diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d19df5ab..129caea4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] + distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: diff --git a/README.md b/README.md index 57dee16d..06f541f4 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,8 @@ sudo bash basic-install.sh wget -O basic-install.sh https://install.pi-hole.net sudo bash basic-install.sh ``` +### Method 3: Using Docker to deploy Pi-hole +Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-hole) to use the Official Docker Images. ## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/) diff --git a/advanced/06-rfc6761.conf b/advanced/06-rfc6761.conf new file mode 100644 index 00000000..e03569e8 --- /dev/null +++ b/advanced/06-rfc6761.conf @@ -0,0 +1,41 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2021 Pi-hole, LLC (https://pi-hole.net) +# Network-wide ad blocking via your own hardware. +# +# RFC 6761 config file for Pi-hole +# +# This file is copyright under the latest version of the EUPL. +# Please see LICENSE file for your rights under this license. + +############################################################################### +# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # +# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # +# # +# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # +# WITHIN /etc/dnsmasq.d/yourname.conf # +############################################################################### + +# RFC 6761: Caching DNS servers SHOULD recognize +# test, localhost, invalid +# names as special and SHOULD NOT attempt to look up NS records for them, or +# otherwise query authoritative DNS servers in an attempt to resolve these +# names. +server=/test/ +server=/localhost/ +server=/invalid/ + +# The same RFC requests something similar for +# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 27.172.in-addr.arpa. +# 17.172.in-addr.arpa. 30.172.in-addr.arpa. 28.172.in-addr.arpa. +# 18.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. +# 19.172.in-addr.arpa. 24.172.in-addr.arpa. 31.172.in-addr.arpa. +# 20.172.in-addr.arpa. 25.172.in-addr.arpa. 168.192.in-addr.arpa. +# Pi-hole implements this via the dnsmasq option "bogus-priv" (see +# 01-pihole.conf) because this also covers IPv6. + +# OpenWRT furthermore blocks bind, local, onion domains +# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD +# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml +# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 +server=/bind/ +server=/onion/ diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 4f9ea59a..3f85bdfc 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -498,10 +498,6 @@ chronoFunc() { printFunc " RAM usage: " "$ram_perc%" "$ram_info" printFunc " HDD usage: " "$disk_perc" "$disk_info" - if [[ "$scr_lines" -gt 17 ]] && [[ "$chrono_width" != "small" ]]; then - printFunc " LAN addr: " "${IPV4_ADDRESS/\/*/}" "$lan_info" - fi - if [[ "$DHCP_ACTIVE" == "true" ]]; then printFunc "DHCP usage: " "$ph_dhcp_percent%" "$dhcp_info" fi diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 1c1b16a4..4c0a4f40 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -166,12 +166,15 @@ checkout() { checkout_pull_branch "${webInterfaceDir}" "${2}" elif [[ "${1}" == "ftl" ]] ; then local path + local oldbranch path="${2}/${binary}" + oldbranch="$(pihole-FTL -b)" if check_download_exists "$path"; then echo " ${TICK} Branch ${2} exists" echo "${2}" > /etc/pihole/ftlbranch chmod 644 /etc/pihole/ftlbranch + echo -e " ${INFO} Switching to branch: \"${2}\" from \"${oldbranch}\"" FTLinstall "${binary}" restart_service pihole-FTL enable_service pihole-FTL diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 13a886f1..d199b4f5 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -56,11 +56,6 @@ FAQ_BAD_ADDRESS="${COL_CYAN}https://discourse.pi-hole.net/t/why-do-i-see-bad-add # Other URLs we may use FORUMS_URL="${COL_CYAN}https://discourse.pi-hole.net${COL_NC}" -TRICORDER_CONTEST="${COL_CYAN}https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/${COL_NC}" - -# Port numbers used for uploading the debug log -TRICORDER_NC_PORT_NUMBER=9999 -TRICORDER_SSL_PORT_NUMBER=9998 # Directories required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -78,15 +73,12 @@ HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" SHM_DIRECTORY="/dev/shm" +ETC="/etc" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 PIHOLE_CRON_FILE="${CRON_D_DIRECTORY}/pihole" -PIHOLE_DNS_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/01-pihole.conf" -PIHOLE_DHCP_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/02-pihole-dhcp.conf" -PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf" - WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf" WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf" @@ -141,6 +133,9 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log" PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log" PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log" +RESOLVCONF="${ETC}/resolv.conf" +DNSMASQ_CONF="${ETC}/dnsmasq.conf" + # An array of operating system "pretty names" that we officially support # We can loop through the array at any time to see if it matches a value #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS") @@ -165,9 +160,6 @@ PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" ) # Store the required directories in an array so it can be parsed through REQUIRED_FILES=("${PIHOLE_CRON_FILE}" -"${PIHOLE_DNS_CONFIG_FILE}" -"${PIHOLE_DHCP_CONFIG_FILE}" -"${PIHOLE_WILDCARD_CONFIG_FILE}" "${WEB_SERVER_CONFIG_FILE}" "${WEB_SERVER_CUSTOM_CONFIG_FILE}" "${PIHOLE_INSTALL_LOG_FILE}" @@ -185,7 +177,9 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}" "${PIHOLE_DEBUG_LOG}" "${PIHOLE_FTL_LOG}" "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" -"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") +"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}" +"${RESOLVCONF}" +"${DNSMASQ_CONF}") DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net. @@ -235,6 +229,7 @@ copy_to_debug_log() { } initialize_debug() { + local system_uptime # Clear the screen so the debug log is readable clear show_disclaimer @@ -242,6 +237,10 @@ initialize_debug() { log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}" # Timestamp the start of the log log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initialized." + # Uptime of the system + # credits to https://stackoverflow.com/questions/28353409/bash-format-uptime-to-show-days-hours-minutes + system_uptime=$(uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/){if ($9=="min") {d=$6;m=$8} else {d=$6;h=$8;m=$9}} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes"}') + log_write "${INFO} System has been running for ${system_uptime}" } # This is a function for visually displaying the current test that is being run. @@ -410,12 +409,12 @@ os_check() { # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net # and determines whether or not the script is running on one of those systems local remote_os_domain valid_os valid_version detected_os detected_version cmdResult digReturnCode response - remote_os_domain="versions.pi-hole.net" + remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"} detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"') detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') - cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)" + cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)" #Get the return code of the previous command (last line) digReturnCode="${cmdResult##*$'\n'}" @@ -605,38 +604,6 @@ parse_locale() { parse_file "${pihole_locale}" } -does_ip_match_setup_vars() { - # Check for IPv4 or 6 - local protocol="${1}" - # IP address to check for - local ip_address="${2}" - # See what IP is in the setupVars.conf file - local setup_vars_ip - setup_vars_ip=$(< ${PIHOLE_SETUP_VARS_FILE} grep IPV"${protocol}"_ADDRESS | cut -d '=' -f2) - # If it's an IPv6 address - if [[ "${protocol}" == "6" ]]; then - # Strip off the / (CIDR notation) - if [[ "${ip_address%/*}" == "${setup_vars_ip%/*}" ]]; then - # if it matches, show it in green - log_write " ${COL_GREEN}${ip_address%/*}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" - else - # otherwise show it in red with an FAQ URL - log_write " ${COL_RED}${ip_address%/*}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" - fi - - else - # if the protocol isn't 6, it's 4 so no need to strip the CIDR notation - # since it exists in the setupVars.conf that way - if [[ "${ip_address}" == "${setup_vars_ip}" ]]; then - # show in green if it matches - log_write " ${COL_GREEN}${ip_address}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" - else - # otherwise show it in red - log_write " ${COL_RED}${ip_address}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" - fi - fi -} - detect_ip_addresses() { # First argument should be a 4 or a 6 local protocol=${1} @@ -653,8 +620,7 @@ detect_ip_addresses() { log_write "${TICK} IPv${protocol} address(es) bound to the ${PIHOLE_INTERFACE} interface:" # Since there may be more than one IP address, store them in an array for i in "${!ip_addr_list[@]}"; do - # For each one in the list, print it out - does_ip_match_setup_vars "${protocol}" "${ip_addr_list[$i]}" + log_write " ${ip_addr_list[$i]}" done # Print a blank line just for formatting log_write "" @@ -663,13 +629,6 @@ detect_ip_addresses() { log_write "${CROSS} ${COL_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interface.\\n" return 1 fi - # If the protocol is v6 - if [[ "${protocol}" == "6" ]]; then - # let the user know that as long as there is one green address, things should be ok - log_write " ^ Please note that you may have more than one IP address listed." - log_write " As long as one of them is green, and it matches what is in ${PIHOLE_SETUP_VARS_FILE}, there is no need for concern.\\n" - log_write " The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.\\n" - fi } ping_ipv4_or_ipv6() { @@ -859,13 +818,13 @@ dig_at() { # Store the arguments as variables with names local protocol="${1}" - local IP="${2}" echo_current_diagnostic "Name resolution (IPv${protocol}) using a random blocked domain and a known ad-serving domain" # Set more local variables # We need to test name resolution locally, via Pi-hole, and via a public resolver local local_dig - local pihole_dig local remote_dig + local interfaces + local addresses # Use a static domain that we know has IPv4 and IPv6 to avoid false positives # Sometimes the randomly chosen domains don't use IPv6, or something else is wrong with them local remote_url="doubleclick.com" @@ -874,15 +833,15 @@ dig_at() { if [[ ${protocol} == "6" ]]; then # Set the IPv6 variables and record type local local_address="::1" - local pihole_address="${IP}" local remote_address="2001:4860:4860::8888" + local sed_selector="inet6" local record_type="AAAA" # Otherwise, it should be 4 else # so use the IPv4 values local local_address="127.0.0.1" - local pihole_address="${IP}" local remote_address="8.8.8.8" + local sed_selector="inet" local record_type="A" fi @@ -892,32 +851,55 @@ dig_at() { local random_url random_url=$(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity ORDER BY RANDOM() LIMIT 1") - # First, do a dig on localhost to see if Pi-hole can use itself to block a domain - if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then - # If it can, show success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})" - else - # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} (${local_address})" - fi - # Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address # This better emulates how clients will interact with Pi-hole as opposed to above where Pi-hole is # just asing itself locally - # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't waiting for too long - - # If Pi-hole can dig itself from it's IP (not the loopback address) - if pihole_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${pihole_address}" +short "${record_type}"); then - # show a success - log_write "${TICK} ${random_url} ${COL_GREEN}is ${pihole_dig}${COL_NC} via ${COL_CYAN}Pi-hole${COL_NC} (${pihole_address})" - else - # Otherwise, show a failure - log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}Pi-hole${COL_NC} (${pihole_address})" - fi + # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't + # waiting for too long + # + # Turn off history expansion such that the "!" in the sed command cannot do silly things + set +H + # Get interfaces + # sed logic breakdown: + # / master /d; + # Removes all interfaces that are slaves of others (e.g. virtual docker interfaces) + # /UP/!d; + # Removes all interfaces which are not UP + # s/^[0-9]*: //g; + # Removes interface index + # s/: <.*//g; + # Removes everything after the interface name + interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/: <.*//g;")" + + while IFS= read -r iface ; do + # Get addresses of current interface + # sed logic breakdown: + # /inet(|6) /!d; + # Removes all lines from ip a that do not contain either "inet " or "inet6 " + # s/^.*inet(|6) //g; + # Removes all leading whitespace as well as the "inet " or "inet6 " string + # s/\/.*$//g; + # Removes CIDR and everything thereafter (e.g., scope properties) + addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")" + if [ -n "${addresses}" ]; then + while IFS= read -r local_address ; do + # Check if Pi-hole can use itself to block a domain + if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then + # If it can, show success + log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})" + else + # Otherwise, show a failure + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})" + fi + done <<< "${addresses}" + else + log_write "${TICK} No IPv${protocol} address available on ${COL_CYAN}${iface}${COL_NC}" + fi + done <<< "${interfaces}" # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server # We are using the static remote_url here instead of a random one because we know it works with IPv4 and IPv6 - if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @${remote_address} +short "${record_type}" | head -n1); then + if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @"${remote_address}" +short "${record_type}" | head -n1); then # If successful, the real IP of the domain will be returned instead of Pi-hole's IP log_write "${TICK} ${remote_url} ${COL_GREEN}is ${remote_dig}${COL_NC} via ${COL_CYAN}a remote, public DNS server${COL_NC} (${remote_address})" else @@ -1032,7 +1014,7 @@ parse_file() { local file_lines # For each line in the file, for file_lines in "${file_info[@]}"; do - if [[ ! -z "${file_lines}" ]]; then + if [[ -n "${file_lines}" ]]; then # don't include the Web password hash [[ "${file_lines}" =~ ^\#.*$ || ! "${file_lines}" || "${file_lines}" == "WEBPASSWORD="* ]] && continue # otherwise, display the lines of the file @@ -1046,12 +1028,8 @@ parse_file() { check_name_resolution() { # Check name resolution from localhost, Pi-hole's IP, and Google's name severs # using the function we created earlier - dig_at 4 "${IPV4_ADDRESS%/*}" - # If IPv6 enabled, - if [[ "${IPV6_ADDRESS}" ]]; then - # check resolution - dig_at 6 "${IPV6_ADDRESS%/*}" - fi + dig_at 4 + dig_at 6 } # This function can check a directory exists @@ -1094,13 +1072,17 @@ list_files_in_dir() { : elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then # SHM file - we do not want to see the content, but we want to see the files and their sizes - log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")" + log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")" + elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then + # in case of the dnsmasq directory inlcuede all files in the debug output + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" + make_array_from_file "${dir_to_parse}/${each_file}" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then # display the filename - log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}" + log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}" # Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing) case "${dir_to_parse}/${each_file}" in # If it's Web server error log, give the first and last 25 lines @@ -1139,6 +1121,7 @@ show_content_of_pihole_files() { show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}" show_content_of_files_in_dir "${LOG_DIRECTORY}" show_content_of_files_in_dir "${SHM_DIRECTORY}" + show_content_of_files_in_dir "${ETC}" } head_tail_log() { @@ -1239,11 +1222,11 @@ show_groups() { } show_adlists() { - show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "4 7 12 100 19 19 50" + show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 100 19 19 50" } show_domainlist() { - show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "4 4 7 12 100 19 19 50" + show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 4 7 12 100 19 19 50" } show_clients() { @@ -1281,77 +1264,88 @@ analyze_gravity_list() { IFS="$OLD_IFS" } +obfuscated_pihole_log() { + local pihole_log=("$@") + local line + local error_to_check_for + local line_to_obfuscate + local obfuscated_line + for line in "${pihole_log[@]}"; do + # A common error in the pihole.log is when there is a non-hosts formatted file + # that the DNS server is attempting to read. Since it's not formatted + # correctly, there will be an entry for "bad address at line n" + # So we can check for that here and highlight it in red so the user can see it easily + error_to_check_for=$(echo "${line}" | grep 'bad address at') + # Some users may not want to have the domains they visit sent to us + # To that end, we check for lines in the log that would contain a domain name + line_to_obfuscate=$(echo "${line}" | grep ': query\|: forwarded\|: reply') + # If the variable contains a value, it found an error in the log + if [[ -n ${error_to_check_for} ]]; then + # So we can print it in red to make it visible to the user + log_write " ${CROSS} ${COL_RED}${line}${COL_NC} (${FAQ_BAD_ADDRESS})" + else + # If the variable does not a value (the current default behavior), so do not obfuscate anything + if [[ -z ${OBFUSCATE} ]]; then + log_write " ${line}" + # Othwerise, a flag was passed to this command to obfuscate domains in the log + else + # So first check if there are domains in the log that should be obfuscated + if [[ -n ${line_to_obfuscate} ]]; then + # If there are, we need to use awk to replace only the domain name (the 6th field in the log) + # so we substitute the domain for the placeholder value + obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}') + log_write " ${obfuscated_line}" + else + log_write " ${line}" + fi + fi + fi + done +} + analyze_pihole_log() { - echo_current_diagnostic "Pi-hole log" - local head_line - # Put the current Internal Field Separator into another variable so it can be restored later - OLD_IFS="$IFS" - # Get the lines that are in the file(s) and store them in an array for parsing later - IFS=$'\r\n' - local pihole_log_permissions - pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") - log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" - local pihole_log_head=() - mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) - log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" - local error_to_check_for - local line_to_obfuscate - local obfuscated_line - for head_line in "${pihole_log_head[@]}"; do - # A common error in the pihole.log is when there is a non-hosts formatted file - # that the DNS server is attempting to read. Since it's not formatted - # correctly, there will be an entry for "bad address at line n" - # So we can check for that here and highlight it in red so the user can see it easily - error_to_check_for=$(echo "${head_line}" | grep 'bad address at') - # Some users may not want to have the domains they visit sent to us - # To that end, we check for lines in the log that would contain a domain name - line_to_obfuscate=$(echo "${head_line}" | grep ': query\|: forwarded\|: reply') - # If the variable contains a value, it found an error in the log - if [[ -n ${error_to_check_for} ]]; then - # So we can print it in red to make it visible to the user - log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" - else - # If the variable does not a value (the current default behavior), so do not obfuscate anything - if [[ -z ${OBFUSCATE} ]]; then - log_write " ${head_line}" - # Othwerise, a flag was passed to this command to obfuscate domains in the log - else - # So first check if there are domains in the log that should be obfuscated - if [[ -n ${line_to_obfuscate} ]]; then - # If there are, we need to use awk to replace only the domain name (the 6th field in the log) - # so we substitute the domain for the placeholder value - obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}') - log_write " ${obfuscated_line}" - else - log_write " ${head_line}" - fi - fi - fi - done - log_write "" - # Set the IFS back to what it was - IFS="$OLD_IFS" + echo_current_diagnostic "Pi-hole log" + local pihole_log_head=() + local pihole_log_tail=() + local pihole_log_permissions + local logging_enabled + + logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf) + if [[ "${logging_enabled}" == "0" ]]; then + # Inform user that logging has been disabled and pihole.log does not contain queries + log_write "${INFO} Query logging is disabled" + log_write "" + fi + # Put the current Internal Field Separator into another variable so it can be restored later + OLD_IFS="$IFS" + # Get the lines that are in the file(s) and store them in an array for parsing later + IFS=$'\r\n' + pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") + log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" + mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_head[@]}" + log_write "" + mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG}) + log_write " ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}" + obfuscated_pihole_log "${pihole_log_tail[@]}" + log_write "" + # Set the IFS back to what it was + IFS="$OLD_IFS" } -tricorder_use_nc_or_curl() { - # Users can submit their debug logs using nc (unencrypted) or curl (encrypted) if available - # Check for curl first since encryption is a good thing - if command -v curl &> /dev/null; then - # If the command exists, - log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." - # transmit he log via TLS and store the token returned in a variable - tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER}) - if [ -z "${tricorder_token}" ]; then - # curl failed, fallback to nc - log_write " * ${COL_GREEN}curl${COL_NC} failed, falling back to ${COL_YELLOW}netcat${COL_NC} for transmission." - tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER}) +curl_to_tricorder() { + # Users can submit their debug logs using curl (encrypted) + log_write " * Using ${COL_GREEN}curl${COL_NC} for transmission." + # transmit the log via TLS and store the token returned in a variable + tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then + log_write " * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ -n "${tricorder_token}" ]; then + log_write " * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" fi - # Otherwise, - else - # use net cat - log_write "${INFO} Using ${COL_YELLOW}netcat${COL_NC} for transmission." - # Save the token returned by our server in a variable - tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER}) fi } @@ -1370,14 +1364,13 @@ upload_to_tricorder() { # Provide information on what they should do with their token log_write " * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only." - log_write " * For more information, see: ${TRICORDER_CONTEST}" - log_write " * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat." + # If pihole -d is running automatically (usually through the dashboard) if [[ "${AUTOMATED}" ]]; then # let the user know log_write "${INFO} Debug script running in automated mode" # and then decide again which tool to use to submit it - tricorder_use_nc_or_curl + curl_to_tricorder # If we're not running in automated mode, else echo "" @@ -1386,7 +1379,7 @@ upload_to_tricorder() { read -r -p "[?] Would you like to upload the log? [y/N] " response case ${response} in # If they say yes, run our function for uploading the log - [yY][eE][sS]|[yY]) tricorder_use_nc_or_curl;; + [yY][eE][sS]|[yY]) curl_to_tricorder;; # If they choose no, just exit out of the script *) log_write " * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.\\n * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n";exit; esac @@ -1397,15 +1390,15 @@ upload_to_tricorder() { # Again, try to make this visually striking so the user realizes they need to do something with this information # Namely, provide the Pi-hole devs with the token log_write "" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}\\n" log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" - log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}\\n" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" + log_write "${COL_PURPLE}*****************************************************************${COL_NC}" log_write "" - log_write " * Provide the token above to the Pi-hole team for assistance at" - log_write " * ${FORUMS_URL}" - log_write " * Your log will self-destruct on our server after ${COL_RED}48 hours${COL_NC}." + log_write " * Provide the token above to the Pi-hole team for assistance at ${FORUMS_URL}" + # If no token was generated else # Show an error and some help instructions diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 51e94d7c..5c6a2c68 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -11,6 +11,11 @@ colfile="/opt/pihole/COL_TABLE" source ${colfile} +# In case we're running at the same time as a system logrotate, use a +# separate logrotate state file to prevent stepping on each other's +# toes. +STATEFILE="/var/lib/logrotate/pihole" + # Determine database location # Obtain DBFILE=... setting from pihole-FTL.db # Constructed to return nothing when @@ -32,7 +37,7 @@ if [[ "$@" == *"once"* ]]; then # Nightly logrotation if command -v /usr/sbin/logrotate >/dev/null; then # Logrotate once - /usr/sbin/logrotate --force /etc/pihole/logrotate + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate else # Copy pihole.log over to pihole.log.1 # and empty out pihole.log @@ -47,8 +52,8 @@ else # Manual flushing if command -v /usr/sbin/logrotate >/dev/null; then # Logrotate twice to move all data out of sight of FTL - /usr/sbin/logrotate --force /etc/pihole/logrotate; sleep 3 - /usr/sbin/logrotate --force /etc/pihole/logrotate + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate; sleep 3 + /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate else # Flush both pihole.log and pihole.log.1 (if existing) echo " " > /var/log/pihole.log diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index f77ee635..86ac45bc 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -153,7 +153,7 @@ versionOutput() { if [[ -n "$current" ]] && [[ -n "$latest" ]]; then output="${1^} version is $branch$current (Latest: $latest)" elif [[ -n "$current" ]] && [[ -z "$latest" ]]; then - output="Current ${1^} version is $branch$current." + output="Current ${1^} version is $branch$current" elif [[ -z "$current" ]] && [[ -n "$latest" ]]; then output="Latest ${1^} version is $latest" elif [[ "$curHash" == "N/A" ]] || [[ "$latHash" == "N/A" ]]; then diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 8ef4d940..52c388f8 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -44,7 +44,8 @@ Options: -e, email Set an administrative contact address for the Block Page -h, --help Show this help dialog -i, interface Specify dnsmasq's interface listening behavior - -l, privacylevel Set privacy level (0 = lowest, 3 = highest)" + -l, privacylevel Set privacy level (0 = lowest, 3 = highest) + -t, teleporter Backup configuration as an archive" exit 0 } @@ -53,7 +54,7 @@ add_setting() { } delete_setting() { - sed -i "/${1}/d" "${setupVars}" + sed -i "/^${1}/d" "${setupVars}" } change_setting() { @@ -66,7 +67,7 @@ addFTLsetting() { } deleteFTLsetting() { - sed -i "/${1}/d" "${FTLconf}" + sed -i "/^${1}/d" "${FTLconf}" } changeFTLsetting() { @@ -83,7 +84,7 @@ add_dnsmasq_setting() { } delete_dnsmasq_setting() { - sed -i "/${1}/d" "${dnsmasqconfig}" + sed -i "/^${1}/d" "${dnsmasqconfig}" } SetTemperatureUnit() { @@ -266,17 +267,22 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423 delete_setting "CONDITIONAL_FORWARDING_IP" fi + delete_dnsmasq_setting "rev-server" + if [[ "${REV_SERVER}" == true ]]; then add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}" if [ -n "${REV_SERVER_DOMAIN}" ]; then + # Forward local domain names to the CF target, too add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}" fi - fi - # Prevent Firefox from automatically switching over to DNS-over-HTTPS - # This follows https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https - # (sourced 7th September 2019) - add_dnsmasq_setting "server=/use-application-dns.net/" + if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then + # Forward unqualified names to the CF target only when the "never + # forward non-FQDN" option is unticked + add_dnsmasq_setting "server=//${REV_SERVER_TARGET}" + fi + + fi # We need to process DHCP settings here as well to account for possible # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf @@ -426,7 +432,7 @@ dhcp-leasefile=/etc/pihole/dhcp.leases echo "#quiet-dhcp6 #enable-ra dhcp-option=option6:dns-server,[::] -dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime} +dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600 ra-param=*,0,0 " >> "${dhcpconfig}" fi @@ -716,7 +722,7 @@ RemoveCustomDNSAddress() { host="${args[3]}" if valid_ip "${ip}" || valid_ip6 "${ip}" ; then - sed -i "/${ip} ${host}/d" "${dnscustomfile}" + sed -i "/^${ip} ${host}$/d" "${dnscustomfile}" else echo -e " ${CROSS} Invalid IP has been passed" exit 1 @@ -748,7 +754,7 @@ RemoveCustomCNAMERecord() { if [[ -n "${validDomain}" ]]; then validTarget="$(checkDomain "${target}")" if [[ -n "${validDomain}" ]]; then - sed -i "/cname=${validDomain},${validTarget}/d" "${dnscustomcnamefile}" + sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}" else echo " ${CROSS} Invalid Target Passed!" exit 1 diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index f0743b49..55a68b15 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh ### BEGIN INIT INFO # Provides: pihole-FTL # Required-Start: $remote_fs $syslog $network @@ -9,11 +9,8 @@ # Description: Enable service provided by pihole-FTL daemon ### END INIT INFO -FTLUSER=pihole -PIDFILE=/run/pihole-FTL.pid - is_running() { - pgrep -o "pihole-FTL" > /dev/null 2>&1 + pgrep -xo "pihole-FTL" > /dev/null } @@ -23,27 +20,18 @@ start() { echo "pihole-FTL is already running" else # Touch files to ensure they exist (create if non-existing, preserve if existing) - touch /var/log/pihole-FTL.log /var/log/pihole.log - touch /run/pihole-FTL.pid /run/pihole-FTL.port - touch /etc/pihole/dhcp.leases - mkdir -p /run/pihole - mkdir -p /var/log/pihole - chown pihole:pihole /run/pihole /var/log/pihole - # Remove possible leftovers from previous pihole-FTL processes - rm -f /dev/shm/FTL-* 2> /dev/null - rm /run/pihole/FTL.sock 2> /dev/null + mkdir -pm 0755 /run/pihole + touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit all necessary files - chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port - chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null - chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log - chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole + chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /etc/pihole/macvendor.db # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist - chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null - if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then - su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" + chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then + su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole else echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" - pihole-FTL + /usr/bin/pihole-FTL fi echo fi @@ -52,20 +40,20 @@ start() { # Stop the service stop() { if is_running; then - pkill -o pihole-FTL - for i in {1..5}; do + pkill -xo "pihole-FTL" + for i in 1 2 3 4 5; do if ! is_running; then break fi - echo -n "." + printf "." sleep 1 done echo if is_running; then echo "Not stopped; may still be shutting down or shutdown may have failed, killing now" - pkill -o -9 pihole-FTL + pkill -xo -9 "pihole-FTL" exit 1 else echo "Stopped" @@ -73,6 +61,8 @@ stop() { else echo "Not running" fi + # Cleanup + rm -f /run/pihole/FTL.sock /dev/shm/FTL-* echo } @@ -101,7 +91,7 @@ case "$1" in start ;; *) - echo $"Usage: $0 {start|stop|restart|reload|status}" + echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 esac diff --git a/advanced/Templates/pihole.cron b/advanced/Templates/pihole.cron index ecd1e808..37724d2e 100644 --- a/advanced/Templates/pihole.cron +++ b/advanced/Templates/pihole.cron @@ -26,7 +26,7 @@ # parameter "quiet": don't print messages 00 00 * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet -@reboot root /usr/sbin/logrotate /etc/pihole/logrotate +@reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate # Pi-hole: Grab local version and branch every 10 minutes */10 * * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local diff --git a/advanced/index.php b/advanced/index.php index a38cd365..d0c5fc5d 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -73,12 +73,12 @@ if ($serverName === "pi.hole" $viewPort ● $serverName - - + +
- Pi-hole logo + Pi-hole logo

Pi-hole: Your black hole for Internet advertisements

Did you mean to go to the admin panel?
diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index cd6d7737..3ecd7213 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -20,7 +20,6 @@ server.modules = ( "mod_accesslog", "mod_auth", "mod_expire", - "mod_compress", "mod_redirect", "mod_setenv", "mod_rewrite" @@ -41,26 +40,6 @@ index-file.names = ( "index.php", "index.html", "index.lighttpd.html" url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) -compress.cache-dir = "/var/cache/lighttpd/compress/" -compress.filetype = ( - "application/json", - "application/vnd.ms-fontobject", - "application/xml", - "font/eot", - "font/opentype", - "font/otf", - "font/ttf", - "image/bmp", - "image/svg+xml", - "image/vnd.microsoft.icon", - "image/x-icon", - "text/css", - "text/html", - "text/javascript", - "text/plain", - "text/xml" -) - mimetype.assign = ( ".ico" => "image/x-icon", ".jpeg" => "image/jpeg", @@ -99,11 +78,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 64428617..5a99a9bf 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -21,7 +21,6 @@ server.modules = ( "mod_expire", "mod_fastcgi", "mod_accesslog", - "mod_compress", "mod_redirect", "mod_setenv", "mod_rewrite" @@ -42,26 +41,6 @@ index-file.names = ( "index.php", "index.html", "index.lighttpd.html" url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) -compress.cache-dir = "/var/cache/lighttpd/compress/" -compress.filetype = ( - "application/json", - "application/vnd.ms-fontobject", - "application/xml", - "font/eot", - "font/opentype", - "font/otf", - "font/ttf", - "image/bmp", - "image/svg+xml", - "image/vnd.microsoft.icon", - "image/x-icon", - "text/css", - "text/html", - "text/javascript", - "text/plain", - "text/xml" -) - mimetype.assign = ( ".ico" => "image/x-icon", ".jpeg" => "image/jpeg", @@ -107,11 +86,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index eb52aea3..34c0b4e7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -94,24 +94,9 @@ if [ -z "${USER}" ]; then USER="$(id -un)" fi - -# Check if we are running on a real terminal and find the rows and columns -# If there is no real terminal, we will default to 80x24 -if [ -t 0 ] ; then - screen_size=$(stty size) -else - screen_size="24 80" -fi -# Determine terminal rows and columns by parsing screen_size -printf -v rows '%d' "${screen_size%% *}" -printf -v columns '%d' "${screen_size##* }" - -# Divide by two so the dialogs take up half of the screen, which looks nice. -r=$(( rows / 2 )) -c=$(( columns / 2 )) -# Unless the screen is tiny -r=$(( r < 20 ? 20 : r )) -c=$(( c < 70 ? 70 : c )) +# whiptail dialog dimensions: 20 rows and 70 chars width assures to fit on small screens and is known to hold all content. +r=20 +c=70 ######## Undocumented Flags. Shhh ######## # These are undocumented flags; some of which we can use when repairing an installation @@ -186,12 +171,12 @@ os_check() { # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net # and determines whether or not the script is running on one of those systems local remote_os_domain valid_os valid_version valid_response detected_os detected_version display_warning cmdResult digReturnCode response - remote_os_domain="versions.pi-hole.net" + remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"} detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"') detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') - cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)" + cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)" # Gets the return code of the previous command (last line) digReturnCode="${cmdResult##*$'\n'}" @@ -276,7 +261,7 @@ os_check() { } # Compatibility -distro_check() { +package_manager_detect() { # If apt-get is installed, then we know it's part of the Debian family if is_command apt-get ; then # Set some global variables here @@ -288,21 +273,6 @@ if is_command apt-get ; then PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install) # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script. PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" - # Some distros vary slightly so these fixes for dependencies may apply - # on Ubuntu 18.04.1 LTS we need to add the universe repository to gain access to dhcpcd5 - APT_SOURCES="/etc/apt/sources.list" - if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}' ${APT_SOURCES}; then - if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5" "${r}" "${c}"; then - printf " %b Aborting installation: Dependencies could not be installed.\\n" "${CROSS}" - exit 1 - else - printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}" - cp -p ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list - printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup" - add-apt-repository universe - printf " %b Enabled %s\\n" "${TICK}" "'universe' repository" - fi - fi # Update package cache. This is required already here to assure apt-cache calls have package lists available. update_package_cache || exit 1 # Debian 7 doesn't have iproute2 so check if it's available first @@ -354,13 +324,19 @@ if is_command apt-get ; then printf " %b Aborting installation: No SQLite PHP module was found in APT repository.\\n" "${CROSS}" exit 1 fi + # Packages required to perfom the os_check (stored as an array) + OS_CHECK_DEPS=(grep dnsutils) # Packages required to run this install script (stored as an array) - INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail dnsutils) + INSTALLER_DEPS=(git "${iproute_pkg}" whiptail) # Packages required to run Pi-hole (stored as an array) - PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2) + PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2) # Packages required for the Web admin interface (stored as an array) # It's useful to separate this from Pi-hole, since the two repos are also setup separately - PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-json" "${phpVer}-intl") + PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl") + # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php + if [[ "${phpInsNewer}" != true || "${phpInsMajor}" -lt 8 ]]; then + PIHOLE_WEB_DEPS+=("${phpVer}-json") + fi # The Web server user, LIGHTTPD_USER="www-data" # group, @@ -396,7 +372,8 @@ elif is_command rpm ; then # These variable names match the ones in the Debian family. See above for an explanation of what they are for. PKG_INSTALL=("${PKG_MANAGER}" install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" - INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig bind-utils) + OS_CHECK_DEPS=(grep bind-utils) + INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig) PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap lsof) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl) LIGHTTPD_USER="lighttpd" @@ -688,9 +665,17 @@ welcomeDialogs() { whiptail --msgbox --backtitle "Plea" --title "Free and open source" "\\n\\nThe Pi-hole is free, but powered by your donations: https://pi-hole.net/donate/" "${r}" "${c}" # Explain the need for a static address - whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly. + if whiptail --defaultno --backtitle "Initiating network interface" --title "Static IP Needed" --yesno "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly. -In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." "${r}" "${c}" +IMPORTANT: If you have not already done so, you must ensure that this device has a static IP. Either through DHCP reservation, or by manually assigning one. Depending on your operating system, there are many ways to achieve this. + +Choose yes to indicate that you have understood this message, and wish to continue" "${r}" "${c}"; then +#Nothing to do, continue + echo +else + printf " %b Installer exited at static IP message.\\n" "${INFO}" + exit 1 +fi } # A function that lets the user pick an interface to use with Pi-hole @@ -843,8 +828,11 @@ use4andor6() { if [[ "${useIPv4}" ]]; then # Run our function to get the information we need find_IPv4_information - getStaticIPv4Settings - setStaticIPv4 + if [[ -f "/etc/dhcpcd.conf" ]]; then + # configure networking via dhcpcd + getStaticIPv4Settings + setDHCPCD + fi fi # If IPv6 is to be used, if [[ "${useIPv6}" ]]; then @@ -929,93 +917,6 @@ setDHCPCD() { fi } -# Configure networking ifcfg-xxxx file found at /etc/sysconfig/network-scripts/ -# This function requires the full path of an ifcfg file passed as an argument -setIFCFG() { - # Local, named variables - local IFCFG_FILE - local IPADDR - local CIDR - IFCFG_FILE=$1 - printf -v IPADDR "%s" "${IPV4_ADDRESS%%/*}" - # Check if the desired IP is already set - if grep -Eq "${IPADDR}(\\b|\\/)" "${IFCFG_FILE}"; then - printf " %b Static IP already configured\\n" "${INFO}" - else - # Otherwise, put the IP in variables without the CIDR notation - printf -v CIDR "%s" "${IPV4_ADDRESS##*/}" - # Backup existing interface configuration: - cp -p "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig - # Build Interface configuration file using the GLOBAL variables we have - { - echo "# Configured via Pi-hole installer" - echo "DEVICE=$PIHOLE_INTERFACE" - echo "BOOTPROTO=none" - echo "ONBOOT=yes" - echo "IPADDR=$IPADDR" - echo "PREFIX=$CIDR" - echo "GATEWAY=$IPv4gw" - echo "DNS1=$PIHOLE_DNS_1" - echo "DNS2=$PIHOLE_DNS_2" - echo "USERCTL=no" - }> "${IFCFG_FILE}" - chmod 644 "${IFCFG_FILE}" - chown root:root "${IFCFG_FILE}" - # Use ip to immediately set the new address - ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}" - # If NetworkMangler command line interface exists and ready to mangle, - if is_command nmcli && nmcli general status &> /dev/null; then - # Tell NetworkManagler to read our new sysconfig file - nmcli con load "${IFCFG_FILE}" > /dev/null - fi - # Show a warning that the user may need to restart - printf " %b Set IP address to %s\\n You may need to restart after the install is complete\\n" "${TICK}" "${IPV4_ADDRESS%%/*}" - fi -} - -setStaticIPv4() { - # Local, named variables - local IFCFG_FILE - local CONNECTION_NAME - - # If a static interface is already configured, we are done. - if [[ -r "/etc/sysconfig/network/ifcfg-${PIHOLE_INTERFACE}" ]]; then - if grep -q '^BOOTPROTO=.static.' "/etc/sysconfig/network/ifcfg-${PIHOLE_INTERFACE}"; then - return 0 - fi - fi - # For the Debian family, if dhcpcd.conf exists then we can just configure using DHCPD. - if [[ -f "/etc/dhcpcd.conf" ]]; then - setDHCPCD - return 0 - fi - # If a DHCPCD config file was not found, check for an ifcfg config file based on the interface name - if [[ -f "/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE}" ]];then - # If it exists, then we can configure using IFCFG - IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE} - setIFCFG "${IFCFG_FILE}" - return 0 - fi - # If an ifcfg config does not exists for the interface name, search for one based on the connection name via network manager - if is_command nmcli && nmcli general status &> /dev/null; then - CONNECTION_NAME=$(nmcli dev show "${PIHOLE_INTERFACE}" | grep 'GENERAL.CONNECTION' | cut -d: -f2 | sed 's/^System//' | xargs | tr ' ' '_') - IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME} - if [[ -f "${IFCFG_FILE}" ]];then - # If it exists, - setIFCFG "${IFCFG_FILE}" - return 0 - else - printf " %b Warning: sysconfig network script not found. Creating ${IFCFG_FILE}\\n" "${INFO}" - touch "${IFCFG_FILE}" - setIFCFG "${IFCFG_FILE}" - return 0 - fi - fi - # If previous conditions failed, show an error and exit - printf " %b Warning: Unable to locate configuration file to set static IPv4 address\\n" "${INFO}" - exit 1 -} - # Check an IP address to see if it is a valid one valid_ip() { # Local, named variables @@ -1331,8 +1232,10 @@ version_check_dnsmasq() { local dnsmasq_pihole_id_string="addn-hosts=/etc/pihole/gravity.list" local dnsmasq_pihole_id_string2="# Dnsmasq config for Pi-hole's FTLDNS" local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original" - local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" - local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_pihole_01_source="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf" + local dnsmasq_pihole_01_target="/etc/dnsmasq.d/01-pihole.conf" + local dnsmasq_rfc6761_06_source="${PI_HOLE_LOCAL_REPO}/advanced/06-rfc6761.conf" + local dnsmasq_rfc6761_06_target="/etc/dnsmasq.d/06-rfc6761.conf" # If the dnsmasq config file exists if [[ -f "${dnsmasq_conf}" ]]; then @@ -1361,44 +1264,48 @@ version_check_dnsmasq() { printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" fi - printf " %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." "${INFO}" + printf " %b Installing %s..." "${INFO}" "${dnsmasq_pihole_01_target}" # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) if [[ ! -d "/etc/dnsmasq.d" ]];then install -d -m 755 "/etc/dnsmasq.d" fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory - install -D -m 644 -T "${dnsmasq_pihole_01_snippet}" "${dnsmasq_pihole_01_location}" - printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" + install -D -m 644 -T "${dnsmasq_pihole_01_source}" "${dnsmasq_pihole_01_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_pihole_01_target}" # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # First, swap in the interface to listen on, - sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_location}" + sed -i "s/@INT@/$PIHOLE_INTERFACE/" "${dnsmasq_pihole_01_target}" if [[ "${PIHOLE_DNS_1}" != "" ]]; then # then swap in the primary DNS server. - sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS1@/$PIHOLE_DNS_1/" "${dnsmasq_pihole_01_target}" else # Otherwise, remove the line which sets DNS1. - sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS1@/d' "${dnsmasq_pihole_01_target}" fi # Ditto if DNS2 is not empty if [[ "${PIHOLE_DNS_2}" != "" ]]; then - sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_location}" + sed -i "s/@DNS2@/$PIHOLE_DNS_2/" "${dnsmasq_pihole_01_target}" else - sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_location}" + sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}" fi # Set the cache size - sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" ${dnsmasq_pihole_01_location} + sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}" sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}" # If the user does not want to enable logging, if [[ "${QUERY_LOGGING}" == false ]] ; then # disable it by commenting out the directive in the DNS config file - sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^log-queries/#log-queries/' "${dnsmasq_pihole_01_target}" else # Otherwise, enable it by uncommenting the directive in the DNS config file - sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_location}" + sed -i 's/^#log-queries/log-queries/' "${dnsmasq_pihole_01_target}" fi + + printf " %b Installing %s..." "${INFO}" "${dnsmasq_rfc6761_06_source}" + install -D -m 644 -T "${dnsmasq_rfc6761_06_source}" "${dnsmasq_rfc6761_06_target}" + printf "%b %b Installed %s\n" "${OVER}" "${TICK}" "${dnsmasq_rfc6761_06_target}" } # Clean an existing installation to prepare for upgrade/reinstall @@ -1662,7 +1569,7 @@ update_package_cache() { else # Otherwise, show an error and exit printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "${UPDATE_PKG_CACHE}" "${COL_NC}" + printf " %bError: Unable to update package cache. Please try \"%s\"%b" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" return 1 fi } @@ -1689,20 +1596,7 @@ notify_package_updates_available() { fi } -# This counter is outside of install_dependent_packages so that it can count the number of times the function is called. -counter=0 - install_dependent_packages() { - # Local, named variables should be used here, especially for an iterator - # Add one to the counter - counter=$((counter+1)) - if [[ "${counter}" == 1 ]]; then - # On the first loop, print a special message - printf " %b Installer Dependency checks...\\n" "${INFO}" - else - # On all subsequent loops, print a generic message. - printf " %b Main Dependency checks...\\n" "${INFO}" - fi # Install packages passed in via argument array # No spinner - conflicts with set -e @@ -1940,9 +1834,17 @@ finalExports() { # Install the logrotate script installLogrotate() { local str="Installing latest logrotate script" + local target=/etc/pihole/logrotate + printf "\\n %b %s..." "${INFO}" "${str}" + if [[ -f ${target} ]]; then + printf "\\n\\t%b Existing logrotate file found. No changes made.\\n" "${INFO}" + # Return value isn't that important, using 2 to indicate that it's not a fatal error but + # the function did not complete. + return 2 + fi # Copy the file over from the local repo - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate /etc/pihole/logrotate + install -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target} # Different operating systems have different user / group # settings for logrotate that makes it impossible to create # a static logrotate file that will work with e.g. @@ -1951,9 +1853,9 @@ installLogrotate() { # the local properties of the /var/log directory logusergroup="$(stat -c '%U %G' /var/log)" # If there is a usergroup for log rotation, - if [[ ! -z "${logusergroup}" ]]; then + if [[ -n "${logusergroup}" ]]; then # replace the line in the logrotate script with that usergroup. - sed -i "s/# su #/su ${logusergroup}/g;" /etc/pihole/logrotate + sed -i "s/# su #/su ${logusergroup}/g;" ${target} fi printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" } @@ -2030,8 +1932,10 @@ installPihole() { fi # Install the cron file installCron + # Install the logrotate file - installLogrotate + installLogrotate || true + # Check if dnsmasq is present. If so, disable it and back up any possible # config file disable_dnsmasq @@ -2116,7 +2020,7 @@ Your Admin Webpage login password is ${pwstring}" IPv4: ${IPV4_ADDRESS%/*} IPv6: ${IPV6_ADDRESS:-"Not Configured"} -If you set a new IP address, you should restart the Pi. +If you have not done so already, the above IP should be set to static. The install log is in /etc/pihole. @@ -2137,7 +2041,7 @@ update_dialogs() { strAdd="You will be updated to the latest version." fi opt2a="Reconfigure" - opt2b="This will reset your Pi-hole and allow you to enter new settings." + opt2b="Resets Pi-hole and allows re-selecting settings." # Display the information to the user UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\\n\\nWe have detected an existing install.\\n\\nPlease choose from the following options: \\n($strAdd)" "${r}" "${c}" 2 \ @@ -2322,8 +2226,6 @@ FTLinstall() { # Before stopping FTL, we download the macvendor database curl -sSL "https://ftl.pi-hole.net/macvendor.db" -o "${PI_HOLE_CONFIG_DIR}/macvendor.db" || true - chmod 644 "${PI_HOLE_CONFIG_DIR}/macvendor.db" - chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/macvendor.db" # Stop pihole-FTL service if available stop_service pihole-FTL &> /dev/null @@ -2628,8 +2530,25 @@ main() { fi fi - # Check for supported distribution - distro_check + # Check for supported package managers so that we may install dependencies + package_manager_detect + + # Notify user of package availability + notify_package_updates_available + + # Install packages necessary to perform os_check + printf " %b Checking for / installing Required dependencies for OS Check...\\n" "${INFO}" + install_dependent_packages "${OS_CHECK_DEPS[@]}" + + # Check that the installed OS is officially supported - display warning if not + os_check + + # Install packages used by this installation script + printf " %b Checking for / installing Required dependencies for this install script...\\n" "${INFO}" + install_dependent_packages "${INSTALLER_DEPS[@]}" + + # Check if SELinux is Enforcing + checkSelinux # If the setup variable file exists, if [[ -f "${setupVars}" ]]; then @@ -2646,19 +2565,6 @@ main() { fi fi - # Start the installer - # Notify user of package availability - notify_package_updates_available - - # Install packages used by this installation script - install_dependent_packages "${INSTALLER_DEPS[@]}" - - # Check that the installed OS is officially supported - display warning if not - os_check - - # Check if SELinux is Enforcing - checkSelinux - if [[ "${useUpdateVars}" == false ]]; then # Display welcome dialogs welcomeDialogs @@ -2705,6 +2611,8 @@ main() { dep_install_list+=("${PIHOLE_WEB_DEPS[@]}") fi + # Install packages used by the actual software + printf " %b Checking for / installing Required dependencies for Pi-hole software...\\n" "${INFO}" install_dependent_packages "${dep_install_list[@]}" unset dep_install_list @@ -2809,7 +2717,7 @@ main() { printf " %b You may now configure your devices to use the Pi-hole as their DNS server\\n" "${INFO}" [[ -n "${IPV4_ADDRESS%/*}" ]] && printf " %b Pi-hole DNS (IPv4): %s\\n" "${INFO}" "${IPV4_ADDRESS%/*}" [[ -n "${IPV6_ADDRESS}" ]] && printf " %b Pi-hole DNS (IPv6): %s\\n" "${INFO}" "${IPV6_ADDRESS}" - printf " %b If you set a new IP address, please restart the server running the Pi-hole\\n" "${INFO}" + printf " %b If you have not done so already, the above IP should be set to static.\\n" "${INFO}" INSTALL_TYPE="Installation" else INSTALL_TYPE="Update" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index a0d3b108..5e27514f 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -42,8 +42,8 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # setupVars set in basic-install.sh source "${setupVars}" -# distro_check() sourced from basic-install.sh -distro_check +# package_manager_detect() sourced from basic-install.sh +package_manager_detect # Install packages used by the Pi-hole DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}") @@ -113,7 +113,7 @@ removeNoPurge() { fi fi echo -e "${OVER} ${TICK} Removed Web Interface" - + # Attempt to preserve backwards compatibility with older versions # to guarantee no additional changes were made to /etc/crontab after # the installation of pihole, /etc/crontab.pihole should be permanently @@ -145,6 +145,7 @@ removeNoPurge() { ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null + ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null ${SUDO} rm -rf /var/log/*pihole* &> /dev/null ${SUDO} rm -rf /etc/pihole/ &> /dev/null ${SUDO} rm -rf /etc/.pihole/ &> /dev/null @@ -206,11 +207,7 @@ removeNoPurge() { } ######### SCRIPT ########### -if command -v vcgencmd &> /dev/null; then - echo -e " ${INFO} All dependencies are safe to remove on Raspbian" -else - echo -e " ${INFO} Be sure to confirm if any dependencies should not be removed" -fi +echo -e " ${INFO} Be sure to confirm if any dependencies should not be removed" while true; do echo -e " ${INFO} ${COL_YELLOW}The following dependencies may have been added by the Pi-hole install:" echo -n " " diff --git a/gravity.sh b/gravity.sh index 24a41c48..ff02e9f3 100755 --- a/gravity.sh +++ b/gravity.sh @@ -47,16 +47,6 @@ domainsExtension="domains" setupVars="${piholeDir}/setupVars.conf" if [[ -f "${setupVars}" ]];then source "${setupVars}" - - # Remove CIDR mask from IPv4/6 addresses - IPV4_ADDRESS="${IPV4_ADDRESS%/*}" - IPV6_ADDRESS="${IPV6_ADDRESS%/*}" - - # Determine if IPv4/6 addresses exist - if [[ -z "${IPV4_ADDRESS}" ]] && [[ -z "${IPV6_ADDRESS}" ]]; then - echo -e " ${COL_LIGHT_RED}No IP addresses found! Please run 'pihole -r' to reconfigure${COL_NC}" - exit 1 - fi else echo -e " ${COL_LIGHT_RED}Installation Failure: ${setupVars} does not exist! ${COL_NC} Please run 'pihole -r', and choose the 'reconfigure' option to fix." @@ -73,6 +63,8 @@ fi # have changed gravityDBfile="${GRAVITYDB}" gravityTEMPfile="${GRAVITYDB}_temp" +gravityDIR="$(dirname -- "${gravityDBfile}")" +gravityOLDfile="${gravityDIR}/gravity_old.db" if [[ -z "${BLOCKINGMODE}" ]] ; then BLOCKINGMODE="NULL" @@ -123,8 +115,19 @@ gravity_swap_databases() { fi echo -e "${OVER} ${TICK} ${str}" - # Swap databases and remove old database - rm "${gravityDBfile}" + # Swap databases and remove or conditionally rename old database + # Number of available blocks on disk + availableBlocks=$(stat -f --format "%a" "${gravityDIR}") + # Number of blocks, used by gravity.db + gravityBlocks=$(stat --format "%b" ${gravityDBfile}) + # Only keep the old database if available disk space is at least twice the size of the existing gravity.db. + # Better be safe than sorry... + if [ "${availableBlocks}" -gt "$(("${gravityBlocks}" * 2))" ] && [ -f "${gravityDBfile}" ]; then + echo -e " ${TICK} The old database remains available." + mv "${gravityDBfile}" "${gravityOLDfile}" + else + rm "${gravityDBfile}" + fi mv "${gravityTEMPfile}" "${gravityDBfile}" } @@ -564,7 +567,7 @@ compareLists() { # Download specified URL and perform checks on HTTP status and file content gravity_DownloadBlocklistFromUrl() { local url="${1}" cmd_ext="${2}" agent="${3}" adlistID="${4}" saveLocation="${5}" target="${6}" compression="${7}" - local heisenbergCompensator="" patternBuffer str httpCode success="" + local heisenbergCompensator="" patternBuffer str httpCode success="" ip # Create temp file to store content on disk instead of RAM patternBuffer=$(mktemp -p "/tmp" --suffix=".phgpb") @@ -582,7 +585,10 @@ gravity_DownloadBlocklistFromUrl() { blocked=false case $BLOCKINGMODE in "IP-NODATA-AAAA"|"IP") - if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then + # Get IP address of this domain + ip="$(dig "${domain}" +short)" + # Check if this IP matches any IP of the system + if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then blocked=true fi;; "NXDOMAIN") @@ -785,43 +791,12 @@ gravity_ShowCount() { gravity_Table_Count "vw_regex_whitelist" "regex whitelist filters" } -# Parse list of domains into hosts format -gravity_ParseDomainsIntoHosts() { - awk -v ipv4="$IPV4_ADDRESS" -v ipv6="$IPV6_ADDRESS" '{ - # Remove windows CR line endings - sub(/\r$/, "") - # Parse each line as "ipaddr domain" - if(ipv6 && ipv4) { - print ipv4" "$0"\n"ipv6" "$0 - } else if(!ipv6) { - print ipv4" "$0 - } else { - print ipv6" "$0 - } - }' >> "${2}" < "${1}" -} - # Create "localhost" entries into hosts format gravity_generateLocalList() { - local hostname - - if [[ -s "/etc/hostname" ]]; then - hostname=$(< "/etc/hostname") - elif command -v hostname &> /dev/null; then - hostname=$(hostname -f) - else - echo -e " ${CROSS} Unable to determine fully qualified domain name of host" - return 0 - fi - - echo -e "${hostname}\\npi.hole" > "${localList}.tmp" - # Empty $localList if it already exists, otherwise, create it - : > "${localList}" + echo "### Do not modify this file, it will be overwritten by pihole -g" > "${localList}" chmod 644 "${localList}" - gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}" - # Add additional LAN hosts provided by OpenVPN (if available) if [[ -f "${VPNList}" ]]; then awk -F, '{printf $2"\t"$1".vpn\n"}' "${VPNList}" >> "${localList}" @@ -890,6 +865,11 @@ for var in "$@"; do esac done +# Remove OLD (backup) gravity file, if it exists +if [[ -f "${gravityOLDfile}" ]]; then + rm "${gravityOLDfile}" +fi + # Trap Ctrl-C gravity_Trap diff --git a/manpages/pihole.8 b/manpages/pihole.8 index 4ba0e0f7..aaaa8d7e 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -56,7 +56,7 @@ Available commands and options: \fB-w, whitelist\fR [options] [ ] .br - Adds or removes specified domain or domains tho the Whitelist + Adds or removes specified domain or domains to the Whitelist .br \fB-b, blacklist\fR [options] [ ] diff --git a/pihole b/pihole index f8085c8e..31356671 100755 --- a/pihole +++ b/pihole @@ -242,7 +242,7 @@ Time: echo "BLOCKING_ENABLED=true" >> "${setupVars}" fi - restartDNS reload + restartDNS reload-lists echo -e "${OVER} ${TICK} ${str}" } @@ -363,16 +363,13 @@ tailFunc() { fi echo -e " ${INFO} Press Ctrl-C to exit" - # Retrieve IPv4/6 addresses - source /etc/pihole/setupVars.conf - # Strip date from each line # Color blocklist/blacklist/wildcard entries as red # Color A/AAAA/DHCP strings as white # Color everything else as gray - tail -f /var/log/pihole.log | sed -E \ + tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ - -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 @@ -402,34 +399,24 @@ Branches: } tricorderFunc() { + local tricorder_token if [[ ! -p "/dev/stdin" ]]; then echo -e " ${INFO} Please do not call Tricorder directly" exit 1 fi - if ! (echo > /dev/tcp/tricorder.pi-hole.net/9998) >/dev/null 2>&1; then - echo -e " ${CROSS} Unable to connect to Pi-hole's Tricorder server" - exit 1 - fi - - if command -v openssl &> /dev/null; then - openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin - exit "$?" - else - echo -e " ${INFO} ${COL_YELLOW}Security Notice${COL_NC}: ${COL_WHITE}openssl${COL_NC} is not installed - Your debug log will be transmitted unencrypted via plain-text - There is a possibility that this could be intercepted by a third party - If you wish to cancel, press Ctrl-C to exit within 10 seconds" - secs="10" - while [[ "$secs" -gt "0" ]]; do - echo -ne "." - sleep 1 - : $((secs--)) - done - echo " " - nc tricorder.pi-hole.net 9999 < /dev/stdin - exit "$?" + tricorder_token=$(curl --silent --fail --show-error --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin 2>&1) + if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then + echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance." + # Log curl error (if available) + if [ -n "${tricorder_token}" ]; then + echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n" + tricorder_token="" + fi + exit 1 fi + echo "Upload successful, your token is: ${COL_GREEN}${tricorder_token}${COL_NC}" + exit 0 } updateCheckFunc() { @@ -456,7 +443,10 @@ Debugging Options: Add '-a' to automatically upload the log to tricorder.pi-hole.net -f, flush Flush the Pi-hole log -r, reconfigure Reconfigure or Repair Pi-hole subsystems - -t, tail View the live output of the Pi-hole log + -t, tail [arg] View the live output of the Pi-hole log. + Add an optional argument to filter the log + (regular expressions are supported) + Options: -a, admin Web interface options @@ -530,7 +520,7 @@ case "${1}" in "status" ) statusFunc "$2";; "restartdns" ) restartDNS "$2";; "-a" | "admin" ) webpageFunc "$@";; - "-t" | "tail" ) tailFunc;; + "-t" | "tail" ) tailFunc "$2";; "checkout" ) piholeCheckoutFunc "$@";; "tricorder" ) tricorderFunc;; "updatechecker" ) updateCheckFunc "$@";; diff --git a/supportedos.txt b/supportedos.txt deleted file mode 100644 index 6d579132..00000000 --- a/supportedos.txt +++ /dev/null @@ -1,5 +0,0 @@ -Raspbian=9,10 -Ubuntu=16,18,20 -Debian=9,10 -Fedora=32,33 -CentOS=7,8 \ No newline at end of file diff --git a/test/_centos_7.Dockerfile b/test/_centos_7.Dockerfile index 00543b67..434242bf 100644 --- a/test/_centos_7.Dockerfile +++ b/test/_centos_7.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_centos_8.Dockerfile b/test/_centos_8.Dockerfile index 7444551b..afd2dc8a 100644 --- a/test/_centos_8.Dockerfile +++ b/test/_centos_8.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_10.Dockerfile b/test/_debian_10.Dockerfile index 9b72fc6a..54800d3c 100644 --- a/test/_debian_10.Dockerfile +++ b/test/_debian_10.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_11.Dockerfile b/test/_debian_11.Dockerfile new file mode 100644 index 00000000..39be027e --- /dev/null +++ b/test/_debian_11.Dockerfile @@ -0,0 +1,17 @@ +FROM buildpack-deps:bullseye-scm + +ENV GITDIR /etc/.pihole +ENV SCRIPTDIR /opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/ +ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_9.Dockerfile b/test/_debian_9.Dockerfile index d6609ba3..c590a657 100644 --- a/test/_debian_9.Dockerfile +++ b/test/_debian_9.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_fedora_32.Dockerfile b/test/_fedora_32.Dockerfile index 869efb2b..e9c2ff2a 100644 --- a/test/_fedora_32.Dockerfile +++ b/test/_fedora_32.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_fedora_33.Dockerfile b/test/_fedora_33.Dockerfile index 0a1ac59c..9ae94c70 100644 --- a/test/_fedora_33.Dockerfile +++ b/test/_fedora_33.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_16.Dockerfile b/test/_ubuntu_16.Dockerfile index a92bc6f6..e572efd1 100644 --- a/test/_ubuntu_16.Dockerfile +++ b/test/_ubuntu_16.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ \ No newline at end of file diff --git a/test/_ubuntu_18.Dockerfile b/test/_ubuntu_18.Dockerfile index 2f63ea89..592c5c3f 100644 --- a/test/_ubuntu_18.Dockerfile +++ b/test/_ubuntu_18.Dockerfile @@ -12,5 +12,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_20.Dockerfile b/test/_ubuntu_20.Dockerfile index caa6261f..80e2e007 100644 --- a/test/_ubuntu_20.Dockerfile +++ b/test/_ubuntu_20.Dockerfile @@ -13,5 +13,6 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_21.Dockerfile b/test/_ubuntu_21.Dockerfile new file mode 100644 index 00000000..afddbfa9 --- /dev/null +++ b/test/_ubuntu_21.Dockerfile @@ -0,0 +1,18 @@ +FROM buildpack-deps:hirsute-scm + +ENV GITDIR /etc/.pihole +ENV SCRIPTDIR /opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/ +ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR +ENV DEBIAN_FRONTEND=noninteractive + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV PH_TEST true +ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/conftest.py b/test/conftest.py index 07166ec5..13731eb8 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -8,8 +8,6 @@ check_output = testinfra.get_backend( SETUPVARS = { 'PIHOLE_INTERFACE': 'eth99', - 'IPV4_ADDRESS': '1.1.1.1', - 'IPV6_ADDRESS': 'FE80::240:D0FF:FE48:4672', 'PIHOLE_DNS_1': '4.2.2.1', 'PIHOLE_DNS_2': '4.2.2.2' } diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 44624082..593c19d2 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -18,13 +18,13 @@ def test_supported_operating_system(Pihole): # break supported package managers to emulate an unsupported distribution Pihole.run('rm -rf /usr/bin/apt-get') Pihole.run('rm -rf /usr/bin/rpm') - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = cross_box + ' OS distribution not supported' - assert expected_stdout in distro_check.stdout - # assert distro_check.rc == 1 + assert expected_stdout in package_manager_detect.stdout + # assert package_manager_detect.rc == 1 def test_setupVars_are_sourced_to_global_scope(Pihole): @@ -45,8 +45,6 @@ def test_setupVars_are_sourced_to_global_scope(Pihole): # Currently debug test function only echo "Outputting sourced variables" echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}" - echo "IPV4_ADDRESS=${IPV4_ADDRESS}" - echo "IPV6_ADDRESS=${IPV6_ADDRESS}" echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}" echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}" } @@ -137,7 +135,7 @@ def test_update_package_cache_success_no_errors(Pihole): ''' updateCache = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect update_package_cache ''') expected_stdout = tick_box + ' Update local cache of available packages' @@ -152,7 +150,7 @@ def test_update_package_cache_failure_no_errors(Pihole): mock_command('apt-get', {'update': ('', '1')}, Pihole) updateCache = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect update_package_cache ''') expected_stdout = cross_box + ' Update local cache of available packages' @@ -359,7 +357,7 @@ def test_FTL_download_aarch64_no_errors(Pihole): mock_command('whiptail', {'*': ('', '0')}, Pihole) Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages ${INSTALLER_DEPS[@]} ''') download_binary = Pihole.run(''' @@ -569,7 +567,8 @@ def test_os_check_fails(Pihole): ''' Confirms install fails on unsupported OS ''' Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect + install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} cat < /etc/os-release ID=UnsupportedOS @@ -588,7 +587,8 @@ def test_os_check_passes(Pihole): ''' Confirms OS meets the requirements ''' Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect + install_dependent_packages ${OS_CHECK_DEPS[@]} install_dependent_packages ${INSTALLER_DEPS[@]} ''') detectOS = Pihole.run(''' @@ -597,3 +597,42 @@ def test_os_check_passes(Pihole): ''') expected_stdout = 'Supported OS detected' assert expected_stdout in detectOS.stdout + + +def test_package_manager_has_installer_deps(Pihole): + ''' Confirms OS is able to install the required packages for the installer''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + package_manager_detect + install_dependent_packages ${INSTALLER_DEPS[@]} + ''') + + assert 'No package' not in output.stdout # centos7 still exits 0... + assert output.rc == 0 + + +def test_package_manager_has_pihole_deps(Pihole): + ''' Confirms OS is able to install the required packages for Pi-hole ''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + package_manager_detect + install_dependent_packages ${PIHOLE_DEPS[@]} + ''') + + assert 'No package' not in output.stdout # centos7 still exits 0... + assert output.rc == 0 + + +def test_package_manager_has_web_deps(Pihole): + ''' Confirms OS is able to install the required packages for web ''' + mock_command('whiptail', {'*': ('', '0')}, Pihole) + output = Pihole.run(''' + source /opt/pihole/basic-install.sh + package_manager_detect + install_dependent_packages ${PIHOLE_WEB_DEPS[@]} + ''') + + assert 'No package' not in output.stdout # centos7 still exits 0... + assert output.rc == 0 diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py index 2f744ab4..ed99231a 100644 --- a/test/test_centos_7_support.py +++ b/test/test_centos_7_support.py @@ -9,13 +9,13 @@ def test_php_upgrade_default_optout_centos_eq_7(Pihole): ''' confirms the default behavior to opt-out of installing PHP7 from REMI ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -27,13 +27,13 @@ def test_php_upgrade_user_optout_centos_eq_7(Pihole): ''' # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -45,16 +45,16 @@ def test_php_upgrade_user_optin_centos_eq_7(Pihole): ''' # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert 'opt-out' not in distro_check.stdout + assert 'opt-out' not in package_manager_detect.stdout expected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert remi_package.is_installed diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py index d3e83658..b8ad9607 100644 --- a/test/test_centos_8_support.py +++ b/test/test_centos_8_support.py @@ -10,13 +10,13 @@ def test_php_upgrade_default_continue_centos_gte_8(Pihole): confirms the latest version of CentOS continues / does not optout (should trigger on CentOS7 only) ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -30,13 +30,13 @@ def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole): ''' # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.' ' Deprecated PHP may be in use.') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout # ensure remi was not installed on latest CentOS remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -50,16 +50,16 @@ def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole): ''' # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert 'opt-out' not in distro_check.stdout + assert 'opt-out' not in package_manager_detect.stdout unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout unexpected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert unexpected_stdout not in distro_check.stdout + assert unexpected_stdout not in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py index fdf43cba..8412173d 100644 --- a/test/test_centos_common_support.py +++ b/test/test_centos_common_support.py @@ -13,29 +13,29 @@ def test_release_supported_version_check_centos(Pihole): ''' # modify /etc/redhat-release to mock an unsupported CentOS release Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release') - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = cross_box + (' CentOS 6 is not supported.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = 'Please update to CentOS release 7 or later' - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout def test_enable_epel_repository_centos(Pihole): ''' confirms the EPEL package repository is enabled when installed on CentOS ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' Enabling EPEL package repository ' '(https://fedoraproject.org/wiki/EPEL)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + ' Installed epel-release' - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout epel_package = Pihole.package('epel-release') assert epel_package.is_installed @@ -51,13 +51,13 @@ def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole): default_centos_php_version = php_package.version.split('.')[0] if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended pytest.skip("Test deprecated . Detected default PHP version >= 7") - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -75,13 +75,13 @@ def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole): pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Cancel for user prompt mock_command('whiptail', {'*': ('', '1')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert not remi_package.is_installed @@ -99,20 +99,20 @@ def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole): pytest.skip("Test deprecated . Detected default PHP version >= 7") # Whiptail dialog returns Continue for user prompt mock_command('whiptail', {'*': ('', '0')}, Pihole) - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect install_dependent_packages PIHOLE_WEB_DEPS[@] ''') expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. ' 'Deprecated PHP may be in use.') - assert expected_stdout not in distro_check.stdout + assert expected_stdout not in package_manager_detect.stdout expected_stdout = info_box + (' Enabling Remi\'s RPM repository ' '(https://rpms.remirepo.net)') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout expected_stdout = tick_box + (' Remi\'s RPM repository has ' 'been enabled for PHP7') - assert expected_stdout in distro_check.stdout + assert expected_stdout in package_manager_detect.stdout remi_package = Pihole.package('remi-release') assert remi_package.is_installed updated_php_package = Pihole.package('php') diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py index 473b2e96..a2ac4c71 100644 --- a/test/test_fedora_support.py +++ b/test/test_fedora_support.py @@ -3,11 +3,11 @@ def test_epel_and_remi_not_installed_fedora(Pihole): confirms installer does not attempt to install EPEL/REMI repositories on Fedora ''' - distro_check = Pihole.run(''' + package_manager_detect = Pihole.run(''' source /opt/pihole/basic-install.sh - distro_check + package_manager_detect ''') - assert distro_check.stdout == '' + assert package_manager_detect.stdout == '' epel_package = Pihole.package('epel-release') assert not epel_package.is_installed diff --git a/test/tox.debian_11.ini b/test/tox.debian_11.ini new file mode 100644 index 00000000..af3c6e36 --- /dev/null +++ b/test/tox.debian_11.ini @@ -0,0 +1,8 @@ +[tox] +envlist = py37 + +[testenv] +whitelist_externals = docker +deps = -rrequirements.txt +commands = docker build -f _debian_11.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_automated_install.py diff --git a/test/tox.ubuntu_21.ini b/test/tox.ubuntu_21.ini new file mode 100644 index 00000000..651f933b --- /dev/null +++ b/test/tox.ubuntu_21.ini @@ -0,0 +1,8 @@ +[tox] +envlist = py37 + +[testenv] +whitelist_externals = docker +deps = -rrequirements.txt +commands = docker build -f _ubuntu_21.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_automated_install.py