"$network" on a systemd-driven OS leads to "After=network-online.target" in the generated systemd unit.
This target is no guarantee that all network interfaces have been fully configured, as it depends on the related network services types, but at least it reduces the risk that those have not fully finished their job when pihole-FTL starts. If this is the case, certain issues can occur:
- https://github.com/pi-hole/pi-hole/issues/2924
- https://discourse.pi-hole.net/t/have-to-pihole-restartdns-after-reboot/28772
Runtime files are now consistently created in "/run" instead of "/var/run". The second is a symlink to the first for backwards compatibility but on none-ancient distro versions one should use "/run", systemd even prints a warnings if service files use "/var/run". The service file used "/run" and "/var/run" both, in cases for the same files/directories before, which does not directly cause issues currently, due to the symlink, but is inconsistent at best.
Signed-off-by: MichaIng <micha@dietpi.com>
- Currently, if the SELinux config file exists, installed SELinux is assumed.
- But removing e.g. an APT package via "apt-get remove" leaves config files in place, or they could be present for other reasons.
- If the getenforce command is not present but the config file is, currently the installer exists without error message when calling getenforce due to "set -e".
- With this change, the presence of getenforce command is checked first. If it is not present, selinux-utils is not installed, which is a core part of SELinux, pulled in by selinux-basics as well. So it can be assumed that no SELinux is active if this command is missing.
Signed-off-by: MichaIng <micha@dietpi.com>
This is and was never required and the pihole user does in fact not get any additional permissions through that group.
Signed-off-by: MichaIng <micha@dietpi.com>
Using the meta package causes several issues:
- Install on Debian prior to Jessie and Ubuntu prior to Xenial is broken, since those do not serve the meta packages but php5-* packages instead.
- If $phpVer != "php", then multiple conflicting PHP versions can be installed.
- If "${phpVer}-intl" does not pull the correct package, then inherently "${phpVer}-xml" etc are wrong, too. This is theoretically possible, e.g. if PHP7.4 was installed while the webserver uses a concurrently installed PHP7.3 instance. Then the "php" shell command output can differ from what the webserver uses. This theoretical issue would need a different approach to derive $phpVer, not based on the shell command output but by asking the webserver somehow in the first place. But using $phpVer for some modules and hardcoded meta for the others can only lead to inconsistencies and issues.
Signed-off-by: MichaIng <micha@dietpi.com>
When checking for available packages in APT repository, running a dry-run install can fail for other reasons, even if the package is available. Currently, in such case, wrong fallback packages are selected: https://github.com/pi-hole/pi-hole/issues/2888
"apt-cache show <pkg>" is a quicker method to check for available packages. This is now done as well to check if the fallbacks are available. If none is found, the installer exits with meaningful error message and exit code.
In rare cases, the APT list files can be missing when the installer is started. E.g. this could be on a fresh system, APT lists could have been moved to RAM or removed as a cleanup step. "apt-cache" calls will then fail, same as dry-run installs were. To assure that current package lists are checked, update the package cache directly after the Ubuntu universe repo has been added, only in the Debian/Ubuntu block. This renders the variable handling in RH/Fedora block obsolete.
Signed-off-by: MichaIng <micha@dietpi.com>
1- 1.1.1.2 (No Malware)
2- 1.1.1.3 (No Malware or Adult Content)
This would allow parents to have more control over the safety of their family's network.
Signed-off-by: Mohammed-Swillam <moh.sayed@hotmail.com>
Commit dc35709a1b ("Remove hosts-file.net from default lists") left a
few references to hosts-file.net. Removes them.
Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
The new version of the installer moved from debconf-apt-progress to raw apt-get output on installs to solve issues with interactive config file choices. This lead to a largely increases amount of output lines of the installer. To reduce the apt-get output to a minimum, while sustaining interactive input in case of config files, the "-qq" option can be used, which inherits "--yes":
- https://manpages.debian.org/buster/apt/apt-get.8.en.html#OPTIONS
- https://manpages.ubuntu.com/manpages/bionic/man8/apt-get.8.html#options
Signed-off-by: MichaIng <micha@dietpi.com>
PHP dependency php-json is now required for both the latest Fedora and CentOS.
Package php-json will now be a default web dependency and removed from PIHOLE_WEB_DEPS when installing on CentOS7.
Signed-off-by: bcambl <blayne@blaynecampbell.com>
Always ensure we have the correct machine arch by storing to/reading from a file rather than depending on global variable that for some reason is not always populated...
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
no need for global variable
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Use a file in the temporary FTL download directory
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Local binary variable named to l_binary. Disambiguate from global binary.
Allow 'binary' to be shadowed for testing.
Use ./ftlbinary in all operations.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Revert shadow ability on binary variable.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Remove unused tests, binary variable can not be overridden.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
This should work here, too
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
binary name is passed through from pihole checkout
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Add comments
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
OK, let's try it this way again
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
we might be getting somewhere.. squash after this I think!
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This is a test to see if it fixes the aarch64 test (we are definitely squashing these commits
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
fix the rest of the tests
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Remove trailing whitespace in the files we've touched here
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
+ Print restart hint after setting IPv4 address on a separate line with [i] prefix to not break text alignment
+ Print final upstream DNS choice as a single printf call and by this fix missing info and linebreak on "Custom" choices.
+ Minor if/then/else code alignment
Signed-off-by: MichaIng <micha@dietpi.com>
The Pi-hole project does not ship a custom SELinux policy as the required policy would lower the overall system security.
Users who require SELinux to be enforcing are encouraged to create an custom policy on a case-by-case basis.
Signed-off-by: bcambl <blayne@blaynecampbell.com>
The headers containing the latest FTL tag were not properly input to the
command (`<` vs `<<<`). This caused Bash to try and open the file named
after the header string, which does not exist.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
Previously, install_dependent_packages would receive an array variable
name as its single parameter, and would use variable indirection to
access it; this change simplifies that function so that it instead
receives the expanded array.
Signed-off-by: David Haguenauer <ml@kurokatta.org>
The 403 lighttpd errors were caused by removing the lighttpd config
directory and not removing lighttpd itself. This caused a subsequent
Pi-hole reinstall to not have all of the required lighttpd config files.
The error while removing packages was caused by combining arguments into
a string instead of listing each argument.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
chkconfig is a dependency of spawn-fcgi which is a dependency of lighttpd which is installed via PIHOLE_WEB_DEPS in phase 2
adding chkconfig to INSTALLER_DEPS to ensure /etc/init.d is present during the installation prompts (phase 1)
Signed-off-by: bcambl <blayne@blaynecampbell.com>
During install in `valid_ip`, we split up the IP address into octets to verify it is valid (each is <= 255).
This validation was broken in #2743 when a variable usage was quoted where it should have stayed unquoted:
```
./automated install/basic-install.sh: line 942: [[: 192.241.211.120: syntax error: invalid arithmetic operator (error token is ".241.211.120")
```
Due to this error, `127.0.0.1` would be used instead of the requested IP address. Also, this prevented the user from entering a custom DNS server as it would be marked as an invalid IP address.
Signed-off-by: Mark Drobnak <mark.drobnak@gmail.com>
chkconfig is a dependency of spawn-fcgi which is a dependency of lighttpd which is installed via PIHOLE_WEB_DEPS in phase 2
adding chkconfig to INSTALLER_DEPS to ensure /etc/init.d is present during the installation prompts (phase 1)
Signed-off-by: bcambl <blayne@blaynecampbell.com>
The 403 lighttpd errors were caused by removing the lighttpd config
directory and not removing lighttpd itself. This caused a subsequent
Pi-hole reinstall to not have all of the required lighttpd config files.
The error while removing packages was caused by combining arguments into
a string instead of listing each argument.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
Previously, install_dependent_packages would receive an array variable
name as its single parameter, and would use variable indirection to
access it; this change simplifies that function so that it instead
receives the expanded array.
Signed-off-by: David Haguenauer <ml@kurokatta.org>
This greatly reduces the number of warnings emitted by ShellCheck, and
in turn should make it more likely that errors are caught in the
future.
Signed-off-by: David Haguenauer <ml@kurokatta.org>
Fixes the typo in update_package_cache(), where the error message
contained the color code twice, instead of the $UPDATE_PKG_CACHE text.
Signed-off-by: Jan Piskvor Martinec <github@piskvor.org>
Only a user has been created beforehand. Only some distributions create
a group with the same name based on their configuration. We cannot
assume this is always the default.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
`sqlite3` is provided by the `sqlite` package on CentOS & Fedora
Signed-off-by: bcambl <blayne@blaynecampbell.com>
(cherry picked from commit 724afc000f)
- move some logic from setStaticIPv4 to setDHCPCD
- breakout ifcfg configuration into separate function which takes a config path as an argument
- setStaticIPv4 now checks for configs and calls the appropriate function accordingly
- add logic to check ifcfg file by _connection name_ if file is not found by _interface name_
Signed-off-by: bcambl <blayne@blaynecampbell.com>
It has a bug/regression causing it to fail if external.conf does not exist,
so touch external.conf when installing lighttpd config
Signed-off-by: Mark Drobnak <mark.drobnak@gmail.com>
- FedBerry (Fedora based ARM image)
- Scientific Linux (CentOS based)
- Add prompt to continue installing on unsupported RPM based distros
Signed-off-by: bcambl <blayne@blaynecampbell.com>
The other permission calls will always be run so that the file is in the
expected state after install and repair.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
I could not find documentation on a `--head` flag, but there is a `--heads` flag which does the same thing.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
The only use of net-tools is the use of route in chronometer.sh so
instead use the same method as used in piholeDebug.sh to get the
default gateway so there's no need to depend on net-tools anylonger.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Fixed up the version checking. Thanks for your help @dschaper.
No longer uses the version string as returned, but uses the major and minor version numbers extracted from it, against the minimum of 5.5.
Tested against real install of php 7.0, (and the version check logic separately tested against a variety of artificial version numbers, of multiple digits for both major and minor version. - Lesson learned, I'm never trusting bash again)
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
This hands checking of lighttpd's status over to the existing check_service_active() function.
All other checks of service status within the install script are handled by this function.
Use of existing function:
Avoids duplication of service detection logic.
Uses return code to determine status, thereby avoids parsing text to determine status, and reliance on English language locale to determine activity, (which may also be broken on some systems (# 2204)
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
Tests for presence of pihole man page.
If it is present, deletes it and runs man-db to rebuild manual database.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
Function to install man page.
Verifies that man pages are installed, and correct directory for the pihole manpage is present.
Copies file, and runs man-db to update man page database.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* remove package_check to avoid situations like #1760
Signed-off-by: Adam Warner <adamw@rner.email>
* Prevent redundant entries in to adlists.list
Grep ${args[3]} and only add if grep -c -eq 0
Signed-off-by: Ryan Knapper <ryanknapper@gmail.com>
* lan to local
Reduced differences.
Signed-off-by: Ryan Knapper <ryanknapper@gmail.com>
* Require exact match
Updated to require an exact match to reduce false-positives, as suggested by DL6ER.
Signed-off-by: Ryan Knapper <ryanknapper@gmail.com>
* fix empty ports on some systems
Signed-off-by: Jacob Salmela <jacob.salmela@pi-hole.net>
* debug user locale; improve function to parse variables and files
Signed-off-by: Jacob Salmela <jacob.salmela@pi-hole.net>
* Split declaration and population for stickler.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* implement dschapers suggestions--better command, less subshells, and finer formatting
Signed-off-by: Jacob Salmela <jacob.salmela@pi-hole.net>
* flip uninstall compatability check
Signed-off-by: bcambl <blayne@blaynecampbell.com>
* Update index.php
Avoiding calling empty() on a function allows this to work under PHP5. Making the check for blocklist generation in this way instead is compatible with both PHP5 and PHP7.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* Update index.php
thanks stickler-ci .......
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* changes as requested
changes as requested
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* oh stickler bot...
accidentally a space
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* linting: Double quote to prevent globbing and word splitting
Signed-off-by: bcambl <blayne@blaynecampbell.com>
* unbind resolved on ubuntu 18.04
Stop systemd-resolved from interfering with dnsmasq/ftl
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* restore resolvd.conf
If dnsmasq is removed, resolved will need to be restored.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* Update uninstall.sh
Signed-off-by: Rob Gill <rrobgill@protonmail.com>>
* Minor correction for double instance of the word "found".
Signed-off-by: RamSet <RamSet@gmail.com>
* message text
Signed-off-by: Rob Gill <rrobgill@protonmail.com>>
* relocate as function
The check for systemd-resolved DNSStubListener, and disabling as necessary is a new function, called just prior to start_service pihole-FTL.
The check for ubuntu bionic 18.04 specifically is removed.
The check if resolved is enabled is made with check_service_active()
An additional check that the dnsstublistener is enabled is made.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* Regex & case fix
grep & sed regexes match commented or uncommented
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* Update basic-install.sh
Force reloading of relsolved config where available
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* reload resloved
reload resolved config if possible, restart otherwise
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* user-facing messages
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
* move & clarify comments
So... originally no changes were made to the code, but Stickler-bot was unimpressed, so I've followed its suggestions.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
uninstall.sh contains a mix of tabs and spaces for indentation in different parts of the file.
Everywhere that used tabs has been converted to spaces, compatible with the indentation style used in basic_install.sh
No code has been altered, only the use of tabs and spaces in indention.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
The check for systemd-resolved DNSStubListener, and disabling as necessary is a new function, called just prior to start_service pihole-FTL.
The check for ubuntu bionic 18.04 specifically is removed.
The check if resolved is enabled is made with check_service_active()
An additional check that the dnsstublistener is enabled is made.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
- Move some functions from checkout to basic-install
- provide helpful error message on downlaod not existing
Signed-off-by: Adam Warner <adamw@rner.email>
This bug was introduced by #1758 where the CIDR was removed from the static IP check.
The CIDR was acting as a boundary so we need to test for a boundary or a slash character.
Signed-off-by: bcambl <blayne@blaynecampbell.com>
Removed updatePihole() function and updated if/then statements in installPihole() and main(). Corrected minor typos.
Signed-off-by: Fauxsys <fiber.cipher@gmail.com>
+ Fix indentation
+ Stick with case, add "On" to provide INFO print out, although its not
technically required as INSTALL_WEB_SERVER=true is default value.
Debian 9.4 does not install `psmisc` by default and the following error will happen during installation:
```
[✗] /usr/local/bin/pihole: line 353: killall: command not found
/usr/local/bin/pihole: line 364: killall: command not found
```
This patch adds `psmisc` (that contains `killall`) as dependency
Signed-off-by: Michele Bologna <michele.bologna@gmail.com>
Remove duplicate code. get_binary_name is now in the install script
Add some "version" checking to ftl download when using an alt branch, uses checksum
Greatly simplify update process. Source pihole-FTL version checker from basic-install.sh
Always run install script to finalise changes.
Install script now outputs versions after an update
(This is a Squash of previous work into one commit)
Signed-off-by: Adam Warner <adamw@rner.email>
With a very minor code change, individuals can now implement restrictions on dangers, disturbing, or otherwise adult oriented content without the need for managed restrictions.
This is a fairly non-invasive change and will benefit users who intend to use VPN for home or small business uses where access to such material may be undesirable.
- Some formatting tweaks to the `start_service` `stop_`service` `disable_service` and `enable_service` commands
Signed-off-by: Adam Warner <adamw@rner.email>
- Check if downloaded binary file can resolve queries, if so stop and disable dnsmasq
- Add service_disable function
- Add dependency libcap2-bin on debian to enable setcap. Need to check other distos
-Always download FTL binary if /etc/pihole/ftlbranch does not contain "master"
- Change some strings/variables that reference dnsmasq and change them to pihole/pihole-FTL
Signed-off-by: Adam Warner <adamw@rner.email>
Do not expect CIDR format IP addresses in /etc/sysconfig/network-scripts/ifcfg-* files as it is not a requirement.
Expect only:
IPADDR=10.10.10.10
Do not expect:
IPADDR=10.10.10.10/24