Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/pi-hole/pi-hole.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdam Warner <me@adamwarner.co.uk>2021-09-12 00:17:43 +0300
committerGitHub <noreply@github.com>2021-09-12 00:17:43 +0300
commit2673c2c0720fb3871a4c3cae6a3f38f9ccede24e (patch)
tree573b6cbc6a8b5d9df23343461571f6673e0ce363
parent4736e03108763cc2d5659f48d8a1e8a64d9b2608 (diff)
parente39304848807353dd10135d3c3118afef181ea6e (diff)
Merge pull request #4318 from pi-hole/release/v5.4v5.4
Pi-hole core v5.4
Diffstat
-rw-r--r--.github/workflows/test.yml2
-rw-r--r--README.md2
-rw-r--r--advanced/06-rfc6761.conf41
-rwxr-xr-xadvanced/Scripts/chronometer.sh4
-rw-r--r--advanced/Scripts/piholeCheckout.sh3
-rwxr-xr-xadvanced/Scripts/piholeDebug.sh331
-rwxr-xr-xadvanced/Scripts/piholeLogFlush.sh11
-rwxr-xr-xadvanced/Scripts/version.sh2
-rwxr-xr-xadvanced/Scripts/webpage.sh30
-rw-r--r--advanced/Templates/pihole-FTL.service44
-rw-r--r--advanced/Templates/pihole.cron2
-rw-r--r--advanced/index.php6
-rw-r--r--advanced/lighttpd.conf.debian26
-rw-r--r--advanced/lighttpd.conf.fedora26
-rwxr-xr-xautomated install/basic-install.sh272
-rwxr-xr-xautomated install/uninstall.sh13
-rwxr-xr-xgravity.sh72
-rw-r--r--manpages/pihole.82
-rwxr-xr-xpihole50
-rw-r--r--supportedos.txt5
-rw-r--r--test/_centos_7.Dockerfile1
-rw-r--r--test/_centos_8.Dockerfile1
-rw-r--r--test/_debian_10.Dockerfile1
-rw-r--r--test/_debian_11.Dockerfile17
-rw-r--r--test/_debian_9.Dockerfile1
-rw-r--r--test/_fedora_32.Dockerfile1
-rw-r--r--test/_fedora_33.Dockerfile1
-rw-r--r--test/_ubuntu_16.Dockerfile1
-rw-r--r--test/_ubuntu_18.Dockerfile1
-rw-r--r--test/_ubuntu_20.Dockerfile1
-rw-r--r--test/_ubuntu_21.Dockerfile18
-rw-r--r--test/conftest.py2
-rw-r--r--test/test_automated_install.py61
-rw-r--r--test/test_centos_7_support.py22
-rw-r--r--test/test_centos_8_support.py22
-rw-r--r--test/test_centos_common_support.py38
-rw-r--r--test/test_fedora_support.py6
-rw-r--r--test/tox.debian_11.ini8
-rw-r--r--test/tox.ubuntu_21.ini8
39 files changed, 553 insertions, 602 deletions
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index d19df5ab..129caea4 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
- distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33]
+ distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33]
env:
DISTRO: ${{matrix.distro}}
steps:
diff --git a/README.md b/README.md
index 57dee16d..06f541f4 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,8 @@ sudo bash basic-install.sh
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh
```
+### Method 3: Using Docker to deploy Pi-hole
+Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-hole) to use the Official Docker Images.
## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/)
diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf
new file mode 100644
index 00000000..e03569e8
--- /dev/null
+++ b/advanced/06-rfc6761.conf
@@ -0,0 +1,41 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# RFC 6761 config file for Pi-hole
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+###############################################################################
+# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
+# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
+# #
+# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
+# WITHIN /etc/dnsmasq.d/yourname.conf #
+###############################################################################
+
+# RFC 6761: Caching DNS servers SHOULD recognize
+# test, localhost, invalid
+# names as special and SHOULD NOT attempt to look up NS records for them, or
+# otherwise query authoritative DNS servers in an attempt to resolve these
+# names.
+server=/test/
+server=/localhost/
+server=/invalid/
+
+# The same RFC requests something similar for
+# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 27.172.in-addr.arpa.
+# 17.172.in-addr.arpa. 30.172.in-addr.arpa. 28.172.in-addr.arpa.
+# 18.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa.
+# 19.172.in-addr.arpa. 24.172.in-addr.arpa. 31.172.in-addr.arpa.
+# 20.172.in-addr.arpa. 25.172.in-addr.arpa. 168.192.in-addr.arpa.
+# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
+# 01-pihole.conf) because this also covers IPv6.
+
+# OpenWRT furthermore blocks bind, local, onion domains
+# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
+# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
+# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
+server=/bind/
+server=/onion/
diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh
index 4f9ea59a..3f85bdfc 100755
--- a/advanced/Scripts/chronometer.sh
+++ b/advanced/Scripts/chronometer.sh
@@ -498,10 +498,6 @@ chronoFunc() {
printFunc " RAM usage: " "$ram_perc%" "$ram_info"
printFunc " HDD usage: " "$disk_perc" "$disk_info"
- if [[ "$scr_lines" -gt 17 ]] && [[ "$chrono_width" != "small" ]]; then
- printFunc " LAN addr: " "${IPV4_ADDRESS/\/*/}" "$lan_info"
- fi
-
if [[ "$DHCP_ACTIVE" == "true" ]]; then
printFunc "DHCP usage: " "$ph_dhcp_percent%" "$dhcp_info"
fi
diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh
index 1c1b16a4..4c0a4f40 100644
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@@ -166,12 +166,15 @@ checkout() {
checkout_pull_branch "${webInterfaceDir}" "${2}"
elif [[ "${1}" == "ftl" ]] ; then
local path
+ local oldbranch
path="${2}/${binary}"
+ oldbranch="$(pihole-FTL -b)"
if check_download_exists "$path"; then
echo " ${TICK} Branch ${2} exists"
echo "${2}" > /etc/pihole/ftlbranch
chmod 644 /etc/pihole/ftlbranch
+ echo -e " ${INFO} Switching to branch: \"${2}\" from \"${oldbranch}\""
FTLinstall "${binary}"
restart_service pihole-FTL
enable_service pihole-FTL
diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh
index 13a886f1..d199b4f5 100755
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -56,11 +56,6 @@ FAQ_BAD_ADDRESS="${COL_CYAN}https://discourse.pi-hole.net/t/why-do-i-see-bad-add
# Other URLs we may use
FORUMS_URL="${COL_CYAN}https://discourse.pi-hole.net${COL_NC}"
-TRICORDER_CONTEST="${COL_CYAN}https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/${COL_NC}"
-
-# Port numbers used for uploading the debug log
-TRICORDER_NC_PORT_NUMBER=9999
-TRICORDER_SSL_PORT_NUMBER=9998
# Directories required by Pi-hole
# https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684
@@ -78,15 +73,12 @@ HTML_DIRECTORY="/var/www/html"
WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
#BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole"
SHM_DIRECTORY="/dev/shm"
+ETC="/etc"
# Files required by Pi-hole
# https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684
PIHOLE_CRON_FILE="${CRON_D_DIRECTORY}/pihole"
-PIHOLE_DNS_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/01-pihole.conf"
-PIHOLE_DHCP_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/02-pihole-dhcp.conf"
-PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf"
-
WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf"
WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf"
@@ -141,6 +133,9 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log"
PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log"
PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
+RESOLVCONF="${ETC}/resolv.conf"
+DNSMASQ_CONF="${ETC}/dnsmasq.conf"
+
# An array of operating system "pretty names" that we officially support
# We can loop through the array at any time to see if it matches a value
#SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")
@@ -165,9 +160,6 @@ PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" )
# Store the required directories in an array so it can be parsed through
REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
-"${PIHOLE_DNS_CONFIG_FILE}"
-"${PIHOLE_DHCP_CONFIG_FILE}"
-"${PIHOLE_WILDCARD_CONFIG_FILE}"
"${WEB_SERVER_CONFIG_FILE}"
"${WEB_SERVER_CUSTOM_CONFIG_FILE}"
"${PIHOLE_INSTALL_LOG_FILE}"
@@ -185,7 +177,9 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
"${PIHOLE_DEBUG_LOG}"
"${PIHOLE_FTL_LOG}"
"${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}"
-"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}")
+"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}"
+"${RESOLVCONF}"
+"${DNSMASQ_CONF}")
DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net.
@@ -235,6 +229,7 @@ copy_to_debug_log() {
}
initialize_debug() {
+ local system_uptime
# Clear the screen so the debug log is readable
clear
show_disclaimer
@@ -242,6 +237,10 @@ initialize_debug() {
log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}"
# Timestamp the start of the log
log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initialized."
+ # Uptime of the system
+ # credits to https://stackoverflow.com/questions/28353409/bash-format-uptime-to-show-days-hours-minutes
+ system_uptime=$(uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/){if ($9=="min") {d=$6;m=$8} else {d=$6;h=$8;m=$9}} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes"}')
+ log_write "${INFO} System has been running for ${system_uptime}"
}
# This is a function for visually displaying the current test that is being run.
@@ -410,12 +409,12 @@ os_check() {
# This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net
# and determines whether or not the script is running on one of those systems
local remote_os_domain valid_os valid_version detected_os detected_version cmdResult digReturnCode response
- remote_os_domain="versions.pi-hole.net"
+ remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"}
detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"')
detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
- cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)"
+ cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)"
#Get the return code of the previous command (last line)
digReturnCode="${cmdResult##*$'\n'}"
@@ -605,38 +604,6 @@ parse_locale() {
parse_file "${pihole_locale}"
}
-does_ip_match_setup_vars() {
- # Check for IPv4 or 6
- local protocol="${1}"
- # IP address to check for
- local ip_address="${2}"
- # See what IP is in the setupVars.conf file
- local setup_vars_ip
- setup_vars_ip=$(< ${PIHOLE_SETUP_VARS_FILE} grep IPV"${protocol}"_ADDRESS | cut -d '=' -f2)
- # If it's an IPv6 address
- if [[ "${protocol}" == "6" ]]; then
- # Strip off the / (CIDR notation)
- if [[ "${ip_address%/*}" == "${setup_vars_ip%/*}" ]]; then
- # if it matches, show it in green
- log_write " ${COL_GREEN}${ip_address%/*}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}"
- else
- # otherwise show it in red with an FAQ URL
- log_write " ${COL_RED}${ip_address%/*}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})"
- fi
-
- else
- # if the protocol isn't 6, it's 4 so no need to strip the CIDR notation
- # since it exists in the setupVars.conf that way
- if [[ "${ip_address}" == "${setup_vars_ip}" ]]; then
- # show in green if it matches
- log_write " ${COL_GREEN}${ip_address}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}"
- else
- # otherwise show it in red
- log_write " ${COL_RED}${ip_address}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})"
- fi
- fi
-}
-
detect_ip_addresses() {
# First argument should be a 4 or a 6
local protocol=${1}
@@ -653,8 +620,7 @@ detect_ip_addresses() {
log_write "${TICK} IPv${protocol} address(es) bound to the ${PIHOLE_INTERFACE} interface:"
# Since there may be more than one IP address, store them in an array
for i in "${!ip_addr_list[@]}"; do
- # For each one in the list, print it out
- does_ip_match_setup_vars "${protocol}" "${ip_addr_list[$i]}"
+ log_write " ${ip_addr_list[$i]}"
done
# Print a blank line just for formatting
log_write ""
@@ -663,13 +629,6 @@ detect_ip_addresses() {
log_write "${CROSS} ${COL_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interface.\\n"
return 1
fi
- # If the protocol is v6
- if [[ "${protocol}" == "6" ]]; then
- # let the user know that as long as there is one green address, things should be ok
- log_write " ^ Please note that you may have more than one IP address listed."
- log_write " As long as one of them is green, and it matches what is in ${PIHOLE_SETUP_VARS_FILE}, there is no need for concern.\\n"
- log_write " The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.\\n"
- fi
}
ping_ipv4_or_ipv6() {
@@ -859,13 +818,13 @@ dig_at() {
# Store the arguments as variables with names
local protocol="${1}"
- local IP="${2}"
echo_current_diagnostic "Name resolution (IPv${protocol}) using a random blocked domain and a known ad-serving domain"
# Set more local variables
# We need to test name resolution locally, via Pi-hole, and via a public resolver
local local_dig
- local pihole_dig
local remote_dig
+ local interfaces
+ local addresses
# Use a static domain that we know has IPv4 and IPv6 to avoid false positives
# Sometimes the randomly chosen domains don't use IPv6, or something else is wrong with them
local remote_url="doubleclick.com"
@@ -874,15 +833,15 @@ dig_at() {
if [[ ${protocol} == "6" ]]; then
# Set the IPv6 variables and record type
local local_address="::1"
- local pihole_address="${IP}"
local remote_address="2001:4860:4860::8888"
+ local sed_selector="inet6"
local record_type="AAAA"
# Otherwise, it should be 4
else
# so use the IPv4 values
local local_address="127.0.0.1"
- local pihole_address="${IP}"
local remote_address="8.8.8.8"
+ local sed_selector="inet"
local record_type="A"
fi
@@ -892,32 +851,55 @@ dig_at() {
local random_url
random_url=$(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity ORDER BY RANDOM() LIMIT 1")
- # First, do a dig on localhost to see if Pi-hole can use itself to block a domain
- if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then
- # If it can, show success
- log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})"
- else
- # Otherwise, show a failure
- log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} (${local_address})"
- fi
-
# Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address
# This better emulates how clients will interact with Pi-hole as opposed to above where Pi-hole is
# just asing itself locally
- # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't waiting for too long
-
- # If Pi-hole can dig itself from it's IP (not the loopback address)
- if pihole_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${pihole_address}" +short "${record_type}"); then
- # show a success
- log_write "${TICK} ${random_url} ${COL_GREEN}is ${pihole_dig}${COL_NC} via ${COL_CYAN}Pi-hole${COL_NC} (${pihole_address})"
- else
- # Otherwise, show a failure
- log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}Pi-hole${COL_NC} (${pihole_address})"
- fi
+ # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't
+ # waiting for too long
+ #
+ # Turn off history expansion such that the "!" in the sed command cannot do silly things
+ set +H
+ # Get interfaces
+ # sed logic breakdown:
+ # / master /d;
+ # Removes all interfaces that are slaves of others (e.g. virtual docker interfaces)
+ # /UP/!d;
+ # Removes all interfaces which are not UP
+ # s/^[0-9]*: //g;
+ # Removes interface index
+ # s/: <.*//g;
+ # Removes everything after the interface name
+ interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")"
+
+ while IFS= read -r iface ; do
+ # Get addresses of current interface
+ # sed logic breakdown:
+ # /inet(|6) /!d;
+ # Removes all lines from ip a that do not contain either "inet " or "inet6 "
+ # s/^.*inet(|6) //g;
+ # Removes all leading whitespace as well as the "inet " or "inet6 " string
+ # s/\/.*$//g;
+ # Removes CIDR and everything thereafter (e.g., scope properties)
+ addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")"
+ if [ -n "${addresses}" ]; then
+ while IFS= read -r local_address ; do
+ # Check if Pi-hole can use itself to block a domain
+ if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then
+ # If it can, show success
+ log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})"
+ else
+ # Otherwise, show a failure
+ log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})"
+ fi
+ done <<< "${addresses}"
+ else
+ log_write "${TICK} No IPv${protocol} address available on ${COL_CYAN}${iface}${COL_NC}"
+ fi
+ done <<< "${interfaces}"
# Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server
# We are using the static remote_url here instead of a random one because we know it works with IPv4 and IPv6
- if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @${remote_address} +short "${record_type}" | head -n1); then
+ if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @"${remote_address}" +short "${record_type}" | head -n1); then
# If successful, the real IP of the domain will be returned instead of Pi-hole's IP
log_write "${TICK} ${remote_url} ${COL_GREEN}is ${remote_dig}${COL_NC} via ${COL_CYAN}a remote, public DNS server${COL_NC} (${remote_address})"
else
@@ -1032,7 +1014,7 @@ parse_file() {
local file_lines
# For each line in the file,
for file_lines in "${file_info[@]}"; do
- if [[ ! -z "${file_lines}" ]]; then
+ if [[ -n "${file_lines}" ]]; then
# don't include the Web password hash
[[ "${file_lines}" =~ ^\#.*$ || ! "${file_lines}" || "${file_lines}" == "WEBPASSWORD="* ]] && continue
# otherwise, display the lines of the file
@@ -1046,12 +1028,8 @@ parse_file() {
check_name_resolution() {
# Check name resolution from localhost, Pi-hole's IP, and Google's name severs
# using the function we created earlier
- dig_at 4 "${IPV4_ADDRESS%/*}"
- # If IPv6 enabled,
- if [[ "${IPV6_ADDRESS}" ]]; then
- # check resolution
- dig_at 6 "${IPV6_ADDRESS%/*}"
- fi
+ dig_at 4
+ dig_at 6
}
# This function can check a directory exists
@@ -1094,13 +1072,17 @@ list_files_in_dir() {
:
elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then
# SHM file - we do not want to see the content, but we want to see the files and their sizes
- log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")"
+ log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")"
+ elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then
+ # in case of the dnsmasq directory inlcuede all files in the debug output
+ log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}"
+ make_array_from_file "${dir_to_parse}/${each_file}"
else
# Then, parse the file's content into an array so each line can be analyzed if need be
for i in "${!REQUIRED_FILES[@]}"; do
if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then
# display the filename
- log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}"
+ log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}"
# Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing)
case "${dir_to_parse}/${each_file}" in
# If it's Web server error log, give the first and last 25 lines
@@ -1139,6 +1121,7 @@ show_content_of_pihole_files() {
show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}"
show_content_of_files_in_dir "${LOG_DIRECTORY}"
show_content_of_files_in_dir "${SHM_DIRECTORY}"
+ show_content_of_files_in_dir "${ETC}"
}
head_tail_log() {
@@ -1239,11 +1222,11 @@ show_groups() {
}
show_adlists() {
- show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "4 7 12 100 19 19 50"
+ show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 100 19 19 50"
}
show_domainlist() {
- show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "4 4 7 12 100 19 19 50"
+ show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 4 7 12 100 19 19 50"
}
show_clients() {
@@ -1281,77 +1264,88 @@ analyze_gravity_list() {
IFS="$OLD_IFS"
}
+obfuscated_pihole_log() {
+ local pihole_log=("$@")
+ local line
+ local error_to_check_for
+ local line_to_obfuscate
+ local obfuscated_line
+ for line in "${pihole_log[@]}"; do
+ # A common error in the pihole.log is when there is a non-hosts formatted file
+ # that the DNS server is attempting to read. Since it's not formatted
+ # correctly, there will be an entry for "bad address at line n"
+ # So we can check for that here and highlight it in red so the user can see it easily
+ error_to_check_for=$(echo "${line}" | grep 'bad address at')
+ # Some users may not want to have the domains they visit sent to us
+ # To that end, we check for lines in the log that would contain a domain name
+ line_to_obfuscate=$(echo "${line}" | grep ': query\|: forwarded\|: reply')
+ # If the variable contains a value, it found an error in the log
+ if [[ -n ${error_to_check_for} ]]; then
+ # So we can print it in red to make it visible to the user
+ log_write " ${CROSS} ${COL_RED}${line}${COL_NC} (${FAQ_BAD_ADDRESS})"
+ else
+ # If the variable does not a value (the current default behavior), so do not obfuscate anything
+ if [[ -z ${OBFUSCATE} ]]; then
+ log_write " ${line}"
+ # Othwerise, a flag was passed to this command to obfuscate domains in the log
+ else
+ # So first check if there are domains in the log that should be obfuscated
+ if [[ -n ${line_to_obfuscate} ]]; then
+ # If there are, we need to use awk to replace only the domain name (the 6th field in the log)
+ # so we substitute the domain for the placeholder value
+ obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}')
+ log_write " ${obfuscated_line}"
+ else
+ log_write " ${line}"
+ fi
+ fi
+ fi
+ done
+}
+
analyze_pihole_log() {
- echo_current_diagnostic "Pi-hole log"
- local head_line
- # Put the current Internal Field Separator into another variable so it can be restored later
- OLD_IFS="$IFS"
- # Get the lines that are in the file(s) and store them in an array for parsing later
- IFS=$'\r\n'
- local pihole_log_permissions
- pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}")
- log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}"
- local pihole_log_head=()
- mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG})
- log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}"
- local error_to_check_for
- local line_to_obfuscate
- local obfuscated_line
- for head_line in "${pihole_log_head[@]}"; do
- # A common error in the pihole.log is when there is a non-hosts formatted file
- # that the DNS server is attempting to read. Since it's not formatted
- # correctly, there will be an entry for "bad address at line n"
- # So we can check for that here and highlight it in red so the user can see it easily
- error_to_check_for=$(echo "${head_line}" | grep 'bad address at')
- # Some users may not want to have the domains they visit sent to us
- # To that end, we check for lines in the log that would contain a domain name
- line_to_obfuscate=$(echo "${head_line}" | grep ': query\|: forwarded\|: reply')
- # If the variable contains a value, it found an error in the log
- if [[ -n ${error_to_check_for} ]]; then
- # So we can print it in red to make it visible to the user
- log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})"
- else
- # If the variable does not a value (the current default behavior), so do not obfuscate anything
- if [[ -z ${OBFUSCATE} ]]; then
- log_write " ${head_line}"
- # Othwerise, a flag was passed to this command to obfuscate domains in the log
- else
- # So first check if there are domains in the log that should be obfuscated
- if [[ -n ${line_to_obfuscate} ]]; then
- # If there are, we need to use awk to replace only the domain name (the 6th field in the log)
- # so we substitute the domain for the placeholder value
- obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}')
- log_write " ${obfuscated_line}"
- else
- log_write " ${head_line}"
- fi
- fi
- fi
- done
- log_write ""
- # Set the IFS back to what it was
- IFS="$OLD_IFS"
+ echo_current_diagnostic "Pi-hole log"
+ local pihole_log_head=()
+ local pihole_log_tail=()
+ local pihole_log_permissions
+ local logging_enabled
+
+ logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf)
+ if [[ "${logging_enabled}" == "0" ]]; then
+ # Inform user that logging has been disabled and pihole.log does not contain queries
+ log_write "${INFO} Query logging is disabled"
+ log_write ""
+ fi
+ # Put the current Internal Field Separator into another variable so it can be restored later
+ OLD_IFS="$IFS"
+ # Get the lines that are in the file(s) and store them in an array for parsing later
+ IFS=$'\r\n'
+ pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}")
+ log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}"
+ mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG})
+ log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}"
+ obfuscated_pihole_log "${pihole_log_head[@]}"
+ log_write ""
+ mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG})
+ log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}"
+ obfuscated_pihole_log "${pihole_log_tail[@]}"
+ log_write ""
+ # Set the IFS back to what it was
+ IFS="$OLD_IFS"
}
-tricorder_use_nc_or_curl() {
- # Users can submit their debug logs using nc (unencrypted) or curl (encrypted) if available
- # Check for curl first since encryption is a good thing
- if command -v curl &> /dev/null; then
- # If the command exists,
- log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission."
- # transmit he log via TLS and store the token returned in a variable
- tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER})
- if [ -z "${tricorder_token}" ]; then
- # curl failed, fallback to nc
- log_write " * ${COL_GREEN}curl${COL_NC} failed, falling back to ${COL_YELLOW}netcat${COL_NC} for transmission."
- tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
+curl_to_tricorder() {
+ # Users can submit their debug logs using curl (encrypted)
+ log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission."
+ # transmit the log via TLS and store the token returned in a variable
+ tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1)
+ if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then
+ log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance."
+ # Log curl error (if available)
+ if [ -n "${tricorder_token}" ]; then
+ log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n"
+ tricorder_token=""
fi
- # Otherwise,
- else
- # use net cat
- log_write "${INFO} Using ${COL_YELLOW}netcat${COL_NC} for transmission."
- # Save the token returned by our server in a variable
- tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
fi
}
@@ -1370,14 +1364,13 @@ upload_to_tricorder() {
# Provide information on what they should do with their token
log_write " * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only."
- log_write " * For more information, see: ${TRICORDER_CONTEST}"
- log_write " * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat."
+
# If pihole -d is running automatically (usually through the dashboard)
if [[ "${AUTOMATED}" ]]; then
# let the user know
log_write "${INFO} Debug script running in automated mode"
# and then decide again which tool to use to submit it
- tricorder_use_nc_or_curl
+ curl_to_tricorder
# If we're not running in automated mode,
else
echo ""
@@ -1386,7 +1379,7 @@ upload_to_tricorder() {
read -r -p "[?] Would you like to upload the log? [y/N] " response
case ${response} in
# If they say yes, run our function for uploading the log
- [yY][eE][sS]|[yY]) tricorder_use_nc_or_curl;;
+ [yY][eE][sS]|[yY]) curl_to_tricorder;;
# If they choose no, just exit out of the script
*) log_write " * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.\\n * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n";exit;
esac
@@ -1397,15 +1390,15 @@ upload_to_tricorder() {
# Again, try to make this visually striking so the user realizes they need to do something with this information
# Namely, provide the Pi-hole devs with the token
log_write ""
- log_write "${COL_PURPLE}***********************************${COL_NC}"
- log_write "${COL_PURPLE}***********************************${COL_NC}"
+ log_write "${COL_PURPLE}*****************************************************************${COL_NC}"
+ log_write "${COL_PURPLE}*****************************************************************${COL_NC}\\n"
log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}"
- log_write "${COL_PURPLE}***********************************${COL_NC}"
- log_write "${COL_PURPLE}***********************************${COL_NC}"
+ log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}\\n"
+ log_write "${COL_PURPLE}*****************************************************************${COL_NC}"
+ log_write "${COL_PURPLE}*****************************************************************${COL_NC}"
log_write ""
- log_write " * Provide the token above to the Pi-hole team for assistance at"
- log_write " * ${FORUMS_URL}"
- log_write " * Your log will self-destruct on our server after ${COL_RED}48 hours${COL_NC}."
+ log_write " * Provide the token above to the Pi-hole team for assistance at ${FORUMS_URL}"
+
# If no token was generated
else
# Show an error and some help instructions
diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh
index 51e94d7c..5c6a2c68 100755
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -11,6 +11,11 @@
colfile="/opt/pihole/COL_TABLE"
source ${colfile}
+# In case we're running at the same time as a system logrotate, use a
+# separate logrotate state file to prevent stepping on each other's
+# toes.
+STATEFILE="/var/lib/logrotate/pihole"
+
# Determine database location
# Obtain DBFILE=... setting from pihole-FTL.db
# Constructed to return nothing when
@@ -32,7 +37,7 @@ if [[ "$@" == *"once"* ]]; then
# Nightly logrotation
if command -v /usr/sbin/logrotate >/dev/null; then
# Logrotate once
- /usr/sbin/logrotate --force /etc/pihole/logrotate
+ /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
else
# Copy pihole.log over to pihole.log.1
# and empty out pihole.log
@@ -47,8 +52,8 @@ else
# Manual flushing
if command -v /usr/sbin/logrotate >/dev/null; then
# Logrotate twice to move all data out of sight of FTL
- /usr/sbin/logrotate --force /etc/pihole/logrotate; sleep 3
- /usr/sbin/logrotate --force /etc/pihole/logrotate
+ /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate; sleep 3
+ /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
else
# Flush both pihole.log and pihole.log.1 (if existing)
echo " " > /var/log/pihole.log
diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh
index f77ee635..86ac45bc 100755
--- a/advanced/Scripts/version.sh
+++ b/advanced/Scripts/version.sh
@@ -153,7 +153,7 @@ versionOutput() {
if [[ -n "$current" ]] && [[ -n "$latest" ]]; then
output="${1^} version is $branch$current (Latest: $latest)"
elif [[ -n "$current" ]] && [[ -z "$latest" ]]; then
- output="Current ${1^} version is $branch$current."
+ output="Current ${1^} version is $branch$current"
elif [[ -z "$current" ]] && [[ -n "$latest" ]]; then
output="Latest ${1^} version is $latest"
elif [[ "$curHash" == "N/A" ]] || [[ "$latHash" == "N/A" ]]; then
diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh
index 8ef4d940..52c388f8 100755
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -44,7 +44,8 @@ Options:
-e, email Set an administrative contact address for the Block Page
-h, --help Show this help dialog
-i, interface Specify dnsmasq's interface listening behavior
- -l, privacylevel Set privacy level (0 = lowest, 3 = highest)"
+ -l, privacylevel Set privacy level (0 = lowest, 3 = highest)
+ -t, teleporter Backup configuration as an archive"
exit 0
}
@@ -53,7 +54,7 @@ add_setting() {
}
delete_setting() {
- sed -i "/${1}/d" "${setupVars}"
+ sed -i "/^${1}/d" "${setupVars}"
}
change_setting() {
@@ -66,7 +67,7 @@ addFTLsetting() {
}
deleteFTLsetting() {
- sed -i "/${1}/d" "${FTLconf}"
+ sed -i "/^${1}/d" "${FTLconf}"
}
changeFTLsetting() {
@@ -83,7 +84,7 @@ add_dnsmasq_setting() {
}
delete_dnsmasq_setting() {
- sed -i "/${1}/d" "${dnsmasqconfig}"
+ sed -i "/^${1}/d" "${dnsmasqconfig}"
}
SetTemperatureUnit() {
@@ -266,17 +267,22 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
delete_setting "CONDITIONAL_FORWARDING_IP"
fi
+ delete_dnsmasq_setting "rev-server"
+
if [[ "${REV_SERVER}" == true ]]; then
add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
if [ -n "${REV_SERVER_DOMAIN}" ]; then
+ # Forward local domain names to the CF target, too
add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
fi
- fi
- # Prevent Firefox from automatically switching over to DNS-over-HTTPS
- # This follows https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
- # (sourced 7th September 2019)
- add_dnsmasq_setting "server=/use-application-dns.net/"
+ if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then
+ # Forward unqualified names to the CF target only when the "never
+ # forward non-FQDN" option is unticked
+ add_dnsmasq_setting "server=//${REV_SERVER_TARGET}"
+ fi
+
+ fi
# We need to process DHCP settings here as well to account for possible
# changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf
@@ -426,7 +432,7 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
echo "#quiet-dhcp6
#enable-ra
dhcp-option=option6:dns-server,[::]
-dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime}
+dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600
ra-param=*,0,0
" >> "${dhcpconfig}"
fi
@@ -716,7 +722,7 @@ RemoveCustomDNSAddress() {
host="${args[3]}"
if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
- sed -i "/${ip} ${host}/d" "${dnscustomfile}"
+ sed -i "/^${ip} ${host}$/d" "${dnscustomfile}"
else
echo -e " ${CROSS} Invalid IP has been passed"
exit 1
@@ -748,7 +754,7 @@ RemoveCustomCNAMERecord() {
if [[ -n "${validDomain}" ]]; then
validTarget="$(checkDomain "${target}")"
if [[ -n "${validDomain}" ]]; then
- sed -i "/cname=${validDomain},${validTarget}/d" "${dnscustomcnamefile}"
+ sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}"
else
echo " ${CROSS} Invalid Target Passed!"
exit 1
diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service
index f0743b49..55a68b15 100644
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
### BEGIN INIT INFO
# Provides: pihole-FTL
# Required-Start: $remote_fs $syslog $network
@@ -9,11 +9,8 @@
# Description: Enable service provided by pihole-FTL daemon
### END INIT INFO
-FTLUSER=pihole
-PIDFILE=/run/pihole-FTL.pid
-
is_running() {
- pgrep -o "pihole-FTL" > /dev/null 2>&1
+ pgrep -xo "pihole-FTL" > /dev/null
}
@@ -23,27 +20,18 @@ start() {
echo "pihole-FTL is already running"
else
# Touch files to ensure they exist (create if non-existing, preserve if existing)
- touch /var/log/pihole-FTL.log /var/log/pihole.log
- touch /run/pihole-FTL.pid /run/pihole-FTL.port
- touch /etc/pihole/dhcp.leases
- mkdir -p /run/pihole
- mkdir -p /var/log/pihole
- chown pihole:pihole /run/pihole /var/log/pihole
- # Remove possible leftovers from previous pihole-FTL processes
- rm -f /dev/shm/FTL-* 2> /dev/null
- rm /run/pihole/FTL.sock 2> /dev/null
+ mkdir -pm 0755 /run/pihole
+ touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
- chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port
- chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null
- chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log
- chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+ chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
+ chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /etc/pihole/macvendor.db
# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
- chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null
- if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then
- su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
+ chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
+ if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
+ su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
else
echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
- pihole-FTL
+ /usr/bin/pihole-FTL
fi
echo
fi
@@ -52,20 +40,20 @@ start() {
# Stop the service
stop() {
if is_running; then
- pkill -o pihole-FTL
- for i in {1..5}; do
+ pkill -xo "pihole-FTL"
+ for i in 1 2 3 4 5; do
if ! is_running; then
break
fi
- echo -n "."
+ printf "."
sleep 1
done
echo
if is_running; then
echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
- pkill -o -9 pihole-FTL
+ pkill -xo -9 "pihole-FTL"
exit 1
else
echo "Stopped"
@@ -73,6 +61,8 @@ stop() {
else
echo "Not running"
fi
+ # Cleanup
+ rm -f /run/pihole/FTL.sock /dev/shm/FTL-*
echo
}
@@ -101,7 +91,7 @@ case "$1" in
start
;;
*)
- echo $"Usage: $0 {start|stop|restart|reload|status}"
+ echo "Usage: $0 {start|stop|restart|reload|status}"
exit 1
esac
diff --git a/advanced/Templates/pihole.cron b/advanced/Templates/pihole.cron
index ecd1e808..37724d2e 100644
--- a/advanced/Templates/pihole.cron
+++ b/advanced/Templates/pihole.cron
@@ -26,7 +26,7 @@
# parameter "quiet": don't print messages
00 00 * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
-@reboot root /usr/sbin/logrotate /etc/pihole/logrotate
+@reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate
# Pi-hole: Grab local version and branch every 10 minutes
*/10 * * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local
diff --git a/advanced/index.php b/advanced/index.php
index a38cd365..d0c5fc5d 100644
--- a/advanced/index.php
+++ b/advanced/index.php
@@ -73,12 +73,12 @@ if ($serverName === "pi.hole"
<meta charset='utf-8'>
$viewPort
<title>● $serverName</title>
- <link rel='stylesheet' href='pihole/blockingpage.css'>
- <link rel='shortcut icon' href='admin/img/favicons/favicon.ico' type='image/x-icon'>
+ <link rel='stylesheet' href='/pihole/blockingpage.css'>
+ <link rel='shortcut icon' href='/admin/img/favicons/favicon.ico' type='image/x-icon'>
</head>
<body id='splashpage'>
<div id="pihole_card">
- <img src='admin/img/logo.svg' alt='Pi-hole logo' id="pihole_logo_splash" />
+ <img src='/admin/img/logo.svg' alt='Pi-hole logo' id="pihole_logo_splash" />
<p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
<a href='/admin'>Did you mean to go to the admin panel?</a>
</div>
diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian
index cd6d7737..3ecd7213 100644
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -20,7 +20,6 @@ server.modules = (
"mod_accesslog",
"mod_auth",
"mod_expire",
- "mod_compress",
"mod_redirect",
"mod_setenv",
"mod_rewrite"
@@ -41,26 +40,6 @@ index-file.names = ( "index.php", "index.html", "index.lighttpd.html"
url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-compress.cache-dir = "/var/cache/lighttpd/compress/"
-compress.filetype = (
- "application/json",
- "application/vnd.ms-fontobject",
- "application/xml",
- "font/eot",
- "font/opentype",
- "font/otf",
- "font/ttf",
- "image/bmp",
- "image/svg+xml",
- "image/vnd.microsoft.icon",
- "image/x-icon",
- "text/css",
- "text/html",
- "text/javascript",
- "text/plain",
- "text/xml"
-)
-
mimetype.assign = (
".ico" => "image/x-icon",
".jpeg" => "image/jpeg",
@@ -99,11 +78,6 @@ $HTTP["url"] =~ "^/admin/" {
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY"
)
-
- $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
- # Allow Block Page access to local fonts
- setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
- }
}
# Block . files from being served, such as .git, .github, .gitignore
diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora
index 64428617..5a99a9bf 100644
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -21,7 +21,6 @@ server.modules = (
"mod_expire",
"mod_fastcgi",
"mod_accesslog",
- "mod_compress",
"mod_redirect",
"mod_setenv",
"mod_rewrite"
@@ -42,26 +41,6 @@ index-file.names = ( "index.php", "index.html", "index.lighttpd.html"
url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-compress.cache-dir = "/var/cache/lighttpd/compress/"
-compress.filetype = (
- "application/json",
- "application/vnd.ms-fontobject",
- "application/xml",
- "font/eot",
- "font/opentype",
- "font/otf",
- "font/ttf",
- "image/bmp",
- "image/svg+xml",
- "image/vnd.microsoft.icon",
- "image/x-icon",
- "text/css",
- "text/html",
- "text/javascript",
- "text/plain",
- "text/xml"
-)
-
mimetype.assign = (
".ico" => "image/x-icon",
".jpeg" => "image/jpeg",
@@ -107,11 +86,6 @@ $HTTP["url"] =~ "^/admin/" {
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY"
)
-
- $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
- # Allow Block Page access to local fonts
- setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
- }
}
# Block . files from being served, such as .git, .github, .gitignore
diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index eb52aea3..34c0b4e7 100755
--- a/automated install/basic-install.sh
+++ b/automated install/basic-install.sh
@@ -94,24 +94,9 @@ if [ -z "${USER}" ]; then
USER="$(id -un)"
fi
-
-# Check if we are running on a real terminal and find the rows and columns
-# If there is no real terminal, we will default to 80x24
-if [ -t 0 ] ; then
- screen_size=$(stty size)
-else
- screen_size="24 80"
-fi
-# Determine terminal rows and columns by parsing screen_size
-printf -v rows '%d' "${screen_size%% *}"
-printf -v columns '%d' "${screen_size##* }"
-
-# Divide by two so the dialogs take up half of the screen, which looks nice.
-r=$(( rows / 2 ))
-c=$(( columns / 2 ))
-# Unless the screen is tiny
-r=$(( r < 20 ? 20 : r ))
-c=$(( c < 70 ? 70 : c ))
+# whiptail dialog dimensions: 20 rows and 70 chars width assures to fit on small screens and is known to hold all content.
+r=20
+c=70
######## Undocumented Flags. Shhh ########
# These are undocumented flags; some of which we can use when repairing an installation
@@ -186,12 +171,12 @@ os_check() {
# This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net
# and determines whether or not the script is running on one of those systems
local remote_os_domain valid_os valid_version valid_response detected_os detected_version display_warning cmdResult digReturnCode response
- remote_os_domain="versions.pi-hole.net"
+ remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"}
detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"')
detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
- cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)"
+ cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)"
# Gets the return code of the previous command (last line)
digReturnCode="${cmdResult##*$'\n'}"
@@ -276,7 +261,7 @@ os_check() {
}
# Compatibility
-distro_check() {
+package_manager_detect() {
# If apt-get is installed, then we know it's part of the Debian family
if is_command apt-get ; then
# Set some global variables here
@@ -288,21 +273,6 @@ if is_command apt-get ; then
PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install)
# grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script.
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
- # Some distros vary slightly so these fixes for dependencies may apply
- # on Ubuntu 18.04.1 LTS we need to add the universe repository to gain access to dhcpcd5
- APT_SOURCES="/etc/apt/sources.list"
- if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}' ${APT_SOURCES}; then
- if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5" "${r}" "${c}"; then
- printf " %b Aborting installation: Dependencies could not be installed.\\n" "${CROSS}"
- exit 1
- else
- printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}"
- cp -p ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list
- printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup"
- add-apt-repository universe
- printf " %b Enabled %s\\n" "${TICK}" "'universe' repository"
- fi
- fi
# Update package cache. This is required already here to assure apt-cache calls have package lists available.
update_package_cache || exit 1
# Debian 7 doesn't have iproute2 so check if it's available first
@@ -354,13 +324,19 @@ if is_command apt-get ; then
printf " %b Aborting installation: No SQLite PHP module was found in APT repository.\\n" "${CROSS}"
exit 1
fi
+ # Packages required to perfom the os_check (stored as an array)
+ OS_CHECK_DEPS=(grep dnsutils)
# Packages required to run this install script (stored as an array)
- INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail dnsutils)
+ INSTALLER_DEPS=(git "${iproute_pkg}" whiptail)
# Packages required to run Pi-hole (stored as an array)
- PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2)
+ PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2)
# Packages required for the Web admin interface (stored as an array)
# It's useful to separate this from Pi-hole, since the two repos are also setup separately
- PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-json" "${phpVer}-intl")
+ PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl")
+ # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php
+ if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then
+ PIHOLE_WEB_DEPS+=("${phpVer}-json")
+ fi
# The Web server user,
LIGHTTPD_USER="www-data"
# group,
@@ -396,7 +372,8 @@ elif is_command rpm ; then
# These variable names match the ones in the Debian family. See above for an explanation of what they are for.
PKG_INSTALL=("${PKG_MANAGER}" install -y)
PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
- INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig bind-utils)
+ OS_CHECK_DEPS=(grep bind-utils)
+ INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig)
PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap lsof)
PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl)
LIGHTTPD_USER="lighttpd"
@@ -688,9 +665,17 @@ welcomeDialogs() {
whiptail --msgbox --backtitle "Plea" --title "Free and open source" "\\n\\nThe Pi-hole is free, but powered by your donations: https://pi-hole.net/donate/" "${r}" "${c}"
# Explain the need for a static address
- whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly.
+ if whiptail --defaultno --backtitle "Initiating network interface" --title "Static IP Needed" --yesno "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly.
-In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." "${r}" "${c}"
+IMPORTANT: If you have not already done so, you must ensure that this device has a static IP. Either through DHCP reservation, or by manually assigning one. Depending on your operating system, there are many ways to achieve this.
+
+Choose yes to indicate that you have understood this message, and wish to continue" "${r}" "${c}"; then
+#Nothing to do, continue
+ echo
+else
+ printf " %b Installer exited at static IP message.\\n" "${INFO}"
+ exit 1
+fi
}
# A function that lets the user pick an interface to use with Pi-hole
@@ -843,8 +828,11 @@ use4andor6() {
if [[ "${useIPv4}" ]]; then
# Run our function to get the information we need
find_IPv4_information
- getStaticIPv4Settings
- setStaticIPv4
+ if [[ -f "/etc/dhcpcd.conf" ]]; then
+ # configure networking via dhcpcd
+ getStaticIPv4Settings
+ setDHCPCD
+ fi
fi
# If IPv6 is to be used,
if [[ "${useIPv6}" ]]; then
@@ -929,93 +917,6 @@ setDHCPCD() {
fi
}
-# Configure networking ifcfg-xxxx file found at /etc/sysconfig/network-scripts/
-# This function requires the full path of an ifcfg file passed as an argument
-setIFCFG() {
- # Local, named variables
- local IFCFG_FILE
- local IPADDR
- local CIDR
- IFCFG_FILE=$1
- printf -v IPADDR "%s" "${IPV4_ADDRESS%%/*}"
- # Check if the desired IP is already set
- if grep -Eq "${IPADDR}(\\b|\\/)" "${IFCFG_FILE}"; then
- printf " %b Static IP already configured\\n" "${INFO}"
- else
- # Otherwise, put the IP in variables without the CIDR notation
- printf -v CIDR "%s" "${IPV4_ADDRESS##*/}"
- # Backup existing interface configuration:
- cp -p "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig
- # Build Interface configuration file using the GLOBAL variables we have
- {
- echo "# Configured via Pi-hole installer"
- echo "DEVICE=$PIHOLE_INTERFACE"
- echo "BOOTPROTO=none"
- echo "ONBOOT=yes"
- echo "IPADDR=$IPADDR"
- echo "PREFIX=$CIDR"
- echo "GATEWAY=$IPv4gw"
- echo "DNS1=$PIHOLE_DNS_1"
- echo "DNS2=$PIHOLE_DNS_2"
- echo "USERCTL=no"
- }> "${IFCFG_FILE}"
- chmod 644 "${IFCFG_FILE}"
- chown root:root "${IFCFG_FILE}"
- # Use ip to immediately set the new address
- ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
- # If NetworkMangler command line interface exists and ready to mangle,
- if is_command nmcli && nmcli general status &> /dev/null; then
- # Tell NetworkManagler to read our new sysconfig file
- nmcli con load "${IFCFG_FILE}" > /dev/null
- fi
- # Show a warning that the user may need to restart
- printf " %b Set IP address to %s\\n You may need to restart after the install is complete\\n" "${TICK}" "${IPV4_ADDRESS%%/*}"
- fi
-}
-
-setStaticIPv4() {
- # Local, named variables
- local IFCFG_FILE
- local CONNECTION_NAME
-
- # If a static interface is already configured, we are done.
- if [[ -r "/etc/sysconfig/network/ifcfg-${PIHOLE_INTERFACE}" ]]; then
- if grep -q '^BOOTPROTO=.static.' "/etc/sysconfig/network/ifcfg-${PIHOLE_INTERFACE}"; then
- return 0
- fi
- fi
- # For the Debian family, if dhcpcd.conf exists then we can just configure using DHCPD.
- if [[ -f "/etc/dhcpcd.conf" ]]; then
- setDHCPCD
- return 0
- fi
- # If a DHCPCD config file was not found, check for an ifcfg config file based on the interface name
- if [[ -f "/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE}" ]];then
- # If it exists, then we can configure using IFCFG
- IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE}
- setIFCFG "${IFCFG_FILE}"
- return 0
- fi
- # If an ifcfg config does not exists for the interface name, search for one based on the connection name via network manager
- if is_command nmcli && nmcli general status &> /dev/null; then
- CONNECTION_NAME=$(nmcli dev show "${PIHOLE_INTERFACE}" | grep 'GENERAL.CONNECTION' | cut -d: -f2 | sed 's/^System//' | xargs | tr ' ' '_')
- IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME}
- if [[ -f "${IFCFG_FILE}" ]];then
- # If it exists,
- setIFCFG "${IFCFG_FILE}"
- return 0
- else
- printf " %b Warning: sysconfig network script not found. Creating ${IFCFG_FILE}\\n" "${INFO}"
- touch "${IFCFG_FILE}"
- setIFCFG "${IFCFG_FILE}"
- return 0
- fi
- fi
- # If previous conditions failed, show an error and exit
- printf " %b Warning: Unable to locate configuration file to set static IPv4 address\\n" "${INFO}"
- exit 1
-}
-
# Check an IP address to see if it is a valid one
valid_ip() {
# Local, named variables
@@ -1331,8 +1232,10 @@ version_check_dnsmasq() {
local dnsmasq_pihole_id_string="addn-hosts=/etc/pihole/gravity.list"
local dnsmasq_pihole_id_string2="# Dnsmasq config for Pi-hole's FTLDNS"
local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original"
- local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf"
- local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
+ local dnsmasq_pihole_01_source="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf"
+ local dnsmasq_pihole_01_target="/etc/dnsmasq.d/01-pihole.conf"
+ local dnsmasq_rfc6761_06_source="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf"
+ local dnsmasq_rfc6761_06_target="/etc/dnsmasq.d/06-rfc6761.conf"
# If the dnsmasq config file exists
if [[ -f "${dnsmasq_conf}" ]]; then
@@ -1361,44 +1264,48 @@ version_check_dnsmasq() {
printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}"
fi
- printf " %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." "${INFO}"
+ printf " %b Installing %s..." "${INFO}" "${dnsmasq_pihole_01_target}"
# Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency)
if [[ ! -d "/etc/dnsmasq.d" ]];then
install -d -m 755 "/etc/dnsmasq.d"
fi
# Copy the new Pi-hole DNS config file into the dnsmasq.d directory
- install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}"
- printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}"
+ install -D -m 644 -T "${dnsmasq_pihole_01_source}" "${dnsmasq_pihole_01_target}"
+ printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_pihole_01_target}"
# Replace our placeholder values with the GLOBAL DNS variables that we populated earlier
# First, swap in the interface to listen on,
- sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}"
+ sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_target}"
if [[ "${PIHOLE_DNS_1}" != "" ]]; then
# then swap in the primary DNS server.
- sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_location}"
+ sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_target}"
else
# Otherwise, remove the line which sets DNS1.
- sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_location}"
+ sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_target}"
fi
# Ditto if DNS2 is not empty
if [[ "${PIHOLE_DNS_2}" != "" ]]; then
- sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_location}"
+ sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_target}"
else
- sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_location}"
+ sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}"
fi
# Set the cache size
- sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" ${dnsmasq_pihole_01_location}
+ sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}"
sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}"
# If the user does not want to enable logging,
if [[ "${QUERY_LOGGING}" == false ]] ; then
# disable it by commenting out the directive in the DNS config file
- sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_location}"
+ sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_target}"
else
# Otherwise, enable it by uncommenting the directive in the DNS config file
- sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}"
+ sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_target}"
fi
+
+ printf " %b Installing %s..." "${INFO}" "${dnsmasq_rfc6761_06_source}"
+ install -D -m 644 -T "${dnsmasq_rfc6761_06_source}" "${dnsmasq_rfc6761_06_target}"
+ printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_rfc6761_06_target}"
}
# Clean an existing installation to prepare for upgrade/reinstall
@@ -1662,7 +1569,7 @@ update_package_cache() {
else
# Otherwise, show an error and exit
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
- printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "${UPDATE_PKG_CACHE}" "${COL_NC}"
+ printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}"
return 1
fi
}
@@ -1689,20 +1596,7 @@ notify_package_updates_available() {
fi
}
-# This counter is outside of install_dependent_packages so that it can count the number of times the function is called.
-counter=0
-
install_dependent_packages() {
- # Local, named variables should be used here, especially for an iterator
- # Add one to the counter
- counter=$((counter+1))
- if [[ "${counter}" == 1 ]]; then
- # On the first loop, print a special message
- printf " %b Installer Dependency checks...\\n" "${INFO}"
- else
- # On all subsequent loops, print a generic message.
- printf " %b Main Dependency checks...\\n" "${INFO}"
- fi
# Install packages passed in via argument array
# No spinner - conflicts with set -e
@@ -1940,9 +1834,17 @@ finalExports() {
# Install the logrotate script
installLogrotate() {
local str="Installing latest logrotate script"
+ local target=/etc/pihole/logrotate
+
printf "\\n %b %s..." "${INFO}" "${str}"
+ if [[ -f ${target} ]]; then
+ printf "\\n\\t%b Existing logrotate file found. No changes made.\\n" "${INFO}"
+ # Return value isn't that important, using 2 to indicate that it's not a fatal error but
+ # the function did not complete.
+ return 2
+ fi
# Copy the file over from the local repo
- install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate /etc/pihole/logrotate
+ install -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target}
# Different operating systems have different user / group
# settings for logrotate that makes it impossible to create
# a static logrotate file that will work with e.g.
@@ -1951,9 +1853,9 @@ installLogrotate() {
# the local properties of the /var/log directory
logusergroup="$(stat -c '%U %G' /var/log)"
# If there is a usergroup for log rotation,
- if [[ ! -z "${logusergroup}" ]]; then
+ if [[ -n "${logusergroup}" ]]; then
# replace the line in the logrotate script with that usergroup.
- sed -i "s/# su #/su ${logusergroup}/g;" /etc/pihole/logrotate
+ sed -i "s/# su #/su ${logusergroup}/g;" ${target}
fi
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
}
@@ -2030,8 +1932,10 @@ installPihole() {
fi
# Install the cron file
installCron
+
# Install the logrotate file
- installLogrotate
+ installLogrotate || true
+
# Check if dnsmasq is present. If so, disable it and back up any possible
# config file
disable_dnsmasq
@@ -2116,7 +2020,7 @@ Your Admin Webpage login password is ${pwstring}"
IPv4: ${IPV4_ADDRESS%/*}
IPv6: ${IPV6_ADDRESS:-"Not Configured"}
-If you set a new IP address, you should restart the Pi.
+If you have not done so already, the above IP should be set to static.
The install log is in /etc/pihole.
@@ -2137,7 +2041,7 @@ update_dialogs() {
strAdd="You will be updated to the latest version."
fi
opt2a="Reconfigure"
- opt2b="This will reset your Pi-hole and allow you to enter new settings."
+ opt2b="Resets Pi-hole and allows re-selecting settings."
# Display the information to the user
UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\\n\\nWe have detected an existing install.\\n\\nPlease choose from the following options: \\n($strAdd)" "${r}" "${c}" 2 \
@@ -2322,8 +2226,6 @@ FTLinstall() {
# Before stopping FTL, we download the macvendor database
curl -sSL "https://ftl.pi-hole.net/macvendor.db" -o "${PI_HOLE_CONFIG_DIR}/macvendor.db" || true
- chmod 644 "${PI_HOLE_CONFIG_DIR}/macvendor.db"
- chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/macvendor.db"
# Stop pihole-FTL service if available
stop_service pihole-FTL &> /dev/null
@@ -2628,8 +2530,25 @@ main() {
fi
fi
- # Check for supported distribution
- distro_check
+ # Check for supported package managers so that we may install dependencies
+ package_manager_detect
+
+ # Notify user of package availability
+ notify_package_updates_available
+
+ # Install packages necessary to perform os_check
+ printf " %b Checking for / installing Required dependencies for OS Check...\\n" "${INFO}"
+ install_dependent_packages "${OS_CHECK_DEPS[@]}"
+
+ # Check that the installed OS is officially supported - display warning if not
+ os_check
+
+ # Install packages used by this installation script
+ printf " %b Checking for / installing Required dependencies for this install script...\\n" "${INFO}"
+ install_dependent_packages "${INSTALLER_DEPS[@]}"
+
+ # Check if SELinux is Enforcing
+ checkSelinux
# If the setup variable file exists,
if [[ -f "${setupVars}" ]]; then
@@ -2646,19 +2565,6 @@ main() {
fi
fi
- # Start the installer
- # Notify user of package availability
- notify_package_updates_available
-
- # Install packages used by this installation script
- install_dependent_packages "${INSTALLER_DEPS[@]}"
-
- # Check that the installed OS is officially supported - display warning if not
- os_check
-
- # Check if SELinux is Enforcing
- checkSelinux
-
if [[ "${useUpdateVars}" == false ]]; then
# Display welcome dialogs
welcomeDialogs
@@ -2705,6 +2611,8 @@ main() {
dep_install_list+=("${PIHOLE_WEB_DEPS[@]}")
fi
+ # Install packages used by the actual software
+ printf " %b Checking for / installing Required dependencies for Pi-hole software...\\n" "${INFO}"
install_dependent_packages "${dep_install_list[@]}"
unset dep_install_list
@@ -2809,7 +2717,7 @@ main() {
printf " %b You may now configure your devices to use the Pi-hole as their DNS server\\n" "${INFO}"
[[ -n "${IPV4_ADDRESS%/*}" ]] && printf " %b Pi-hole DNS (IPv4): %s\\n" "${INFO}" "${IPV4_ADDRESS%/*}"
[[ -n "${IPV6_ADDRESS}" ]] && printf " %b Pi-hole DNS (IPv6): %s\\n" "${INFO}" "${IPV6_ADDRESS}"
- printf " %b If you set a new IP address, please restart the server running the Pi-hole\\n" "${INFO}"
+ printf " %b If you have not done so already, the above IP should be set to static.\\n" "${INFO}"
INSTALL_TYPE="Installation"
else
INSTALL_TYPE="Update"
diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh
index a0d3b108..5e27514f 100755
--- a/automated install/uninstall.sh
+++ b/automated install/uninstall.sh
@@ -42,8 +42,8 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
# setupVars set in basic-install.sh
source "${setupVars}"
-# distro_check() sourced from basic-install.sh
-distro_check
+# package_manager_detect() sourced from basic-install.sh
+package_manager_detect
# Install packages used by the Pi-hole
DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}")
@@ -113,7 +113,7 @@ removeNoPurge() {
fi
fi
echo -e "${OVER} ${TICK} Removed Web Interface"
-
+
# Attempt to preserve backwards compatibility with older versions
# to guarantee no additional changes were made to /etc/crontab after
# the installation of pihole, /etc/crontab.pihole should be permanently
@@ -145,6 +145,7 @@ removeNoPurge() {
${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null
${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null
+ ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null
${SUDO} rm -rf /var/log/*pihole* &> /dev/null
${SUDO} rm -rf /etc/pihole/ &> /dev/null
${SUDO} rm -rf /etc/.pihole/ &> /dev/null
@@ -206,11 +207,7 @@ removeNoPurge() {
}
######### SCRIPT ###########
-if command -v vcgencmd &> /dev/null; then
- echo -e " ${INFO} All dependencies are safe to remove on Raspbian"
-else
- echo -e " ${INFO} Be sure to confirm if any dependencies should not be removed"
-fi
+echo -e " ${INFO} Be sure to confirm if any dependencies should not be removed"
while true; do
echo -e " ${INFO} ${COL_YELLOW}The following dependencies may have been added by the Pi-hole install:"
echo -n " "
diff --git a/gravity.sh b/gravity.sh
index 24a41c48..ff02e9f3 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -47,16 +47,6 @@ domainsExtension="domains"
setupVars="${piholeDir}/setupVars.conf"
if [[ -f "${setupVars}" ]];then
source "${setupVars}"
-
- # Remove CIDR mask from IPv4/6 addresses
- IPV4_ADDRESS="${IPV4_ADDRESS%/*}"
- IPV6_ADDRESS="${IPV6_ADDRESS%/*}"
-
- # Determine if IPv4/6 addresses exist
- if [[ -z "${IPV4_ADDRESS}" ]] && [[ -z "${IPV6_ADDRESS}" ]]; then
- echo -e " ${COL_LIGHT_RED}No IP addresses found! Please run 'pihole -r' to reconfigure${COL_NC}"
- exit 1
- fi
else
echo -e " ${COL_LIGHT_RED}Installation Failure: ${setupVars} does not exist! ${COL_NC}
Please run 'pihole -r', and choose the 'reconfigure' option to fix."
@@ -73,6 +63,8 @@ fi
# have changed
gravityDBfile="${GRAVITYDB}"
gravityTEMPfile="${GRAVITYDB}_temp"
+gravityDIR="$(dirname -- "${gravityDBfile}")"
+gravityOLDfile="${gravityDIR}/gravity_old.db"
if [[ -z "${BLOCKINGMODE}" ]] ; then
BLOCKINGMODE="NULL"
@@ -123,8 +115,19 @@ gravity_swap_databases() {
fi
echo -e "${OVER} ${TICK} ${str}"
- # Swap databases and remove old database
- rm "${gravityDBfile}"
+ # Swap databases and remove or conditionally rename old database
+ # Number of available blocks on disk
+ availableBlocks=$(stat -f --format "%a" "${gravityDIR}")
+ # Number of blocks, used by gravity.db
+ gravityBlocks=$(stat --format "%b" ${gravityDBfile})
+ # Only keep the old database if available disk space is at least twice the size of the existing gravity.db.
+ # Better be safe than sorry...
+ if [ "${availableBlocks}" -gt "$(("${gravityBlocks}" * 2))" ] && [ -f "${gravityDBfile}" ]; then
+ echo -e " ${TICK} The old database remains available."
+ mv "${gravityDBfile}" "${gravityOLDfile}"
+ else
+ rm "${gravityDBfile}"
+ fi
mv "${gravityTEMPfile}" "${gravityDBfile}"
}
@@ -564,7 +567,7 @@ compareLists() {
# Download specified URL and perform checks on HTTP status and file content
gravity_DownloadBlocklistFromUrl() {
local url="${1}" cmd_ext="${2}" agent="${3}" adlistID="${4}" saveLocation="${5}" target="${6}" compression="${7}"
- local heisenbergCompensator="" patternBuffer str httpCode success=""
+ local heisenbergCompensator="" patternBuffer str httpCode success="" ip
# Create temp file to store content on disk instead of RAM
patternBuffer=$(mktemp -p "/tmp" --suffix=".phgpb")
@@ -582,7 +585,10 @@ gravity_DownloadBlocklistFromUrl() {
blocked=false
case $BLOCKINGMODE in
"IP-NODATA-AAAA"|"IP")
- if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then
+ # Get IP address of this domain
+ ip="$(dig "${domain}" +short)"
+ # Check if this IP matches any IP of the system
+ if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then
blocked=true
fi;;
"NXDOMAIN")
@@ -785,43 +791,12 @@ gravity_ShowCount() {
gravity_Table_Count "vw_regex_whitelist" "regex whitelist filters"
}
-# Parse list of domains into hosts format
-gravity_ParseDomainsIntoHosts() {
- awk -v ipv4="$IPV4_ADDRESS" -v ipv6="$IPV6_ADDRESS" '{
- # Remove windows CR line endings
- sub(/\r$/, "")
- # Parse each line as "ipaddr domain"
- if(ipv6 && ipv4) {
- print ipv4" "$0"\n"ipv6" "$0
- } else if(!ipv6) {
- print ipv4" "$0
- } else {
- print ipv6" "$0
- }
- }' >> "${2}" < "${1}"
-}
-
# Create "localhost" entries into hosts format
gravity_generateLocalList() {
- local hostname
-
- if [[ -s "/etc/hostname" ]]; then
- hostname=$(< "/etc/hostname")
- elif command -v hostname &> /dev/null; then
- hostname=$(hostname -f)
- else
- echo -e " ${CROSS} Unable to determine fully qualified domain name of host"
- return 0
- fi
-
- echo -e "${hostname}\\npi.hole" > "${localList}.tmp"
-
# Empty $localList if it already exists, otherwise, create it
- : > "${localList}"
+ echo "### Do not modify this file, it will be overwritten by pihole -g" > "${localList}"
chmod 644 "${localList}"
- gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}"
-
# Add additional LAN hosts provided by OpenVPN (if available)
if [[ -f "${VPNList}" ]]; then
awk -F, '{printf $2"\t"$1".vpn\n"}' "${VPNList}" >> "${localList}"
@@ -890,6 +865,11 @@ for var in "$@"; do
esac
done
+# Remove OLD (backup) gravity file, if it exists
+if [[ -f "${gravityOLDfile}" ]]; then
+ rm "${gravityOLDfile}"
+fi
+
# Trap Ctrl-C
gravity_Trap
diff --git a/manpages/pihole.8 b/manpages/pihole.8
index 4ba0e0f7..aaaa8d7e 100644
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -56,7 +56,7 @@ Available commands and options:
\fB-w, whitelist\fR [options] [<domain1> <domain2 ...>]
.br
- Adds or removes specified domain or domains tho the Whitelist
+ Adds or removes specified domain or domains to the Whitelist
.br
\fB-b, blacklist\fR [options] [<domain1> <domain2 ...>]
diff --git a/pihole b/pihole
index f8085c8e..31356671 100755
--- a/pihole
+++ b/pihole
@@ -242,7 +242,7 @@ Time:
echo "BLOCKING_ENABLED=true" >> "${setupVars}"
fi
- restartDNS reload
+ restartDNS reload-lists
echo -e "${OVER} ${TICK} ${str}"
}
@@ -363,16 +363,13 @@ tailFunc() {
fi
echo -e " ${INFO} Press Ctrl-C to exit"
- # Retrieve IPv4/6 addresses
- source /etc/pihole/setupVars.conf
-
# Strip date from each line
# Color blocklist/blacklist/wildcard entries as red
# Color A/AAAA/DHCP strings as white
# Color everything else as gray
- tail -f /var/log/pihole.log | sed -E \
+ tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \
-e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
- -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
+ -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \
-e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
-e "s,.*,${COL_GRAY}&${COL_NC},"
exit 0
@@ -402,34 +399,24 @@ Branches:
}
tricorderFunc() {
+ local tricorder_token
if [[ ! -p "/dev/stdin" ]]; then
echo -e " ${INFO} Please do not call Tricorder directly"
exit 1
fi
- if ! (echo > /dev/tcp/tricorder.pi-hole.net/9998) >/dev/null 2>&1; then
- echo -e " ${CROSS} Unable to connect to Pi-hole's Tricorder server"
- exit 1
- fi
-
- if command -v openssl &> /dev/null; then
- openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin
- exit "$?"
- else
- echo -e " ${INFO} ${COL_YELLOW}Security Notice${COL_NC}: ${COL_WHITE}openssl${COL_NC} is not installed
- Your debug log will be transmitted unencrypted via plain-text
- There is a possibility that this could be intercepted by a third party
- If you wish to cancel, press Ctrl-C to exit within 10 seconds"
- secs="10"
- while [[ "$secs" -gt "0" ]]; do
- echo -ne "."
- sleep 1
- : $((secs--))
- done
- echo " "
- nc tricorder.pi-hole.net 9999 < /dev/stdin
- exit "$?"
+ tricorder_token=$(curl --silent --fail --show-error --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin 2>&1)
+ if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then
+ echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance."
+ # Log curl error (if available)
+ if [ -n "${tricorder_token}" ]; then
+ echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n"
+ tricorder_token=""
+ fi
+ exit 1
fi
+ echo "Upload successful, your token is: ${COL_GREEN}${tricorder_token}${COL_NC}"
+ exit 0
}
updateCheckFunc() {
@@ -456,7 +443,10 @@ Debugging Options:
Add '-a' to automatically upload the log to tricorder.pi-hole.net
-f, flush Flush the Pi-hole log
-r, reconfigure Reconfigure or Repair Pi-hole subsystems
- -t, tail View the live output of the Pi-hole log
+ -t, tail [arg] View the live output of the Pi-hole log.
+ Add an optional argument to filter the log
+ (regular expressions are supported)
+
Options:
-a, admin Web interface options
@@ -530,7 +520,7 @@ case "${1}" in
"status" ) statusFunc "$2";;
"restartdns" ) restartDNS "$2";;
"-a" | "admin" ) webpageFunc "$@";;
- "-t" | "tail" ) tailFunc;;
+ "-t" | "tail" ) tailFunc "$2";;
"checkout" ) piholeCheckoutFunc "$@";;
"tricorder" ) tricorderFunc;;
"updatechecker" ) updateCheckFunc "$@";;
diff --git a/supportedos.txt b/supportedos.txt
deleted file mode 100644
index 6d579132..00000000
--- a/supportedos.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Raspbian=9,10
-Ubuntu=16,18,20
-Debian=9,10
-Fedora=32,33
-CentOS=7,8 \ No newline at end of file
diff --git a/test/_centos_7.Dockerfile b/test/_centos_7.Dockerfile
index 00543b67..434242bf 100644
--- a/test/_centos_7.Dockerfile
+++ b/test/_centos_7.Dockerfile
@@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_centos_8.Dockerfile b/test/_centos_8.Dockerfile
index 7444551b..afd2dc8a 100644
--- a/test/_centos_8.Dockerfile
+++ b/test/_centos_8.Dockerfile
@@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_debian_10.Dockerfile b/test/_debian_10.Dockerfile
index 9b72fc6a..54800d3c 100644
--- a/test/_debian_10.Dockerfile
+++ b/test/_debian_10.Dockerfile
@@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_debian_11.Dockerfile b/test/_debian_11.Dockerfile
new file mode 100644
index 00000000..39be027e
--- /dev/null
+++ b/test/_debian_11.Dockerfile
@@ -0,0 +1,17 @@
+FROM buildpack-deps:bullseye-scm
+
+ENV GITDIR /etc/.pihole
+ENV SCRIPTDIR /opt/pihole
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
+ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+ chmod +x $SCRIPTDIR/*
+
+ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_debian_9.Dockerfile b/test/_debian_9.Dockerfile
index d6609ba3..c590a657 100644
--- a/test/_debian_9.Dockerfile
+++ b/test/_debian_9.Dockerfile
@@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_fedora_32.Dockerfile b/test/_fedora_32.Dockerfile
index 869efb2b..e9c2ff2a 100644
--- a/test/_fedora_32.Dockerfile
+++ b/test/_fedora_32.Dockerfile
@@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_fedora_33.Dockerfile b/test/_fedora_33.Dockerfile
index 0a1ac59c..9ae94c70 100644
--- a/test/_fedora_33.Dockerfile
+++ b/test/_fedora_33.Dockerfile
@@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_ubuntu_16.Dockerfile b/test/_ubuntu_16.Dockerfile
index a92bc6f6..e572efd1 100644
--- a/test/_ubuntu_16.Dockerfile
+++ b/test/_ubuntu_16.Dockerfile
@@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ \ No newline at end of file
diff --git a/test/_ubuntu_18.Dockerfile b/test/_ubuntu_18.Dockerfile
index 2f63ea89..592c5c3f 100644
--- a/test/_ubuntu_18.Dockerfile
+++ b/test/_ubuntu_18.Dockerfile
@@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_ubuntu_20.Dockerfile b/test/_ubuntu_20.Dockerfile
index caa6261f..80e2e007 100644
--- a/test/_ubuntu_20.Dockerfile
+++ b/test/_ubuntu_20.Dockerfile
@@ -13,5 +13,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_ubuntu_21.Dockerfile b/test/_ubuntu_21.Dockerfile
new file mode 100644
index 00000000..afddbfa9
--- /dev/null
+++ b/test/_ubuntu_21.Dockerfile
@@ -0,0 +1,18 @@
+FROM buildpack-deps:hirsute-scm
+
+ENV GITDIR /etc/.pihole
+ENV SCRIPTDIR /opt/pihole
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
+ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN true && \
+ chmod +x $SCRIPTDIR/*
+
+ENV PH_TEST true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/conftest.py b/test/conftest.py
index 07166ec5..13731eb8 100644
--- a/test/conftest.py
+++ b/test/conftest.py
@@ -8,8 +8,6 @@ check_output = testinfra.get_backend(
SETUPVARS = {
'PIHOLE_INTERFACE': 'eth99',
- 'IPV4_ADDRESS': '1.1.1.1',
- 'IPV6_ADDRESS': 'FE80::240:D0FF:FE48:4672',
'PIHOLE_DNS_1': '4.2.2.1',
'PIHOLE_DNS_2': '4.2.2.2'
}
diff --git a/test/test_automated_install.py b/test/test_automated_install.py
index 44624082..593c19d2 100644
--- a/test/test_automated_install.py
+++ b/test/test_automated_install.py
@@ -18,13 +18,13 @@ def test_supported_operating_system(Pihole):
# break supported package managers to emulate an unsupported distribution
Pihole.run('rm -rf /usr/bin/apt-get')
Pihole.run('rm -rf /usr/bin/rpm')
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
expected_stdout = cross_box + ' OS distribution not supported'
- assert expected_stdout in distro_check.stdout
- # assert distro_check.rc == 1
+ assert expected_stdout in package_manager_detect.stdout
+ # assert package_manager_detect.rc == 1
def test_setupVars_are_sourced_to_global_scope(Pihole):
@@ -45,8 +45,6 @@ def test_setupVars_are_sourced_to_global_scope(Pihole):
# Currently debug test function only
echo "Outputting sourced variables"
echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
- echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
- echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
}
@@ -137,7 +135,7 @@ def test_update_package_cache_success_no_errors(Pihole):
'''
updateCache = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
update_package_cache
''')
expected_stdout = tick_box + ' Update local cache of available packages'
@@ -152,7 +150,7 @@ def test_update_package_cache_failure_no_errors(Pihole):
mock_command('apt-get', {'update': ('', '1')}, Pihole)
updateCache = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
update_package_cache
''')
expected_stdout = cross_box + ' Update local cache of available packages'
@@ -359,7 +357,7 @@ def test_FTL_download_aarch64_no_errors(Pihole):
mock_command('whiptail', {'*': ('', '0')}, Pihole)
Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
install_dependent_packages ${INSTALLER_DEPS[@]}
''')
download_binary = Pihole.run('''
@@ -569,7 +567,8 @@ def test_os_check_fails(Pihole):
''' Confirms install fails on unsupported OS '''
Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
+ install_dependent_packages ${OS_CHECK_DEPS[@]}
install_dependent_packages ${INSTALLER_DEPS[@]}
cat <<EOT > /etc/os-release
ID=UnsupportedOS
@@ -588,7 +587,8 @@ def test_os_check_passes(Pihole):
''' Confirms OS meets the requirements '''
Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
+ install_dependent_packages ${OS_CHECK_DEPS[@]}
install_dependent_packages ${INSTALLER_DEPS[@]}
''')
detectOS = Pihole.run('''
@@ -597,3 +597,42 @@ def test_os_check_passes(Pihole):
''')
expected_stdout = 'Supported OS detected'
assert expected_stdout in detectOS.stdout
+
+
+def test_package_manager_has_installer_deps(Pihole):
+ ''' Confirms OS is able to install the required packages for the installer'''
+ mock_command('whiptail', {'*': ('', '0')}, Pihole)
+ output = Pihole.run('''
+ source /opt/pihole/basic-install.sh
+ package_manager_detect
+ install_dependent_packages ${INSTALLER_DEPS[@]}
+ ''')
+
+ assert 'No package' not in output.stdout # centos7 still exits 0...
+ assert output.rc == 0
+
+
+def test_package_manager_has_pihole_deps(Pihole):
+ ''' Confirms OS is able to install the required packages for Pi-hole '''
+ mock_command('whiptail', {'*': ('', '0')}, Pihole)
+ output = Pihole.run('''
+ source /opt/pihole/basic-install.sh
+ package_manager_detect
+ install_dependent_packages ${PIHOLE_DEPS[@]}
+ ''')
+
+ assert 'No package' not in output.stdout # centos7 still exits 0...
+ assert output.rc == 0
+
+
+def test_package_manager_has_web_deps(Pihole):
+ ''' Confirms OS is able to install the required packages for web '''
+ mock_command('whiptail', {'*': ('', '0')}, Pihole)
+ output = Pihole.run('''
+ source /opt/pihole/basic-install.sh
+ package_manager_detect
+ install_dependent_packages ${PIHOLE_WEB_DEPS[@]}
+ ''')
+
+ assert 'No package' not in output.stdout # centos7 still exits 0...
+ assert output.rc == 0
diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py
index 2f744ab4..ed99231a 100644
--- a/test/test_centos_7_support.py
+++ b/test/test_centos_7_support.py
@@ -9,13 +9,13 @@ def test_php_upgrade_default_optout_centos_eq_7(Pihole):
'''
confirms the default behavior to opt-out of installing PHP7 from REMI
'''
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
'Deprecated PHP may be in use.')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
remi_package = Pihole.package('remi-release')
assert not remi_package.is_installed
@@ -27,13 +27,13 @@ def test_php_upgrade_user_optout_centos_eq_7(Pihole):
'''
# Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', {'*': ('', '1')}, Pihole)
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
'Deprecated PHP may be in use.')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
remi_package = Pihole.package('remi-release')
assert not remi_package.is_installed
@@ -45,16 +45,16 @@ def test_php_upgrade_user_optin_centos_eq_7(Pihole):
'''
# Whiptail dialog returns Continue for user prompt
mock_command('whiptail', {'*': ('', '0')}, Pihole)
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
- assert 'opt-out' not in distro_check.stdout
+ assert 'opt-out' not in package_manager_detect.stdout
expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
'(https://rpms.remirepo.net)')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
expected_stdout = tick_box + (' Remi\'s RPM repository has '
'been enabled for PHP7')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
remi_package = Pihole.package('remi-release')
assert remi_package.is_installed
diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py
index d3e83658..b8ad9607 100644
--- a/test/test_centos_8_support.py
+++ b/test/test_centos_8_support.py
@@ -10,13 +10,13 @@ def test_php_upgrade_default_continue_centos_gte_8(Pihole):
confirms the latest version of CentOS continues / does not optout
(should trigger on CentOS7 only)
'''
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
' Deprecated PHP may be in use.')
- assert unexpected_stdout not in distro_check.stdout
+ assert unexpected_stdout not in package_manager_detect.stdout
# ensure remi was not installed on latest CentOS
remi_package = Pihole.package('remi-release')
assert not remi_package.is_installed
@@ -30,13 +30,13 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole):
'''
# Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', {'*': ('', '1')}, Pihole)
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
' Deprecated PHP may be in use.')
- assert unexpected_stdout not in distro_check.stdout
+ assert unexpected_stdout not in package_manager_detect.stdout
# ensure remi was not installed on latest CentOS
remi_package = Pihole.package('remi-release')
assert not remi_package.is_installed
@@ -50,16 +50,16 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole):
'''
# Whiptail dialog returns Continue for user prompt
mock_command('whiptail', {'*': ('', '0')}, Pihole)
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
- assert 'opt-out' not in distro_check.stdout
+ assert 'opt-out' not in package_manager_detect.stdout
unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository '
'(https://rpms.remirepo.net)')
- assert unexpected_stdout not in distro_check.stdout
+ assert unexpected_stdout not in package_manager_detect.stdout
unexpected_stdout = tick_box + (' Remi\'s RPM repository has '
'been enabled for PHP7')
- assert unexpected_stdout not in distro_check.stdout
+ assert unexpected_stdout not in package_manager_detect.stdout
remi_package = Pihole.package('remi-release')
assert not remi_package.is_installed
diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py
index fdf43cba..8412173d 100644
--- a/test/test_centos_common_support.py
+++ b/test/test_centos_common_support.py
@@ -13,29 +13,29 @@ def test_release_supported_version_check_centos(Pihole):
'''
# modify /etc/redhat-release to mock an unsupported CentOS release
Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
expected_stdout = cross_box + (' CentOS 6 is not supported.')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
expected_stdout = 'Please update to CentOS release 7 or later'
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
def test_enable_epel_repository_centos(Pihole):
'''
confirms the EPEL package repository is enabled when installed on CentOS
'''
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
expected_stdout = info_box + (' Enabling EPEL package repository '
'(https://fedoraproject.org/wiki/EPEL)')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
expected_stdout = tick_box + ' Installed epel-release'
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
epel_package = Pihole.package('epel-release')
assert epel_package.is_installed
@@ -51,13 +51,13 @@ def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole):
default_centos_php_version = php_package.version.split('.')[0]
if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended
pytest.skip("Test deprecated . Detected default PHP version >= 7")
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
'Deprecated PHP may be in use.')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
remi_package = Pihole.package('remi-release')
assert not remi_package.is_installed
@@ -75,13 +75,13 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole):
pytest.skip("Test deprecated . Detected default PHP version >= 7")
# Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', {'*': ('', '1')}, Pihole)
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
'Deprecated PHP may be in use.')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
remi_package = Pihole.package('remi-release')
assert not remi_package.is_installed
@@ -99,20 +99,20 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole):
pytest.skip("Test deprecated . Detected default PHP version >= 7")
# Whiptail dialog returns Continue for user prompt
mock_command('whiptail', {'*': ('', '0')}, Pihole)
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
install_dependent_packages PIHOLE_WEB_DEPS[@]
''')
expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
'Deprecated PHP may be in use.')
- assert expected_stdout not in distro_check.stdout
+ assert expected_stdout not in package_manager_detect.stdout
expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
'(https://rpms.remirepo.net)')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
expected_stdout = tick_box + (' Remi\'s RPM repository has '
'been enabled for PHP7')
- assert expected_stdout in distro_check.stdout
+ assert expected_stdout in package_manager_detect.stdout
remi_package = Pihole.package('remi-release')
assert remi_package.is_installed
updated_php_package = Pihole.package('php')
diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py
index 473b2e96..a2ac4c71 100644
--- a/test/test_fedora_support.py
+++ b/test/test_fedora_support.py
@@ -3,11 +3,11 @@ def test_epel_and_remi_not_installed_fedora(Pihole):
confirms installer does not attempt to install EPEL/REMI repositories
on Fedora
'''
- distro_check = Pihole.run('''
+ package_manager_detect = Pihole.run('''
source /opt/pihole/basic-install.sh
- distro_check
+ package_manager_detect
''')
- assert distro_check.stdout == ''
+ assert package_manager_detect.stdout == ''
epel_package = Pihole.package('epel-release')
assert not epel_package.is_installed
diff --git a/test/tox.debian_11.ini b/test/tox.debian_11.ini
new file mode 100644
index 00000000..af3c6e36
--- /dev/null
+++ b/test/tox.debian_11.ini
@@ -0,0 +1,8 @@
+[tox]
+envlist = py37
+
+[testenv]
+whitelist_externals = docker
+deps = -rrequirements.txt
+commands = docker build -f _debian_11.Dockerfile -t pytest_pihole:test_container ../
+ pytest {posargs:-vv -n auto} ./test_automated_install.py
diff --git a/test/tox.ubuntu_21.ini b/test/tox.ubuntu_21.ini
new file mode 100644
index 00000000..651f933b
--- /dev/null
+++ b/test/tox.ubuntu_21.ini
@@ -0,0 +1,8 @@
+[tox]
+envlist = py37
+
+[testenv]
+whitelist_externals = docker
+deps = -rrequirements.txt
+commands = docker build -f _ubuntu_21.Dockerfile -t pytest_pihole:test_container ../
+ pytest {posargs:-vv -n auto} ./test_automated_install.py
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 16:55:43 +0300