="https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}"
else
url="https://ftl.pi-hole.net/${ftlBranch}"
fi
# If the download worked,
if curl -sSL --fail "${url}/${binary}" -o "${binary}"; then
# get sha1 of the binary we just downloaded for verification.
curl -sSL --fail "${url}/${binary}.sha1" -o "${binary}.sha1"
# Move into the temp directory
cd /tmp
# If we downloaded binary file (as opposed to text), # If we downloaded binary file (as opposed to text),
if sha1sum --status --quiet -c "${binary}".sha1; then if sha1sum --status --quiet -c "${binary}".sha1; then
echo -n "transferred... " echo -n "transferred... "
# Stop FTL # Stop FTL
stop_service pihole-FTL &> /dev/null stop_service pihole-FTL &> /dev/null
# Install the new version with the correct permissions # Install the new version with the correct permissions
install -T -m 0755 /tmp/${binary} /usr/bin/pihole-FTL install -T -m 0755 "${binary}" /usr/bin/pihole-FTL
# Remove the tempoary file
rm /tmp/${binary} /tmp/${binary}.sha1
# Move back into the original directory the user was in # Move back into the original directory the user was in
cd "${orig_dir}" popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; }
# Install the FTL service # Install the FTL service
echo -e "${OVER} ${TICK} ${str}" echo -e "${OVER} ${TICK} ${str}"
# If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq
if pihole-FTL --resolver > /dev/null; then
if [[ $(which dnsmasq 2>/dev/null) ]]; then
if check_service_active "dnsmasq";then
echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately"
stop_service dnsmasq
disable_service dnsmasq
mask_service dnsmasq
fi
fi
#ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d`
confdir="conf-dir=/etc/dnsmasq.d"
conffile="/etc/dnsmasq.conf"
if ! grep -q "$confdir" "$conffile"; then
echo "$confdir" >> "$conffile"
fi
fi
return 0 return 0
# Otherise, # Otherise,
else else
# the download failed, so just go back to the original directory
popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; }
echo -e "${OVER} ${CROSS} ${str}" echo -e "${OVER} ${CROSS} ${str}"
echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}"
# the download failed, so just go back to the original directory
cd "${orig_dir}"
return 1 return 1
fi fi
# Otherwise, # Otherwise,
else else
cd "${orig_dir}" popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; }
echo -e "${OVER} ${CROSS} ${str}" echo -e "${OVER} ${CROSS} ${str}"
# The URL could not be found # The URL could not be found
echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}"
return 1
fi fi
} }
@ -1869,30 +1955,47 @@ FTLdetect() {
local ftlLoc=$(which pihole-FTL 2>/dev/null) local ftlLoc=$(which pihole-FTL 2>/dev/null)
if [[ ${ftlLoc} ]]; then local ftlBranch
local FTLversion=$(/usr/bin/pihole-FTL tag)
local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then if [[ -f "/etc/pihole/ftlbranch" ]];then
# Install FTL ftlBranch=$(</etc/pihole/ftlbranch)
FTLinstall "${binary}" || return 1 else
else ftlBranch="master"
echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..."
local remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
local localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
echo -e " ${INFO} Corruption detected..."
FTLinstall "${binary}" || return 1
else
echo -e " ${INFO} Checksum correct. No need to download!"
fi
fi
else
# Install FTL
FTLinstall "${binary}" || return 1
fi fi
if [[ ! "${ftlBranch}" == "master" ]]; then
FTLinstall "${binary}" || return 1
else
if [[ ${ftlLoc} ]]; then
local FTLversion
FTLversion=$(/usr/bin/pihole-FTL tag)
local FTLlatesttag
FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
# Install FTL
FTLinstall "${binary}" || return 1
else
echo -e " ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..."
local remoteSha1
remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
local localSha1
localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
echo -e " ${INFO} Corruption detected..."
FTLinstall "${binary}" || return 1
else
echo -e " ${INFO} Checksum correct. No need to download!"
fi
fi
else
# Install FTL
FTLinstall "${binary}" || return 1
fi
fi
echo ""
} }
make_temporary_log() { make_temporary_log() {
@ -2004,7 +2107,19 @@ main() {
# Create directory for Pi-hole storage # Create directory for Pi-hole storage
mkdir -p /etc/pihole/ mkdir -p /etc/pihole/
stop_service dnsmasq #Do we need to stop pihole-FTL or dnsmasq(if coming from an old install)?
if [[ $(which pihole-FTL 2>/dev/null) ]]; then
if pihole-FTL --resolver > /dev/null; then
stop_service pihole-FTL
else
stop_service dnsmasq
fi
else
if [[ $(which dnsmasq 2>/dev/null) ]]; then
stop_service dnsmasq
fi
fi
if [[ "${INSTALL_WEB}" == true ]]; then if [[ "${INSTALL_WEB}" == true ]]; then
stop_service lighttpd stop_service lighttpd
fi fi
@ -2097,8 +2212,11 @@ main() {
echo -e " ${INFO} Restarting services..." echo -e " ${INFO} Restarting services..."
# Start services # Start services
start_service dnsmasq # Only start and enable dnsmasq if FTL does not have the --resolver switch
enable_service dnsmasq if ! pihole-FTL --resolver > /dev/null; then
start_service dnsmasq
enable_service dnsmasq
fi
# If the Web server was installed, # If the Web server was installed,
if [[ "${INSTALL_WEB}" == true ]]; then if [[ "${INSTALL_WEB}" == true ]]; then

View file

@ -11,6 +11,8 @@
# This file is copyright under the latest version of the EUPL. # This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license. # Please see LICENSE file for your rights under this license.
export LC_ALL=C
coltable="/opt/pihole/COL_TABLE" coltable="/opt/pihole/COL_TABLE"
source "${coltable}" source "${coltable}"
@ -506,7 +508,12 @@ gravity_ParseBlacklistDomains() {
# Empty $accretionDisc if it already exists, otherwise, create it # Empty $accretionDisc if it already exists, otherwise, create it
: > "${piholeDir}/${accretionDisc}" : > "${piholeDir}/${accretionDisc}"
gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" if [[ -f "${piholeDir}/${whitelistMatter}" ]]; then
gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}"
else
# There was no whitelist file, so use preEventHorizon instead of whitelistMatter.
gravity_ParseDomainsIntoHosts "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
fi
# Move the file over as /etc/pihole/gravity.list so dnsmasq can use it # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it
output=$( { mv "${piholeDir}/${accretionDisc}" "${adList}"; } 2>&1 ) output=$( { mv "${piholeDir}/${accretionDisc}" "${adList}"; } 2>&1 )

View file

@ -80,7 +80,7 @@ def test_configureFirewall_firewalld_running_no_errors(Pihole):
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
configureFirewall configureFirewall
''') ''')
expected_stdout = 'Configuring FirewallD for httpd and dnsmasq' expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL'
assert expected_stdout in configureFirewall.stdout assert expected_stdout in configureFirewall.stdout
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
assert 'firewall-cmd --state' in firewall_calls assert 'firewall-cmd --state' in firewall_calls