From 3261c2e2737590bab40c265e130850e8a597a99a Mon Sep 17 00:00:00 2001 From: Clayton Dobbs Date: Sat, 17 Nov 2018 22:57:01 -0700 Subject: [PATCH 01/29] Added check for universe repo on ubuntu bionic with user prompts. Signed-off-by: Clayton Dobbs --- automated install/basic-install.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c49edda8..d682516c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -165,6 +165,20 @@ if is_command apt-get ; then # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" # Some distros vary slightly so these fixes for dependencies may apply + # on Ubuntu 18.04.1 LTS we need to add the universe repository to gain access to dialog and dhcpcd5 + APT_SOURCES="/etc/apt/sources.list" + if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}' ${APT_SOURCES}; then + if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5\\n- dialog" ${r} ${c}; then + printf " %b Aborting installation: dependencies could not be installed.\\n" "${CROSS}" + exit # exit the installer + else + printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}" + cp ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list + printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup" + add-apt-repository universe + printf " %b Enabled %s\\n" "${TICK}" "'universe' repository" + fi + fi # Debian 7 doesn't have iproute2 so if the dry run install is successful, if ${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1; then # we can install it From a285ae65fb32619a3a41feb90014a53cd1d883a9 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 25 Nov 2018 08:39:44 +0100 Subject: [PATCH 02/29] Backend changes for DHCPv4 rapid commit support Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 0b5c351e..ecc35dbe 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -327,6 +327,10 @@ dhcp-leasefile=/etc/pihole/dhcp.leases echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" fi + if [[ "${DHCP_rapid_commit}" == "true" ]]; then + echo "dhcp-rapid-commit" >> "${dhcpconfig}" + fi + if [[ "${DHCP_IPv6}" == "true" ]]; then echo "#quiet-dhcp6 #enable-ra @@ -351,6 +355,7 @@ EnableDHCP() { change_setting "DHCP_LEASETIME" "${args[5]}" change_setting "PIHOLE_DOMAIN" "${args[6]}" change_setting "DHCP_IPv6" "${args[7]}" + change_setting "DHCP_rapid_commit" "${args[8]}" # Remove possible old setting from file delete_dnsmasq_setting "dhcp-" From 9f672593bc0b44e668e959311d418e0b9e3d08d6 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 26 Nov 2018 20:01:41 +0100 Subject: [PATCH 03/29] Update advanced/Scripts/webpage.sh Co-Authored-By: DL6ER --- advanced/Scripts/webpage.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index ecc35dbe..7b73d243 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -327,6 +327,8 @@ dhcp-leasefile=/etc/pihole/dhcp.leases echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" fi + # Sourced from setupVars + # shellcheck disable=SC2154 if [[ "${DHCP_rapid_commit}" == "true" ]]; then echo "dhcp-rapid-commit" >> "${dhcpconfig}" fi From 1cad06905074a03c662c86f683a8a5ef7f248bd6 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 10 Dec 2018 10:18:25 -0500 Subject: [PATCH 04/29] Add privacy level 4 to all privacy level code Signed-off-by: Mcat12 --- advanced/Scripts/webpage.sh | 2 +- advanced/bash-completion/pihole | 2 +- manpages/pihole-FTL.conf.5 | 6 ++++-- manpages/pihole.8 | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 7b73d243..c6852896 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -36,7 +36,7 @@ Options: -e, email Set an administrative contact address for the Block Page -h, --help Show this help dialog -i, interface Specify dnsmasq's interface listening behavior - -l, privacylevel Set privacy level (0 = lowest, 3 = highest)" + -l, privacylevel Set privacy level (0 = lowest, 4 = highest)" exit 0 } diff --git a/advanced/bash-completion/pihole b/advanced/bash-completion/pihole index c25c570b..7ba0dad8 100644 --- a/advanced/bash-completion/pihole +++ b/advanced/bash-completion/pihole @@ -56,7 +56,7 @@ _pihole() { ;; "privacylevel") if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then - opts_privacy="0 1 2 3" + opts_privacy="0 1 2 3 4" COMPREPLY=( $(compgen -W "${opts_privacy}" -- ${cur}) ) else return 1 diff --git a/manpages/pihole-FTL.conf.5 b/manpages/pihole-FTL.conf.5 index 50536279..218f5e7a 100644 --- a/manpages/pihole-FTL.conf.5 +++ b/manpages/pihole-FTL.conf.5 @@ -64,7 +64,7 @@ pihole-FTL.conf - FTL's config file On which port should FTL be listening? .br -\fBPRIVACYLEVEL=0|1|2|3\fR +\fBPRIVACYLEVEL=0|1|2|3|4\fR .br Which privacy level is used? .br @@ -74,7 +74,9 @@ pihole-FTL.conf - FTL's config file .br 2 - hide domains and clients .br - 3 - paranoia mode (hide everything) + 3 - anonymous mode (hide everything) +.br + 4 - disable all statistics .br \fBIGNORE_LOCALHOST=no|yes\fR diff --git a/manpages/pihole.8 b/manpages/pihole.8 index e0845387..bd7d0933 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -134,7 +134,7 @@ Available commands and options: -i, interface Specify dnsmasq's interface listening behavior .br -l, privacylevel Set privacy level - (0 = lowest, 3 = highest) + (0 = lowest, 4 = highest) .br \fB-c, chronometer\fR [options] From be2d494fcf9fa7e82da23dda99c10566b8a3fb3a Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Wed, 12 Dec 2018 14:55:09 -0500 Subject: [PATCH 05/29] Don't show web version in pihole -v output if not installed Signed-off-by: Mcat12 --- advanced/Scripts/version.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 7dfa1a90..6d0e8c48 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -136,8 +136,16 @@ errorOutput() { } defaultOutput() { + # Source the setupvars config file + # shellcheck disable=SC1091 + . /etc/pihole/setupVars.conf + versionOutput "pi-hole" "$@" - versionOutput "AdminLTE" "$@" + + if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then + versionOutput "AdminLTE" "$@" + fi + versionOutput "FTL" "$@" } From 724afc000f127dae77bfe3d02e2260123527857b Mon Sep 17 00:00:00 2001 From: bcambl Date: Mon, 17 Dec 2018 21:03:54 -0600 Subject: [PATCH 06/29] add sqlite3 dependency for fedora `sqlite3` is provided by the `sqlite` package on CentOS & Fedora Signed-off-by: bcambl --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ac3bbffe..c0d32274 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -263,7 +263,7 @@ elif is_command rpm ; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute newt procps-ng which) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From 0ef4901e4859c500464092baf0abebe7387e9955 Mon Sep 17 00:00:00 2001 From: Florian Freund Date: Tue, 25 Dec 2018 09:02:12 +0100 Subject: [PATCH 07/29] Add a blank after printf to avoid 'Command not found' error > curl -L https://install.pi-hole.net | bash /dev/stdin --i_do_not_follow_recommendations ... /dev/stdin: Zeile 2449: printf %b Skipping free disk space verification\n: Command not found. Signed-off-by: Florian Freund --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c0d32274..a888233c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2460,7 +2460,7 @@ main() { # Start the installer # Verify there is enough disk space for the install if [[ "${skipSpaceCheck}" == true ]]; then - printf" %b Skipping free disk space verification\\n" "${INFO}" + printf " %b Skipping free disk space verification\\n" "${INFO}" else verifyFreeDiskSpace fi From ed5869646f518ebbd289a11016ad46e28297f724 Mon Sep 17 00:00:00 2001 From: Mark Drobnak Date: Thu, 27 Dec 2018 16:37:10 -0500 Subject: [PATCH 08/29] Use source instead of dot for setupVars Signed-off-by: Mark Drobnak --- advanced/Scripts/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 6d0e8c48..f6d4d344 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -138,7 +138,7 @@ errorOutput() { defaultOutput() { # Source the setupvars config file # shellcheck disable=SC1091 - . /etc/pihole/setupVars.conf + source /etc/pihole/setupVars.conf versionOutput "pi-hole" "$@" From 04fd296ffe8ea2411dc158c3a6f12cd6f48cc1be Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 1 Jan 2019 17:13:43 +0100 Subject: [PATCH 09/29] Add wpad vulnerability fix as suggested by dnsmasq.conf.example Signed-off-by: DL6ER --- advanced/01-pihole.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index 3f4e4bc5..af46e918 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -46,3 +46,8 @@ log-facility=/var/log/pihole.log local-ttl=2 log-async + +# If a DHCP client claims that its name is "wpad", ignore that. +# This fixes a security hole. see CERT Vulnerability VU#598349 +dhcp-name-match=set:wpad-ignore,wpad +dhcp-ignore-names=tag:wpad-ignore From 5ffc8c74439b31e45489d6d72480ba221783d84c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 1 Jan 2019 17:56:02 +0100 Subject: [PATCH 10/29] List content of /var/run/shm in debugger Signed-off-by: DL6ER --- advanced/Scripts/piholeDebug.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index cb66f97c..281425bf 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -76,6 +76,7 @@ WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd" HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" +SHM_DIRECTORY="/var/run/shm" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684 @@ -976,6 +977,9 @@ list_files_in_dir() { [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" ]] || \ [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then : + elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then + # SHM file - we do not want to see the content, but we want to see the files and their sizes + log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")" else # Then, parse the file's content into an array so each line can be analyzed if need be for i in "${!REQUIRED_FILES[@]}"; do @@ -1019,6 +1023,7 @@ show_content_of_pihole_files() { show_content_of_files_in_dir "${CRON_D_DIRECTORY}" show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}" show_content_of_files_in_dir "${LOG_DIRECTORY}" + show_content_of_files_in_dir "${SHM_DIRECTORY}" } head_tail_log() { From d5fbe1b629c81a58c321148d165e5fb91ac8961a Mon Sep 17 00:00:00 2001 From: Ludovic Rousseau Date: Wed, 2 Jan 2019 23:41:04 +0100 Subject: [PATCH 11/29] Do not ask admin password just for help documentation It is not a good idea to ask for an admin password just to get the command documentation. "pihole -h" should return the arguments documentation with no need to enter a password. Without the patch I get: $ ./pihole -h Password: It is easy to reproduce by invalidating the sudo password using "sudo -k" before running pihole again. Signed-off-by: Ludovic Rousseau --- pihole | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/pihole b/pihole index d4681752..fff3417d 100755 --- a/pihole +++ b/pihole @@ -23,17 +23,6 @@ source "${colfile}" resolver="pihole-FTL" -# Must be root to use this tool -if [[ ! $EUID -eq 0 ]];then - if [[ -x "$(command -v sudo)" ]]; then - exec sudo bash "$0" "$@" - exit $? - else - echo -e " ${CROSS} sudo is needed to run pihole commands. Please run this script as root or install sudo." - exit 1 - fi -fi - webpageFunc() { source "${PI_HOLE_SCRIPT_DIR}/webpage.sh" main "$@" @@ -430,6 +419,21 @@ if [[ $# = 0 ]]; then helpFunc fi +case "${1}" in + "-h" | "help" | "--help" ) helpFunc;; +esac + +# Must be root to use this tool +if [[ ! $EUID -eq 0 ]];then + if [[ -x "$(command -v sudo)" ]]; then + exec sudo bash "$0" "$@" + exit $? + else + echo -e " ${CROSS} sudo is needed to run pihole commands. Please run this script as root or install sudo." + exit 1 + fi +fi + # Handle redirecting to specific functions based on arguments case "${1}" in "-w" | "whitelist" ) listFunc "$@";; From 486c41a69a56f539cd31c1eb8748d8e166789acc Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 3 Jan 2019 10:37:46 +0100 Subject: [PATCH 12/29] Add Debain dependency libcap2 needed for FTL's capability check on startup Signed-off-by: DL6ER --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a888233c..4fe5f658 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -221,7 +221,7 @@ if is_command apt-get ; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf) + PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) From c5da1bb952b09ad52556c46aa6037724e7386943 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 3 Jan 2019 10:39:46 +0100 Subject: [PATCH 13/29] Add libcap as Fedora dependency Signed-off-by: DL6ER --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4fe5f658..ce6cb076 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -263,7 +263,7 @@ elif is_command rpm ; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute newt procps-ng which) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite) + PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From 3035fbf468dacc41762ec91015f5f15bea5c33fb Mon Sep 17 00:00:00 2001 From: bcambl Date: Fri, 4 Jan 2019 17:17:42 -0600 Subject: [PATCH 14/29] remove unused dependency (bc) Signed-off-by: bcambl --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ce6cb076..990b1f34 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -221,7 +221,7 @@ if is_command apt-get ; then # These programs are stored in an array so they can be looped through later INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail) # Pi-hole itself has several dependencies that also need to be installed - PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2) + PIHOLE_DEPS=(cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2) # The Web dashboard has some that also need to be installed # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite}) @@ -263,7 +263,7 @@ elif is_command rpm ; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute newt procps-ng which) - PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap) + PIHOLE_DEPS=(bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From a4ba8d4b8fd0e44e11deeecf33267c82c3d8735e Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:16:24 +0100 Subject: [PATCH 15/29] Prevent double disabling/enabling by checking BLOCKING_ENABLED value in setupVars.conf Signed-off-by: DL6ER --- pihole | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pihole b/pihole index fff3417d..84a5623f 100755 --- a/pihole +++ b/pihole @@ -144,6 +144,10 @@ Time: elif [[ "${1}" == "0" ]]; then # Disable Pi-hole + if grep -cq "BLOCKING_ENABLED=false" "${setupVars}"; then + echo -e " ${INFO} Blocking already disabled, nothing to do" + exit 0 + fi if [[ -e "${gravitylist}" ]]; then mv "${gravitylist}" "${gravitylist}.bck" echo "" > "${gravitylist}" @@ -193,6 +197,10 @@ Time: fi else # Enable Pi-hole + if grep -cq "BLOCKING_ENABLED=true" "${setupVars}"; then + echo -e " ${INFO} Blocking already enabled, nothing to do" + exit 0 + fi echo -e " ${INFO} Enabling blocking" local str="Pi-hole Enabled" From d996e9c9eee0f075ffa844044d86a62932193374 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:28:09 +0100 Subject: [PATCH 16/29] Fix inconsistent handling of binary variable. get_binary_variable() stores the result into a global variable we pass later on as argument to FTLinstall() and define a local variable with the same name. This is fixed by only using the globa variable in all places not. This is still not a very elegant solution but it is also not subject of the current PR. Signed-off-by: DL6ER --- automated install/basic-install.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 990b1f34..f91363c9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -115,6 +115,9 @@ else OVER="\\r\\033[K" fi +# Define global binary variable +binary="tbd" + # A simple function that just echoes out our logo in ASCII format # This lets users know that it is a Pi-hole, LLC product show_ascii_berry() { @@ -2130,7 +2133,6 @@ clone_or_update_repos() { # Download FTL binary to random temp directory and install FTL binary FTLinstall() { # Local, named variables - local binary="${1}" local latesttag local str="Downloading and Installing FTL" printf " %b %s..." "${INFO}" "${str}" @@ -2377,7 +2379,7 @@ FTLdetect() { printf "\\n %b FTL Checks...\\n\\n" "${INFO}" if FTLcheckUpdate ; then - FTLinstall "${binary}" || return 1 + FTLinstall || return 1 fi } From 3cdd6204c562254b9368ce5b3153fe99bdf788a2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:31:02 +0100 Subject: [PATCH 17/29] Move dnsmasq disabling and config file rewriting into a dedicated subroutine Signed-off-by: DL6ER --- automated install/basic-install.sh | 40 ++++++++++++++++-------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f91363c9..092dafef 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2184,25 +2184,6 @@ FTLinstall() { popd > /dev/null || { printf "Unable to return to original directory after FTL binary download.\\n"; return 1; } # Install the FTL service printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" - # dnsmasq can now be stopped and disabled if it exists - if which dnsmasq &> /dev/null; then - if check_service_active "dnsmasq";then - printf " %b FTL can now resolve DNS Queries without dnsmasq running separately\\n" "${INFO}" - stop_service dnsmasq - disable_service dnsmasq - fi - fi - - # Backup existing /etc/dnsmasq.conf if present and ensure that - # /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d" - local conffile="/etc/dnsmasq.conf" - if [[ -f "${conffile}" ]]; then - printf " %b Backing up %s to %s.old\\n" "${INFO}" "${conffile}" "${conffile}" - mv "${conffile}" "${conffile}.old" - fi - # Create /etc/dnsmasq.conf - echo "conf-dir=/etc/dnsmasq.d" > "${conffile}" - return 0 # Otherwise, else @@ -2222,6 +2203,27 @@ FTLinstall() { fi } +disable_dnsmasq() { + # dnsmasq can now be stopped and disabled if it exists + if which dnsmasq &> /dev/null; then + if check_service_active "dnsmasq";then + printf " %b FTL can now resolve DNS Queries without dnsmasq running separately\\n" "${INFO}" + stop_service dnsmasq + disable_service dnsmasq + fi + fi + + # Backup existing /etc/dnsmasq.conf if present and ensure that + # /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d" + local conffile="/etc/dnsmasq.conf" + if [[ -f "${conffile}" ]]; then + printf " %b Backing up %s to %s.old\\n" "${INFO}" "${conffile}" "${conffile}" + mv "${conffile}" "${conffile}.old" + fi + # Create /etc/dnsmasq.conf + echo "conf-dir=/etc/dnsmasq.d" > "${conffile}" +} + get_binary_name() { # This gives the machine architecture which may be different from the OS architecture... local machine From de6dc90575df32800155fb2ecd3c075503388bb0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:31:53 +0100 Subject: [PATCH 18/29] Don't diable pihole-FTL before calling install. root should be able to overwrite the binary in any case. The binary has already been downloaded and hash-verified here so we don't expect any errors in this binary. Signed-off-by: DL6ER --- automated install/basic-install.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 092dafef..03214f1a 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2176,8 +2176,6 @@ FTLinstall() { # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then printf "transferred... " - # Stop FTL - stop_service pihole-FTL &> /dev/null # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL # Move back into the original directory the user was in From d90d7b69273997be0285e79417b36a02f99f1485 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:36:27 +0100 Subject: [PATCH 19/29] Call FTL download/installation early on in the installation process. Signed-off-by: DL6ER --- automated install/basic-install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 03214f1a..83abc49e 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1909,8 +1909,9 @@ installPihole() { installCron # Install the logrotate file installLogrotate - # Check if FTL is installed - FTLdetect || printf " %b FTL Engine not installed\\n" "${CROSS}" + # Check if dnsmasq is present. If so, disable it and back up any possible + # config file + disable_dnsmasq # Configure the firewall if [[ "${useUpdateVars}" == false ]]; then configureFirewall @@ -2539,6 +2540,8 @@ main() { else LIGHTTPD_ENABLED=false fi + # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole + FTLdetect || printf " %b FTL Engine not installed\\n" "${CROSS}" # Install and log everything to a file installPihole | tee -a /proc/$$/fd/3 From cc657c0c263485c6c16e476db29236027ce0f598 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:37:03 +0100 Subject: [PATCH 20/29] Rename subroutine start_service() to restart_service() because this is what it does Signed-off-by: DL6ER --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 83abc49e..d823e923 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1437,7 +1437,7 @@ stop_service() { } # Start/Restart service passed in as argument -start_service() { +restart_service() { # Local, named variables local str="Starting ${1} service" printf " %b %s..." "${INFO}" "${str}" @@ -2572,7 +2572,7 @@ main() { if [[ "${INSTALL_WEB_SERVER}" == true ]]; then if [[ "${LIGHTTPD_ENABLED}" == true ]]; then - start_service lighttpd + restart_service lighttpd enable_service lighttpd else printf " %b Lighttpd is disabled, skipping service restart\\n" "${INFO}" @@ -2587,7 +2587,7 @@ main() { # Fixes a problem reported on Ubuntu 18.04 where trying to start # the service before enabling causes installer to exit enable_service pihole-FTL - start_service pihole-FTL + restart_service pihole-FTL # Download and compile the aggregated block list runGravity From d26f2dcb2c4e865a4e69c72e7e2c2db3778b1d40 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 24 Jan 2019 09:47:28 +0100 Subject: [PATCH 21/29] Use global binary variable in tests for automated install Signed-off-by: DL6ER --- test/test_automated_install.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index a2593d83..ce0abfd2 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -484,7 +484,8 @@ def test_FTL_download_aarch64_no_errors(Pihole): # mock uname to return generic platform download_binary = Pihole.run(''' source /opt/pihole/basic-install.sh - FTLinstall pihole-FTL-aarch64-linux-gnu + binary="pihole-FTL-aarch64-linux-gnu" + FTLinstall ''') expected_stdout = tick_box + ' Downloading and Installing FTL' assert expected_stdout in download_binary.stdout @@ -498,7 +499,8 @@ def test_FTL_download_unknown_fails_no_errors(Pihole): # mock uname to return generic platform download_binary = Pihole.run(''' source /opt/pihole/basic-install.sh - FTLinstall pihole-FTL-mips + binary="pihole-FTL-mips" + FTLinstall ''') expected_stdout = cross_box + ' Downloading and Installing FTL' assert expected_stdout in download_binary.stdout From 7479485d4518e0fda8ea46d255e504d193013722 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 31 Jan 2019 20:00:26 +0100 Subject: [PATCH 22/29] Add test for the case the binary variable is unset (defaults to "tbd" in this case) Signed-off-by: DL6ER --- test/test_automated_install.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index ce0abfd2..853048d1 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -481,7 +481,6 @@ def test_FTL_download_aarch64_no_errors(Pihole): ''' confirms only aarch64 package is downloaded for FTL engine ''' - # mock uname to return generic platform download_binary = Pihole.run(''' source /opt/pihole/basic-install.sh binary="pihole-FTL-aarch64-linux-gnu" @@ -496,7 +495,6 @@ def test_FTL_download_unknown_fails_no_errors(Pihole): ''' confirms unknown binary is not downloaded for FTL engine ''' - # mock uname to return generic platform download_binary = Pihole.run(''' source /opt/pihole/basic-install.sh binary="pihole-FTL-mips" @@ -510,6 +508,22 @@ def test_FTL_download_unknown_fails_no_errors(Pihole): assert error2 in download_binary.stdout +def test_FTL_download_binary_unset_no_errors(Pihole): + ''' + confirms unset binary variable does not download FTL engine + ''' + download_binary = Pihole.run(''' + source /opt/pihole/basic-install.sh + FTLinstall + ''') + expected_stdout = cross_box + ' Downloading and Installing FTL' + assert expected_stdout in download_binary.stdout + error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/' + assert error1 in download_binary.stdout + error2 = 'not found' + assert error2 in download_binary.stdout + + def test_FTL_binary_installed_and_responsive_no_errors(Pihole): ''' confirms FTL binary is copied and functional in installed location From 4948862dced5a0ae9f9dba13f119277c533815db Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 31 Jan 2019 20:10:52 +0100 Subject: [PATCH 23/29] Fail hard if FTL binary could not be installed Signed-off-by: DL6ER --- automated install/basic-install.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d823e923..ac61783c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2541,7 +2541,10 @@ main() { LIGHTTPD_ENABLED=false fi # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole - FTLdetect || printf " %b FTL Engine not installed\\n" "${CROSS}" + if ! FTLdetect; then + printf " %b FTL Engine not installed\\n" "${CROSS}" + exit 1 + fi # Install and log everything to a file installPihole | tee -a /proc/$$/fd/3 From 9c0de0f73128da47378c18958bd04d37793be853 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 1 Feb 2019 17:39:12 +0100 Subject: [PATCH 24/29] Try to stop pihole-FTL before and (re)start pihole-FTL after the install command Signed-off-by: DL6ER --- automated install/basic-install.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ac61783c..2022a7bf 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2177,11 +2177,24 @@ FTLinstall() { # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then printf "transferred... " + + # Stop pihole-FTL service if available + # Allow failing without tripping set -e as the + # service might not be available (e.g. on first install) + service pihole-FTL stop > /dev/null 2>&1 || true + # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL + + # Start pihole-FTL service if available + # Allow failing without tripping set -e as the + # service might not be available (e.g. on first install) + service pihole-FTL restart > /dev/null 2>&1 || true + # Move back into the original directory the user was in popd > /dev/null || { printf "Unable to return to original directory after FTL binary download.\\n"; return 1; } - # Install the FTL service + + # Installed the FTL service printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" return 0 # Otherwise, From e8dabc71af52238726da2a0a9454a09dca5e66bb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 1 Feb 2019 17:54:21 +0100 Subject: [PATCH 25/29] Don't try to start pihole-FTL after it has been installed. This will be done a few moments later when gravity is invoked. Signed-off-by: DL6ER --- automated install/basic-install.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2022a7bf..865750ad 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2186,11 +2186,6 @@ FTLinstall() { # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL - # Start pihole-FTL service if available - # Allow failing without tripping set -e as the - # service might not be available (e.g. on first install) - service pihole-FTL restart > /dev/null 2>&1 || true - # Move back into the original directory the user was in popd > /dev/null || { printf "Unable to return to original directory after FTL binary download.\\n"; return 1; } From ec79e86bee709cbbf94b677a5c515212081e70a6 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 1 Feb 2019 18:06:57 +0100 Subject: [PATCH 26/29] We should really use stop_service as it also includes some nice output Signed-off-by: DL6ER --- automated install/basic-install.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 865750ad..cf73864b 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2179,9 +2179,7 @@ FTLinstall() { printf "transferred... " # Stop pihole-FTL service if available - # Allow failing without tripping set -e as the - # service might not be available (e.g. on first install) - service pihole-FTL stop > /dev/null 2>&1 || true + stop_service pihole-FTL &> /dev/null # Install the new version with the correct permissions install -T -m 0755 "${binary}" /usr/bin/pihole-FTL From ae654730c4a54d7b7c9a7734e010bff1fda97c1a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 2 Feb 2019 08:00:58 +0100 Subject: [PATCH 27/29] Update automated install/basic-install.sh Co-Authored-By: DL6ER --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index cf73864b..51fb2810 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1439,7 +1439,7 @@ stop_service() { # Start/Restart service passed in as argument restart_service() { # Local, named variables - local str="Starting ${1} service" + local str="Restarting ${1} service" printf " %b %s..." "${INFO}" "${str}" # If systemctl exists, if is_command systemctl ; then From 5c4ee237959f0fd475d56d053f8cc0ddf1c0962e Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 2 Feb 2019 10:19:44 -0800 Subject: [PATCH 28/29] Fix missed start_service -> restart_service call start_service was changed to restart_service. Signed-off-by: Mcat12 --- advanced/Scripts/piholeCheckout.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 977d1552..1bfe5e21 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -167,7 +167,7 @@ checkout() { echo " ${TICK} Branch ${2} exists" echo "${2}" > /etc/pihole/ftlbranch FTLinstall "${binary}" - start_service pihole-FTL + restart_service pihole-FTL enable_service pihole-FTL else echo " ${CROSS} Requested branch \"${2}\" is not available" From 26f2410fe6f75688e133a2f96538516e4e025f54 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 2 Feb 2019 10:37:12 -0800 Subject: [PATCH 29/29] Change /var/run/shm to /dev/shm The /var directory may not exist (does not exist on Fedora 29), and is simply a symlink to /dev/shm. Signed-off-by: Mcat12 --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 281425bf..c840ed04 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -76,7 +76,7 @@ WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd" HTML_DIRECTORY="/var/www/html" WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin" #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole" -SHM_DIRECTORY="/var/run/shm" +SHM_DIRECTORY="/dev/shm" # Files required by Pi-hole # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684