mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-22 23:08:07 +00:00
Merge branch 'development' into development
This commit is contained in:
commit
583ea4d17a
@ -46,6 +46,12 @@ checkout() {
|
|||||||
local corebranches
|
local corebranches
|
||||||
local webbranches
|
local webbranches
|
||||||
|
|
||||||
|
# Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole
|
||||||
|
local funcOutput
|
||||||
|
funcOutput=$(get_binary_name) #Store output of get_binary_name here
|
||||||
|
local binary
|
||||||
|
binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
|
||||||
|
|
||||||
# Avoid globbing
|
# Avoid globbing
|
||||||
set -f
|
set -f
|
||||||
|
|
||||||
@ -86,7 +92,6 @@ checkout() {
|
|||||||
fi
|
fi
|
||||||
#echo -e " ${TICK} Pi-hole Core"
|
#echo -e " ${TICK} Pi-hole Core"
|
||||||
|
|
||||||
get_binary_name
|
|
||||||
local path
|
local path
|
||||||
path="development/${binary}"
|
path="development/${binary}"
|
||||||
echo "development" > /etc/pihole/ftlbranch
|
echo "development" > /etc/pihole/ftlbranch
|
||||||
@ -101,7 +106,6 @@ checkout() {
|
|||||||
fetch_checkout_pull_branch "${webInterfaceDir}" "master" || { echo " ${CROSS} Unable to pull Web master branch"; exit 1; }
|
fetch_checkout_pull_branch "${webInterfaceDir}" "master" || { echo " ${CROSS} Unable to pull Web master branch"; exit 1; }
|
||||||
fi
|
fi
|
||||||
#echo -e " ${TICK} Web Interface"
|
#echo -e " ${TICK} Web Interface"
|
||||||
get_binary_name
|
|
||||||
local path
|
local path
|
||||||
path="master/${binary}"
|
path="master/${binary}"
|
||||||
echo "master" > /etc/pihole/ftlbranch
|
echo "master" > /etc/pihole/ftlbranch
|
||||||
@ -161,7 +165,6 @@ checkout() {
|
|||||||
fi
|
fi
|
||||||
checkout_pull_branch "${webInterfaceDir}" "${2}"
|
checkout_pull_branch "${webInterfaceDir}" "${2}"
|
||||||
elif [[ "${1}" == "ftl" ]] ; then
|
elif [[ "${1}" == "ftl" ]] ; then
|
||||||
get_binary_name
|
|
||||||
local path
|
local path
|
||||||
path="${2}/${binary}"
|
path="${2}/${binary}"
|
||||||
|
|
||||||
|
@ -31,7 +31,6 @@ source "/opt/pihole/COL_TABLE"
|
|||||||
# make_repo() sourced from basic-install.sh
|
# make_repo() sourced from basic-install.sh
|
||||||
# update_repo() source from basic-install.sh
|
# update_repo() source from basic-install.sh
|
||||||
# getGitFiles() sourced from basic-install.sh
|
# getGitFiles() sourced from basic-install.sh
|
||||||
# get_binary_name() sourced from basic-install.sh
|
|
||||||
# FTLcheckUpdate() sourced from basic-install.sh
|
# FTLcheckUpdate() sourced from basic-install.sh
|
||||||
|
|
||||||
GitCheckUpdateAvail() {
|
GitCheckUpdateAvail() {
|
||||||
|
@ -404,13 +404,15 @@ SetWebUILayout() {
|
|||||||
CustomizeAdLists() {
|
CustomizeAdLists() {
|
||||||
local address
|
local address
|
||||||
address="${args[3]}"
|
address="${args[3]}"
|
||||||
|
local comment
|
||||||
|
comment="${args[4]}"
|
||||||
|
|
||||||
if [[ "${args[2]}" == "enable" ]]; then
|
if [[ "${args[2]}" == "enable" ]]; then
|
||||||
sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
|
sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
|
||||||
elif [[ "${args[2]}" == "disable" ]]; then
|
elif [[ "${args[2]}" == "disable" ]]; then
|
||||||
sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
|
sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
|
||||||
elif [[ "${args[2]}" == "add" ]]; then
|
elif [[ "${args[2]}" == "add" ]]; then
|
||||||
sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address) VALUES ('${address}')"
|
sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')"
|
||||||
elif [[ "${args[2]}" == "del" ]]; then
|
elif [[ "${args[2]}" == "del" ]]; then
|
||||||
sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
|
sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
|
||||||
else
|
else
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
# Pi-hole: A black hole for Internet advertisements
|
# Pi-hole: A black hole for Internet advertisements
|
||||||
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
||||||
# Network-wide ad blocking via your own hardware.
|
# Network-wide ad blocking via your own hardware.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
### BEGIN INIT INFO
|
### BEGIN INIT INFO
|
||||||
# Provides: pihole-FTL
|
# Provides: pihole-FTL
|
||||||
# Required-Start: $remote_fs $syslog
|
# Required-Start: $remote_fs $syslog
|
||||||
|
@ -138,9 +138,6 @@ else
|
|||||||
OVER="\\r\\033[K"
|
OVER="\\r\\033[K"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Define global binary variable
|
|
||||||
binary="tbd"
|
|
||||||
|
|
||||||
# A simple function that just echoes out our logo in ASCII format
|
# A simple function that just echoes out our logo in ASCII format
|
||||||
# This lets users know that it is a Pi-hole, LLC product
|
# This lets users know that it is a Pi-hole, LLC product
|
||||||
show_ascii_berry() {
|
show_ascii_berry() {
|
||||||
@ -250,7 +247,7 @@ if is_command apt-get ; then
|
|||||||
PIHOLE_DEPS=(cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2)
|
PIHOLE_DEPS=(cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2)
|
||||||
# The Web dashboard has some that also need to be installed
|
# The Web dashboard has some that also need to be installed
|
||||||
# It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
|
# It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
|
||||||
PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}")
|
PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml")
|
||||||
# The Web server user,
|
# The Web server user,
|
||||||
LIGHTTPD_USER="www-data"
|
LIGHTTPD_USER="www-data"
|
||||||
# group,
|
# group,
|
||||||
@ -290,7 +287,7 @@ elif is_command rpm ; then
|
|||||||
PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
|
PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
|
||||||
INSTALLER_DEPS=(dialog git iproute newt procps-ng which chkconfig)
|
INSTALLER_DEPS=(dialog git iproute newt procps-ng which chkconfig)
|
||||||
PIHOLE_DEPS=(bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap)
|
PIHOLE_DEPS=(bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap)
|
||||||
PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo)
|
PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml)
|
||||||
LIGHTTPD_USER="lighttpd"
|
LIGHTTPD_USER="lighttpd"
|
||||||
LIGHTTPD_GROUP="lighttpd"
|
LIGHTTPD_GROUP="lighttpd"
|
||||||
LIGHTTPD_CFG="lighttpd.conf.fedora"
|
LIGHTTPD_CFG="lighttpd.conf.fedora"
|
||||||
@ -1959,20 +1956,42 @@ installPihole() {
|
|||||||
|
|
||||||
# SELinux
|
# SELinux
|
||||||
checkSelinux() {
|
checkSelinux() {
|
||||||
# If the getenforce command exists,
|
local DEFAULT_SELINUX
|
||||||
if is_command getenforce ; then
|
local CURRENT_SELINUX
|
||||||
# Store the current mode in a variable
|
local SELINUX_ENFORCING=0
|
||||||
enforceMode=$(getenforce)
|
# Check if a SELinux configuration file exists
|
||||||
printf "\\n %b SELinux mode detected: %s\\n" "${INFO}" "${enforceMode}"
|
if [[ -f /etc/selinux/config ]]; then
|
||||||
|
# If a SELinux configuration file was found, check the default SELinux mode.
|
||||||
# If it's enforcing,
|
DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config)
|
||||||
if [[ "${enforceMode}" == "Enforcing" ]]; then
|
case "${DEFAULT_SELINUX,,}" in
|
||||||
# Explain Pi-hole does not support it yet
|
enforcing)
|
||||||
whiptail --defaultno --title "SELinux Enforcing Detected" --yesno "SELinux is being ENFORCED on your system! \\n\\nPi-hole currently does not support SELinux, but you may still continue with the installation.\\n\\nNote: Web Admin will not be fully functional unless you set your policies correctly\\n\\nContinue installing Pi-hole?" "${r}" "${c}" || \
|
printf " %b %bDefault SELinux: %s%b\\n" "${CROSS}" "${COL_RED}" "${DEFAULT_SELINUX}" "${COL_NC}"
|
||||||
{ printf "\\n %bSELinux Enforcing detected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; }
|
SELINUX_ENFORCING=1
|
||||||
printf " %b Continuing installation with SELinux Enforcing\\n" "${INFO}"
|
;;
|
||||||
printf " %b Please refer to official SELinux documentation to create a custom policy\\n" "${INFO}"
|
*) # 'permissive' and 'disabled'
|
||||||
|
printf " %b %bDefault SELinux: %s%b\\n" "${TICK}" "${COL_GREEN}" "${DEFAULT_SELINUX}" "${COL_NC}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
# Check the current state of SELinux
|
||||||
|
CURRENT_SELINUX=$(getenforce)
|
||||||
|
case "${CURRENT_SELINUX,,}" in
|
||||||
|
enforcing)
|
||||||
|
printf " %b %bCurrent SELinux: %s%b\\n" "${CROSS}" "${COL_RED}" "${CURRENT_SELINUX}" "${COL_NC}"
|
||||||
|
SELINUX_ENFORCING=1
|
||||||
|
;;
|
||||||
|
*) # 'permissive' and 'disabled'
|
||||||
|
printf " %b %bCurrent SELinux: %s%b\\n" "${TICK}" "${COL_GREEN}" "${CURRENT_SELINUX}" "${COL_NC}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
else
|
||||||
|
echo -e " ${INFO} ${COL_GREEN}SELinux not detected${COL_NC}";
|
||||||
fi
|
fi
|
||||||
|
# Exit the installer if any SELinux checks toggled the flag
|
||||||
|
if [[ "${SELINUX_ENFORCING}" -eq 1 ]] && [[ -z "${PIHOLE_SELINUX}" ]]; then
|
||||||
|
printf " Pi-hole does not provide an SELinux policy as the required changes modify the security of your system.\\n"
|
||||||
|
printf " Please refer to https://wiki.centos.org/HowTos/SELinux if SELinux is required for your deployment.\\n"
|
||||||
|
printf "\\n %bSELinux Enforcing detected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}";
|
||||||
|
exit 1;
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2167,7 +2186,10 @@ clone_or_update_repos() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Download FTL binary to random temp directory and install FTL binary
|
# Download FTL binary to random temp directory and install FTL binary
|
||||||
|
# Disable directive for SC2120 a value _can_ be passed to this function, but it is passed from an external script that sources this one
|
||||||
|
# shellcheck disable=SC2120
|
||||||
FTLinstall() {
|
FTLinstall() {
|
||||||
|
|
||||||
# Local, named variables
|
# Local, named variables
|
||||||
local latesttag
|
local latesttag
|
||||||
local str="Downloading and Installing FTL"
|
local str="Downloading and Installing FTL"
|
||||||
@ -2197,6 +2219,9 @@ FTLinstall() {
|
|||||||
ftlBranch="master"
|
ftlBranch="master"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
local binary
|
||||||
|
binary="${1}"
|
||||||
|
|
||||||
# Determine which version of FTL to download
|
# Determine which version of FTL to download
|
||||||
if [[ "${ftlBranch}" == "master" ]];then
|
if [[ "${ftlBranch}" == "master" ]];then
|
||||||
url="https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}"
|
url="https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}"
|
||||||
@ -2275,6 +2300,8 @@ get_binary_name() {
|
|||||||
local machine
|
local machine
|
||||||
machine=$(uname -m)
|
machine=$(uname -m)
|
||||||
|
|
||||||
|
local l_binary
|
||||||
|
|
||||||
local str="Detecting architecture"
|
local str="Detecting architecture"
|
||||||
printf " %b %s..." "${INFO}" "${str}"
|
printf " %b %s..." "${INFO}" "${str}"
|
||||||
# If the machine is arm or aarch
|
# If the machine is arm or aarch
|
||||||
@ -2290,19 +2317,19 @@ get_binary_name() {
|
|||||||
if [[ "${lib}" == "/lib/ld-linux-aarch64.so.1" ]]; then
|
if [[ "${lib}" == "/lib/ld-linux-aarch64.so.1" ]]; then
|
||||||
printf "%b %b Detected ARM-aarch64 architecture\\n" "${OVER}" "${TICK}"
|
printf "%b %b Detected ARM-aarch64 architecture\\n" "${OVER}" "${TICK}"
|
||||||
# set the binary to be used
|
# set the binary to be used
|
||||||
binary="pihole-FTL-aarch64-linux-gnu"
|
l_binary="pihole-FTL-aarch64-linux-gnu"
|
||||||
#
|
#
|
||||||
elif [[ "${lib}" == "/lib/ld-linux-armhf.so.3" ]]; then
|
elif [[ "${lib}" == "/lib/ld-linux-armhf.so.3" ]]; then
|
||||||
#
|
#
|
||||||
if [[ "${rev}" -gt 6 ]]; then
|
if [[ "${rev}" -gt 6 ]]; then
|
||||||
printf "%b %b Detected ARM-hf architecture (armv7+)\\n" "${OVER}" "${TICK}"
|
printf "%b %b Detected ARM-hf architecture (armv7+)\\n" "${OVER}" "${TICK}"
|
||||||
# set the binary to be used
|
# set the binary to be used
|
||||||
binary="pihole-FTL-arm-linux-gnueabihf"
|
l_binary="pihole-FTL-arm-linux-gnueabihf"
|
||||||
# Otherwise,
|
# Otherwise,
|
||||||
else
|
else
|
||||||
printf "%b %b Detected ARM-hf architecture (armv6 or lower) Using ARM binary\\n" "${OVER}" "${TICK}"
|
printf "%b %b Detected ARM-hf architecture (armv6 or lower) Using ARM binary\\n" "${OVER}" "${TICK}"
|
||||||
# set the binary to be used
|
# set the binary to be used
|
||||||
binary="pihole-FTL-arm-linux-gnueabi"
|
l_binary="pihole-FTL-arm-linux-gnueabi"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [[ -f "/.dockerenv" ]]; then
|
if [[ -f "/.dockerenv" ]]; then
|
||||||
@ -2326,12 +2353,12 @@ get_binary_name() {
|
|||||||
# in the past (see https://github.com/pi-hole/pi-hole/pull/2004)
|
# in the past (see https://github.com/pi-hole/pi-hole/pull/2004)
|
||||||
if [[ "${dpkgarch}" == "i386" ]]; then
|
if [[ "${dpkgarch}" == "i386" ]]; then
|
||||||
printf "%b %b Detected 32bit (i686) architecture\\n" "${OVER}" "${TICK}"
|
printf "%b %b Detected 32bit (i686) architecture\\n" "${OVER}" "${TICK}"
|
||||||
binary="pihole-FTL-linux-x86_32"
|
l_binary="pihole-FTL-linux-x86_32"
|
||||||
else
|
else
|
||||||
# 64bit
|
# 64bit
|
||||||
printf "%b %b Detected x86_64 architecture\\n" "${OVER}" "${TICK}"
|
printf "%b %b Detected x86_64 architecture\\n" "${OVER}" "${TICK}"
|
||||||
# set the binary to be used
|
# set the binary to be used
|
||||||
binary="pihole-FTL-linux-x86_64"
|
l_binary="pihole-FTL-linux-x86_64"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
# Something else - we try to use 32bit executable and warn the user
|
# Something else - we try to use 32bit executable and warn the user
|
||||||
@ -2342,13 +2369,13 @@ get_binary_name() {
|
|||||||
else
|
else
|
||||||
printf "%b %b Detected 32bit (i686) architecture\\n" "${OVER}" "${TICK}"
|
printf "%b %b Detected 32bit (i686) architecture\\n" "${OVER}" "${TICK}"
|
||||||
fi
|
fi
|
||||||
binary="pihole-FTL-linux-x86_32"
|
l_binary="pihole-FTL-linux-x86_32"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo ${l_binary}
|
||||||
}
|
}
|
||||||
|
|
||||||
FTLcheckUpdate() {
|
FTLcheckUpdate() {
|
||||||
get_binary_name
|
|
||||||
|
|
||||||
#In the next section we check to see if FTL is already installed (in case of pihole -r).
|
#In the next section we check to see if FTL is already installed (in case of pihole -r).
|
||||||
#If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download
|
#If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download
|
||||||
printf " %b Checking for existing FTL binary...\\n" "${INFO}"
|
printf " %b Checking for existing FTL binary...\\n" "${INFO}"
|
||||||
@ -2364,6 +2391,9 @@ FTLcheckUpdate() {
|
|||||||
ftlBranch="master"
|
ftlBranch="master"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
local binary
|
||||||
|
binary="${1}"
|
||||||
|
|
||||||
local remoteSha1
|
local remoteSha1
|
||||||
local localSha1
|
local localSha1
|
||||||
|
|
||||||
@ -2442,8 +2472,10 @@ FTLcheckUpdate() {
|
|||||||
FTLdetect() {
|
FTLdetect() {
|
||||||
printf "\\n %b FTL Checks...\\n\\n" "${INFO}"
|
printf "\\n %b FTL Checks...\\n\\n" "${INFO}"
|
||||||
|
|
||||||
if FTLcheckUpdate ; then
|
printf " %b" "${2}"
|
||||||
FTLinstall || return 1
|
|
||||||
|
if FTLcheckUpdate "${1}"; then
|
||||||
|
FTLinstall "${1}" || return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2606,8 +2638,15 @@ main() {
|
|||||||
fi
|
fi
|
||||||
# Create the pihole user
|
# Create the pihole user
|
||||||
create_pihole_user
|
create_pihole_user
|
||||||
|
|
||||||
# Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole
|
# Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole
|
||||||
if ! FTLdetect; then
|
local funcOutput
|
||||||
|
funcOutput=$(get_binary_name) #Store output of get_binary_name here
|
||||||
|
local binary
|
||||||
|
binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
|
||||||
|
local theRest
|
||||||
|
theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL")
|
||||||
|
if ! FTLdetect "${binary}" "${theRest}"; then
|
||||||
printf " %b FTL Engine not installed\\n" "${CROSS}"
|
printf " %b FTL Engine not installed\\n" "${CROSS}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
2
pihole
2
pihole
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
# Pi-hole: A black hole for Internet advertisements
|
# Pi-hole: A black hole for Internet advertisements
|
||||||
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
||||||
|
@ -254,73 +254,16 @@ def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
|
|||||||
assert len(re.findall(r'tcp --dport 4711:4720', firewall_calls)) == 2
|
assert len(re.findall(r'tcp --dport 4711:4720', firewall_calls)) == 2
|
||||||
|
|
||||||
|
|
||||||
def test_selinux_enforcing_default_exit(Pihole):
|
def test_selinux_not_detected(Pihole):
|
||||||
'''
|
'''
|
||||||
confirms installer prompts to exit when SELinux is Enforcing by default
|
confirms installer continues when SELinux configuration file does not exist
|
||||||
'''
|
'''
|
||||||
# getenforce returns the running state of SELinux
|
|
||||||
mock_command('getenforce', {'*': ('Enforcing', '0')}, Pihole)
|
|
||||||
# Whiptail dialog returns Cancel for user prompt
|
|
||||||
mock_command('whiptail', {'*': ('', '1')}, Pihole)
|
|
||||||
check_selinux = Pihole.run('''
|
check_selinux = Pihole.run('''
|
||||||
|
rm -f /etc/selinux/config
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
checkSelinux
|
checkSelinux
|
||||||
''')
|
''')
|
||||||
expected_stdout = info_box + ' SELinux mode detected: Enforcing'
|
expected_stdout = info_box + ' SELinux not detected'
|
||||||
assert expected_stdout in check_selinux.stdout
|
|
||||||
expected_stdout = 'SELinux Enforcing detected, exiting installer'
|
|
||||||
assert expected_stdout in check_selinux.stdout
|
|
||||||
assert check_selinux.rc == 1
|
|
||||||
|
|
||||||
|
|
||||||
def test_selinux_enforcing_continue(Pihole):
|
|
||||||
'''
|
|
||||||
confirms installer prompts to continue with custom policy warning
|
|
||||||
'''
|
|
||||||
# getenforce returns the running state of SELinux
|
|
||||||
mock_command('getenforce', {'*': ('Enforcing', '0')}, Pihole)
|
|
||||||
# Whiptail dialog returns Continue for user prompt
|
|
||||||
mock_command('whiptail', {'*': ('', '0')}, Pihole)
|
|
||||||
check_selinux = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
checkSelinux
|
|
||||||
''')
|
|
||||||
expected_stdout = info_box + ' SELinux mode detected: Enforcing'
|
|
||||||
assert expected_stdout in check_selinux.stdout
|
|
||||||
expected_stdout = info_box + (' Continuing installation with SELinux '
|
|
||||||
'Enforcing')
|
|
||||||
assert expected_stdout in check_selinux.stdout
|
|
||||||
expected_stdout = info_box + (' Please refer to official SELinux '
|
|
||||||
'documentation to create a custom policy')
|
|
||||||
assert expected_stdout in check_selinux.stdout
|
|
||||||
assert check_selinux.rc == 0
|
|
||||||
|
|
||||||
|
|
||||||
def test_selinux_permissive(Pihole):
|
|
||||||
'''
|
|
||||||
confirms installer continues when SELinux is Permissive
|
|
||||||
'''
|
|
||||||
# getenforce returns the running state of SELinux
|
|
||||||
mock_command('getenforce', {'*': ('Permissive', '0')}, Pihole)
|
|
||||||
check_selinux = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
checkSelinux
|
|
||||||
''')
|
|
||||||
expected_stdout = info_box + ' SELinux mode detected: Permissive'
|
|
||||||
assert expected_stdout in check_selinux.stdout
|
|
||||||
assert check_selinux.rc == 0
|
|
||||||
|
|
||||||
|
|
||||||
def test_selinux_disabled(Pihole):
|
|
||||||
'''
|
|
||||||
confirms installer continues when SELinux is Disabled
|
|
||||||
'''
|
|
||||||
mock_command('getenforce', {'*': ('Disabled', '0')}, Pihole)
|
|
||||||
check_selinux = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
checkSelinux
|
|
||||||
''')
|
|
||||||
expected_stdout = info_box + ' SELinux mode detected: Disabled'
|
|
||||||
assert expected_stdout in check_selinux.stdout
|
assert expected_stdout in check_selinux.stdout
|
||||||
assert check_selinux.rc == 0
|
assert check_selinux.rc == 0
|
||||||
|
|
||||||
@ -399,7 +342,10 @@ def test_FTL_detect_aarch64_no_errors(Pihole):
|
|||||||
detectPlatform = Pihole.run('''
|
detectPlatform = Pihole.run('''
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
create_pihole_user
|
create_pihole_user
|
||||||
FTLdetect
|
funcOutput=$(get_binary_name)
|
||||||
|
binary="pihole-FTL${funcOutput##*pihole-FTL}"
|
||||||
|
theRest="${funcOutput%pihole-FTL*}"
|
||||||
|
FTLdetect "${binary}" "${theRest}"
|
||||||
''')
|
''')
|
||||||
expected_stdout = info_box + ' FTL Checks...'
|
expected_stdout = info_box + ' FTL Checks...'
|
||||||
assert expected_stdout in detectPlatform.stdout
|
assert expected_stdout in detectPlatform.stdout
|
||||||
@ -420,7 +366,10 @@ def test_FTL_detect_armv6l_no_errors(Pihole):
|
|||||||
detectPlatform = Pihole.run('''
|
detectPlatform = Pihole.run('''
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
create_pihole_user
|
create_pihole_user
|
||||||
FTLdetect
|
funcOutput=$(get_binary_name)
|
||||||
|
binary="pihole-FTL${funcOutput##*pihole-FTL}"
|
||||||
|
theRest="${funcOutput%pihole-FTL*}"
|
||||||
|
FTLdetect "${binary}" "${theRest}"
|
||||||
''')
|
''')
|
||||||
expected_stdout = info_box + ' FTL Checks...'
|
expected_stdout = info_box + ' FTL Checks...'
|
||||||
assert expected_stdout in detectPlatform.stdout
|
assert expected_stdout in detectPlatform.stdout
|
||||||
@ -442,7 +391,10 @@ def test_FTL_detect_armv7l_no_errors(Pihole):
|
|||||||
detectPlatform = Pihole.run('''
|
detectPlatform = Pihole.run('''
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
create_pihole_user
|
create_pihole_user
|
||||||
FTLdetect
|
funcOutput=$(get_binary_name)
|
||||||
|
binary="pihole-FTL${funcOutput##*pihole-FTL}"
|
||||||
|
theRest="${funcOutput%pihole-FTL*}"
|
||||||
|
FTLdetect "${binary}" "${theRest}"
|
||||||
''')
|
''')
|
||||||
expected_stdout = info_box + ' FTL Checks...'
|
expected_stdout = info_box + ' FTL Checks...'
|
||||||
assert expected_stdout in detectPlatform.stdout
|
assert expected_stdout in detectPlatform.stdout
|
||||||
@ -459,7 +411,10 @@ def test_FTL_detect_x86_64_no_errors(Pihole):
|
|||||||
detectPlatform = Pihole.run('''
|
detectPlatform = Pihole.run('''
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
create_pihole_user
|
create_pihole_user
|
||||||
FTLdetect
|
funcOutput=$(get_binary_name)
|
||||||
|
binary="pihole-FTL${funcOutput##*pihole-FTL}"
|
||||||
|
theRest="${funcOutput%pihole-FTL*}"
|
||||||
|
FTLdetect "${binary}" "${theRest}"
|
||||||
''')
|
''')
|
||||||
expected_stdout = info_box + ' FTL Checks...'
|
expected_stdout = info_box + ' FTL Checks...'
|
||||||
assert expected_stdout in detectPlatform.stdout
|
assert expected_stdout in detectPlatform.stdout
|
||||||
@ -476,7 +431,10 @@ def test_FTL_detect_unknown_no_errors(Pihole):
|
|||||||
detectPlatform = Pihole.run('''
|
detectPlatform = Pihole.run('''
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
create_pihole_user
|
create_pihole_user
|
||||||
FTLdetect
|
funcOutput=$(get_binary_name)
|
||||||
|
binary="pihole-FTL${funcOutput##*pihole-FTL}"
|
||||||
|
theRest="${funcOutput%pihole-FTL*}"
|
||||||
|
FTLdetect "${binary}" "${theRest}"
|
||||||
''')
|
''')
|
||||||
expected_stdout = 'Not able to detect architecture (unknown: mips)'
|
expected_stdout = 'Not able to detect architecture (unknown: mips)'
|
||||||
assert expected_stdout in detectPlatform.stdout
|
assert expected_stdout in detectPlatform.stdout
|
||||||
@ -495,64 +453,14 @@ def test_FTL_download_aarch64_no_errors(Pihole):
|
|||||||
''')
|
''')
|
||||||
download_binary = Pihole.run('''
|
download_binary = Pihole.run('''
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
binary="pihole-FTL-aarch64-linux-gnu"
|
|
||||||
create_pihole_user
|
create_pihole_user
|
||||||
FTLinstall
|
FTLinstall "pihole-FTL-aarch64-linux-gnu"
|
||||||
''')
|
''')
|
||||||
expected_stdout = tick_box + ' Downloading and Installing FTL'
|
expected_stdout = tick_box + ' Downloading and Installing FTL'
|
||||||
assert expected_stdout in download_binary.stdout
|
assert expected_stdout in download_binary.stdout
|
||||||
assert 'error' not in download_binary.stdout.lower()
|
assert 'error' not in download_binary.stdout.lower()
|
||||||
|
|
||||||
|
|
||||||
def test_FTL_download_unknown_fails_no_errors(Pihole):
|
|
||||||
'''
|
|
||||||
confirms unknown binary is not downloaded for FTL engine
|
|
||||||
'''
|
|
||||||
# mock whiptail answers and ensure installer dependencies
|
|
||||||
mock_command('whiptail', {'*': ('', '0')}, Pihole)
|
|
||||||
Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
distro_check
|
|
||||||
install_dependent_packages ${INSTALLER_DEPS[@]}
|
|
||||||
''')
|
|
||||||
download_binary = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
binary="pihole-FTL-mips"
|
|
||||||
create_pihole_user
|
|
||||||
FTLinstall
|
|
||||||
''')
|
|
||||||
expected_stdout = cross_box + ' Downloading and Installing FTL'
|
|
||||||
assert expected_stdout in download_binary.stdout
|
|
||||||
error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/'
|
|
||||||
assert error1 in download_binary.stdout
|
|
||||||
error2 = 'not found'
|
|
||||||
assert error2 in download_binary.stdout
|
|
||||||
|
|
||||||
|
|
||||||
def test_FTL_download_binary_unset_no_errors(Pihole):
|
|
||||||
'''
|
|
||||||
confirms unset binary variable does not download FTL engine
|
|
||||||
'''
|
|
||||||
# mock whiptail answers and ensure installer dependencies
|
|
||||||
mock_command('whiptail', {'*': ('', '0')}, Pihole)
|
|
||||||
Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
distro_check
|
|
||||||
install_dependent_packages ${INSTALLER_DEPS[@]}
|
|
||||||
''')
|
|
||||||
download_binary = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
create_pihole_user
|
|
||||||
FTLinstall
|
|
||||||
''')
|
|
||||||
expected_stdout = cross_box + ' Downloading and Installing FTL'
|
|
||||||
assert expected_stdout in download_binary.stdout
|
|
||||||
error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/'
|
|
||||||
assert error1 in download_binary.stdout
|
|
||||||
error2 = 'not found'
|
|
||||||
assert error2 in download_binary.stdout
|
|
||||||
|
|
||||||
|
|
||||||
def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
|
def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
|
||||||
'''
|
'''
|
||||||
confirms FTL binary is copied and functional in installed location
|
confirms FTL binary is copied and functional in installed location
|
||||||
@ -560,7 +468,10 @@ def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
|
|||||||
installed_binary = Pihole.run('''
|
installed_binary = Pihole.run('''
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
create_pihole_user
|
create_pihole_user
|
||||||
FTLdetect
|
funcOutput=$(get_binary_name)
|
||||||
|
binary="pihole-FTL${funcOutput##*pihole-FTL}"
|
||||||
|
theRest="${funcOutput%pihole-FTL*}"
|
||||||
|
FTLdetect "${binary}" "${theRest}"
|
||||||
pihole-FTL version
|
pihole-FTL version
|
||||||
''')
|
''')
|
||||||
expected_stdout = 'v'
|
expected_stdout = 'v'
|
||||||
|
@ -8,6 +8,69 @@ from conftest import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def mock_selinux_config(state, Pihole):
|
||||||
|
'''
|
||||||
|
Creates a mock SELinux config file with expected content
|
||||||
|
'''
|
||||||
|
# validate state string
|
||||||
|
valid_states = ['enforcing', 'permissive', 'disabled']
|
||||||
|
assert state in valid_states
|
||||||
|
# getenforce returns the running state of SELinux
|
||||||
|
mock_command('getenforce', {'*': (state.capitalize(), '0')}, Pihole)
|
||||||
|
# create mock configuration with desired content
|
||||||
|
Pihole.run('''
|
||||||
|
mkdir /etc/selinux
|
||||||
|
echo "SELINUX={state}" > /etc/selinux/config
|
||||||
|
'''.format(state=state.lower()))
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
|
||||||
|
def test_selinux_enforcing_exit(Pihole):
|
||||||
|
'''
|
||||||
|
confirms installer prompts to exit when SELinux is Enforcing by default
|
||||||
|
'''
|
||||||
|
mock_selinux_config("enforcing", Pihole)
|
||||||
|
check_selinux = Pihole.run('''
|
||||||
|
source /opt/pihole/basic-install.sh
|
||||||
|
checkSelinux
|
||||||
|
''')
|
||||||
|
expected_stdout = cross_box + ' Current SELinux: Enforcing'
|
||||||
|
assert expected_stdout in check_selinux.stdout
|
||||||
|
expected_stdout = 'SELinux Enforcing detected, exiting installer'
|
||||||
|
assert expected_stdout in check_selinux.stdout
|
||||||
|
assert check_selinux.rc == 1
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
|
||||||
|
def test_selinux_permissive(Pihole):
|
||||||
|
'''
|
||||||
|
confirms installer continues when SELinux is Permissive
|
||||||
|
'''
|
||||||
|
mock_selinux_config("permissive", Pihole)
|
||||||
|
check_selinux = Pihole.run('''
|
||||||
|
source /opt/pihole/basic-install.sh
|
||||||
|
checkSelinux
|
||||||
|
''')
|
||||||
|
expected_stdout = tick_box + ' Current SELinux: Permissive'
|
||||||
|
assert expected_stdout in check_selinux.stdout
|
||||||
|
assert check_selinux.rc == 0
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
|
||||||
|
def test_selinux_disabled(Pihole):
|
||||||
|
'''
|
||||||
|
confirms installer continues when SELinux is Disabled
|
||||||
|
'''
|
||||||
|
mock_selinux_config("disabled", Pihole)
|
||||||
|
check_selinux = Pihole.run('''
|
||||||
|
source /opt/pihole/basic-install.sh
|
||||||
|
checkSelinux
|
||||||
|
''')
|
||||||
|
expected_stdout = tick_box + ' Current SELinux: Disabled'
|
||||||
|
assert expected_stdout in check_selinux.stdout
|
||||||
|
assert check_selinux.rc == 0
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize("tag", [('fedora'), ])
|
@pytest.mark.parametrize("tag", [('fedora'), ])
|
||||||
def test_epel_and_remi_not_installed_fedora(Pihole):
|
def test_epel_and_remi_not_installed_fedora(Pihole):
|
||||||
'''
|
'''
|
||||||
|
Loading…
Reference in New Issue
Block a user