From 8cf8da4c78cbcf92c3e196d90332a15395250520 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 6 Mar 2018 18:44:57 +0000 Subject: [PATCH] - Check file /etc/pihole/ftlbranch for current FTL branch, download from github if master, or pi-hole.net if other - Check if downloaded binary file can resolve queries, if so stop and disable dnsmasq - Add service_disable function - Add dependency libcap2-bin on debian to enable setcap. Need to check other distos -Always download FTL binary if /etc/pihole/ftlbranch does not contain "master" - Change some strings/variables that reference dnsmasq and change them to pihole/pihole-FTL Signed-off-by: Adam Warner --- automated install/basic-install.sh | 160 +++++++++++++++++++++-------- test/test_automated_install.py | 2 +- 2 files changed, 121 insertions(+), 41 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 32352306..39855a58 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -163,7 +163,7 @@ if command -v apt-get &> /dev/null; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3) + PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) @@ -172,9 +172,7 @@ if command -v apt-get &> /dev/null; then # group, LIGHTTPD_GROUP="www-data" # and config file - LIGHTTPD_CFG="lighttpd.conf.debian" - # The DNS server user - DNSMASQ_USER="dnsmasq" + LIGHTTPD_CFG="lighttpd.conf.debian" # A function to check... test_dpkg_lock() { @@ -202,12 +200,12 @@ elif command -v rpm &> /dev/null; then PKG_MANAGER="yum" fi - # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. + # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update. UPDATE_PKG_CACHE=":" PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc libnettle.so.4) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo) # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS if grep -qi 'centos' /etc/redhat-release; then @@ -215,8 +213,7 @@ elif command -v rpm &> /dev/null; then fi LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" - LIGHTTPD_CFG="lighttpd.conf.fedora" - DNSMASQ_USER="nobody" + LIGHTTPD_CFG="lighttpd.conf.fedora" # If neither apt-get or rmp/dnf are found else @@ -984,6 +981,10 @@ version_check_dnsmasq() { fi echo -en " ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." + # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) + if [[ ! -d "/etc/dnsmasq.d" ]];then + mkdir "/etc/dnsmasq.d" + fi # Copy the new Pi-hole DNS config file into the dnsmasq.d directory cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location} echo -e "${OVER} ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf" @@ -1158,6 +1159,24 @@ enable_service() { echo -e "${OVER} ${TICK} ${str}" } +# Disable service so that it will not with next reboot +disable_service() { + # Local, named variables + local str="Disabling ${1} service" + echo "" + echo -ne " ${INFO} ${str}..." + # If systemctl exists, + if command -v systemctl &> /dev/null; then + # use that to disable the service + systemctl disable "${1}" &> /dev/null + # Othwerwise, + else + # use update-rc.d to accomplish this + update-rc.d "${1}" disable &> /dev/null + fi + echo -e "${OVER} ${TICK} ${str}" +} + update_package_cache() { # Running apt-get update/upgrade with minimal output can cause some issues with # requiring user input (e.g password for phpmyadmin see #218) @@ -1286,7 +1305,7 @@ install_dependent_packages() { # Create logfiles if necessary CreateLogFile() { - local str="Creating log and changing owner to dnsmasq" + local str="Creating log and changing owner to pihole" echo "" echo -ne " ${INFO} ${str}..." # If the pihole log does not exist, @@ -1296,7 +1315,7 @@ CreateLogFile() { # set the permissions, chmod 644 /var/log/pihole.log # and owners - chown "${DNSMASQ_USER}":root /var/log/pihole.log + chown pihole:root /var/log/pihole.log echo -e "${OVER} ${TICK} ${str}" # Otherwise, else @@ -1423,7 +1442,7 @@ configureFirewall() { # ask if the user wants to install Pi-hole's default firwall rules whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \ { echo -e " ${INFO} Not installing firewall rulesets."; return 0; } - echo -e " ${TICK} Configuring FirewallD for httpd and dnsmasq" + echo -e " ${TICK} Configuring FirewallD for httpd and pihole-FTL" # Allow HTTP and DNS traffice firewall-cmd --permanent --add-service=http --add-service=dns # Reload the firewall to apply these changes @@ -1757,11 +1776,45 @@ FTLinstall() { # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" - # If the download worked, - if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "${binary}"; then - # get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "${binary}.sha1" + local ftlBranch + local url + local ftlBranch + + if [[ -f "/etc/pihole/ftlbranch" ]];then + ftlBranch=$( /dev/null; then + if [[ $(which dnsmasq 2>/dev/null) ]]; then + stop_service dnsmasq + disable_service dnsmasq + #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` + confdir="conf-dir=/etc/dnsmasq.d" + conffile="/etc/dnsmasq.conf" + if ! grep -q "$confdir" "$conffile"; then + echo "$confdir" >> "$conffile" + fi + fi + fi + # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then echo -n "transferred... " @@ -1865,30 +1918,42 @@ FTLdetect() { echo -e " ${INFO} Checking for existing FTL binary..." local ftlLoc=$(which pihole-FTL 2>/dev/null) + + local ftlBranch + + if [[ -f "/etc/pihole/ftlbranch" ]];then + ftlBranch=$(/dev/null) ]]; then + if pihole-FTL --resolver > /dev/null; then + stop_service pihole-FTL + else + stop_service dnsmasq + fi + else + if [[ $(which dnsmasq 2>/dev/null) ]]; then + stop_service dnsmasq + fi + fi - stop_service dnsmasq if [[ "${INSTALL_WEB}" == true ]]; then stop_service lighttpd fi @@ -2094,8 +2171,11 @@ main() { echo -e " ${INFO} Restarting services..." # Start services - start_service dnsmasq - enable_service dnsmasq + # Only start and enable dnsmasq if FTL does not have the --resolver switch + if ! pihole-FTL --resolver > /dev/null; then + start_service dnsmasq + enable_service dnsmasq + fi # If the Web server was installed, if [[ "${INSTALL_WEB}" == true ]]; then diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 0e961c7f..2c65c660 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -80,7 +80,7 @@ def test_configureFirewall_firewalld_running_no_errors(Pihole): source /opt/pihole/basic-install.sh configureFirewall ''') - expected_stdout = 'Configuring FirewallD for httpd and dnsmasq' + expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL' assert expected_stdout in configureFirewall.stdout firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout assert 'firewall-cmd --state' in firewall_calls