|
|
|
|
@ -255,231 +255,6 @@ def test_installPihole_fresh_install_readableFiles(host):
|
|
|
|
|
actual_rc = host.run(check_pihole).rc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize("test_webpage", [True])
|
|
|
|
|
def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
|
|
|
|
|
"""
|
|
|
|
|
confirms all web page assets from Core repo are readable
|
|
|
|
|
by $LIGHTTPD_USER on a fresh build
|
|
|
|
|
"""
|
|
|
|
|
piholeWebpage = [
|
|
|
|
|
"127.0.0.1",
|
|
|
|
|
# "pi.hole"
|
|
|
|
|
]
|
|
|
|
|
# dialog returns Cancel for user prompt
|
|
|
|
|
mock_command("dialog", {"*": ("", "0")}, host)
|
|
|
|
|
|
|
|
|
|
# mock git pull
|
|
|
|
|
mock_command_passthrough("git", {"pull": ("", "0")}, host)
|
|
|
|
|
# mock systemctl to start lighttpd and FTL
|
|
|
|
|
ligthttpdcommand = dedent(
|
|
|
|
|
r'''\"\"
|
|
|
|
|
echo 'starting lighttpd with {}'
|
|
|
|
|
if [ command -v "apt-get" >/dev/null 2>&1 ]; then
|
|
|
|
|
LIGHTTPD_USER="www-data"
|
|
|
|
|
LIGHTTPD_GROUP="www-data"
|
|
|
|
|
else
|
|
|
|
|
LIGHTTPD_USER="lighttpd"
|
|
|
|
|
LIGHTTPD_GROUP="lighttpd"
|
|
|
|
|
fi
|
|
|
|
|
mkdir -p "{run}"
|
|
|
|
|
chown {usergroup} "{run}"
|
|
|
|
|
mkdir -p "{cache}"
|
|
|
|
|
chown {usergroup} "/var/cache"
|
|
|
|
|
chown {usergroup} "{cache}"
|
|
|
|
|
mkdir -p "{compress}"
|
|
|
|
|
chown {usergroup} "{compress}"
|
|
|
|
|
mkdir -p "{uploads}"
|
|
|
|
|
chown {usergroup} "{uploads}"
|
|
|
|
|
chmod 0777 /var
|
|
|
|
|
chmod 0777 /var/cache
|
|
|
|
|
chmod 0777 "{cache}"
|
|
|
|
|
find "{run}" -type d -exec chmod 0777 {chmodarg} \;;
|
|
|
|
|
find "{run}" -type f -exec chmod 0666 {chmodarg} \;;
|
|
|
|
|
find "{compress}" -type d -exec chmod 0777 {chmodarg} \;;
|
|
|
|
|
find "{compress}" -type f -exec chmod 0666 {chmodarg} \;;
|
|
|
|
|
find "{uploads}" -type d -exec chmod 0777 {chmodarg} \;;
|
|
|
|
|
find "{uploads}" -type f -exec chmod 0666 {chmodarg} \;;
|
|
|
|
|
/usr/sbin/lighttpd -tt -f '{config}'
|
|
|
|
|
/usr/sbin/lighttpd -f '{config}'
|
|
|
|
|
echo \"\"'''.format(
|
|
|
|
|
"{}",
|
|
|
|
|
usergroup="${{LIGHTTPD_USER}}:${{LIGHTTPD_GROUP}}",
|
|
|
|
|
chmodarg="{{}}",
|
|
|
|
|
config="/etc/lighttpd/lighttpd.conf",
|
|
|
|
|
run="/run/lighttpd",
|
|
|
|
|
cache="/var/cache/lighttpd",
|
|
|
|
|
uploads="/var/cache/lighttpd/uploads",
|
|
|
|
|
compress="/var/cache/lighttpd/compress",
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
FTLcommand = dedent(
|
|
|
|
|
'''\"\"
|
|
|
|
|
set -x
|
|
|
|
|
/etc/init.d/pihole-FTL restart
|
|
|
|
|
echo \"\"'''
|
|
|
|
|
)
|
|
|
|
|
mock_command_run(
|
|
|
|
|
"systemctl",
|
|
|
|
|
{
|
|
|
|
|
"enable lighttpd": ("", "0"),
|
|
|
|
|
"restart lighttpd": (ligthttpdcommand.format("restart"), "0"),
|
|
|
|
|
"start lighttpd": (ligthttpdcommand.format("start"), "0"),
|
|
|
|
|
"enable pihole-FTL": ("", "0"),
|
|
|
|
|
"restart pihole-FTL": (FTLcommand, "0"),
|
|
|
|
|
"start pihole-FTL": (FTLcommand, "0"),
|
|
|
|
|
"*": ('echo "systemctl call with $@"', "0"),
|
|
|
|
|
},
|
|
|
|
|
host,
|
|
|
|
|
)
|
|
|
|
|
# create configuration file
|
|
|
|
|
setup_var_file = "cat <<EOF> /etc/pihole/setupVars.conf\n"
|
|
|
|
|
for k, v in SETUPVARS.items():
|
|
|
|
|
setup_var_file += "{}={}\n".format(k, v)
|
|
|
|
|
setup_var_file += "INSTALL_WEB_SERVER=true\n"
|
|
|
|
|
setup_var_file += "INSTALL_WEB_INTERFACE=true\n"
|
|
|
|
|
setup_var_file += "EOF\n"
|
|
|
|
|
host.run(setup_var_file)
|
|
|
|
|
installWeb = host.run(
|
|
|
|
|
"""
|
|
|
|
|
export TERM=xterm
|
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
|
umask 0027
|
|
|
|
|
runUnattended=true
|
|
|
|
|
useUpdateVars=true
|
|
|
|
|
source /opt/pihole/basic-install.sh > /dev/null
|
|
|
|
|
runUnattended=true
|
|
|
|
|
useUpdateVars=true
|
|
|
|
|
main
|
|
|
|
|
echo "LIGHTTPD_USER=${LIGHTTPD_USER}"
|
|
|
|
|
echo "webroot=${webroot}"
|
|
|
|
|
echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}"
|
|
|
|
|
echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}"
|
|
|
|
|
"""
|
|
|
|
|
)
|
|
|
|
|
assert 0 == installWeb.rc
|
|
|
|
|
piholeuser = "pihole"
|
|
|
|
|
webuser = ""
|
|
|
|
|
user = re.findall(r"^\s*LIGHTTPD_USER=.*$", installWeb.stdout, re.MULTILINE)
|
|
|
|
|
for match in user:
|
|
|
|
|
webuser = match.replace("LIGHTTPD_USER=", "").strip()
|
|
|
|
|
webroot = ""
|
|
|
|
|
user = re.findall(r"^\s*webroot=.*$", installWeb.stdout, re.MULTILINE)
|
|
|
|
|
for match in user:
|
|
|
|
|
webroot = match.replace("webroot=", "").strip()
|
|
|
|
|
if not webroot.strip():
|
|
|
|
|
webroot = "/var/www/html"
|
|
|
|
|
installWebInterface = True
|
|
|
|
|
interface = re.findall(
|
|
|
|
|
r"^\s*INSTALL_WEB_INTERFACE=.*$", installWeb.stdout, re.MULTILINE
|
|
|
|
|
)
|
|
|
|
|
for match in interface:
|
|
|
|
|
testvalue = match.replace("INSTALL_WEB_INTERFACE=", "").strip().lower()
|
|
|
|
|
if not testvalue.strip():
|
|
|
|
|
installWebInterface = testvalue == "true"
|
|
|
|
|
installWebServer = True
|
|
|
|
|
server = re.findall(r"^\s*INSTALL_WEB_SERVER=.*$", installWeb.stdout, re.MULTILINE)
|
|
|
|
|
for match in server:
|
|
|
|
|
testvalue = match.replace("INSTALL_WEB_SERVER=", "").strip().lower()
|
|
|
|
|
if not testvalue.strip():
|
|
|
|
|
installWebServer = testvalue == "true"
|
|
|
|
|
# if webserver install was not requested
|
|
|
|
|
# at least pihole must be able to read files
|
|
|
|
|
if installWebServer is False:
|
|
|
|
|
webuser = piholeuser
|
|
|
|
|
exit_status_success = 0
|
|
|
|
|
test_cmd = 'su --shell /bin/bash --command "test -{0} {1}" -p {2}'
|
|
|
|
|
# check files that need a running FTL to be created
|
|
|
|
|
# readable and writeable pihole-FTL.db
|
|
|
|
|
check_FTLconf = test_cmd.format("r", "/etc/pihole/pihole-FTL.db", piholeuser)
|
|
|
|
|
actual_rc = host.run(check_FTLconf).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
check_FTLconf = test_cmd.format("w", "/etc/pihole/pihole-FTL.db", piholeuser)
|
|
|
|
|
actual_rc = host.run(check_FTLconf).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
# check directories above $webroot for read and execute permission
|
|
|
|
|
check_var = test_cmd.format("r", "/var", webuser)
|
|
|
|
|
actual_rc = host.run(check_var).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
check_var = test_cmd.format("x", "/var", webuser)
|
|
|
|
|
actual_rc = host.run(check_var).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
check_www = test_cmd.format("r", "/var/www", webuser)
|
|
|
|
|
actual_rc = host.run(check_www).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
check_www = test_cmd.format("x", "/var/www", webuser)
|
|
|
|
|
actual_rc = host.run(check_www).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
check_html = test_cmd.format("r", "/var/www/html", webuser)
|
|
|
|
|
actual_rc = host.run(check_html).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
check_html = test_cmd.format("x", "/var/www/html", webuser)
|
|
|
|
|
actual_rc = host.run(check_html).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
# check directories below $webroot for read and execute permission
|
|
|
|
|
check_admin = test_cmd.format("r", webroot + "/admin", webuser)
|
|
|
|
|
actual_rc = host.run(check_admin).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
check_admin = test_cmd.format("x", webroot + "/admin", webuser)
|
|
|
|
|
actual_rc = host.run(check_admin).rc
|
|
|
|
|
assert exit_status_success == actual_rc
|
|
|
|
|
directories = get_directories_recursive(host, webroot + "/admin/")
|
|
|
|
|
for directory in directories:
|
|
|
|
|
check_pihole = test_cmd.format("r", directory, webuser)
|
|
|
|
|
actual_rc = host.run(check_pihole).rc
|
|
|
|
|
check_pihole = test_cmd.format("x", directory, webuser)
|
|
|
|
|
actual_rc = host.run(check_pihole).rc
|
|
|
|
|
findfiles = 'find "{}" -maxdepth 1 -type f -exec echo {{}} \\;;'
|
|
|
|
|
filelist = host.run(findfiles.format(directory))
|
|
|
|
|
files = list(filter(bool, filelist.stdout.splitlines()))
|
|
|
|
|
for file in files:
|
|
|
|
|
check_pihole = test_cmd.format("r", file, webuser)
|
|
|
|
|
actual_rc = host.run(check_pihole).rc
|
|
|
|
|
# check web interface files
|
|
|
|
|
# change nameserver to pi-hole
|
|
|
|
|
# setting nameserver in /etc/resolv.conf to pi-hole does
|
|
|
|
|
# not work here because of the way docker uses this file
|
|
|
|
|
ns = host.run(r"sed -i 's/nameserver.*/nameserver 127.0.0.1/' /etc/resolv.conf")
|
|
|
|
|
pihole_is_ns = ns.rc == 0
|
|
|
|
|
|
|
|
|
|
def is_ip(address):
|
|
|
|
|
m = re.match(r"(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})", address)
|
|
|
|
|
return bool(m)
|
|
|
|
|
|
|
|
|
|
if installWebInterface is True:
|
|
|
|
|
if test_webpage is True:
|
|
|
|
|
# check webpage for unreadable files
|
|
|
|
|
noPHPfopen = re.compile(
|
|
|
|
|
(
|
|
|
|
|
r"PHP Error(%d+):\s+fopen([^)]+):\s+"
|
|
|
|
|
+ r"failed to open stream: "
|
|
|
|
|
+ r"Permission denied in"
|
|
|
|
|
),
|
|
|
|
|
re.I,
|
|
|
|
|
)
|
|
|
|
|
# using cURL option --dns-servers is not possible
|
|
|
|
|
status = (
|
|
|
|
|
'curl -s --head "{}" | '
|
|
|
|
|
+ "head -n 1 | "
|
|
|
|
|
+ 'grep "HTTP/1.[01] [23].." > /dev/null'
|
|
|
|
|
)
|
|
|
|
|
digcommand = r"dig A +short {} @127.0.0.1 | head -n 1"
|
|
|
|
|
pagecontent = 'curl --verbose -L "{}"'
|
|
|
|
|
for page in piholeWebpage:
|
|
|
|
|
testpage = "http://" + page + "/admin/"
|
|
|
|
|
resolvesuccess = True
|
|
|
|
|
if is_ip(page) is False:
|
|
|
|
|
dig = host.run(digcommand.format(page))
|
|
|
|
|
testpage = "http://" + dig.stdout.strip() + "/admin/"
|
|
|
|
|
resolvesuccess = dig.rc == 0
|
|
|
|
|
if resolvesuccess or pihole_is_ns:
|
|
|
|
|
# check HTTP status of blockpage
|
|
|
|
|
actual_rc = host.run(status.format(testpage))
|
|
|
|
|
assert exit_status_success == actual_rc.rc
|
|
|
|
|
# check for PHP error
|
|
|
|
|
actual_output = host.run(pagecontent.format(testpage))
|
|
|
|
|
assert noPHPfopen.match(actual_output.stdout) is None
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_update_package_cache_success_no_errors(host):
|
|
|
|
|
"""
|
|
|
|
|
confirms package cache was updated without any errors
|
|
|
|
|
|
Adam Warner
1 year ago