# Some distros vary slightly so these fixes for dependencies may apply
# on Ubuntu 18.04.1 LTS we need to add the universe repository to gain access to dialog and dhcpcd5
APT_SOURCES="/etc/apt/sources.list"
if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}'${APT_SOURCES};then
if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5\\n- dialog"${r}${c};then
if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5\\n- dialog""${r}""${c}";then
printf" %b Aborting installation: dependencies could not be installed.\\n""${CROSS}"
exit# exit the installer
else
printf" %b Enabling universe package repository for Ubuntu Bionic\\n""${INFO}"
cp ${APT_SOURCES}${APT_SOURCES}.backup # Backup current repo list
cp -p ${APT_SOURCES}${APT_SOURCES}.backup # Backup current repo list
printf" %b Backed up current configuration to %s\\n""${TICK}""${APT_SOURCES}.backup"
# Since PHP 7 is available by default, install via default PHP package names
: # do nothing as PHP is current
@ -329,7 +329,7 @@ elif is_command rpm ; then
rpm -q ${REMI_PKG}&> /dev/null ||rc=$?
if[[$rc -ne 0]];then
# The PHP version available via default repositories is older than version 7
if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information"${r}${c};then
if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information""${r}""${c}";then
# User decided to NOT update PHP from REMI, attempt to install the default available PHP version
printf" %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n""${INFO}"
: # continue with unsupported php version
@ -352,7 +352,7 @@ elif is_command rpm ; then
fi
else
# Warn user of unsupported version of Fedora or CentOS
if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+"${r}${c};then
if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+""${r}""${c}";then
printf" %b Aborting installation due to unsupported RPM based distribution\\n""${CROSS}"
exit# exit the installer
else
@ -414,6 +414,9 @@ make_repo() {
fi
# Clone the repo and return the return code from this command
# Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
chmod -R a+rX "${directory}"
# Show a colored message showing it's status
printf"%b %b %s\\n""${OVER}""${TICK}""${str}"
# Always return 0? Not sure this is correct
@ -447,6 +450,8 @@ update_repo() {
git pull --quiet &> /dev/null ||return$?
# Show a completion message
printf"%b %b %s\\n""${OVER}""${TICK}""${str}"
# Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
chmod -R a+rX "${directory}"
# Move back into the original directory
cd"${curdir}"&> /dev/null ||return1
return0
@ -494,6 +499,8 @@ resetRepo() {
printf" %b %s...""${INFO}""${str}"
# Use git to remove the local changes
git reset --hard &> /dev/null ||return$?
# Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
chmod -R a+rX "${directory}"
# And show the status
printf"%b %b %s\\n""${OVER}""${TICK}""${str}"
# Returning success anyway?
@ -537,15 +544,15 @@ get_available_interfaces() {
# A function for displaying the dialogs the user sees when first running the installer
welcomeDialogs(){
# Display the welcome dialog using an appropriately sized window via the calculation conducted earlier in the script
whiptail --msgbox --backtitle "Welcome" --title "Pi-hole automated installer""\\n\\nThis installer will transform your device into a network-wide ad blocker!"${r}${c}
whiptail --msgbox --backtitle "Welcome" --title "Pi-hole automated installer""\\n\\nThis installer will transform your device into a network-wide ad blocker!""${r}""${c}"
# Request that users donate if they enjoy the software since we all work on it in our free time
whiptail --msgbox --backtitle "Plea" --title "Free and open source""\\n\\nThe Pi-hole is free, but powered by your donations: http://pi-hole.net/donate"${r}${c}
whiptail --msgbox --backtitle "Plea" --title "Free and open source""\\n\\nThe Pi-hole is free, but powered by your donations: http://pi-hole.net/donate""${r}""${c}"
# Explain the need for a static address
whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed""\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly.
In the next section, you can choose to use your current network settings (DHCP) or to manually edit them."${r}${c}
In the next section, you can choose to use your current network settings (DHCP) or to manually edit them.""${r}""${c}"
}
# We need to make sure there is enough space before installing, so there is a function to check this
@ -632,7 +639,7 @@ chooseInterface() {
# Feed the available interfaces into this while loop
done<<<"${availableInterfaces}"
# The whiptail command that will be run, stored in a variable
chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to select)"${r}${c}${interfaceCount})
chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to select)""${r}""${c}""${interfaceCount}")
# Now run the command using the interfaces saved into the array
whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported""$IPV6_ADDRESS will be used to block ads."${r}${c}
whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported""$IPV6_ADDRESS will be used to block ads.""${r}""${c}"
fi
}
@ -723,7 +730,7 @@ use4andor6() {
local useIPv4
local useIPv6
# Let use select IPv4 and/or IPv6 via a checklist
cmd=(whiptail --separate-output --checklist "Select Protocols (press space to select)"${r}${c} 2)
cmd=(whiptail --separate-output --checklist "Select Protocols (press space to select)""${r}""${c}" 2)
# In an array, show the options available:
# IPv4 (on by default)
options=(IPv4 "Block ads over IPv4" on
@ -772,11 +779,11 @@ getStaticIPv4Settings() {
# This is useful for users that are using DHCP reservations; then we can just use the information gathered via our functions
if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Do you want to use your current network settings as a static address?
IP address: ${IPV4_ADDRESS}
Gateway: ${IPv4gw}"${r}${c}; then
Gateway: ${IPv4gw}""${r}""${c}"; then
# If they choose yes, let the user know that the IP address will not be available via DHCP and may cause a conflict.
whiptail --msgbox --backtitle "IP information" --title "FYI: IP Conflict""It is possible your router could still try to assign this IP to a device, which would cause a conflict. But in most cases the router is smart enough to not do that.
If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want.
It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address."${r}${c}
It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address.""${r}""${c}"
# Nothing else to do since the variables are already set above
else
# Otherwise, we need to ask the user to input their desired settings.
@ -785,13 +792,13 @@ It is also possible to use a DHCP reservation, but if you are going to do that,
{ipSettingsCorrect=False;echo -e "${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}";exit 1;}
printf" %b Your static IPv4 gateway: %s\\n""${INFO}""${IPv4gw}"
@ -799,7 +806,7 @@ It is also possible to use a DHCP reservation, but if you are going to do that,
# Give the user a chance to review their settings before moving on
if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct?
IP address: ${IPV4_ADDRESS}
Gateway: ${IPv4gw}"${r}${c}; then
Gateway: ${IPv4gw}""${r}""${c}"; then
# After that's done, the loop ends and we move on
ipSettingsCorrect=True
else
@ -847,7 +854,7 @@ setIFCFG() {
# Put the IP in variables without the CIDR notation
printf -v CIDR "%s""${IPV4_ADDRESS##*/}"
# Backup existing interface configuration:
cp "${IFCFG_FILE}""${IFCFG_FILE}".pihole.orig
cp -p "${IFCFG_FILE}""${IFCFG_FILE}".pihole.orig
# Build Interface configuration file using the GLOBAL variables we have
{
echo"# Configured via Pi-hole installer"
@ -861,6 +868,8 @@ setIFCFG() {
echo"DNS2=$PIHOLE_DNS_2"
echo"USERCTL=no"
}> "${IFCFG_FILE}"
chmod 644"${IFCFG_FILE}"
chown root:root "${IFCFG_FILE}"
# Use ip to immediately set the new address
ip addr replace dev "${PIHOLE_INTERFACE}""${IPV4_ADDRESS}"
# If NetworkMangler command line interface exists and ready to mangle,
@ -925,7 +934,7 @@ valid_ip() {
# and set the new one to a dot (period)
IFS='.'
# Put the IP into an array
ip=(${ip})
ip=("${ip}")
# Restore the IFS to what it was
IFS=${OIFS}
## Evaluate each octet by checking if it's less than or equal to 255 (the max for each octet)
@ -935,7 +944,7 @@ valid_ip() {
stat=$?
fi
# Return the exit code
return${stat}
return"${stat}"
}
# A function to choose the upstream DNS provider(s)
@ -965,7 +974,7 @@ setDNS() {
# Restore the IFS to what it was
IFS=${OIFS}
# In a whiptail dialog, show the options
DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom."${r}${c}7\
DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom.""${r}""${c}"7\
"${DNSChooseOptions[@]}" 2>&1 >/dev/tty)||\
# exit if Cancel is selected
{printf" %bCancel was selected, exiting installer%b\\n""${COL_LIGHT_RED}""${COL_NC}";exit 1;}
@ -995,7 +1004,7 @@ setDNS() {
fi
# Dialog for the user to enter custom upstream servers
piholeDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), separated by a comma.\\n\\nFor example '8.8.8.8, 8.8.4.4'"${r}${c}"${prePopulate}" 3>&1 1>&2 2>&3)||\
piholeDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), separated by a comma.\\n\\nFor example '8.8.8.8, 8.8.4.4'""${r}""${c}""${prePopulate}" 3>&1 1>&2 2>&3)||\
{printf" %bCancel was selected, exiting installer%b\\n""${COL_LIGHT_RED}""${COL_NC}";exit 1;}
# Clean user input and replace whitespace with comma.
if(whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\\n DNS Server 1: $PIHOLE_DNS_1\\n DNS Server 2: ${PIHOLE_DNS_2}"${r}${c});then
if(whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\\n DNS Server 1: $PIHOLE_DNS_1\\n DNS Server 2: ${PIHOLE_DNS_2}""${r}""${c}");then
# and break from the loop since the servers are valid
DNSSettingsCorrect=True
# Otherwise,
@ -1119,7 +1128,7 @@ setAdminFlag() {
local WebChoices
# Similar to the logging function, ask what the user wants
WebToggleCommand=(whiptail --separate-output --radiolist "Do you wish to install the web admin interface?"${r}${c} 6)
WebToggleCommand=(whiptail --separate-output --radiolist "Do you wish to install the web admin interface?""${r}""${c}" 6)
# with the default being enabled
WebChooseOptions=("On (Recommended)""" on
Off "" off)
@ -1185,6 +1194,7 @@ chooseBlocklists() {
do
appendToListsFile "${choice}"
done
chmod 644"${adlistFile}"
}
# Accept a string parameter, it must be one of the default lists
sed -i "s/59 1 /$((1+ RANDOM %58))$((3+ RANDOM %2))/" /etc/cron.d/pihole
# Randomize update checker time
@ -1753,7 +1765,7 @@ configureFirewall() {
# If a firewall is running,
if firewall-cmd --state &> /dev/null;then
# ask if the user wants to install Pi-hole's default firewall rules
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?"${r}${c}||\
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?""${r}""${c}"||\
{printf" %b Not installing firewall rulesets.\\n""${INFO}";return 0;}
printf" %b Configuring FirewallD for httpd and pihole-FTL\\n""${TICK}"
# Allow HTTP and DNS traffic
@ -1766,7 +1778,7 @@ configureFirewall() {
# If chain Policy is not ACCEPT or last Rule is not ACCEPT
# then check and insert our Rules above the DROP/REJECT Rule.
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?"${r}${c}||\
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?""${r}""${c}"||\
{printf" %b Not installing firewall rulesets.\\n""${INFO}";return 0;}
printf" %b Installing new IPTables firewall rulesets\\n""${TICK}"
# Check chain first, otherwise a new rule will duplicate old ones
# Repair permissions if /var/www/html is not world readable
chmod a+rx /var/www
chmod a+rx /var/www/html
# Give pihole access to the Web server group
usermod -a -G ${LIGHTTPD_GROUP} pihole
# If the lighttpd command is executable,
@ -1955,7 +1968,7 @@ checkSelinux() {
# If it's enforcing,
if[["${enforceMode}"=="Enforcing"]];then
# Explain Pi-hole does not support it yet
whiptail --defaultno --title "SELinux Enforcing Detected" --yesno "SELinux is being ENFORCED on your system! \\n\\nPi-hole currently does not support SELinux, but you may still continue with the installation.\\n\\nNote: Web Admin will not be fully functional unless you set your policies correctly\\n\\nContinue installing Pi-hole?"${r}${c}||\
whiptail --defaultno --title "SELinux Enforcing Detected" --yesno "SELinux is being ENFORCED on your system! \\n\\nPi-hole currently does not support SELinux, but you may still continue with the installation.\\n\\nNote: Web Admin will not be fully functional unless you set your policies correctly\\n\\nContinue installing Pi-hole?""${r}""${c}"||\
printf" %b Continuing installation with SELinux Enforcing\\n""${INFO}"
printf" %b Please refer to official SELinux documentation to create a custom policy\\n""${INFO}"
@ -1994,7 +2007,7 @@ If you set a new IP address, you should restart the Pi.
The install log is in /etc/pihole.
${additional}"${r}${c}
${additional}""${r}""${c}"
}
update_dialogs(){
@ -2015,7 +2028,7 @@ update_dialogs() {
opt2b="This will reset your Pi-hole and allow you to enter new settings."
# Display the information to the user
UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\\n\\nWe have detected an existing install.\\n\\nPlease choose from the following options: \\n($strAdd)"${r}${c}2\
UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\\n\\nWe have detected an existing install.\\n\\nPlease choose from the following options: \\n($strAdd)""${r}""${c}"2\
"${opt1a}""${opt1b}"\
"${opt2a}""${opt2b}" 3>&2 2>&1 1>&3)||\
{printf" %bCancel was selected, exiting installer%b\\n""${COL_LIGHT_RED}""${COL_NC}";exit 1;}
@ -2104,6 +2117,8 @@ checkout_pull_branch() {
printf" %b %s""${INFO}""$str"
git checkout "${branch}" --quiet ||return1
printf"%b %b %s\\n""${OVER}""${TICK}""$str"
# Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
chmod -R a+rX "${directory}"
git_pull=$(git pull ||return 1)
@ -2200,6 +2215,8 @@ FTLinstall() {
# Before stopping FTL, we download the macvendor database