mirror of
https://github.com/pi-hole/pi-hole.git
synced 2024-11-24 23:23:42 +00:00
9a68adf36f
In general: - Each script reruns itself as either root or pihole. Any $SUDO variables are removed. - Two new scripts are created that need to be run as root. - The installer creates a file in sudoers.d that allows the pihole user to run the above two scripts as root. piholeReloadServices.sh: Script to reload dnsmasq (or start it if required). piholeSetPermissions.sh: Script to set the permissions on /etc/pihole basic-install.sh: - Copy two new scripts. - Set owner and permissions on /etc/pihole - Install the sudoers file to allow the pihole user to run certain scripts as root without a password. uninstall.sh: - Remote two new scripts. - Remove sudoers file gravity.sh: - Rerun as pihole user. - Use sudo for setting permissions and reloading services. - Replaced chmod 777 with piholeSetPermissions.sh. blacklist.sh, whitelist.sh: Rerun as pihole user. Use sudo for reloading services. chronometer.sh, piholeLogFlush.sh: Rerun as pihole user. setupLCD.sh: Rerun as root.
366 lines
12 KiB
Bash
Executable file
366 lines
12 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Pi-hole: A black hole for Internet advertisements
|
|
# (c) 2015 by Jacob Salmela
|
|
# Network-wide ad blocking via your Raspberry Pi
|
|
# http://pi-hole.net
|
|
# Compiles a list of ad-serving domains by downloading them from multiple sources
|
|
#
|
|
# Pi-hole is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
# Check if pihole user, and if not then rerun with sudo.
|
|
echo ":::"
|
|
runninguser=$(whoami)
|
|
if [[ "$runninguser" = "pihole" ]];then
|
|
echo "::: You are pihole user."
|
|
# Older versions of Pi-hole set $SUDO="sudo" and prefixed commands with it,
|
|
# rather than rerunning as sudo. Just in case it turns up by accident,
|
|
# explicitly set the $SUDO variable to an empty string.
|
|
SUDO=""
|
|
else
|
|
echo "::: sudo will be used."
|
|
# Check if it is actually installed
|
|
# If it isn't, exit because the install cannot complete
|
|
if [[ $(dpkg-query -s sudo) ]];then
|
|
echo "::: Running sudo -u pihole $@"
|
|
sudo -u pihole "$@"
|
|
exit $?
|
|
else
|
|
echo "::: Please install sudo."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
piholeIPfile=/tmp/piholeIP
|
|
piholeIPv6file=/etc/pihole/.useIPv6
|
|
|
|
adListFile=/etc/pihole/adlists.list
|
|
adListDefault=/etc/pihole/adlists.default
|
|
whitelistScript=/usr/local/bin/whitelist.sh
|
|
blacklistScript=/usr/local/bin/blacklist.sh
|
|
|
|
if [[ -f $piholeIPfile ]];then
|
|
# If the file exists, it means it was exported from the installation script and we should use that value instead of detecting it in this script
|
|
piholeIP=$(cat $piholeIPfile)
|
|
rm $piholeIPfile
|
|
else
|
|
# Otherwise, the IP address can be taken directly from the machine, which will happen when the script is run by the user and not the installation script
|
|
IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
|
|
piholeIPCIDR=$(ip -o -f inet addr show dev $IPv4dev | awk '{print $4}' | awk 'END {print}')
|
|
piholeIP=${piholeIPCIDR%/*}
|
|
fi
|
|
|
|
if [[ -f $piholeIPv6file ]];then
|
|
# If the file exists, then the user previously chose to use IPv6 in the automated installer
|
|
piholeIPv6=$(ip -6 route get 2001:4860:4860::8888 | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Variables for various stages of downloading and formatting the list
|
|
basename=pihole
|
|
piholeDir=/etc/$basename
|
|
adList=$piholeDir/gravity.list
|
|
blacklist=$piholeDir/blacklist.txt
|
|
whitelist=$piholeDir/whitelist.txt
|
|
latentWhitelist=$piholeDir/latentWhitelist.txt
|
|
justDomainsExtension=domains
|
|
matterandlight=$basename.0.matterandlight.txt
|
|
supernova=$basename.1.supernova.txt
|
|
eventHorizon=$basename.2.eventHorizon.txt
|
|
accretionDisc=$basename.3.accretionDisc.txt
|
|
eyeOfTheNeedle=$basename.4.wormhole.txt
|
|
|
|
# After setting defaults, check if there's local overrides
|
|
if [[ -r $piholeDir/pihole.conf ]];then
|
|
echo "::: Local calibration requested..."
|
|
. $piholeDir/pihole.conf
|
|
fi
|
|
|
|
|
|
spinner(){
|
|
local pid=$1
|
|
local delay=0.001
|
|
local spinstr='/-\|'
|
|
|
|
spin='-\|/'
|
|
i=0
|
|
while kill -0 $pid 2>/dev/null
|
|
do
|
|
i=$(( (i+1) %4 ))
|
|
printf "\b${spin:$i:1}"
|
|
sleep .1
|
|
done
|
|
printf "\b"
|
|
}
|
|
###########################
|
|
# collapse - begin formation of pihole
|
|
function gravity_collapse() {
|
|
echo "::: Neutrino emissions detected..."
|
|
echo ":::"
|
|
#Decide if we're using a custom ad block list, or defaults.
|
|
if [ -f $adListFile ]; then
|
|
#custom file found, use this instead of default
|
|
echo -n "::: Custom adList file detected. Reading..."
|
|
sources=()
|
|
while read -a line; do
|
|
#Do not read commented out or blank lines
|
|
if [[ $line = \#* ]] || [[ ! $line ]]; then
|
|
echo "" > /dev/null
|
|
else
|
|
sources+=($line)
|
|
fi
|
|
done < $adListFile
|
|
echo " done!"
|
|
else
|
|
#no custom file found, use defaults!
|
|
echo -n "::: No custom adlist file detected, reading from default file..."
|
|
sources=()
|
|
while read -a line; do
|
|
#Do not read commented out or blank lines
|
|
if [[ $line = \#* ]] || [[ ! $line ]]; then
|
|
echo "" > /dev/null
|
|
else
|
|
sources+=($line)
|
|
fi
|
|
done < $adListDefault
|
|
echo " done!"
|
|
fi
|
|
|
|
# Create the pihole resource directory if it doesn't exist. Future files will be stored here
|
|
if [[ -d $piholeDir ]];then
|
|
echo "."
|
|
else
|
|
echo -n "::: Creating pihole directory..."
|
|
mkdir $piholeDir & spinner $!
|
|
echo " done!"
|
|
fi
|
|
# Still not the best, but slightly more elegent hack than chmod 777.
|
|
# Run script to give the pihole group permissions to the pihole directory.
|
|
# This requires root.
|
|
# The installer should have created a file in sudoers.d to allow pihole user
|
|
# to run piholeSetPermissions.sh as root with sudo without a password
|
|
sudo --non-interactive /usr/local/bin/piholeSetPermissions.sh
|
|
}
|
|
|
|
# patternCheck - check to see if curl downloaded any new files.
|
|
function gravity_patternCheck() {
|
|
patternBuffer=$1
|
|
# check if the patternbuffer is a non-zero length file
|
|
if [[ -s "$patternBuffer" ]];then
|
|
# Some of the blocklists are copyright, they need to be downloaded
|
|
# and stored as is. They can be processed for content after they
|
|
# have been saved.
|
|
cp $patternBuffer $saveLocation
|
|
echo " List updated, transport successful!"
|
|
else
|
|
# curl didn't download any host files, probably because of the date check
|
|
echo " No changes detected, transport skipped!"
|
|
fi
|
|
}
|
|
|
|
# transport - curl the specified url with any needed command extentions
|
|
function gravity_transport() {
|
|
url=$1
|
|
cmd_ext=$2
|
|
agent=$3
|
|
|
|
# tmp file, so we don't have to store the (long!) lists in RAM
|
|
patternBuffer=$(mktemp)
|
|
heisenbergCompensator=""
|
|
if [[ -r $saveLocation ]]; then
|
|
# if domain has been saved, add file for date check to only download newer
|
|
heisenbergCompensator="-z $saveLocation"
|
|
fi
|
|
|
|
# Silently curl url
|
|
curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer
|
|
# Check for list updates
|
|
gravity_patternCheck $patternBuffer
|
|
|
|
# Cleanup
|
|
rm -f $patternBuffer
|
|
}
|
|
|
|
# spinup - main gravity function
|
|
function gravity_spinup() {
|
|
echo "::: "
|
|
# Loop through domain list. Download each one and remove commented lines (lines beginning with '# 'or '/') and # blank lines
|
|
for ((i = 0; i < "${#sources[@]}"; i++))
|
|
do
|
|
url=${sources[$i]}
|
|
# Get just the domain from the URL
|
|
domain=$(echo "$url" | cut -d'/' -f3)
|
|
|
|
# Save the file as list.#.domain
|
|
saveLocation=$piholeDir/list.$i.$domain.$justDomainsExtension
|
|
activeDomains[$i]=$saveLocation
|
|
|
|
agent="Mozilla/10.0"
|
|
|
|
echo -n "::: Getting $domain list..."
|
|
|
|
# Use a case statement to download lists that need special cURL commands
|
|
# to complete properly and reset the user agent when required
|
|
case "$domain" in
|
|
"adblock.mahakala.is")
|
|
agent='Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0'
|
|
cmd_ext="-e http://forum.xda-developers.com/"
|
|
;;
|
|
|
|
"pgl.yoyo.org")
|
|
cmd_ext="-d mimetype=plaintext -d hostformat=hosts"
|
|
;;
|
|
|
|
# Default is a simple request
|
|
*) cmd_ext=""
|
|
esac
|
|
gravity_transport "$url" "$cmd_ext" "$agent"
|
|
done
|
|
}
|
|
|
|
# Schwarzchild - aggregate domains to one list and add blacklisted domains
|
|
function gravity_Schwarzchild() {
|
|
echo "::: "
|
|
# Find all active domains and compile them into one file and remove CRs
|
|
echo -n "::: Aggregating list of domains..."
|
|
truncate -s 0 $piholeDir/$matterandlight & spinner $!
|
|
for i in "${activeDomains[@]}"
|
|
do
|
|
cat $i |tr -d '\r' >> $piholeDir/$matterandlight
|
|
done
|
|
echo " done!"
|
|
|
|
}
|
|
|
|
|
|
function gravity_Blacklist(){
|
|
# Append blacklist entries if they exist
|
|
echo -n "::: Running blacklist script to update HOSTS file...."
|
|
$blacklistScript -f -nr -q > /dev/null & spinner $!
|
|
|
|
numBlacklisted=$(wc -l < "/etc/pihole/blacklist.txt")
|
|
plural=; [[ "$numBlacklisted" != "1" ]] && plural=s
|
|
echo " $numBlacklisted domain${plural} blacklisted!"
|
|
|
|
|
|
}
|
|
|
|
|
|
function gravity_Whitelist() {
|
|
echo ":::"
|
|
# Prevent our sources from being pulled into the hole
|
|
plural=; [[ "${sources[@]}" != "1" ]] && plural=s
|
|
echo -n "::: Adding ${#sources[@]} ad list source${plural} to the whitelist..."
|
|
|
|
urls=()
|
|
for url in ${sources[@]}
|
|
do
|
|
tmp=$(echo "$url" | awk -F '/' '{print $3}')
|
|
urls=("${urls[@]}" $tmp)
|
|
done
|
|
echo " done!"
|
|
|
|
echo -n "::: Running whitelist script to update HOSTS file...."
|
|
$whitelistScript -f -nr -q ${urls[@]} > /dev/null & spinner $!
|
|
|
|
numWhitelisted=$(wc -l < "/etc/pihole/whitelist.txt")
|
|
plural=; [[ "$numWhitelisted" != "1" ]] && plural=s
|
|
echo " $numWhitelisted domain${plural} whitelisted!"
|
|
|
|
|
|
|
|
}
|
|
|
|
function gravity_unique() {
|
|
# Sort and remove duplicates
|
|
echo -n "::: Removing duplicate domains...."
|
|
sort -u $piholeDir/$supernova > $piholeDir/$eventHorizon & spinner $!
|
|
echo " done!"
|
|
numberOf=$(wc -l < $piholeDir/$eventHorizon)
|
|
echo "::: $numberOf unique domains trapped in the event horizon."
|
|
}
|
|
|
|
function gravity_hostFormat() {
|
|
# Format domain list as "192.168.x.x domain.com"
|
|
echo "::: Formatting domains into a HOSTS file..."
|
|
# If there is a value in the $piholeIPv6, then IPv6 will be used, so the awk command modified to create a line for both protocols
|
|
if [[ -n $piholeIPv6 ]];then
|
|
#Add dummy domain Pi-Hole.IsWorking.OK to the top of gravity.list to make ping result return a friendlier looking domain!
|
|
echo -e "$piholeIP Pi-Hole.IsWorking.OK \n$piholeIPv6 Pi-Hole.IsWorking.OK" > $piholeDir/$accretionDisc
|
|
cat $piholeDir/$eventHorizon | awk -v ipv4addr="$piholeIP" -v ipv6addr="$piholeIPv6" '{sub(/\r$/,""); print ipv4addr" "$0"\n"ipv6addr" "$0}' >> $piholeDir/$accretionDisc
|
|
|
|
else
|
|
# Otherwise, just create gravity.list as normal using IPv4
|
|
#Add dummy domain Pi-Hole.IsWorking.OK to the top of gravity.list to make ping result return a friendlier looking domain!
|
|
echo -e "$piholeIP Pi-Hole.IsWorking.OK" > $piholeDir/$accretionDisc
|
|
cat $piholeDir/$eventHorizon | awk -v ipv4addr="$piholeIP" '{sub(/\r$/,""); print ipv4addr" "$0}' >> $piholeDir/$accretionDisc
|
|
fi
|
|
# Copy the file over as /etc/pihole/gravity.list so dnsmasq can use it
|
|
cp $piholeDir/$accretionDisc $adList
|
|
}
|
|
|
|
# blackbody - remove any remnant files from script processes
|
|
function gravity_blackbody() {
|
|
# Loop through list files
|
|
for file in $piholeDir/*.$justDomainsExtension
|
|
do
|
|
# If list is in active array then leave it (noop) else rm the list
|
|
if [[ " ${activeDomains[@]} " =~ " ${file} " ]]; then
|
|
:
|
|
else
|
|
rm -f $file
|
|
fi
|
|
done
|
|
}
|
|
|
|
function gravity_advanced() {
|
|
|
|
|
|
# Remove comments and print only the domain name
|
|
# Most of the lists downloaded are already in hosts file format but the spacing/formating is not contigious
|
|
# This helps with that and makes it easier to read
|
|
# It also helps with debugging so each stage of the script can be researched more in depth
|
|
echo -n "::: Formatting list of domains to remove comments...."
|
|
awk '($1 !~ /^#/) { if (NF>1) {print $2} else {print $1}}' $piholeDir/$matterandlight | sed -nr -e 's/\.{2,}/./g' -e '/\./p' > $piholeDir/$supernova & spinner $!
|
|
echo " done!"
|
|
|
|
numberOf=$(wc -l < $piholeDir/$supernova)
|
|
echo "::: $numberOf domains being pulled in by gravity..."
|
|
|
|
gravity_unique
|
|
|
|
}
|
|
|
|
function gravity_reload() {
|
|
#Clear no longer needed files...
|
|
echo ":::"
|
|
echo -n "::: Cleaning up un-needed files..."
|
|
rm /etc/pihole/pihole.*
|
|
echo " done!"
|
|
|
|
# Reload hosts file
|
|
echo ":::"
|
|
echo -n "::: Refresh lists in dnsmasq..."
|
|
|
|
# Reloading services requires root.
|
|
# The installer should have created a file in sudoers.d to allow pihole user
|
|
# to run piholeReloadServices.sh as root with sudo without a password
|
|
sudo --non-interactive /usr/local/bin/piholeReloadServices.sh
|
|
|
|
echo " done!"
|
|
}
|
|
|
|
cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
|
|
gravity_collapse
|
|
gravity_spinup
|
|
gravity_Schwarzchild
|
|
gravity_advanced
|
|
gravity_hostFormat
|
|
gravity_blackbody
|
|
gravity_Whitelist
|
|
gravity_Blacklist
|
|
gravity_reload
|