@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then
# These programs are stored in an array so they can be looped through later
INSTALLER_DEPS = ( apt-utils dialog debconf dhcpcd5 git ${ iproute_pkg } whiptail)
# Pi-hole itself has several dependencies that also need to be installed
PIHOLE_DEPS = ( bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3)
PIHOLE_DEPS = ( bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf )
# The Web dashboard has some that also need to be installed
# It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
PIHOLE_WEB_DEPS = ( lighttpd ${ phpVer } -common ${ phpVer } -cgi ${ phpVer } -${ phpSqlite } )
@ -172,9 +172,7 @@ if command -v apt-get &> /dev/null; then
# group,
LIGHTTPD_GROUP = "www-data"
# and config file
LIGHTTPD_CFG = "lighttpd.conf.debian"
# The DNS server user
DNSMASQ_USER = "dnsmasq"
LIGHTTPD_CFG = "lighttpd.conf.debian"
# A function to check...
test_dpkg_lock( ) {
@ -202,12 +200,12 @@ elif command -v rpm &> /dev/null; then
PKG_MANAGER = "yum"
fi
# Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
# Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
UPDATE_PKG_CACHE = ":"
PKG_INSTALL = ( ${ PKG_MANAGER } install -y)
PKG_COUNT = " ${ PKG_MANAGER } check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l "
INSTALLER_DEPS = ( dialog git iproute net-tools newt procps-ng)
PIHOLE_DEPS = ( bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc)
PIHOLE_DEPS = ( bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc libnettle.so.4 )
PIHOLE_WEB_DEPS = ( lighttpd lighttpd-fastcgi php php-common php-cli php-pdo)
# EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS
if grep -qi 'centos' /etc/redhat-release; then
@ -215,8 +213,7 @@ elif command -v rpm &> /dev/null; then
fi
LIGHTTPD_USER = "lighttpd"
LIGHTTPD_GROUP = "lighttpd"
LIGHTTPD_CFG = "lighttpd.conf.fedora"
DNSMASQ_USER = "nobody"
LIGHTTPD_CFG = "lighttpd.conf.fedora"
# If neither apt-get or rmp/dnf are found
else
@ -984,6 +981,10 @@ version_check_dnsmasq() {
fi
echo -en " ${ INFO } Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf... "
# Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency)
if [ [ ! -d "/etc/dnsmasq.d" ] ] ; then
mkdir "/etc/dnsmasq.d"
fi
# Copy the new Pi-hole DNS config file into the dnsmasq.d directory
cp ${ dnsmasq_pihole_01_snippet } ${ dnsmasq_pihole_01_location }
echo -e " ${ OVER } ${ TICK } Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf "
@ -1158,6 +1159,24 @@ enable_service() {
echo -e " ${ OVER } ${ TICK } ${ str } "
}
# Disable service so that it will not with next reboot
disable_service( ) {
# Local, named variables
local str = " Disabling ${ 1 } service "
echo ""
echo -ne " ${ INFO } ${ str } ... "
# If systemctl exists,
if command -v systemctl & > /dev/null; then
# use that to disable the service
systemctl disable " ${ 1 } " & > /dev/null
# Othwerwise,
else
# use update-rc.d to accomplish this
update-rc.d " ${ 1 } " disable & > /dev/null
fi
echo -e " ${ OVER } ${ TICK } ${ str } "
}
update_package_cache( ) {
# Running apt-get update/upgrade with minimal output can cause some issues with
# requiring user input (e.g password for phpmyadmin see #218)
@ -1286,7 +1305,7 @@ install_dependent_packages() {
# Create logfiles if necessary
CreateLogFile( ) {
local str = "Creating log and changing owner to dnsmasq "
local str = "Creating log and changing owner to pihole "
echo ""
echo -ne " ${ INFO } ${ str } ... "
# If the pihole log does not exist,
@ -1296,7 +1315,7 @@ CreateLogFile() {
# set the permissions,
chmod 644 /var/log/pihole.log
# and owners
chown " ${ DNSMASQ_USER } "
chown pihole :root /var/log/pihole.log
echo -e " ${ OVER } ${ TICK } ${ str } "
# Otherwise,
else
@ -1423,7 +1442,7 @@ configureFirewall() {
# ask if the user wants to install Pi-hole's default firwall rules
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${ r } ${ c } || \
{ echo -e " ${ INFO } Not installing firewall rulesets. " ; return 0; }
echo -e " ${ TICK } Configuring FirewallD for httpd and dnsmasq "
echo -e " ${ TICK } Configuring FirewallD for httpd and pihole-FTL "
# Allow HTTP and DNS traffice
firewall-cmd --permanent --add-service= http --add-service= dns
# Reload the firewall to apply these changes
@ -1757,11 +1776,45 @@ FTLinstall() {
# Always replace pihole-FTL.service
install -T -m 0755 " ${ PI_HOLE_LOCAL_REPO } /advanced/pihole-FTL.service " "/etc/init.d/pihole-FTL"
local ftlBranch
local url
local ftlBranch
if [ [ -f "/etc/pihole/ftlbranch" ] ] ; then
ftlBranch = $( </etc/pihole/ftlbranch)
else
ftlBranch = "master"
fi
# Determine which version of FTL to download
if [ [ " ${ ftlBranch } " = = "master" ] ] ; then
url = " https://github.com/pi-hole/FTL/releases/download/ ${ latesttag % $'\r' } "
else
url = " https://ftl.pi-hole.net/ ${ ftlBranch } "
fi
# If the download worked,
if curl -sSL --fail " https://github.com/pi-hole/FTL/releases/download/ ${ latesttag % $'\r' } / ${ binary } " -o " ${ binary } " ; then
if curl -sSL --fail " ${ ur l} / ${ binary } " -o " ${ binary } " ; then
# get sha1 of the binary we just downloaded for verification.
curl -sSL --fail " https://github.com/pi-hole/FTL/releases/download/ ${ latesttag % $'\r' } / ${ binary } .sha1 " -o " ${ binary } .sha1 "
curl -sSL --fail " ${ url } / ${ binary } .sha1 " -o " ${ binary } .sha1 "
# Make the tempory binary executable so that we can test the --resolver flag
chmod +x " ${ binary } "
# If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq
if ./" ${ binary } " --resolver > /dev/null; then
if [ [ $( which dnsmasq 2>/dev/null) ] ] ; then
stop_service dnsmasq
disable_service dnsmasq
#ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d`
confdir = "conf-dir=/etc/dnsmasq.d"
conffile = "/etc/dnsmasq.conf"
if ! grep -q " $confdir " " $conffile " ; then
echo " $confdir " >> " $conffile "
fi
fi
fi
# If we downloaded binary file (as opposed to text),
if sha1sum --status --quiet -c " ${ binary } " .sha1; then
echo -n "transferred... "
@ -1865,30 +1918,42 @@ FTLdetect() {
echo -e " ${ INFO } Checking for existing FTL binary... "
local ftlLoc = $( which pihole-FTL 2>/dev/null)
local ftlBranch
if [ [ -f "/etc/pihole/ftlbranch" ] ] ; then
ftlBranch = $( </etc/pihole/ftlbranch)
else
ftlBranch = "master"
fi
if [ [ ! " ${ ftlBranch } " = = "master" ] ] ; then
FTLinstall " ${ binary } " || return 1
else
if [ [ ${ ftlLoc } ] ] ; then
local FTLversion = $( /usr/bin/pihole-FTL tag)
local FTLlatesttag = $( curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n' )
if [ [ " ${ FTLversion } " != " ${ FTLlatesttag } " ] ] ; then
# Install FTL
FTLinstall " ${ binary } " || return 1
else
echo -e " ${ INFO } Latest FTL Binary already installed ( ${ FTLlatesttag } ). Confirming Checksum... "
if [ [ ${ ftlLoc } ] ] ; then
local FTLversion = $( /usr/bin/pihole-FTL tag)
local FTLlatesttag = $( curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n' )
local remoteSha1 = $( curl -sSL --fail " https://github.com/pi-hole/FTL/releases/download/ ${ FTLversion % $'\r' } / ${ binary } .sha1 " | cut -d ' ' -f 1)
local localSha1 = $( sha1sum " $( which pihole-FTL) " | cut -d ' ' -f 1)
if [ [ " ${ FTLversion } " != " ${ FTLlatesttag } " ] ] ; then
# Install FTL
if [ [ " ${ remoteSha1 } " != " ${ localSha1 } " ] ] ; then
echo -e " ${ INFO } Corruption detected... "
FTLinstall " ${ binary } " || return 1
else
echo -e " ${ INFO } Checksum correct. No need to download! "
fi
fi
else
# Install FTL
FTLinstall " ${ binary } " || return 1
else
echo -e " ${ INFO } Latest FTL Binary already installed ( ${ FTLlatesttag } ). Confirming Checksum... "
local remoteSha1 = $( curl -sSL --fail " https://github.com/pi-hole/FTL/releases/download/ ${ FTLversion % $'\r' } / ${ binary } .sha1 " | cut -d ' ' -f 1)
local localSha1 = $( sha1sum " $( which pihole-FTL) " | cut -d ' ' -f 1)
if [ [ " ${ remoteSha1 } " != " ${ localSha1 } " ] ] ; then
echo -e " ${ INFO } Corruption detected... "
FTLinstall " ${ binary } " || return 1
else
echo -e " ${ INFO } Checksum correct. No need to download! "
fi
fi
else
# Install FTL
FTLinstall " ${ binary } " || return 1
fi
fi
}
@ -2000,8 +2065,20 @@ main() {
welcomeDialogs
# Create directory for Pi-hole storage
mkdir -p /etc/pihole/
#Do we need to stop pihole-FTL or dnsmasq(if coming from an old install)?
if [ [ $( which pihole-FTL 2>/dev/null) ] ] ; then
if pihole-FTL --resolver > /dev/null; then
stop_service pihole-FTL
else
stop_service dnsmasq
fi
else
if [ [ $( which dnsmasq 2>/dev/null) ] ] ; then
stop_service dnsmasq
fi
fi
stop_service dnsmasq
if [ [ " ${ INSTALL_WEB } " = = true ] ] ; then
stop_service lighttpd
fi
@ -2094,8 +2171,11 @@ main() {
echo -e " ${ INFO } Restarting services... "
# Start services
start_service dnsmasq
enable_service dnsmasq
# Only start and enable dnsmasq if FTL does not have the --resolver switch
if ! pihole-FTL --resolver > /dev/null; then
start_service dnsmasq
enable_service dnsmasq
fi
# If the Web server was installed,
if [ [ " ${ INSTALL_WEB } " = = true ] ] ; then
Adam Warner
6 years ago