With `sudo -E`, the whole environment is passed to the root shell, which is a potential security and/or privacy issue when command overrides/functions, PATH or private user info are passed. To pass `PIHOLE_SKIP_OS_CHECK=true`, it can be passed alone to the bash/script call within the sudo session, so the `-E` flag can be omitted.
Signed-off-by: MichaIng <micha@dietpi.com>
Since Debian Stretch and Ubuntu Bionic, the "netcat" package is a transitional dummy package which pulls in "netcat-traditional" on Debian Stretch+Buster and Ubuntu Bionic, and "netcat-openbsd" on Debian Bullseye, Ubuntu Focal and up.
On Debian Bookworm (testing), however, the "netcat" package has been removed during the last 3 days at time or writing, so that it fails do be installed. While "netcat-traditional" and "netcat-openbsd" both "Provides: netcat", since it's two alternatives, APT does not automatically pick one but aborts, and the only solution is to install one explicitly.
While this is likely a temporary state of the Debian testing suite, having a closer look at the two alternatives shows that "netcat-openbsd" is a much more actively maintained newer version with additional support for IPv6, proxies, and UNIX sockets, which is likely the reason for the gradual transition via meta package from "netcat-traditional" to "netcat-openbsd". This commit hence consequently follows this aim by skipping the transitional dummy package and installing "netcat-openbsd" explicitly as dependency, to avoid any possible errors like the one which occurs currently on Bookworm.
Both packages can be installed concurrently and do no conflict, but are managed via dpkg's "update-alternatives".
For reference:
- https://packages.debian.org/netcat
- https://packages.ubuntu.com/netcat
Signed-off-by: MichaIng <micha@dietpi.com>
* Use ss instead of lsof for pihole status checks
Signed-off-by: DL6ER <dl6er@dl6er.de>
* Use ss FILTER instead of piping into bash
Signed-off-by: DL6ER <dl6er@dl6er.de>
* Use ss in debug log generation
Signed-off-by: DL6ER <dl6er@dl6er.de>
* Remove lsof from dependencies
Signed-off-by: DL6ER <dl6er@dl6er.de>
* Some shellchecks in basic-install.sh
Signed-off-by: ChillerDragon <ChillerDragon@gmail.com>
* Use more explicit grep (thanks to @MichaIng)
Signed-off-by: ChillerDragon <ChillerDragon@gmail.com>
This solves the issue reported here: https://github.com/pi-hole/pi-hole/issues/4196
It replaces the other suggested solution here: https://github.com/pi-hole/pi-hole/pull/4197
The benefit of using a fixed/limited list height, compared to allowing larger whiptail/dialogue dimension, is that it works on small screens as well, where the screen or console size itself is too small to hold the interface list + text above + whiptail frame.
It the amount of list elements exceeds the defined list height, automatically a visual scroll bar is added and the list can be scrolled with up/down pageup/pagedown buttons, hence it is generally not required to adjust a list height based on the amount of elements. The fixed height of "6" is chosen since all other "--radiolist" calls use this fixed height as well, it fits and looks good within a 20 rows high whiptail dialogue, and in the common Pi-hole use cases there are no more than 6 network interfaces.
Signed-off-by: MichaIng <micha@dietpi.com>
The phpInsNewer variable is not set anymore, so that the JSON module is now always tried to be installed. Instead of checking for phpInsNewer to derive whether PHP was installed already, phpInsMajor is now checked. If it is set, PHP is installed already, and only if the major version is lower than 8, the JSON module can be installed.
Signed-off-by: MichaIng <micha@dietpi.com>
Add some smoke tests for the repository.
- Add x bit to piholeCheckout.sh. Possibly not needed, but consistency is no bad thing
- Ensure all files in script directorys have executable bit set
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
The script defines variables for the most important file paths which are not always used to call the file paths. "lighttpdConfig" was never used in the script itself, so that a shellcheck exception needed to be used. With this change, the defined variables are consequently used, which makes the shellcheck exception obsolete as well.
Additionally the assigned strings are quoted, which is not necessary here but aligns with the coding standard and highlights the strings in most editors and development platforms for developer convenience.
Signed-off-by: MichaIng <micha@dietpi.com>
* Do not export unconditionally
Signed-off-by: Christian König <ckoenig@posteo.de>
* Check if variable is unset instead of grep for it
Signed-off-by: Christian König <ckoenig@posteo.de>
* Use bash's buld in word syntax
Signed-off-by: Christian König <ckoenig@posteo.de>
* Move export back to their brothers
Signed-off-by: Christian König <ckoenig@posteo.de>
The installer contains three checks for specific DEB package names, which did change in past Debian/Ubuntu versions. These checks are obsolete with the current set of supported distro versions:
iproute vs iproute2: All distro versions down to Debian Jessie and Ubuntu Xenial ship the iproute2 package:
- https://packages.debian.org/search?keywords=iproute
- https://packages.ubuntu.com/search?suite=all&keywords=iproute
php5 vs php: None of the Ubuntu version down to Xenial and only Debian Jessie ships the php5 package:
- https://packages.debian.org/search?keywords=php5
- https://packages.ubuntu.com/search?suite=all&keywords=php5
Moreover, installs with PHP5 would fail anyway for a longer time, due to the added php-xml module package, which became a dedicated package with PHP7.0 while being part of the core package with PHP5:
- https://packages.debian.org/search?keywords=php5-xml
php-sqlite vs php-sqlite3: With PHP7, the SQLite module package name changed to sqlite3 prefix:
- https://packages.debian.org/search?keywords=php-sqlite
- https://packages.ubuntu.com/search?suite=all&keywords=php-sqlite
Additionally the code comment about minimal apt-get call output was moved to the actual apt-get install call section, as if refers to issues with package installs that require interactive action and hence output about it to the console. The package cache update as well requires an interactive confirmation when the underlying suite code name changes, e.g. when "buster" becomes "oldstable" and "bullseye" becomes "stable". But that is not what the referred issue was about.
The comments around the installer and Pi-hole package dependencies have been aligned with the current v6 branch as attempt to resolve merge conflicts in the first place.
Signed-off-by: MichaIng <micha@dietpi.com>
* Select proper PHP version on RPM based OS after INSTALLER_DEPS have been installed
* Remove check for unsupported RPM distros as it is checked in os_check already
* Add select_rpm_php function to tox tests
Signed-off-by: Christian König <ckoenig@posteo.de>
With the suggested way to call the installer via "curl -sSL https://install.pi-hole.net | bash", STDIN is no terminal, but overridden by the curl output, hence in most cases, the minimum dimensions were applied, even on larger screens. All whiptail calls are hence assured to work fine with those dimensions, aside of one case, making the calculations obsolete.
This commit hardcodes the whiptail dimensions to the prior minimum and removes the calculations. This also helps with testing, as it does not matter anymore how the script is called, and developers have a clearly defined space to make dialogs look nice, including line breaks, menu and list heights.
The only case which does not fit the 70 character width, the second menu entry of the "pihole -r" dialog, has been shortened accordingly. This was not an issue before, as "pihole -r" does not override the scripts STDIN and hence did allow larger dimensions based on the now removed calculations.
See the following discussions for reference:
- https://github.com/pi-hole/pi-hole/issues/3323
- https://github.com/pi-hole/pi-hole/pull/4197#issuecomment-876702380
Signed-off-by: MichaIng <micha@dietpi.com>
1. Ensure we have a compatible package manager
2. Install required packages for os_check to run (we need dnsutils and grep for this
3. Try to install FTL
4. FTL installed? Install installer dependencies and continue as normal - no other dependencies are installed until user has gone through all whiptails
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
The statement "All dependencies are safe to remove on Raspbian" has been added at a time where a much smaller list of dependencies were installed, all indeed relatively safe to purge. Nowadays this list has grown and includes important system packages, like iproute2, psmisc, sudo, curl and others, which are often again dependencies of other packages, like network stacks (ifupdown) and others, so that inexperienced users, following that statement, may break their systems network capabilities and more.
This message has hence been removed.
Signed-off-by: MichaIng <micha@dietpi.com>
sysconfig network scripts are missing on pure NetworkManager installs.
This commit touches a placeholder to allow the network configuration to
be generated and loaded via NetworkManager.
Signed-off-by: bcambl <blayne@blaynecampbell.com>
- "apt-cache show package" succeeds as well if package is listed as (optional) dependency or conflict by another package, hence is not a 100% reliable measure.
- There is no command which explicitly checks which package/name can be selected by apt-get for install. An install simulation/dry-run is possible as it was before Pi-hole v5.1, or the whole package cache can be scraped, which is still the less time consuming solution.
- Allow to succeed if another package "provides" it, like "php7.3-apcu" provided by "php-apcu" or "awk" provided by "mawk" and "gawk", in which case the non-virtual package is selected automatically by apt-get.
For reference: 066b89fa41
Signed-off-by: MichaIng <micha@dietpi.com>
+ Do not ask to install the web server, if the web interface has been deselected before.
+ Add additional info, that PHP modules need to be installed manually, when web server is deselected and the web server user needs to be member of the "pihole" group.
+ Consequently use webroot variable instead of /var/www/html
Signed-off-by: MichaIng <micha@dietpi.com>
If an user installs Pi-hole without selecting any adlists, the installer emits a warning and exits. By touching the file this is prevented.
Signed-off-by: jesterchen <github@jesterweb.de>
* use https when possible
* replace coverage with a link to the docs page in README.md
* remove obsolete affiliate link in README.md
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
"$network" on a systemd-driven OS leads to "After=network-online.target" in the generated systemd unit.
This target is no guarantee that all network interfaces have been fully configured, as it depends on the related network services types, but at least it reduces the risk that those have not fully finished their job when pihole-FTL starts. If this is the case, certain issues can occur:
- https://github.com/pi-hole/pi-hole/issues/2924
- https://discourse.pi-hole.net/t/have-to-pihole-restartdns-after-reboot/28772
Runtime files are now consistently created in "/run" instead of "/var/run". The second is a symlink to the first for backwards compatibility but on none-ancient distro versions one should use "/run", systemd even prints a warnings if service files use "/var/run". The service file used "/run" and "/var/run" both, in cases for the same files/directories before, which does not directly cause issues currently, due to the symlink, but is inconsistent at best.
Signed-off-by: MichaIng <micha@dietpi.com>
- Currently, if the SELinux config file exists, installed SELinux is assumed.
- But removing e.g. an APT package via "apt-get remove" leaves config files in place, or they could be present for other reasons.
- If the getenforce command is not present but the config file is, currently the installer exists without error message when calling getenforce due to "set -e".
- With this change, the presence of getenforce command is checked first. If it is not present, selinux-utils is not installed, which is a core part of SELinux, pulled in by selinux-basics as well. So it can be assumed that no SELinux is active if this command is missing.
Signed-off-by: MichaIng <micha@dietpi.com>
This is and was never required and the pihole user does in fact not get any additional permissions through that group.
Signed-off-by: MichaIng <micha@dietpi.com>
Using the meta package causes several issues:
- Install on Debian prior to Jessie and Ubuntu prior to Xenial is broken, since those do not serve the meta packages but php5-* packages instead.
- If $phpVer != "php", then multiple conflicting PHP versions can be installed.
- If "${phpVer}-intl" does not pull the correct package, then inherently "${phpVer}-xml" etc are wrong, too. This is theoretically possible, e.g. if PHP7.4 was installed while the webserver uses a concurrently installed PHP7.3 instance. Then the "php" shell command output can differ from what the webserver uses. This theoretical issue would need a different approach to derive $phpVer, not based on the shell command output but by asking the webserver somehow in the first place. But using $phpVer for some modules and hardcoded meta for the others can only lead to inconsistencies and issues.
Signed-off-by: MichaIng <micha@dietpi.com>
When checking for available packages in APT repository, running a dry-run install can fail for other reasons, even if the package is available. Currently, in such case, wrong fallback packages are selected: https://github.com/pi-hole/pi-hole/issues/2888
"apt-cache show <pkg>" is a quicker method to check for available packages. This is now done as well to check if the fallbacks are available. If none is found, the installer exits with meaningful error message and exit code.
In rare cases, the APT list files can be missing when the installer is started. E.g. this could be on a fresh system, APT lists could have been moved to RAM or removed as a cleanup step. "apt-cache" calls will then fail, same as dry-run installs were. To assure that current package lists are checked, update the package cache directly after the Ubuntu universe repo has been added, only in the Debian/Ubuntu block. This renders the variable handling in RH/Fedora block obsolete.
Signed-off-by: MichaIng <micha@dietpi.com>
1- 1.1.1.2 (No Malware)
2- 1.1.1.3 (No Malware or Adult Content)
This would allow parents to have more control over the safety of their family's network.
Signed-off-by: Mohammed-Swillam <moh.sayed@hotmail.com>
Commit dc35709a1b ("Remove hosts-file.net from default lists") left a
few references to hosts-file.net. Removes them.
Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
The new version of the installer moved from debconf-apt-progress to raw apt-get output on installs to solve issues with interactive config file choices. This lead to a largely increases amount of output lines of the installer. To reduce the apt-get output to a minimum, while sustaining interactive input in case of config files, the "-qq" option can be used, which inherits "--yes":
- https://manpages.debian.org/buster/apt/apt-get.8.en.html#OPTIONS
- https://manpages.ubuntu.com/manpages/bionic/man8/apt-get.8.html#options
Signed-off-by: MichaIng <micha@dietpi.com>
PHP dependency php-json is now required for both the latest Fedora and CentOS.
Package php-json will now be a default web dependency and removed from PIHOLE_WEB_DEPS when installing on CentOS7.
Signed-off-by: bcambl <blayne@blaynecampbell.com>
Always ensure we have the correct machine arch by storing to/reading from a file rather than depending on global variable that for some reason is not always populated...
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
no need for global variable
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Use a file in the temporary FTL download directory
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Local binary variable named to l_binary. Disambiguate from global binary.
Allow 'binary' to be shadowed for testing.
Use ./ftlbinary in all operations.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Revert shadow ability on binary variable.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Remove unused tests, binary variable can not be overridden.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
This should work here, too
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
binary name is passed through from pihole checkout
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Add comments
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
OK, let's try it this way again
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
we might be getting somewhere.. squash after this I think!
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This is a test to see if it fixes the aarch64 test (we are definitely squashing these commits
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
fix the rest of the tests
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Remove trailing whitespace in the files we've touched here
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
+ Print restart hint after setting IPv4 address on a separate line with [i] prefix to not break text alignment
+ Print final upstream DNS choice as a single printf call and by this fix missing info and linebreak on "Custom" choices.
+ Minor if/then/else code alignment
Signed-off-by: MichaIng <micha@dietpi.com>
The Pi-hole project does not ship a custom SELinux policy as the required policy would lower the overall system security.
Users who require SELinux to be enforcing are encouraged to create an custom policy on a case-by-case basis.
Signed-off-by: bcambl <blayne@blaynecampbell.com>
The headers containing the latest FTL tag were not properly input to the
command (`<` vs `<<<`). This caused Bash to try and open the file named
after the header string, which does not exist.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
Previously, install_dependent_packages would receive an array variable
name as its single parameter, and would use variable indirection to
access it; this change simplifies that function so that it instead
receives the expanded array.
Signed-off-by: David Haguenauer <ml@kurokatta.org>
The 403 lighttpd errors were caused by removing the lighttpd config
directory and not removing lighttpd itself. This caused a subsequent
Pi-hole reinstall to not have all of the required lighttpd config files.
The error while removing packages was caused by combining arguments into
a string instead of listing each argument.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
chkconfig is a dependency of spawn-fcgi which is a dependency of lighttpd which is installed via PIHOLE_WEB_DEPS in phase 2
adding chkconfig to INSTALLER_DEPS to ensure /etc/init.d is present during the installation prompts (phase 1)
Signed-off-by: bcambl <blayne@blaynecampbell.com>