From 00d62b34239a0cabe9fac4cfaeab27b4173951f2 Mon Sep 17 00:00:00 2001 From: andofrjando Date: Sat, 16 Sep 2017 10:24:37 +0800 Subject: [PATCH 001/121] This fixes the following bug: If Pi-Hole is behind a reverse proxy that uses SSL, then the block page will not load resources such as `blockingpage.css` and `jquery.min.js` as the insecure `http://` is hard coded. Browsers will block attempts to load insecure resources if the page is loaded of SSL. The fix is acheived by checking `$_SERVER['HTTPS']` and setting the variable `$proto` to either `http` or `https`. The harcoded `http` is replaced by the contents of this variable. --- advanced/index.php | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/advanced/index.php b/advanced/index.php index 911f3cc8..5e88a050 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -28,7 +28,7 @@ $authorizedHosts = []; // Append FQDN to $authorizedHosts if (!empty($svFQDN)) array_push($authorizedHosts, $svFQDN); - + // Append virtual hostname to $authorizedHosts if (!empty($_SERVER["VIRTUAL_HOST"])) { array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]); @@ -40,6 +40,15 @@ $validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", ""); // Get extension of current URL $currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION); +// Check if this is served over HTTP or HTTPS +if(isset($_SERVER['HTTPS'])) { + if ($_SERVER['HTTPS'] == "on") { + $proto = "https"; + } else { + $proto = "http"; + } +} + // Set mobile friendly viewport $viewPort = ''; @@ -60,7 +69,7 @@ if ($serverName === "pi.hole") {
Pi-hole: Your black hole for Internet advertisements "; - + // Render splash page or landing page when directly browsing via IP or auth'd hostname $renderPage = is_file(getcwd()."/$landPage") ? include $landPage : "$splashPage"; unset($serverName, $svFQDN, $svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt, $viewPort); @@ -134,7 +143,7 @@ function queryAds($serverName) { } catch (Exception $e) { return array("0" => "error", "1" => $e->getMessage()); } - + } $queryAds = queryAds($serverName); @@ -201,10 +210,10 @@ if (explode("-", $phVersion)[1] != "0") - - + + ● <?=$serverName ?> - + + '); } elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) { - // Serve SVG upon receiving non $validExtTypes URL extension or query string (e.g: not an iframe of a blocked domain) + // Serve SVG upon receiving non $validExtTypes URL extension or query string + // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly + // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page $blockImg = 'Blocked by Pi-hole'; exit(setHeader()." $viewPort @@ -88,7 +94,7 @@ if ($serverName === "pi.hole") { // Determine placeholder text based off $svPasswd presence $wlPlaceHolder = empty($svPasswd) ? "No admin password set" : "Javascript disabled"; -// Define admin email address text +// Define admin email address text based off $svEmail presence $bpAskAdmin = !empty($svEmail) ? '' : ""; // Determine if at least one block list has been generated @@ -113,8 +119,10 @@ if (empty($adlistsUrls)) // Get total number of blocklists (Including Whitelist, Blacklist & Wildcard lists) $adlistsCount = count($adlistsUrls) + 3; -// Get results of queryads.php exact search +// Set query timeout ini_set("default_socket_timeout", 3); + +// Logic for querying blocklists function queryAds($serverName) { // Determine the time it takes while querying adlists $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]; @@ -124,32 +132,39 @@ function queryAds($serverName) { // Exception Handling try { - if ($queryTime >= ini_get("default_socket_timeout")) { + // Define Exceptions + if (strpos($queryAds[0], "No exact results") !== FALSE) { + // Return "none" into $queryAds array + return array("0" => "none"); + } else if ($queryTime >= ini_get("default_socket_timeout")) { + // Connection Timeout throw new Exception ("Connection timeout (".ini_get("default_socket_timeout")."s)"); } elseif (!strpos($queryAds[0], ".") !== false) { - if (strpos($queryAds[0], "No exact results") !== FALSE) return array("0" => "none"); + // Unknown $queryAds output throw new Exception ("Unhandled error message ($queryAds[0])"); } return $queryAds; } catch (Exception $e) { + // Return exception as array return array("0" => "error", "1" => $e->getMessage()); } - } +// Get results of queryads.php exact search $queryAds = queryAds($serverName); -if ($queryAds[0] === "error") { +// Pass error through to Block Page +if ($queryAds[0] === "error") die("[ERROR]: Unable to parse results from queryads.php: ".$queryAds[1].""); -} else { - $featuredTotal = count($queryAds); - // Place results into key => value array - $queryResults = null; - foreach ($queryAds as $str) { - $value = explode(" ", $str); - @$queryResults[$value[0]] .= "$value[1]"; - } +// Count total number of matching blocklists +$featuredTotal = count($queryAds); + +// Place results into key => value array +$queryResults = null; +foreach ($queryAds as $str) { + $value = explode(" ", $str); + @$queryResults[$value[0]] .= "$value[1]"; } // Determine if domain has been blacklisted, whitelisted, wildcarded or CNAME blocked @@ -167,7 +182,8 @@ if (strpos($queryAds[0], "blacklist") !== FALSE) { $featuredTotal = "0"; $notableFlagClass = "noblock"; - // Determine appropriate info message if CNAME exists + // QoL addition: Determine appropriate info message if CNAME exists + // Suggests to the user that $serverName has a CNAME (alias) that may be blocked $dnsRecord = dns_get_record("$serverName")[0]; if (array_key_exists("target", $dnsRecord)) { $wlInfo = $dnsRecord['target']; @@ -184,9 +200,12 @@ $wlOutput = (isset($wlInfo) && $wlInfo !== "recentwl") ? " Date: Fri, 6 Oct 2017 20:35:54 +1100 Subject: [PATCH 009/121] Condense features into three main sections * Core shows a list of common commands, linking to the new Core Function Breakdown wiki article * Core also now shows the ASCII Vortex * Web has had its preview image size reduced * FTL's functions are elaborated upon more --- README.md | 166 ++++++++++-------------------------------------------- 1 file changed, 29 insertions(+), 137 deletions(-) diff --git a/README.md b/README.md index 99ed87da..920f97f6 100644 --- a/README.md +++ b/README.md @@ -103,22 +103,27 @@ Word-of-mouth continues to help our project grow immensely, and we'd like to hel ----- ## Features -* [The Web Interface Dashboard](#the-web-interface-dashboard) -* [The Faster-Than-Light Engine](#the-faster-than-light-engine) -* [The Query Log](#the-query-log) -* [Long-term Statistics](#long-term-statistics) -* [Whitelisting and Blacklisting](#whitelisting-and-blacklisting) -* [Additional Blocklists](#additional-blocklists) -* [Enable and Disable Pi-hole](#enable-and-disable-pi-hole) -* [Tools](#tools) -* [Web Interface Settings](#web-interface-settings) -* [Built-in DHCP Server](#built-in-dhcp-server) -* [Real-time Statistics](#real-time-statistics) +### The Command Line Interface +The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole. + +Pi-hole ASCII Logo + +Some of the features include: +* [Whitelisting, Blacklisting and Wildcards](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#whitelisting-blacklisting-and-wildcards) +* [Debugging utility](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#debugger) +* [Viewing the live log file](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#tail) +* [Real-time Statistics via `ssh`](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#chronometer) or [your TFT LCD screen](http://www.amazon.com/exec/obidos/ASIN/B00ID39LM4/pihole09-20) +* [Updating Ad Lists](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#gravity) +* [Querying Ad Lists for matching domains](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#query) +* [Enabling and Disabling Pi-hole](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#enable--disable) +* ... and *many* more! + +You can read our [Core Feature Breakdown](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown), as well as read up on [example usage](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738) for more information. ### The Web Interface Dashboard -This optional [open source](https://github.com/almasaeed2010/AdminLTE) dashboard allows you to view stats, change settings, and configure your Pi-hole. +This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve! -![Pi-hole Dashboard](https://assets.pi-hole.net/static/dashboard.png) +Pi-hole Dashboard There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168): @@ -127,132 +132,19 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t 3. `http://pi.hole/` (when using Pi-hole as your DNS server) ## The Faster-Than-Light Engine -The [FTL API](https://github.com/pi-hole/FTL) can be accessed via the Web, Command Line and `telnet`. +The [FTL Engine](https://github.com/pi-hole/FTL) is a lightweight purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily intergrated into your own projects. As the name implies, FTL does this all *very quickly*! -The Web (`admin/api.php`) and Command Line (`pihole -c -j`) will return `json` formatted output: -``` -{ - "domains_being_blocked":111175, - "dns_queries_today":15669, - "ads_blocked_today":1752, - "ads_percentage_today":11.181314, - "unique_domains":1178, - "queries_forwarded":9177, - "queries_cached":4740, - "unique_clients":18 -} -``` +Some of the statistics you can intergrate include: +* Total number of domains being blocked +* Total number of DNS queries today +* Total number of ads blocked today +* Percentage of ads blocked +* Unique domains +* Queries forwarded (to your chosen upstream DNS server) +* Queries cached (served by Pi-hole) +* Unique Pi-hole clients -More details on the API can be found [here](https://discourse.pi-hole.net/t/pi-hole-api/1863) and `telnet` on [the repo itself](https://github.com/pi-hole/FTL). - -### The Query Log -If enabled, the query log will show all of the DNS queries requested by clients using Pi-hole as their DNS server. Standard domains will show in green, and blocked (_Pi-holed_) domains will show in red. You can also whitelist or blacklist domains from within this section. - -

- -

- -The query log and graphs are what have helped people [discover all sorts of unexpected traffic traversing their networks](https://pi-hole.net/2017/07/06/round-3-what-really-happens-on-your-network/). - -#### Long-term Statistics -Using our FTL API, Pi-hole will store all the DNS queries in a database for later retrieval and analysis. You can view this data as a graph, individual queries, top clients/advertisers, or even query the database yourself for your own applications. - -

- -

- -### Whitelisting and Blacklisting -Domains can be [whitelisted](https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212) or [blacklisted](https://discourse.pi-hole.net/t/commonly-blacklisted-domains/305) using either the dashboard, or via [the `pihole` command](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738). - -

- -

- -#### Additional Blocklists -Pi-hole's stock block lists cover over 100,000 known ad-serving domains, which helps ensure you encounter minimal false positives. You can expand the blocking power of your Pi-hole by [adding additional lists](https://discourse.pi-hole.net/t/how-do-i-add-additional-block-lists-to-pi-hole/259) such as the ones found at [The Big Blocklist Collection](https://wally3k.github.io/). - -

- -

- -### Enable and Disable Pi-hole -There are times where you may want to disable the blocking functionality, and turn it back on again. You can toggle this via the dashboard or command line. - -

- -

- -### Tools - -

- -

- -##### Update Ad Lists -This runs [`gravity`](https://github.com/pi-hole/pi-hole/blob/master/gravity.sh) which checks your source list for updates, and downloads if changes are found. - -##### Query Ad Lists -You can find out what blocklist a specific domain was found on. This is useful for troubleshooting websites that may not work properly due to a blocked domain. - -##### `tail`ing Log Files -You can [watch the log files](https://discourse.pi-hole.net/t/how-do-i-watch-and-interpret-the-pihole-log-file/276) in real time to help debug any issues, or just see what's happening on your network. - -##### Pi-hole Debugger -If you are having trouble with your Pi-hole, this is the place to go. You can run the debugger and it will attempt to diagnose any issues, and then link to an FAQ with instructions on rectifying the problem. - -

- -

- -If run [via the command line](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738#debug), you will see coloured text, which makes it easy to identify any problems. - -

- -

- -After the debugger has finished, you have the option to upload it to our secure server for 48 hours. All you need to do is provide [one of our developers](https://github.com/orgs/pi-hole/teams/debug/members) the unique token generated by the debugger via [one of the various ways of getting in touch with us](#getting-in-touch-with-us). - -

- -

- -You should be able to resolve most issues using the provided FAQ links, but we're always happy to help out if you'd like assistance! - -### Web Interface Settings -The settings page lets you control and configure your Pi-hole. You can do things like: - -- view networking information -- flush logs or disable the logging of queries -- [enable Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026) -- [manage block lists](https://discourse.pi-hole.net/t/how-do-i-add-additional-block-lists-to-pi-hole/259) -- exclude domains from the graphs and enable privacy options -- configure upstream DNS servers -- restart Pi-hole's services -- back up some of Pi-hole's important files -- and more! - -

- -

- -### Built-in DHCP Server -Pi-hole ships with a [built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026). This allows you to let your network devices use Pi-hole as their DNS server if your router does not let you adjust the DHCP options. - -One nice feature of using Pi-hole's DHCP server if you can set hostnames and DHCP reservations so you'll [see hostnames in the query log instead of IP addresses](https://discourse.pi-hole.net/t/how-do-i-show-hostnames-instead-of-ip-addresses-in-the-dashboard/3530). You can still do this without using Pi-hole's DHCP server; it just takes a little more work. If you do plan to use Pi-hole's DHCP server, be sure to disable DHCP on your router first. - -

- -

- -### Real-time Statistics -Using [chronometer2](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/chronometer.sh), you can view [real-time stats](https://discourse.pi-hole.net/t/how-do-i-view-my-pi-holes-stats-over-ssh-or-on-an-lcd-using-chronometer/240) via `ssh` or on an LCD screen such as the [2.8" LCD screen from Adafruit](http://amzn.to/1P0q1Fj). - -Simply run `pihole -c` for some detailed information. - -

- -Image courtesy of /u/super_nicktendo22 -

+The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). [More details are found here](https://discourse.pi-hole.net/t/pi-hole-api/1863). ----- From 0d286b99d5df924e606297d3144cf710c346897d Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Fri, 6 Oct 2017 20:39:01 +1100 Subject: [PATCH 010/121] Remove placeholder URL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 920f97f6..c40a134f 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ Word-of-mouth continues to help our project grow immensely, and we'd like to hel ### The Command Line Interface The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole. -Pi-hole ASCII Logo +Pi-hole ASCII Logo Some of the features include: * [Whitelisting, Blacklisting and Wildcards](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#whitelisting-blacklisting-and-wildcards) From 114f84c948b08693bea934e822c1c4c2956e29b3 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 7 Oct 2017 17:29:47 +0200 Subject: [PATCH 011/121] Add --nuke option to list.sh that can be used e.g. by Teleporter to empty out lists before importing new content Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index a3f3261a..98d5c399 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -49,7 +49,8 @@ Options: -nr, --noreload Update ${type}list without refreshing dnsmasq -q, --quiet Make output less verbose -h, --help Show this help dialog - -l, --list Display all your ${type}listed domains" + -l, --list Display all your ${type}listed domains + --nuke Removes all entries in a list" exit 0 } @@ -70,7 +71,7 @@ HandleOther() { validDomain=$(grep -P "^((-|_)*[a-z\d]((-|_)*[a-z\d])*(-|_)*)(\.(-|_)*([a-z\d]((-|_)*[a-z\d])*))*$" <<< "${domain}") # Valid chars check validDomain=$(grep -P "^[^\.]{1,63}(\.[^\.]{1,63})*$" <<< "${validDomain}") # Length of each label fi - + if [[ -n "${validDomain}" ]]; then domList=("${domList[@]}" ${validDomain}) else @@ -223,6 +224,12 @@ Displaylist() { exit 0; } +NukeList() { + if [[ -f "${listMain}" ]]; then + echo "" > "${listMain}" + fi +} + for var in "$@"; do case "${var}" in "-w" | "whitelist" ) listMain="${whitelist}"; listAlt="${blacklist}";; @@ -234,6 +241,7 @@ for var in "$@"; do "-q" | "--quiet" ) verbose=false;; "-h" | "--help" ) helpFunc;; "-l" | "--list" ) Displaylist;; + "--nuke" ) NukeList;; * ) HandleOther "${var}";; esac done From f22b83d379d729cf7c6c21723f2712570d3cbc34 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 7 Oct 2017 17:46:40 +0200 Subject: [PATCH 012/121] Create a backup before emptying the list Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 98d5c399..a8c3a604 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -226,6 +226,9 @@ Displaylist() { NukeList() { if [[ -f "${listMain}" ]]; then + # Back up original list + cp "${listMain}" "${listMain}.bck" + # Empty out file echo "" > "${listMain}" fi } From 70ad656af0eaffb9dce7233e638428aae65be11e Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 7 Oct 2017 22:04:14 +0200 Subject: [PATCH 013/121] Save backup as ".bck~" to prevent reading of the file by dnsmasq Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index a8c3a604..9ddfe8f3 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -227,7 +227,7 @@ Displaylist() { NukeList() { if [[ -f "${listMain}" ]]; then # Back up original list - cp "${listMain}" "${listMain}.bck" + cp "${listMain}" "${listMain}.bck~" # Empty out file echo "" > "${listMain}" fi From 67a559490987ed700418693997697f2e8212a667 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 7 Oct 2017 16:06:16 -0400 Subject: [PATCH 014/121] Allow emails which include `-h` in them For example, mcat12@pi-hole.net would previously spit out the help message --- advanced/Scripts/webpage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index b0957ab4..c352f236 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -418,7 +418,7 @@ Options: } SetAdminEmail() { - if [[ "${1}" == *"-h"* ]]; then + if [[ "${1}" == "-h" || "${1}" == "--help" ]]; then echo "Usage: pihole -a email
Example: 'pihole -a email admin@address.com' Set an administrative contact address for the Block Page From bd330186604ce6053aca8da2a2d8647df057c211 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Sun, 8 Oct 2017 12:16:05 +1100 Subject: [PATCH 015/121] Shellcheck OR validation Signed off by WaLLy3K --- advanced/Scripts/webpage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index c352f236..d5c4d45e 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -418,7 +418,7 @@ Options: } SetAdminEmail() { - if [[ "${1}" == "-h" || "${1}" == "--help" ]]; then + if [[ "${1}" == "-h" ]] || [[ "${1}" == "--help" ]]; then echo "Usage: pihole -a email
Example: 'pihole -a email admin@address.com' Set an administrative contact address for the Block Page From 2dabacd02487d244259a7ceb3b8fb44551b0bbfe Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Mon, 9 Oct 2017 19:53:22 +1100 Subject: [PATCH 016/121] Fix minor typo Signed off by WaLLy3K --- advanced/lighttpd.conf.debian | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 5b317c4f..b5bece72 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -11,7 +11,7 @@ # FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. # # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # # # -# CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE: # +# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE: # # /etc/lighttpd/external.conf # ############################################################################### From 51b09efceb1cb457ddba3d3d9d830c9579071031 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Mon, 9 Oct 2017 19:53:45 +1100 Subject: [PATCH 017/121] Fix minor typo Signed off by WaLLy3K --- advanced/lighttpd.conf.fedora | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 7b2449c6..dd7ba138 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -13,7 +13,7 @@ # FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. # # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # # # -# CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE: # +# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE: # # /etc/lighttpd/external.conf # ############################################################################### From e4b3bc4209c73c61f7e158b0073548e170bde73a Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Tue, 10 Oct 2017 13:17:33 +1100 Subject: [PATCH 018/121] Minor spacing corrections Signed off by WaLLy3K --- advanced/lighttpd.conf.fedora | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index dd7ba138..43d94d84 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -7,8 +7,6 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. - - ############################################################################### # FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. # # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # @@ -74,11 +72,12 @@ fastcgi.server = ( ".php" => # If the URL starts with /admin, it is the Web interface $HTTP["url"] =~ "^/admin/" { - # Create a response header for debugging using curl -I + # Create a response header for debugging using curl -I setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) + $HTTP["url"] =~ ".ttf$" { # Allow Block Page access to local fonts setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) From 3b300a4d6ac8c1553b17c9334bea44557f78c944 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Fri, 13 Oct 2017 11:42:49 +1100 Subject: [PATCH 019/121] Fix query option handling Signed off by WaLLy3K --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 45f7ea92..8359ba45 100755 --- a/pihole +++ b/pihole @@ -154,7 +154,7 @@ Options: # Strip valid options, leaving only the domain and invalid options # This allows users to place the options before or after the domain - options=$(sed -E 's/ ?-(bp|adlists?|all|exact)//g' <<< "${options}") + options=$(sed -E 's/ ?-(bp|adlists?|all|exact) ?//g' <<< "${options}") # Handle remaining options # If $options contain non ASCII characters, convert to punycode From 1e6cc63abe6241dbb1950067cd4de39cef16deb3 Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 12 Oct 2017 20:32:33 -0600 Subject: [PATCH 020/121] add SELinux checking to debug script --- advanced/Scripts/piholeDebug.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index ea387b5a..247da3e6 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -422,6 +422,36 @@ diagnose_operating_system() { fi } +check_selinux() { + # SELinux is not supported by the Pi-hole + echo_current_diagnostic "SELinux" + # Check if a SELinux configuration file exists + if [[ -f /etc/selinux/config ]]; then + # If a SELinux configuration file was found, check the default SELinux mode. + DEFAULT_SELINUX=$(egrep -i '^SELINUX=' /etc/selinux/config | cut -d'=' -f2 | awk '{print tolower($0)}') + case $DEFAULT_SELINUX in + enforcing) + log_write "${CROSS} ${COL_LIGHT_RED}Default SELinux: $DEFAULT_SELINUX${COL_NC}" + ;; + *) # 'permissive' and 'disabled' + log_write "${TICK} ${COL_LIGHT_GREEN}Default SELinux: $DEFAULT_SELINUX${COL_NC}"; + ;; + esac + # Check the current state of SELinux + CURRENT_SELINUX=$(getenforce | awk '{print tolower($0)}') + case $CURRENT_SELINUX in + enforcing) + log_write "${CROSS} ${COL_LIGHT_RED}Current SELinux: $CURRENT_SELINUX${COL_NC}" + ;; + *) # 'permissive' and 'disabled' + log_write "${TICK} ${COL_LIGHT_GREEN}Current SELinux: $CURRENT_SELINUX${COL_NC}"; + ;; + esac + else + log_write "${TICK} ${COL_LIGHT_GREEN}SELinux not Supported${COL_NC}"; + fi +} + processor_check() { echo_current_diagnostic "Processor" # Store the processor type in a variable @@ -1119,6 +1149,7 @@ source_setup_variables check_component_versions check_critical_program_versions diagnose_operating_system +check_selinux processor_check check_networking check_name_resolution From a17d1be7a4fce73d6aa7dd2df5b439df43a9db0e Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 12 Oct 2017 23:24:02 -0600 Subject: [PATCH 021/121] simplify selinux debug variables --- advanced/Scripts/piholeDebug.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 247da3e6..b5a1f2a5 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -428,8 +428,8 @@ check_selinux() { # Check if a SELinux configuration file exists if [[ -f /etc/selinux/config ]]; then # If a SELinux configuration file was found, check the default SELinux mode. - DEFAULT_SELINUX=$(egrep -i '^SELINUX=' /etc/selinux/config | cut -d'=' -f2 | awk '{print tolower($0)}') - case $DEFAULT_SELINUX in + DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config) + case "${DEFAULT_SELINUX,,}" in enforcing) log_write "${CROSS} ${COL_LIGHT_RED}Default SELinux: $DEFAULT_SELINUX${COL_NC}" ;; @@ -438,8 +438,8 @@ check_selinux() { ;; esac # Check the current state of SELinux - CURRENT_SELINUX=$(getenforce | awk '{print tolower($0)}') - case $CURRENT_SELINUX in + CURRENT_SELINUX=$(getenforce) + case "${CURRENT_SELINUX,,}" in enforcing) log_write "${CROSS} ${COL_LIGHT_RED}Current SELinux: $CURRENT_SELINUX${COL_NC}" ;; From 8aceb8bf539a999e962ba71b2a7c9147fdf0a2bd Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 12 Oct 2017 23:29:04 -0600 Subject: [PATCH 022/121] replace deprecated colors in debug script - COL_LIGHT_GREEN -> COL_GREEN - COL_LIGHT_RED -> COL_RED - COL_LIGHT_PURPLE -> COL_PURPLE --- advanced/Scripts/piholeDebug.sh | 148 ++++++++++++++++---------------- 1 file changed, 74 insertions(+), 74 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index b5a1f2a5..62fefb17 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -30,12 +30,12 @@ if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then else COL_NC='\e[0m' # No Color COL_YELLOW='\e[1;33m' - COL_LIGHT_PURPLE='\e[1;35m' + COL_PURPLE='\e[1;35m' COL_CYAN='\e[0;36m' - TICK="[${COL_LIGHT_GREEN}✓${COL_NC}]" - CROSS="[${COL_LIGHT_RED}✗${COL_NC}]" + TICK="[${COL_GREEN}✓${COL_NC}]" + CROSS="[${COL_RED}✗${COL_NC}]" INFO="[i]" - DONE="${COL_LIGHT_GREEN} done!${COL_NC}" + DONE="${COL_GREEN} done!${COL_NC}" OVER="\r\033[K" fi @@ -175,7 +175,7 @@ show_disclaimer(){ source_setup_variables() { # Display the current test that is running - log_write "\n${COL_LIGHT_PURPLE}*** [ INITIALIZING ]${COL_NC} Sourcing setup variables" + log_write "\n${COL_PURPLE}*** [ INITIALIZING ]${COL_NC} Sourcing setup variables" # If the variable file exists, if ls "${PIHOLE_SETUP_VARS_FILE}" 1> /dev/null 2>&1; then log_write "${INFO} Sourcing ${PIHOLE_SETUP_VARS_FILE}..."; @@ -183,7 +183,7 @@ source_setup_variables() { source ${PIHOLE_SETUP_VARS_FILE} else # If it can't, show an error - log_write "${PIHOLE_SETUP_VARS_FILE} ${COL_LIGHT_RED}does not exist or cannot be read.${COL_NC}" + log_write "${PIHOLE_SETUP_VARS_FILE} ${COL_RED}does not exist or cannot be read.${COL_NC}" fi } @@ -219,7 +219,7 @@ initiate_debug() { clear show_disclaimer # Display that the debug process is beginning - log_write "${COL_LIGHT_PURPLE}*** [ INITIALIZING ]${COL_NC}" + log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}" # Timestamp the start of the log log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initiated." } @@ -230,7 +230,7 @@ initiate_debug() { echo_current_diagnostic() { # Colors are used for visually distinguishing each test in the output # These colors do not show in the GUI, but the formatting will - log_write "\n${COL_LIGHT_PURPLE}*** [ DIAGNOSING ]:${COL_NC} ${1}" + log_write "\n${COL_PURPLE}*** [ DIAGNOSING ]:${COL_NC} ${1}" } compare_local_version_to_git_version() { @@ -255,7 +255,7 @@ compare_local_version_to_git_version() { # move into it cd "${git_dir}" || \ # If not, show an error - log_write "${COL_LIGHT_RED}Could not cd into ${git_dir}$COL_NC" + log_write "${COL_RED}Could not cd into ${git_dir}$COL_NC" if git status &> /dev/null; then # The current version the user is on local remote_version @@ -269,7 +269,7 @@ compare_local_version_to_git_version() { # echo this information out to the user in a nice format # If the current version matches what pihole -v produces, the user is up-to-date if [[ "${remote_version}" == "$(pihole -v | awk '/${search_term}/ {print $6}' | cut -d ')' -f1)" ]]; then - log_write "${TICK} ${pihole_component}: ${COL_LIGHT_GREEN}${remote_version}${COL_NC}" + log_write "${TICK} ${pihole_component}: ${COL_GREEN}${remote_version}${COL_NC}" # If not, else # echo the current version in yellow, signifying it's something to take a look at, but not a critical error @@ -280,7 +280,7 @@ compare_local_version_to_git_version() { # If the repo is on the master branch, they are on the stable codebase if [[ "${remote_branch}" == "master" ]]; then # so the color of the text is green - log_write "${INFO} Branch: ${COL_LIGHT_GREEN}${remote_branch}${COL_NC}" + log_write "${INFO} Branch: ${COL_GREEN}${remote_branch}${COL_NC}" # If it is any other branch, they are in a developement branch else # So show that in yellow, signifying it's something to take a look at, but not a critical error @@ -308,7 +308,7 @@ check_ftl_version() { # Compare the current FTL version to the remote version if [[ "${FTL_VERSION}" == "$(pihole -v | awk '/FTL/ {print $6}' | cut -d ')' -f1)" ]]; then # If they are the same, FTL is up-to-date - log_write "${TICK} ${ftl_name}: ${COL_LIGHT_GREEN}${FTL_VERSION}${COL_NC}" + log_write "${TICK} ${ftl_name}: ${COL_GREEN}${FTL_VERSION}${COL_NC}" else # If not, show it in yellow, signifying there is an update log_write "${TICK} ${ftl_name}: ${COL_YELLOW}${FTL_VERSION}${COL_NC} (${FAQ_UPDATE_PI_HOLE})" @@ -345,7 +345,7 @@ get_program_version() { # If the program does not have a version (the variable is empty) if [[ -z "${program_version}" ]]; then # Display and error - log_write "${CROSS} ${COL_LIGHT_RED}${program_name} version could not be detected.${COL_NC}" + log_write "${CROSS} ${COL_RED}${program_name} version could not be detected.${COL_NC}" else # Otherwise, display the version log_write "${INFO} ${program_version}" @@ -368,13 +368,13 @@ is_os_supported() { # If the variable is one of our supported OSes, case "${the_os}" in # Print it in green - "Raspbian") log_write "${TICK} ${COL_LIGHT_GREEN}${os_to_check}${COL_NC}";; - "Ubuntu") log_write "${TICK} ${COL_LIGHT_GREEN}${os_to_check}${COL_NC}";; - "Fedora") log_write "${TICK} ${COL_LIGHT_GREEN}${os_to_check}${COL_NC}";; - "Debian") log_write "${TICK} ${COL_LIGHT_GREEN}${os_to_check}${COL_NC}";; - "CentOS") log_write "${TICK} ${COL_LIGHT_GREEN}${os_to_check}${COL_NC}";; + "Raspbian") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";; + "Ubuntu") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";; + "Fedora") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";; + "Debian") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";; + "CentOS") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";; # If not, show it in red and link to our software requirements page - *) log_write "${CROSS} ${COL_LIGHT_RED}${os_to_check}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS})"; + *) log_write "${CROSS} ${COL_RED}${os_to_check}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS})"; esac } @@ -418,7 +418,7 @@ diagnose_operating_system() { get_distro_attributes else # If it doesn't exist, it's not a system we currently support and link to FAQ - log_write "${CROSS} ${COL_LIGHT_RED}${error_msg}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS})" + log_write "${CROSS} ${COL_RED}${error_msg}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS})" fi } @@ -431,24 +431,24 @@ check_selinux() { DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config) case "${DEFAULT_SELINUX,,}" in enforcing) - log_write "${CROSS} ${COL_LIGHT_RED}Default SELinux: $DEFAULT_SELINUX${COL_NC}" + log_write "${CROSS} ${COL_RED}Default SELinux: $DEFAULT_SELINUX${COL_NC}" ;; *) # 'permissive' and 'disabled' - log_write "${TICK} ${COL_LIGHT_GREEN}Default SELinux: $DEFAULT_SELINUX${COL_NC}"; + log_write "${TICK} ${COL_GREEN}Default SELinux: $DEFAULT_SELINUX${COL_NC}"; ;; esac # Check the current state of SELinux CURRENT_SELINUX=$(getenforce) case "${CURRENT_SELINUX,,}" in enforcing) - log_write "${CROSS} ${COL_LIGHT_RED}Current SELinux: $CURRENT_SELINUX${COL_NC}" + log_write "${CROSS} ${COL_RED}Current SELinux: $CURRENT_SELINUX${COL_NC}" ;; *) # 'permissive' and 'disabled' - log_write "${TICK} ${COL_LIGHT_GREEN}Current SELinux: $CURRENT_SELINUX${COL_NC}"; + log_write "${TICK} ${COL_GREEN}Current SELinux: $CURRENT_SELINUX${COL_NC}"; ;; esac else - log_write "${TICK} ${COL_LIGHT_GREEN}SELinux not Supported${COL_NC}"; + log_write "${TICK} ${COL_GREEN}SELinux not Supported${COL_NC}"; fi } @@ -460,19 +460,19 @@ processor_check() { if [[ -z "${PROCESSOR}" ]]; then # we couldn't detect it, so show an error PROCESSOR=$(lscpu | awk '/Architecture/ {print $2}') - log_write "${CROSS} ${COL_LIGHT_RED}${PROCESSOR}${COL_NC} has not been tested with FTL, but may still work: (${FAQ_FTL_COMPATIBILITY})" + log_write "${CROSS} ${COL_RED}${PROCESSOR}${COL_NC} has not been tested with FTL, but may still work: (${FAQ_FTL_COMPATIBILITY})" else # Check if the architecture is currently supported for FTL case "${PROCESSOR}" in - "amd64") "${TICK} ${COL_LIGHT_GREEN}${PROCESSOR}${COL_NC}" + "amd64") "${TICK} ${COL_GREEN}${PROCESSOR}${COL_NC}" ;; - "armv6l") "${TICK} ${COL_LIGHT_GREEN}${PROCESSOR}${COL_NC}" + "armv6l") "${TICK} ${COL_GREEN}${PROCESSOR}${COL_NC}" ;; - "armv6") "${TICK} ${COL_LIGHT_GREEN}${PROCESSOR}${COL_NC}" + "armv6") "${TICK} ${COL_GREEN}${PROCESSOR}${COL_NC}" ;; - "armv7l") "${TICK} ${COL_LIGHT_GREEN}${PROCESSOR}${COL_NC}" + "armv7l") "${TICK} ${COL_GREEN}${PROCESSOR}${COL_NC}" ;; - "aarch64") "${TICK} ${COL_LIGHT_GREEN}${PROCESSOR}${COL_NC}" + "aarch64") "${TICK} ${COL_GREEN}${PROCESSOR}${COL_NC}" ;; # Otherwise, show the processor type *) log_write "${INFO} ${PROCESSOR}"; @@ -488,7 +488,7 @@ parse_setup_vars() { parse_file "${PIHOLE_SETUP_VARS_FILE}" else # If not, show an error - log_write "${CROSS} ${COL_LIGHT_RED}Could not read ${PIHOLE_SETUP_VARS_FILE}.${COL_NC}" + log_write "${CROSS} ${COL_RED}Could not read ${PIHOLE_SETUP_VARS_FILE}.${COL_NC}" fi } @@ -504,10 +504,10 @@ does_ip_match_setup_vars() { # Strip off the / (CIDR notation) if [[ "${ip_address%/*}" == "${setup_vars_ip%/*}" ]]; then # if it matches, show it in green - log_write " ${COL_LIGHT_GREEN}${ip_address%/*}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" + log_write " ${COL_GREEN}${ip_address%/*}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" else # otherwise show it in red with an FAQ URL - log_write " ${COL_LIGHT_RED}${ip_address%/*}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" + log_write " ${COL_RED}${ip_address%/*}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" fi else @@ -515,10 +515,10 @@ does_ip_match_setup_vars() { # since it exists in the setupVars.conf that way if [[ "${ip_address}" == "${setup_vars_ip}" ]]; then # show in green if it matches - log_write " ${COL_LIGHT_GREEN}${ip_address}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" + log_write " ${COL_GREEN}${ip_address}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}" else # otherwise show it in red - log_write " ${COL_LIGHT_RED}${ip_address}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" + log_write " ${COL_RED}${ip_address}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})" fi fi } @@ -546,7 +546,7 @@ detect_ip_addresses() { log_write "" else # If there are no IPs detected, explain that the protocol is not configured - log_write "${CROSS} ${COL_LIGHT_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interace.\n" + log_write "${CROSS} ${COL_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interace.\n" return 1 fi # If the protocol is v6 @@ -593,13 +593,13 @@ ping_gateway() { # If pinging the gateway is not successful, if ! ${cmd} -c 3 -W 2 -n ${gateway} -I ${PIHOLE_INTERFACE} >/dev/null; then # let the user know - log_write "${CROSS} ${COL_LIGHT_RED}Gateway did not respond.${COL_NC} ($FAQ_GATEWAY)\n" + log_write "${CROSS} ${COL_RED}Gateway did not respond.${COL_NC} ($FAQ_GATEWAY)\n" # and return an error code return 1 # Otherwise, else # show a success - log_write "${TICK} ${COL_LIGHT_GREEN}Gateway responded.${COL_NC}" + log_write "${TICK} ${COL_GREEN}Gateway responded.${COL_NC}" # and return a success code return 0 fi @@ -614,11 +614,11 @@ ping_internet() { # Try to ping the address 3 times if ! ${cmd} -W 2 -c 3 -n ${public_address} -I ${PIHOLE_INTERFACE} >/dev/null; then # if it's unsuccessful, show an error - log_write "${CROSS} ${COL_LIGHT_RED}Cannot reach the Internet.${COL_NC}\n" + log_write "${CROSS} ${COL_RED}Cannot reach the Internet.${COL_NC}\n" return 1 else # Otherwise, show success - log_write "${TICK} ${COL_LIGHT_GREEN}Query responded.${COL_NC}\n" + log_write "${TICK} ${COL_GREEN}Query responded.${COL_NC}\n" return 0 fi } @@ -631,11 +631,11 @@ compare_port_to_service_assigned() { local ftl="pihole-FTL" if [[ "${service_name}" == "${resolver}" ]] || [[ "${service_name}" == "${web_server}" ]] || [[ "${service_name}" == "${ftl}" ]]; then # if port 53 is dnsmasq, show it in green as it's standard - log_write "[${COL_LIGHT_GREEN}${port_number}${COL_NC}] is in use by ${COL_LIGHT_GREEN}${service_name}${COL_NC}" + log_write "[${COL_GREEN}${port_number}${COL_NC}] is in use by ${COL_GREEN}${service_name}${COL_NC}" # Otherwise, else # Show the service name in red since it's non-standard - log_write "[${COL_LIGHT_RED}${port_number}${COL_NC}] is in use by ${COL_LIGHT_RED}${service_name}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_PORTS})" + log_write "[${COL_RED}${port_number}${COL_NC}] is in use by ${COL_RED}${service_name}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_PORTS})" fi } @@ -711,21 +711,21 @@ check_x_headers() { # If the X-header found by curl matches what is should be, if [[ $block_page == "$block_page_working" ]]; then # display a success message - log_write "$TICK ${COL_LIGHT_GREEN}${block_page}${COL_NC}" + log_write "$TICK ${COL_GREEN}${block_page}${COL_NC}" else # Otherwise, show an error - log_write "$CROSS ${COL_LIGHT_RED}X-Header does not match or could not be retrieved.${COL_NC}" - log_write "${COL_LIGHT_RED}${full_curl_output_block_page}${COL_NC}" + log_write "$CROSS ${COL_RED}X-Header does not match or could not be retrieved.${COL_NC}" + log_write "${COL_RED}${full_curl_output_block_page}${COL_NC}" fi # Same logic applies to the dashbord as above, if the X-Header matches what a working system shoud have, if [[ $dashboard == "$dashboard_working" ]]; then # then we can show a success - log_write "$TICK ${COL_LIGHT_GREEN}${dashboard}${COL_NC}" + log_write "$TICK ${COL_GREEN}${dashboard}${COL_NC}" else # Othewise, it's a failure since the X-Headers either don't exist or have been modified in some way - log_write "$CROSS ${COL_LIGHT_RED}X-Header does not match or could not be retrieved.${COL_NC}" - log_write "${COL_LIGHT_RED}${full_curl_output_dashboard}${COL_NC}" + log_write "$CROSS ${COL_RED}X-Header does not match or could not be retrieved.${COL_NC}" + log_write "${COL_RED}${full_curl_output_dashboard}${COL_NC}" fi } @@ -770,10 +770,10 @@ dig_at() { # First, do a dig on localhost to see if Pi-hole can use itself to block a domain if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then # If it can, show sucess - log_write "${TICK} ${random_url} ${COL_LIGHT_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})" + log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})" else # Otherwise, show a failure - log_write "${CROSS} ${COL_LIGHT_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_LIGHT_RED}localhost${COL_NC} (${local_address})" + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} (${local_address})" fi # Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address @@ -784,20 +784,20 @@ dig_at() { # If Pi-hole can dig itself from it's IP (not the loopback address) if pihole_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${pihole_address} +short "${record_type}"); then # show a success - log_write "${TICK} ${random_url} ${COL_LIGHT_GREEN}is ${pihole_dig}${COL_NC} via ${COL_CYAN}Pi-hole${COL_NC} (${pihole_address})" + log_write "${TICK} ${random_url} ${COL_GREEN}is ${pihole_dig}${COL_NC} via ${COL_CYAN}Pi-hole${COL_NC} (${pihole_address})" else # Othewise, show a failure - log_write "${CROSS} ${COL_LIGHT_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_LIGHT_RED}Pi-hole${COL_NC} (${pihole_address})" + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}Pi-hole${COL_NC} (${pihole_address})" fi # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server # We are using the static remote_url here instead of a random one because we know it works with IPv4 and IPv6 if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @${remote_address} +short "${record_type}" | head -n1); then # If successful, the real IP of the domain will be returned instead of Pi-hole's IP - log_write "${TICK} ${remote_url} ${COL_LIGHT_GREEN}is ${remote_dig}${COL_NC} via ${COL_CYAN}a remote, public DNS server${COL_NC} (${remote_address})" + log_write "${TICK} ${remote_url} ${COL_GREEN}is ${remote_dig}${COL_NC} via ${COL_CYAN}a remote, public DNS server${COL_NC} (${remote_address})" else # Otherwise, show an error - log_write "${CROSS} ${COL_LIGHT_RED}Failed to resolve${COL_NC} ${remote_url} via ${COL_LIGHT_RED}a remote, public DNS server${COL_NC} (${remote_address})" + log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${remote_url} via ${COL_RED}a remote, public DNS server${COL_NC} (${remote_address})" fi } @@ -813,10 +813,10 @@ process_status(){ # and print it out to the user if [[ "${status_of_process}" == "active" ]]; then # If it's active, show it in green - log_write "${TICK} ${COL_LIGHT_GREEN}${i}${COL_NC} daemon is ${COL_LIGHT_GREEN}${status_of_process}${COL_NC}" + log_write "${TICK} ${COL_GREEN}${i}${COL_NC} daemon is ${COL_GREEN}${status_of_process}${COL_NC}" else # If it's not, show it in red - log_write "${CROSS} ${COL_LIGHT_RED}${i}${COL_NC} daemon is ${COL_LIGHT_RED}${status_of_process}${COL_NC}" + log_write "${CROSS} ${COL_RED}${i}${COL_NC} daemon is ${COL_RED}${status_of_process}${COL_NC}" fi done } @@ -915,7 +915,7 @@ dir_check() { : else # Otherwise, show an error - log_write "${COL_LIGHT_RED}${directory} does not exist.${COL_NC}" + log_write "${COL_RED}${directory} does not exist.${COL_NC}" fi done } @@ -944,7 +944,7 @@ list_files_in_dir() { for i in "${!REQUIRED_FILES[@]}"; do if [[ "${dir_to_parse}/${each_file}" == ${REQUIRED_FILES[$i]} ]]; then # display the filename - log_write "\n${COL_LIGHT_GREEN}$(ls -ld ${dir_to_parse}/${each_file})${COL_NC}" + log_write "\n${COL_GREEN}$(ls -ld ${dir_to_parse}/${each_file})${COL_NC}" # Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing) case "${dir_to_parse}/${each_file}" in # If it's Web server error log, just give the first 25 lines @@ -993,7 +993,7 @@ analyze_gravity_list() { # Get the lines that are in the file(s) and store them in an array for parsing later IFS=$'\r\n' local gravity_permissions=$(ls -ld "${PIHOLE_BLOCKLIST_FILE}") - log_write "${COL_LIGHT_GREEN}${gravity_permissions}${COL_NC}" + log_write "${COL_GREEN}${gravity_permissions}${COL_NC}" local gravity_head=() gravity_head=( $(head -n 4 ${PIHOLE_BLOCKLIST_FILE}) ) log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_BLOCKLIST_FILE})------${COL_NC}" @@ -1019,7 +1019,7 @@ analyze_pihole_log() { # Get the lines that are in the file(s) and store them in an array for parsing later IFS=$'\r\n' local pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}") - log_write "${COL_LIGHT_GREEN}${pihole_log_permissions}${COL_NC}" + log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}" local pihole_log_head=() pihole_log_head=( $(head -n 20 ${PIHOLE_LOG}) ) log_write " ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}" @@ -1038,7 +1038,7 @@ analyze_pihole_log() { # If the variable contains a value, it found an error in the log if [[ -n ${error_to_check_for} ]]; then # So we can print it in red to make it visible to the user - log_write " ${CROSS} ${COL_LIGHT_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" + log_write " ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})" else # If the variable does not a value (the current default behavior), so do not obfuscate anything if [[ -z ${OBFUSCATE} ]]; then @@ -1067,7 +1067,7 @@ tricorder_use_nc_or_ssl() { # Check for openssl first since encryption is a good thing if command -v openssl &> /dev/null; then # If the command exists, - log_write " * Using ${COL_LIGHT_GREEN}openssl${COL_NC} for transmission." + log_write " * Using ${COL_GREEN}openssl${COL_NC} for transmission." # encrypt and transmit the log and store the token returned in a variable tricorder_token=$(< ${PIHOLE_DEBUG_LOG_SANITIZED} openssl s_client -quiet -connect tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER} 2> /dev/null) # Otherwise, @@ -1088,9 +1088,9 @@ upload_to_tricorder() { # Let the user know debugging is complete with something strikingly visual log_write "" - log_write "${COL_LIGHT_PURPLE}********************************************${COL_NC}" - log_write "${COL_LIGHT_PURPLE}********************************************${COL_NC}" - log_write "${TICK} ${COL_LIGHT_GREEN}** FINISHED DEBUGGING! **${COL_NC}\n" + log_write "${COL_PURPLE}********************************************${COL_NC}" + log_write "${COL_PURPLE}********************************************${COL_NC}" + log_write "${TICK} ${COL_GREEN}** FINISHED DEBUGGING! **${COL_NC}\n" # Provide information on what they should do with their token log_write " * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only." @@ -1112,7 +1112,7 @@ upload_to_tricorder() { # If they say yes, run our function for uploading the log [yY][eE][sS]|[yY]) tricorder_use_nc_or_ssl;; # If they choose no, just exit out of the script - *) log_write " * Log will ${COL_LIGHT_GREEN}NOT${COL_NC} be uploaded to tricorder.";exit; + *) log_write " * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.";exit; esac fi # Check if tricorder.pi-hole.net is reachable and provide token @@ -1121,19 +1121,19 @@ upload_to_tricorder() { # Again, try to make this visually striking so the user realizes they need to do something with this information # Namely, provide the Pi-hole devs with the token log_write "" - log_write "${COL_LIGHT_PURPLE}***********************************${COL_NC}" - log_write "${COL_LIGHT_PURPLE}***********************************${COL_NC}" - log_write "${TICK} Your debug token is: ${COL_LIGHT_GREEN}${tricorder_token}${COL_NC}" - log_write "${COL_LIGHT_PURPLE}***********************************${COL_NC}" - log_write "${COL_LIGHT_PURPLE}***********************************${COL_NC}" + log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}" + log_write "${COL_PURPLE}***********************************${COL_NC}" + log_write "${COL_PURPLE}***********************************${COL_NC}" log_write "" log_write " * Provide the token above to the Pi-hole team for assistance at" log_write " * ${FORUMS_URL}" - log_write " * Your log will self-destruct on our server after ${COL_LIGHT_RED}48 hours${COL_NC}." + log_write " * Your log will self-destruct on our server after ${COL_RED}48 hours${COL_NC}." # If no token was generated else # Show an error and some help instructions - log_write "${CROSS} ${COL_LIGHT_RED}There was an error uploading your debug log.${COL_NC}" + log_write "${CROSS} ${COL_RED}There was an error uploading your debug log.${COL_NC}" log_write " * Please try again or contact the Pi-hole team for assistance." fi # Finally, show where the log file is no matter the outcome of the function so users can look at it From 7d76db00acf44a71554e8f062936eaae1cffba98 Mon Sep 17 00:00:00 2001 From: bcambl Date: Fri, 13 Oct 2017 08:58:35 -0600 Subject: [PATCH 023/121] update 'SELinux not detected' message --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 62fefb17..d8b976b8 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -448,7 +448,7 @@ check_selinux() { ;; esac else - log_write "${TICK} ${COL_GREEN}SELinux not Supported${COL_NC}"; + log_write "${INFO} ${COL_GREEN}SELinux not detected${COL_NC}"; fi } From 31730e71974482e513854f62a6f3e0b8201f9b0c Mon Sep 17 00:00:00 2001 From: bcambl Date: Fri, 13 Oct 2017 09:14:19 -0600 Subject: [PATCH 024/121] add missing colors to COL_TABLE fallback --- advanced/Scripts/piholeDebug.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d8b976b8..b6ec38de 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -29,6 +29,8 @@ if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then source ${PIHOLE_COLTABLE_FILE} else COL_NC='\e[0m' # No Color + COL_RED='\e[1;91m' + COL_GREEN='\e[1;32m' COL_YELLOW='\e[1;33m' COL_PURPLE='\e[1;35m' COL_CYAN='\e[0;36m' From 80c40e605078767845b2663eeb516666aa7e410b Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Mon, 16 Oct 2017 10:12:27 +1100 Subject: [PATCH 025/121] Prevent full stop being interpreted as regex Signed off by WaLLy3K --- pihole | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pihole b/pihole index 8359ba45..839ea8cd 100755 --- a/pihole +++ b/pihole @@ -85,7 +85,8 @@ updateGravityFunc() { # Scan an array of files for matching strings scanList(){ - local domain="${1}" lists="${2}" type="${3:-}" + # Escape full stops + local domain="${1//./\\.}" lists="${2}" type="${3:-}" # Prevent grep from printing file path cd "/etc/pihole" || exit 1 From 645d8e0ebd54787e9a24389fcd5a752c208736fe Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Thu, 19 Oct 2017 17:51:20 +1100 Subject: [PATCH 026/121] Fix issue where wildcarding didn't restart dnsmasq Signed off by WaLLy3K --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 839ea8cd..80cdefe7 100755 --- a/pihole +++ b/pihole @@ -336,7 +336,7 @@ restartDNS() { if [[ "${svcOption}" =~ "reload" ]]; then # Using SIGHUP will NOT re-read any *.conf files svc="killall -s SIGHUP dnsmasq" - elif [[ -z "${svcOption}" ]]; then + else # Get PID of dnsmasq to determine if it needs to start or restart if pidof dnsmasq &> /dev/null; then svcOption="restart" From 8b0785996e52ae19f89262fe542d94c8f8990078 Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 19 Oct 2017 22:39:43 -0600 Subject: [PATCH 027/121] remove .pullapprove.yml from .gitignore Closes #1535 --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index 91014dcd..0e0d4b99 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,3 @@ *.swp __pycache__ .cache -.pullapprove.yml From 0f868f7649417d6cf5b4fcbe3f640645825a92bf Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 19 Oct 2017 22:57:07 -0600 Subject: [PATCH 028/121] remove un-used DONE variable (still available via sourced COL_TABLE on line 29) --- advanced/Scripts/piholeDebug.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index b6ec38de..43393ee9 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -37,7 +37,6 @@ else TICK="[${COL_GREEN}✓${COL_NC}]" CROSS="[${COL_RED}✗${COL_NC}]" INFO="[i]" - DONE="${COL_GREEN} done!${COL_NC}" OVER="\r\033[K" fi From 85d159bdd185b60c3edb4fcb3e091258a302663d Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 21 Oct 2017 15:52:53 +0200 Subject: [PATCH 029/121] Randomize gravity update time Signed-off-by: DL6ER --- advanced/pihole.cron | 4 ++-- automated install/basic-install.sh | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/advanced/pihole.cron b/advanced/pihole.cron index f1beb08c..bb0d20d8 100644 --- a/advanced/pihole.cron +++ b/advanced/pihole.cron @@ -14,8 +14,8 @@ # is updated or re-installed. Please make any changes to the appropriate crontab # or other cron file snippets. -# Pi-hole: Update the ad sources once a week on Sunday at 01:59 -# Download any updates from the adlists +# Pi-hole: Update the ad sources once a week on Sunday at a random time in the +# early morning. Download any updates from the adlists 59 1 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updateGravity # Pi-hole: Update Pi-hole! Uncomment to enable auto update diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6eca6868..202b662d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1356,6 +1356,8 @@ installCron() { echo -ne " ${INFO} ${str}..." # Copy the cron file over from the local repo cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.cron /etc/cron.d/pihole + # Randomize gravity update time + sed -i "s/59 1/$((RANDOM % 60)) $((RANDOM % 2))/" /etc/cron.d/pihole echo -e "${OVER} ${TICK} ${str}" } From c34c3eb016bcd3a7bae51c462d4e514f4c916ffb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 21 Oct 2017 15:58:37 +0200 Subject: [PATCH 030/121] Shift randomized time interval from 00:00-01:59 to 02:00-03:59 --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 202b662d..62b9cc3a 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1357,7 +1357,7 @@ installCron() { # Copy the cron file over from the local repo cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.cron /etc/cron.d/pihole # Randomize gravity update time - sed -i "s/59 1/$((RANDOM % 60)) $((RANDOM % 2))/" /etc/cron.d/pihole + sed -i "s/59 1/$((RANDOM % 60)) $((2 + RANDOM % 2))/" /etc/cron.d/pihole echo -e "${OVER} ${TICK} ${str}" } From 2390b803590b99b7babaac0d467404d8c086929e Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Wed, 25 Oct 2017 21:04:43 +1100 Subject: [PATCH 031/121] Silence non-numeric domains_being_blocked output * Round $cpu_mhz to 1 decimal place * Remove ".0" from $cpu_freq * Silence non-numeric domains_being_blocked output * Use "Core" and "Web" as appropriate Signed off by WaLLy3K --- advanced/Scripts/chronometer.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index a9ccf900..8599e995 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -302,7 +302,8 @@ get_sys_stats() { # Determine whether to display CPU clock speed as MHz or GHz if [[ -n "$cpu_mhz" ]]; then - [[ "$cpu_mhz" -le "999" ]] && cpu_freq="$cpu_mhz MHz" || cpu_freq="$(calcFunc "$cpu_mhz"/1000) GHz" + [[ "$cpu_mhz" -le "999" ]] && cpu_freq="$cpu_mhz MHz" || cpu_freq="$(printf "%.1f" $(calcFunc "$cpu_mhz"/1000)) GHz" + [[ "${cpu_freq}" == *".0"* ]] && cpu_freq="${cpu_freq/.0/}" fi # Determine colour for temperature @@ -380,7 +381,7 @@ get_ftl_stats() { local top_domain_raw local top_client_raw - domains_being_blocked=$(printf "%.0f\\n" "${domains_being_blocked_raw}") + domains_being_blocked=$(printf "%.0f\\n" "${domains_being_blocked_raw}" 2> /dev/null) dns_queries_today=$(printf "%.0f\\n" "${dns_queries_today_raw}") ads_blocked_today=$(printf "%.0f\\n" "${ads_blocked_today_raw}") ads_percentage_today=$(printf "%'.0f\\n" "${ads_percentage_today_raw}") @@ -403,9 +404,9 @@ get_ftl_stats() { get_strings() { # Expand or contract strings depending on screen size if [[ "$chrono_width" == "large" ]]; then - phc_str=" ${COL_DARK_GRAY}Pi-hole" - lte_str=" ${COL_DARK_GRAY}Admin" - ftl_str=" ${COL_DARK_GRAY}FTL" + phc_str=" ${COL_DARK_GRAY}Core" + lte_str=" ${COL_DARK_GRAY}Web" + ftl_str=" ${COL_DARK_GRAY}FTL" api_str="${COL_LIGHT_RED}API Offline" host_info="$sys_type" @@ -419,7 +420,7 @@ get_strings() { ph_info="Blocking: $domains_being_blocked sites" total_str="Total: " else - phc_str=" ${COL_DARK_GRAY}PH" + phc_str=" ${COL_DARK_GRAY}Core" lte_str=" ${COL_DARK_GRAY}Web" ftl_str=" ${COL_DARK_GRAY}FTL" api_str="${COL_LIGHT_RED}API Down" From b9ae01d819938efc487cc49e865b11544bd5b85f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 25 Oct 2017 17:46:24 +0200 Subject: [PATCH 032/121] Send SIGHUP to pihole-FTL when restarting/reloading dnsmasq Signed-off-by: DL6ER --- pihole | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pihole b/pihole index 80cdefe7..ef0279c5 100755 --- a/pihole +++ b/pihole @@ -200,7 +200,7 @@ Options: # Scan Wildcards if [[ -e "${wildcardlist}" ]]; then - # Determine all subdomains, domain and TLDs + # Determine all subdomains, domain and TLDs mapfile -t wildcards <<< "$(processWildcards "${domainQuery}")" for match in "${wildcards[@]}"; do @@ -346,6 +346,9 @@ restartDNS() { svc="service dnsmasq ${svcOption}" fi + # Send signal to FTL to have it re-parse the gravity files + killall -s SIGHUP pihole-FTL + # Print output to Terminal, but not to Web Admin str="${svcOption^}ing DNS service" [[ -t 1 ]] && echo -ne " ${INFO} ${str}..." @@ -483,7 +486,7 @@ statusFunc() { # Determine if Pi-hole's addn-hosts configs are commented out addnConfigs=$(grep -i "addn-hosts=/" /etc/dnsmasq.d/01-pihole.conf) - + if [[ "${addnConfigs}" =~ "#" ]]; then # A config is commented out case "${1}" in From 8dba2a88e2f6436e9eff9adb38d04c4bbd594443 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Wed, 25 Oct 2017 23:07:45 -0400 Subject: [PATCH 033/121] Move FTL re-parsing call after dnsmasq restart --- pihole | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pihole b/pihole index ef0279c5..d37083f8 100755 --- a/pihole +++ b/pihole @@ -346,9 +346,6 @@ restartDNS() { svc="service dnsmasq ${svcOption}" fi - # Send signal to FTL to have it re-parse the gravity files - killall -s SIGHUP pihole-FTL - # Print output to Terminal, but not to Web Admin str="${svcOption^}ing DNS service" [[ -t 1 ]] && echo -ne " ${INFO} ${str}..." @@ -362,6 +359,9 @@ restartDNS() { [[ ! -t 1 ]] && local OVER="" echo -e "${OVER} ${CROSS} ${output}" fi + + # Send signal to FTL to have it re-parse the gravity files + killall -s SIGHUP pihole-FTL } piholeEnable() { From 6ca47dc3b360a8566d0c505d0c4cf23ed0017d61 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 28 Oct 2017 13:20:02 +0200 Subject: [PATCH 034/121] Add bash / cron based update checker for Pi-hole --- advanced/Scripts/updatecheck.sh | 70 +++++++++++++++++++++++++++++++++ advanced/pihole.cron | 3 ++ pihole | 10 ++++- 3 files changed, 81 insertions(+), 2 deletions(-) create mode 100755 advanced/Scripts/updatecheck.sh diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh new file mode 100755 index 00000000..86f4ba93 --- /dev/null +++ b/advanced/Scripts/updatecheck.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +# Pi-hole: A black hole for Internet advertisements +# (c) 2017 Pi-hole, LLC (https://pi-hole.net) +# Network-wide ad blocking via your own hardware. +# +# Checks for updates via GitHub +# +# This file is copyright under the latest version of the EUPL. +# Please see LICENSE file for your rights under this license. + +# Credit: https://stackoverflow.com/a/46324904 +function json_extract() { + local key=$1 + local json=$2 + + local string_regex='"([^"\]|\\.)*"' + local number_regex='-?(0|[1-9][0-9]*)(\.[0-9]+)?([eE][+-]?[0-9]+)?' + local value_regex="${string_regex}|${number_regex}|true|false|null" + local pair_regex="\"${key}\"[[:space:]]*:[[:space:]]*(${value_regex})" + + if [[ ${json} =~ ${pair_regex} ]]; then + echo $(sed 's/^"\|"$//g' <<< "${BASH_REMATCH[1]}") + else + return 1 + fi +} + +GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")" +GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" +GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")" + +echo "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions" + +function get_local_branch() { + # Return active branch + local directory + directory="${1}" + local output + + cd "${directory}" || return 1 + # Store STDERR as STDOUT variable + output=$( { git rev-parse --abbrev-ref HEAD; } 2>&1 ) + echo "$output" + return +} + +CORE_BRANCH="$(get_local_branch /etc/.pihole)" +WEB_BRANCH="$(get_local_branch /var/www/html/admin)" +FTL_BRANCH="$(pihole-FTL tag)" + +echo "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches" + +function get_local_version() { + # Return active branch + local directory + directory="${1}" + local output + + cd "${directory}" || return 1 + # Store STDERR as STDOUT variable + output=$( { git describe --long --dirty --tags; } 2>&1 ) + echo "$output" + return +} + +CORE_VERSION="$(get_local_version /etc/.pihole)" +WEB_VERSION="$(get_local_version /var/www/html/admin)" +FTL_VERSION="$(pihole-FTL version)" + +echo "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions" diff --git a/advanced/pihole.cron b/advanced/pihole.cron index f1beb08c..c873b79d 100644 --- a/advanced/pihole.cron +++ b/advanced/pihole.cron @@ -28,3 +28,6 @@ 00 00 * * * root PATH="$PATH:/usr/local/bin/" pihole flush once quiet @reboot root /usr/sbin/logrotate /etc/pihole/logrotate + +# Pi-hole: Grab remote version and branch every 10 minutes +*/10 * * * * root PATH="$PATH:/usr/local/bin/" pihole updatechecker diff --git a/pihole b/pihole index 80cdefe7..601d8d02 100755 --- a/pihole +++ b/pihole @@ -200,7 +200,7 @@ Options: # Scan Wildcards if [[ -e "${wildcardlist}" ]]; then - # Determine all subdomains, domain and TLDs + # Determine all subdomains, domain and TLDs mapfile -t wildcards <<< "$(processWildcards "${domainQuery}")" for match in "${wildcards[@]}"; do @@ -483,7 +483,7 @@ statusFunc() { # Determine if Pi-hole's addn-hosts configs are commented out addnConfigs=$(grep -i "addn-hosts=/" /etc/dnsmasq.d/01-pihole.conf) - + if [[ "${addnConfigs}" =~ "#" ]]; then # A config is commented out case "${1}" in @@ -579,6 +579,11 @@ tricorderFunc() { fi } +updateCheckFunc() { + "${PI_HOLE_SCRIPT_DIR}"/updatecheck.sh "$@" + exit 0 +} + helpFunc() { echo "Usage: pihole [options] Example: 'pihole -w -h' @@ -650,5 +655,6 @@ case "${1}" in "-t" | "tail" ) tailFunc;; "checkout" ) piholeCheckoutFunc "$@";; "tricorder" ) tricorderFunc;; + "updatechecker" ) updateCheckFunc;; * ) helpFunc;; esac From 709851503fb243d0d62dca6c98e2e7c774d71f73 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 28 Oct 2017 13:27:12 +0200 Subject: [PATCH 035/121] Use "pihole-FTL branch" to get FTL's branch Signed-off-by: DL6ER --- advanced/Scripts/updatecheck.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 86f4ba93..12c49445 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -46,7 +46,7 @@ function get_local_branch() { CORE_BRANCH="$(get_local_branch /etc/.pihole)" WEB_BRANCH="$(get_local_branch /var/www/html/admin)" -FTL_BRANCH="$(pihole-FTL tag)" +FTL_BRANCH="$(pihole-FTL branch)" echo "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches" From 9be854031fe01dd5ba102878c130950bae4a66d1 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 28 Oct 2017 13:41:24 +0200 Subject: [PATCH 036/121] Don't store FTL branch until the next release of FTL which supports returning the branch in an easy way Signed-off-by: DL6ER --- advanced/Scripts/updatecheck.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 12c49445..446fc4ac 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -46,7 +46,10 @@ function get_local_branch() { CORE_BRANCH="$(get_local_branch /etc/.pihole)" WEB_BRANCH="$(get_local_branch /var/www/html/admin)" -FTL_BRANCH="$(pihole-FTL branch)" +#FTL_BRANCH="$(pihole-FTL branch)" +# Don't store FTL branch until the next release of FTL which +# supports returning the branch in an easy way +FTL_BRANCH="XXX" echo "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches" From 7362416afb1a24e252757206dd8bc41f3ca167da Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 28 Oct 2017 15:40:48 +0200 Subject: [PATCH 037/121] Force an update of the updatechecker after update/install Signed-off-by: DL6ER --- automated install/basic-install.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6eca6868..8ebd48b2 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2077,6 +2077,9 @@ main() { # Download and compile the aggregated block list runGravity + # Force an update of the updatechecker + . /opt/pihole/updatecheck.sh + # if [[ "${useUpdateVars}" == false ]]; then displayFinalMessage "${pw}" From 0db76aada0847655b9965b03ee093edbc205e2d4 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 28 Oct 2017 15:44:17 +0200 Subject: [PATCH 038/121] Silence errors when directory to be checked does not exist (system may have been installed without a web interface!) Signed-off-by: DL6ER --- advanced/Scripts/updatecheck.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 446fc4ac..26b7d4b0 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -37,7 +37,7 @@ function get_local_branch() { directory="${1}" local output - cd "${directory}" || return 1 + cd "${directory}" 2> /dev/null || return 1 # Store STDERR as STDOUT variable output=$( { git rev-parse --abbrev-ref HEAD; } 2>&1 ) echo "$output" @@ -59,7 +59,7 @@ function get_local_version() { directory="${1}" local output - cd "${directory}" || return 1 + cd "${directory}" 2> /dev/null || return 1 # Store STDERR as STDOUT variable output=$( { git describe --long --dirty --tags; } 2>&1 ) echo "$output" From 06764d0f367cb3af61089a243ed3c56e1fd06e31 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 29 Oct 2017 15:37:39 +0100 Subject: [PATCH 039/121] Randomize gravity update time between 03:01 - 04:58 (excluding 04:00) Signed-off-by: DL6ER --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 62b9cc3a..647661f8 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1357,7 +1357,7 @@ installCron() { # Copy the cron file over from the local repo cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.cron /etc/cron.d/pihole # Randomize gravity update time - sed -i "s/59 1/$((RANDOM % 60)) $((2 + RANDOM % 2))/" /etc/cron.d/pihole + sed -i "s/59 1/$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /etc/cron.d/pihole echo -e "${OVER} ${TICK} ${str}" } From 209a2ab3ecd0b0ed6433d5f6973364c53c18658c Mon Sep 17 00:00:00 2001 From: Mausy5043 Date: Sun, 5 Nov 2017 10:05:25 +0100 Subject: [PATCH 040/121] grammar corrected (double negative) --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 647661f8..176c68ec 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -218,7 +218,7 @@ elif command -v rpm &> /dev/null; then LIGHTTPD_CFG="lighttpd.conf.fedora" DNSMASQ_USER="nobody" -# If neither apt-get or rmp/dnf are not found +# If neither apt-get or rmp/dnf are found else # it's not an OS we can support, echo -e " ${CROSS} OS distribution not supported" From d158a7d51ea7a47cd99e7bb74d6bfa5d9ed30c7f Mon Sep 17 00:00:00 2001 From: Mausy5043 Date: Sun, 5 Nov 2017 10:16:56 +0100 Subject: [PATCH 041/121] spelling corrected --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 176c68ec..bb96308c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1677,7 +1677,7 @@ update_dialogs() { echo -e " ${INFO} ${opt1a} option selected" useUpdateVars=true ;; - # recongigure, + # reconfigure, ${opt2a}) echo -e " ${INFO} ${opt2a} option selected" useUpdateVars=false From 63312ac4b8b4275692202a126432da893b7a1bb5 Mon Sep 17 00:00:00 2001 From: Mausy5043 Date: Sun, 5 Nov 2017 10:18:39 +0100 Subject: [PATCH 042/121] removed duplicate word --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index bb96308c..5ae27a9c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1670,7 +1670,7 @@ update_dialogs() { "${opt2a}" "${opt2b}" 3>&2 2>&1 1>&3) || \ { echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } - # Set the variable based on if the user user chooses + # Set the variable based on if the user chooses case ${UpdateCmd} in # repair, or ${opt1a}) From ec4e4d3b726f4af2ca28f8c8c781e741a8d11943 Mon Sep 17 00:00:00 2001 From: Mausy5043 Date: Sun, 5 Nov 2017 11:02:04 +0100 Subject: [PATCH 043/121] fix indentation --- automated install/basic-install.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5ae27a9c..df200e2c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1262,14 +1262,14 @@ install_dependent_packages() { installArray+=("${i}") fi done + # + if [[ "${#installArray[@]}" -gt 0 ]]; then # - if [[ "${#installArray[@]}" -gt 0 ]]; then - # - "${PKG_INSTALL[@]}" "${installArray[@]}" &> /dev/null - return - fi - echo "" - return 0 + "${PKG_INSTALL[@]}" "${installArray[@]}" &> /dev/null + return + fi + echo "" + return 0 } # Create logfiles if necessary From 90efa3b6101066b898082504661be373eab051c8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 8 Nov 2017 19:11:41 +0100 Subject: [PATCH 044/121] Simplify git subroutines Signed-off-by: DL6ER --- advanced/Scripts/updatecheck.sh | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 26b7d4b0..9b79c4cb 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -33,15 +33,8 @@ echo "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/et function get_local_branch() { # Return active branch - local directory - directory="${1}" - local output - - cd "${directory}" 2> /dev/null || return 1 - # Store STDERR as STDOUT variable - output=$( { git rev-parse --abbrev-ref HEAD; } 2>&1 ) - echo "$output" - return + cd "${1}" 2> /dev/null || return 1 + git rev-parse --abbrev-ref HEAD || return 1 } CORE_BRANCH="$(get_local_branch /etc/.pihole)" @@ -55,15 +48,8 @@ echo "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches" function get_local_version() { # Return active branch - local directory - directory="${1}" - local output - - cd "${directory}" 2> /dev/null || return 1 - # Store STDERR as STDOUT variable - output=$( { git describe --long --dirty --tags; } 2>&1 ) - echo "$output" - return + cd "${1}" 2> /dev/null || return 1 + git describe --long --dirty --tags || return 1 } CORE_VERSION="$(get_local_version /etc/.pihole)" From 8a40c91d1a49f99ac70593921408214f60643952 Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Wed, 8 Nov 2017 20:03:18 -0600 Subject: [PATCH 045/121] made above the fold focus on the logo and Pi-holes features. fixed typos. wordsmithed Signed-off-by: Jacob Salmela --- README.md | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index c40a134f..3feef11d 100644 --- a/README.md +++ b/README.md @@ -3,11 +3,6 @@ Network-wide ad blocking via your own Linux hardware

-# Core: Command Line Interface - - - -## Summary The Pi-hole blocks ads via a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole), so all your devices are protected without the need to install client-side software. - **Easy-to-install**: our versatile installer walks you through the process, and [takes less than ten minutes](https://www.youtube.com/watch?v=vKWjx1AQYgs) @@ -22,6 +17,9 @@ The Pi-hole blocks ads via a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Si - **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy ----- + + + ## One-Step Automated Install 1. Install a [supported operating system](https://discourse.pi-hole.net/t/hardware-software-requirements/273/1) @@ -30,7 +28,7 @@ The Pi-hole blocks ads via a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Si #### `curl -sSL https://install.pi-hole.net | bash` ## Alternative Install Methods -[Piping to `bash` can be dangerous](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash/), so we understand the importance of giving people the option to review our code! Our installer is [found here](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh), if you wish to read it before running. +[Piping to `bash` _can_ be dangerous](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash/), so we understand the importance of giving people the option to review our code! Our installer is [found here](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh), if you wish to read it before running. You can install Pi-hole via one of the two alternative methods: @@ -58,15 +56,15 @@ As a last resort, you can always manually set each device to use Pi-hole as thei ----- ## Pi-hole is free, but powered by your support -There are many reoccuring costs involved with maintaining free, open source and privacy respecting software; expenses which [our volunteers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. +There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. Make no mistake: **your support is absolutely vital to help keep us innovating!** ### Donations -Sending a donation using our links below is **extremely helpful** in offset a portion of our monthly costs: +Sending a donation using our links below is **extremely helpful** in offsetting a portion of our monthly expenses: - ![Paypal](https://assets.pi-hole.net/static/paypal.png) [Donate via PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY) -- ![Bitcoin](https://assets.pi-hole.net/static/Bitcoin.png) Bitcoin Address: 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL +- ![Bitcoin](https://assets.pi-hole.net/static/Bitcoin.png) 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL ### Alternative support If you'd rather not donate (_which is okay!_), there are other ways you can help support us: @@ -78,7 +76,7 @@ If you'd rather not donate (_which is okay!_), there are other ways you can help - Spreading the word about our software, and how you have benefited from it ### Contributing via GitHub -We welcome everyone to contribute to issue reports, suggest new features and create pull requests. +We welcome _everyone_ to contribute to issue reports, suggest new features, and create pull requests. If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve. @@ -102,7 +100,7 @@ Word-of-mouth continues to help our project grow immensely, and we'd like to hel ----- -## Features +## Breakdown Of Features ### The Command Line Interface The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole. @@ -112,7 +110,7 @@ Some of the features include: * [Whitelisting, Blacklisting and Wildcards](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#whitelisting-blacklisting-and-wildcards) * [Debugging utility](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#debugger) * [Viewing the live log file](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#tail) -* [Real-time Statistics via `ssh`](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#chronometer) or [your TFT LCD screen](http://www.amazon.com/exec/obidos/ASIN/B00ID39LM4/pihole09-20) +* [Real-time Statistics via `ssh`](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#chronometer) or [your TFT LCD screen](https://www.amazon.com/gp/product/B01HN0LL2A/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&tag=pihole09-20&camp=1789&creative=9325&linkCode=as2&creativeASIN=B01HN0LL2A&linkId=fb33e9efb10c1daba0dd1dd9fea72b1a) * [Updating Ad Lists](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#gravity) * [Querying Ad Lists for matching domains](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#query) * [Enabling and Disabling Pi-hole](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#enable--disable) @@ -132,9 +130,9 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t 3. `http://pi.hole/` (when using Pi-hole as your DNS server) ## The Faster-Than-Light Engine -The [FTL Engine](https://github.com/pi-hole/FTL) is a lightweight purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily intergrated into your own projects. As the name implies, FTL does this all *very quickly*! +The [FTL Engine](https://github.com/pi-hole/FTL) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTL does this all *very quickly*! -Some of the statistics you can intergrate include: +Some of the statistics you can integrate include: * Total number of domains being blocked * Total number of DNS queries today * Total number of ads blocked today @@ -148,8 +146,8 @@ The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web ----- -## Technical Details -To summarize into a short sentence, the Pi-hole is an **advertising-aware DNS/Web server**. While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how it was setup and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state. +## The Origin Of Pi-hole +While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally setup and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state. ----- @@ -189,3 +187,4 @@ To summarize into a short sentence, the Pi-hole is an **advertising-aware DNS/We - [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) - [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) - [CryptoAUSTRALIA Blog: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) +- [CryptoAUSTRALIA Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) From f36ac48de0098783eac39067f95e8adcc307cfce Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Wed, 15 Nov 2017 13:15:59 +1100 Subject: [PATCH 046/121] Use GH Pages images & update wording Signed off by WaLLy3K --- README.md | 118 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 72 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 3feef11d..99579fa0 100644 --- a/README.md +++ b/README.md @@ -1,45 +1,42 @@

-
-Network-wide ad blocking via your own Linux hardware +Pi-hole
+Network-wide ad blocking via your own Linux hardware

-The Pi-hole blocks ads via a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole), so all your devices are protected without the need to install client-side software. +The Pi-hole is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software. - **Easy-to-install**: our versatile installer walks you through the process, and [takes less than ten minutes](https://www.youtube.com/watch?v=vKWjx1AQYgs) -- **Resolute**: ads are blocked in _non-browser locations_ such as ad-laden mobile apps and smart TVs -- **Fast**: speeds up the feel of everyday browsing by caching DNS queries, saving bandwidth -- **Lightweight**: runs smoothly and requires [minimal resources](https://discourse.pi-hole.net/t/hardware-software-requirements/273) -- **Robust**: a command line interface for those preferring CLI, and/or wanting to automate tasks -- **Informative**: a beautiful and secure Web Interface dashboard to control your Pi-hole -- **Versatile**: can optionally function as a DHCP server, ensuring your devices will not need configuring individually -- **Scalable**: [capable of handling hundreds of millions of queries](https://pi-hole.net/2017/05/24/how-much-traffic-can-pi-hole-handle/) when installed on powerful hardware +- **Resolute**: content is blocked in _non-browser locations_, such as ad-laden mobile apps and smart TVs +- **Responsive**: seamlessly speeds up the feel of everyday browsing by caching DNS queries +- **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://discourse.pi-hole.net/t/hardware-software-requirements/273) +- **Robust**: a command line interface that is quality assured for interoperability +- **Insightful**: a beautiful responsive Web Interface dashboard to view and control your Pi-hole +- **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring *all* your devices are protected automatically +- **Scalable**: [capable of handling hundreds of millions of queries](https://pi-hole.net/2017/05/24/how-much-traffic-can-pi-hole-handle/) when installed on server-grade hardware - **Modern**: blocks ads over both IPv4 and IPv6 - **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy ----- - - - +Codacy Grade +Travis Build Status +BountySource ## One-Step Automated Install -1. Install a [supported operating system](https://discourse.pi-hole.net/t/hardware-software-requirements/273/1) -2. Run the following command +Those who want to get started quickly and conveniently, may install Pi-hole using the following command: #### `curl -sSL https://install.pi-hole.net | bash` ## Alternative Install Methods -[Piping to `bash` _can_ be dangerous](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash/), so we understand the importance of giving people the option to review our code! Our installer is [found here](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh), if you wish to read it before running. +[Piping to `bash` is controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash), as it prevents you from [reading code that is about to run](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) on your system. Therefore, we provide these alternative installation methods which allow code review before installation: -You can install Pi-hole via one of the two alternative methods: - -### Clone our repository and run the automated installer from your device +### Method 1: Clone our repository and run ``` git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole cd "Pi-hole/automated install/" bash basic-install.sh ``` -### Manually download and execute the install file +### Method 2: Manually download the installer and run ``` wget -O basic-install.sh https://install.pi-hole.net bash basic-install.sh @@ -47,7 +44,7 @@ bash basic-install.sh ## Post-install: Make your network take advantage of Pi-hole -Once the installer has been run, you will need to [configure your router to have **DHCP clients use the Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) so that any device that connects to your network will have ads blocked without any further intervention. +Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention. If your router does not support setting the DNS server, you can [use Pi-hole's built in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available). @@ -56,15 +53,15 @@ As a last resort, you can always manually set each device to use Pi-hole as thei ----- ## Pi-hole is free, but powered by your support -There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. +There are many reoccurring costs involved with maintaining free, open source, and privacy respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. Make no mistake: **your support is absolutely vital to help keep us innovating!** ### Donations Sending a donation using our links below is **extremely helpful** in offsetting a portion of our monthly expenses: -- ![Paypal](https://assets.pi-hole.net/static/paypal.png) [Donate via PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY) -- ![Bitcoin](https://assets.pi-hole.net/static/Bitcoin.png) 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL + PP Donate via PayPal
BTC Bitcoin Address: 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL ### Alternative support If you'd rather not donate (_which is okay!_), there are other ways you can help support us: @@ -83,36 +80,44 @@ If you have something to add - anything from a typo through to a whole new featu You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it, and submit a pull request for us to review. ### Presentations about Pi-hole -Word-of-mouth continues to help our project grow immensely, and we'd like to help those who are going to be presenting Pi-hole at a conference, meetup or even a school project. If you'd like some free swag to hand out to your audience, [get in touch with us](https://pi-hole.net/2017/05/17/giving-a-presentation-on-pi-hole-contact-us-first-for-some-goodies-and-support/). +Word-of-mouth continues to help our project grow immensely, and so we are helping make this easier for people. + +If you are going to be presenting Pi-hole at a conference, meetup or even a school project, [get in touch with us](https://pi-hole.net/2017/05/17/giving-a-presentation-on-pi-hole-contact-us-first-for-some-goodies-and-support/) so we can hook you up with free swag to hand out to your audience! ----- ## Getting in touch with us -- [Users Forum](https://discourse.pi-hole.net/) -- [Feature requests](https://discourse.pi-hole.net/c/feature-requests?order=votes) -- [FAQs](https://discourse.pi-hole.net/c/faqs) -- [Wiki](https://github.com/pi-hole/pi-hole/wiki) -- [/r/pihole on Reddit](https://www.reddit.com/r/pihole/) -- [@The_Pi_Hole on Twitter](https://twitter.com/The_Pi_Hole) -- [Pi-hole on YouTube](https://www.youtube.com/channel/UCT5kq9w0wSjogzJb81C9U0w) -- [ThePiHole on Facebook](https://www.facebook.com/ThePiHole/) -- [Chat on Gitter](https://gitter.im/pi-hole/pi-hole) +While we are primarily reachable on our Discourse User Forum, we can also be found on a variety of social media outlets. **Please be sure to check the FAQ's** before starting a new discussion, as we do not have the spare time to reply to every request for assistance. + + + ----- -## Breakdown Of Features +## Breakdown of Features ### The Command Line Interface -The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole. +The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with understanding of `bash`. -Pi-hole ASCII Logo +Pi-hole Blacklist Demo -Some of the features include: +Some notable features include: * [Whitelisting, Blacklisting and Wildcards](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#whitelisting-blacklisting-and-wildcards) * [Debugging utility](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#debugger) * [Viewing the live log file](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#tail) -* [Real-time Statistics via `ssh`](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#chronometer) or [your TFT LCD screen](https://www.amazon.com/gp/product/B01HN0LL2A/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&tag=pihole09-20&camp=1789&creative=9325&linkCode=as2&creativeASIN=B01HN0LL2A&linkId=fb33e9efb10c1daba0dd1dd9fea72b1a) +* [Real-time Statistics via `ssh`](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#chronometer) or [your TFT LCD screen](http://www.amazon.com/exec/obidos/ASIN/B00ID39LM4/pihole09-20) * [Updating Ad Lists](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#gravity) -* [Querying Ad Lists for matching domains](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#query) +* [Querying Ad Lists for blocked domains](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#query) * [Enabling and Disabling Pi-hole](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#enable--disable) * ... and *many* more! @@ -121,7 +126,17 @@ You can read our [Core Feature Breakdown](https://github.com/pi-hole/pi-hole/wik ### The Web Interface Dashboard This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve! -Pi-hole Dashboard +Pi-hole Dashboard + +Some notable features include: +* Mobile friendly interface +* Password protection +* Detailed graphs and doughnut charts +* Top lists of domains and clients +* A filterable and sortable query log +* Long Term Statistics to view data over user defined time ranges +* The ability to easily manage and configure Pi-hole features +* ... and all the main features of the Command Line Interface! There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168): @@ -139,19 +154,28 @@ Some of the statistics you can integrate include: * Percentage of ads blocked * Unique domains * Queries forwarded (to your chosen upstream DNS server) -* Queries cached (served by Pi-hole) -* Unique Pi-hole clients +* Queries cached +* Unique clients -The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). [More details are found here](https://discourse.pi-hole.net/t/pi-hole-api/1863). +The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can out find [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). ----- ## The Origin Of Pi-hole +Pi-hole being a **advertising-aware DNS/Web server**, makes use of the following technologies: + +* [`dnsmasq`](http://www.thekelleys.org.uk/dnsmasq/doc.html) - a lightweight DNS and DHCP server +* [`curl`](https://curl.haxx.se) - A command line tool for transferring data with URL syntax +* [`lighttpd`](https://www.lighttpd.net) - webserver designed and optimized for high performance +* [`php`](https://secure.php.net) - a popular general-purpose web scripting language +* [AdminLTE Dashboard](https://github.com/almasaeed2010/AdminLTE) - premium admin control panel based on Bootstrap 3.x + While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally setup and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state. ----- ## Pi-hole Projects +- [The Big Blocklist Collection](https://wally3k.github.io) - [Docker Pi-hole container (x86 and ARM)](https://hub.docker.com/r/diginc/pi-hole/) - [Pi-Hole in the cloud](http://blog.codybunch.com/2015/07/28/Pi-Hole-in-the-cloud/) - [Pie in the Sky-Hole [A Pi-Hole in the cloud for ad-blocking via DNS]](https://dlaa.me/blog/post/skyhole) @@ -186,5 +210,7 @@ While quite outdated at this point, [this original blog post about Pi-hole](http - [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s) - [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) - [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) -- [CryptoAUSTRALIA Blog: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) -- [CryptoAUSTRALIA Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) +- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole) +- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) +- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) +- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355) From eb9c44a347c40a6ee7aba8a0719e4648543d22a3 Mon Sep 17 00:00:00 2001 From: Terror Date: Fri, 17 Nov 2017 15:54:04 +1300 Subject: [PATCH 047/121] Add support for Quad9 secure dns server See www.quad9.net --- automated install/basic-install.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b43dbe4b..c0d7daba 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -764,6 +764,7 @@ setDNS() { Norton "" Comodo "" DNSWatch "" + Quad9 "" Custom "") # In a whiptail dialog, show the options DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." ${r} ${c} 6 \ @@ -805,6 +806,10 @@ setDNS() { PIHOLE_DNS_1="84.200.69.80" PIHOLE_DNS_2="84.200.70.40" ;; + Quad9) + echo "Quad9 servers" + PIHOLE_DNS_1="9.9.9.9" + ;; Custom) # Until the DNS settings are selected, until [[ "${DNSSettingsCorrect}" = True ]]; do From 616962200ad370ede985f26f94946e5b7bc55de9 Mon Sep 17 00:00:00 2001 From: Terror Date: Fri, 17 Nov 2017 18:18:13 +1300 Subject: [PATCH 048/121] Update the list size to show all the options --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c0d7daba..61d759ff 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -767,7 +767,7 @@ setDNS() { Quad9 "" Custom "") # In a whiptail dialog, show the options - DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." ${r} ${c} 6 \ + DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." ${r} ${c} 7 \ "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \ # exit if Cancel is selected { echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; } From d92f9b4dbde04ef661f25705c636012991452476 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Mon, 20 Nov 2017 15:59:13 +1100 Subject: [PATCH 049/121] Add separator between FAQ/Requests & Social Media This is to add emphasis that the first three options should be considered before the social media outlets. Signed off by WaLLy3K --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 99579fa0..a856839b 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ While we are primarily reachable on our Pi-hole Wiki
  • Feature Requests
    • +
    • Discourse User Forum
    • Reddit
      • From 9c8526db49bccbf2fd8443ee7cdda9c91e379f7d Mon Sep 17 00:00:00 2001 From: Loganaden Velvindron Date: Mon, 20 Nov 2017 22:05:41 +0400 Subject: [PATCH 050/121] Add secondary quad9 server --- automated install/basic-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 61d759ff..e90bb396 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -809,6 +809,7 @@ setDNS() { Quad9) echo "Quad9 servers" PIHOLE_DNS_1="9.9.9.9" + PIHOLE_DNS_2="149.112.112.112" ;; Custom) # Until the DNS settings are selected, From 164a81776eb055f98418f6eafcfe17f9333be2b2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 21 Nov 2017 18:30:40 +0100 Subject: [PATCH 051/121] Allow to add local lists to gravity using e.g. file:///path/to/my.list in adlists.list Signed-off-by: DL6ER --- gravity.sh | 44 ++++++++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/gravity.sh b/gravity.sh index f4b5fc36..453985e6 100755 --- a/gravity.sh +++ b/gravity.sh @@ -138,8 +138,9 @@ gravity_Collapse() { # Logic: Split by folder/port awk -F '[/:]' '{ # Remove URL protocol & optional username:password@ - gsub(/(.*:\/\/|.*:.*@)/, "", $0) - print $1 + gsub(/(.*:\/\/|)/, "", $0) + if(length($1)>0){print $1} + else {print "local"} }' <<< "$(printf '%s\n' "${sources[@]}")" 2> /dev/null )" @@ -203,20 +204,27 @@ gravity_Pull() { # shellcheck disable=SC2086 httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null) - # Determine "Status:" output based on HTTP response - case "${httpCode}" in - "200") echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true;; - "304") echo -e "${OVER} ${TICK} ${str} No changes detected"; success=true;; - "000") echo -e "${OVER} ${CROSS} ${str} Connection Refused";; - "403") echo -e "${OVER} ${CROSS} ${str} Forbidden";; - "404") echo -e "${OVER} ${CROSS} ${str} Not found";; - "408") echo -e "${OVER} ${CROSS} ${str} Time-out";; - "451") echo -e "${OVER} ${CROSS} ${str} Unavailable For Legal Reasons";; - "500") echo -e "${OVER} ${CROSS} ${str} Internal Server Error";; - "504") echo -e "${OVER} ${CROSS} ${str} Connection Timed Out (Gateway)";; - "521") echo -e "${OVER} ${CROSS} ${str} Web Server Is Down (Cloudflare)";; - "522") echo -e "${OVER} ${CROSS} ${str} Connection Timed Out (Cloudflare)";; - * ) echo -e "${OVER} ${CROSS} ${str} ${httpCode}";; + case $url in + # Did we "download" a remote file? + "http"*) + # Determine "Status:" output based on HTTP response + case "${httpCode}" in + "200") echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true;; + "304") echo -e "${OVER} ${TICK} ${str} No changes detected"; success=true;; + "000") echo -e "${OVER} ${CROSS} ${str} Connection Refused";; + "403") echo -e "${OVER} ${CROSS} ${str} Forbidden";; + "404") echo -e "${OVER} ${CROSS} ${str} Not found";; + "408") echo -e "${OVER} ${CROSS} ${str} Time-out";; + "451") echo -e "${OVER} ${CROSS} ${str} Unavailable For Legal Reasons";; + "500") echo -e "${OVER} ${CROSS} ${str} Internal Server Error";; + "504") echo -e "${OVER} ${CROSS} ${str} Connection Timed Out (Gateway)";; + "521") echo -e "${OVER} ${CROSS} ${str} Web Server Is Down (Cloudflare)";; + "522") echo -e "${OVER} ${CROSS} ${str} Connection Timed Out (Cloudflare)";; + * ) echo -e "${OVER} ${CROSS} ${str} ${httpCode}";; + esac;; + # Did we "download" a local file? + "file"*) echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true;; + * ) echo -e "${OVER} ${CROSS} ${str} ${url} ${httpCode}";; esac # Determine if the blocklist was downloaded and saved correctly @@ -229,7 +237,7 @@ gravity_Pull() { gravity_ParseFileIntoDomains "${patternBuffer}" "${saveLocation}" else # Fall back to previously cached list if $patternBuffer is empty - echo -e " ${INFO} Received empty file: ${COL_LIGHT_GREEN}using previously cached list${COL_NC}" + echo -e " ${INFO} ${COL_LIGHT_GREEN}Using previously cached list${COL_NC}" fi else # Determine if cached list has read permission @@ -407,7 +415,7 @@ gravity_Filter() { # Whitelist unique blocklist domain sources gravity_WhitelistBLD() { - local uniqDomains plural="" str + local uniqDomains plural="" str echo "" From 8976930e20fcabe529c544498db442ef04f824fb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 21 Nov 2017 18:35:58 +0100 Subject: [PATCH 052/121] Properly detect if local file was successfully downloaded Signed-off-by: DL6ER --- gravity.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index 453985e6..f563a442 100755 --- a/gravity.sh +++ b/gravity.sh @@ -193,9 +193,10 @@ gravity_Pull() { patternBuffer=$(mktemp -p "/tmp" --suffix=".phgpb") # Determine if $saveLocation has read permission - if [[ -r "${saveLocation}" ]]; then + if [[ -r "${saveLocation}" && $url != "file"* ]]; then # Have curl determine if a remote file has been modified since last retrieval # Uses "Last-Modified" header, which certain web servers do not provide (e.g: raw github urls) + # Note: Don't do this for local files, always download them heisenbergCompensator="-z ${saveLocation}" fi @@ -223,7 +224,12 @@ gravity_Pull() { * ) echo -e "${OVER} ${CROSS} ${str} ${httpCode}";; esac;; # Did we "download" a local file? - "file"*) echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true;; + "file"*) + if [[ -s "${patternBuffer}" ]]; then + echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true + else + echo -e "${OVER} ${CROSS} ${str} Not found" + fi;; * ) echo -e "${OVER} ${CROSS} ${str} ${url} ${httpCode}";; esac @@ -237,7 +243,7 @@ gravity_Pull() { gravity_ParseFileIntoDomains "${patternBuffer}" "${saveLocation}" else # Fall back to previously cached list if $patternBuffer is empty - echo -e " ${INFO} ${COL_LIGHT_GREEN}Using previously cached list${COL_NC}" + echo -e " ${INFO} Received empty file: ${COL_LIGHT_GREEN}using previously cached list${COL_NC}" fi else # Determine if cached list has read permission From eb83081a5c4f8b06cbbbd893ef4d95032c8d7e90 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 21 Nov 2017 18:36:34 +0100 Subject: [PATCH 053/121] Clarify error message: File could also have been of zero size Signed-off-by: DL6ER --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index f563a442..946dd820 100755 --- a/gravity.sh +++ b/gravity.sh @@ -228,7 +228,7 @@ gravity_Pull() { if [[ -s "${patternBuffer}" ]]; then echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true else - echo -e "${OVER} ${CROSS} ${str} Not found" + echo -e "${OVER} ${CROSS} ${str} Not found / empty list" fi;; * ) echo -e "${OVER} ${CROSS} ${str} ${url} ${httpCode}";; esac From c54f04ef4cbb3b850d4f96bc0ca6576d6893c2cc Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 21 Nov 2017 20:55:47 +0100 Subject: [PATCH 054/121] Repair username:password filtering Signed-off-by: DL6ER --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 946dd820..430b38f8 100755 --- a/gravity.sh +++ b/gravity.sh @@ -138,7 +138,7 @@ gravity_Collapse() { # Logic: Split by folder/port awk -F '[/:]' '{ # Remove URL protocol & optional username:password@ - gsub(/(.*:\/\/|)/, "", $0) + gsub(/(.*:\/\/|.*:.*@)/, "", $0) if(length($1)>0){print $1} else {print "local"} }' <<< "$(printf '%s\n' "${sources[@]}")" 2> /dev/null From 6f0bb30def2456c82a2b77ff97164b466c59ca1f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 21 Nov 2017 20:58:27 +0100 Subject: [PATCH 055/121] Improve indentation Signed-off-by: DL6ER --- gravity.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 430b38f8..8e666e35 100755 --- a/gravity.sh +++ b/gravity.sh @@ -230,7 +230,8 @@ gravity_Pull() { else echo -e "${OVER} ${CROSS} ${str} Not found / empty list" fi;; - * ) echo -e "${OVER} ${CROSS} ${str} ${url} ${httpCode}";; + * ) + echo -e "${OVER} ${CROSS} ${str} ${url} ${httpCode}";; esac # Determine if the blocklist was downloaded and saved correctly From 8d721d086cbe4b49665c9e0b1d81499b284776a9 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Tue, 21 Nov 2017 18:37:38 -0500 Subject: [PATCH 056/121] Modify indentation --- gravity.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index 8e666e35..eb69b49f 100755 --- a/gravity.sh +++ b/gravity.sh @@ -230,8 +230,7 @@ gravity_Pull() { else echo -e "${OVER} ${CROSS} ${str} Not found / empty list" fi;; - * ) - echo -e "${OVER} ${CROSS} ${str} ${url} ${httpCode}";; + *) echo -e "${OVER} ${CROSS} ${str} ${url} ${httpCode}";; esac # Determine if the blocklist was downloaded and saved correctly From 2dc185189221308918cd4802e61557f2e7211fb6 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Thu, 23 Nov 2017 13:17:34 +1100 Subject: [PATCH 057/121] Allow passwords with spaces e.g: `pihole -a -p "foo bar"` Signed off by WaLLy3K --- advanced/Scripts/webpage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index d5c4d45e..07bc160f 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -110,7 +110,7 @@ SetWebPassword() { fi if [ "${PASSWORD}" == "${CONFIRM}" ] ; then - hash=$(HashPassword ${PASSWORD}) + hash=$(HashPassword "${PASSWORD}") # Save hash to file change_setting "WEBPASSWORD" "${hash}" echo -e " ${TICK} New password set" From 0a4d3ef6e6c6b010b549d04841e6496df6ebff85 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Thu, 23 Nov 2017 13:35:51 +1100 Subject: [PATCH 058/121] Add "sudo bash" to installation instructions * Running as sudo/root prevents script from being re-downloaded, unintentionally side-stepping manual code review by end user Signed off by WaLLy3K --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a856839b..f6d15f43 100644 --- a/README.md +++ b/README.md @@ -33,13 +33,13 @@ Those who want to get started quickly and conveniently, may install Pi-hole usin ``` git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole cd "Pi-hole/automated install/" -bash basic-install.sh +sudo bash basic-install.sh ``` ### Method 2: Manually download the installer and run ``` wget -O basic-install.sh https://install.pi-hole.net -bash basic-install.sh +sudo bash basic-install.sh ``` ## Post-install: Make your network take advantage of Pi-hole From b64155a1657937b5302369732fda79565105c1c9 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Dec 2017 14:32:39 +0000 Subject: [PATCH 059/121] Add in an extra check to enable lighttpd. Signed-off-by: Adam Warner --- automated install/basic-install.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 61d759ff..8380ca49 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2004,8 +2004,15 @@ main() { # just install the Core dependencies DEPS=("${PIHOLE_DEPS[@]}") fi + install_dependent_packages DEPS[@] + # On some systems, lighttpd is not enabled on first install. We need to enable it here if the user + # has chosen to install the web interface, else the `LIGHTTPD_ENABLED` check will fail + if [[ "${INSTALL_WEB}" == true ]]; then + enable_service lighttpd + fi + if [[ -x "$(command -v systemctl)" ]]; then # Value will either be 1, if true, or 0 LIGHTTPD_ENABLED=$(systemctl is-enabled lighttpd | grep -c 'enabled' || true) From f60791ac7c9afca9a3270a6edc67b58423f92671 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Dec 2017 14:42:01 +0000 Subject: [PATCH 060/121] Add dependencies as per https://github.com/pi-hole/pi-hole/pull/1776#discussion_r155149349 Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 8380ca49..a9bebba2 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -208,7 +208,7 @@ elif command -v rpm &> /dev/null; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget idn2) + PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget libidn2 psmisc) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo) if ! grep -q 'Fedora' /etc/redhat-release; then INSTALLER_DEPS=("${INSTALLER_DEPS[@]}" "epel-release"); From 945dcc6c2b67838a4864067899b2b75985d5078e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Dec 2017 15:17:31 +0000 Subject: [PATCH 061/121] Indent two spaces as per https://github.com/pi-hole/pi-hole/pull/1776#discussion_r155157116 Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a9bebba2..d71cd891 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1328,7 +1328,7 @@ installPiholeWeb() { else # don't do anything echo -e "${OVER} ${CROSS} ${str} - No default index.lighttpd.html file found... not backing up" + No default index.lighttpd.html file found... not backing up" fi # Install Sudoers file From dd6a9a0b8473d112c7d372c12023011490900818 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Dec 2017 15:28:58 +0000 Subject: [PATCH 062/121] supress output of `which command` on centos/fedora as per https://github.com/pi-hole/pi-hole/pull/1776#discussion_r155156819 Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d71cd891..3377ca86 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1856,7 +1856,7 @@ FTLdetect() { #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download echo -e " ${INFO} Checking for existing FTL binary..." - local ftlLoc=$(which pihole-FTL) + local ftlLoc=$(which pihole-FTL 2>/dev/null) if [[ ${ftlLoc} ]]; then local FTLversion=$(/usr/bin/pihole-FTL tag) From 69dc22c10ffbab9182dfbd336d0159363640390c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Dec 2017 22:31:12 +0000 Subject: [PATCH 063/121] fix some codacy and intelliJ idea complaints Signed-off-by: Adam Warner --- automated install/basic-install.sh | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 3377ca86..139627e0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -503,15 +503,21 @@ testIPv6() { # first will contain fda2 (ULA) first="$(cut -f1 -d":" <<< "$1")" # value1 will contain 253 which is the decimal value corresponding to 0xfd - value1=$(((0x$first)/256)) + value1=$(( (0x$first)/256 )) # will contain 162 which is the decimal value corresponding to 0xa2 - value2=$(((0x$first)%256)) + value2=$(( (0x$first)%256 )) # the ULA test is testing for fc00::/7 according to RFC 4193 - (((value1&254)==252)) && echo "ULA" || true + if (( value1&254 == 252 )); then + echo "ULA" + fi # the GUA test is testing for 2000::/3 according to RFC 4291 - (((value1&112)==32)) && echo "GUA" || true + if (( value1&112 == 32 )); then + echo "GUA" + fi # the LL test is testing for fe80::/10 according to RFC 4193 - (((value1==254) && ((value2&192)==128))) && echo "Link-local" || true + if (( value1 == 254 )) && (( value2&192 == 128 )); then + echo "Link-local" + fi } # A dialog for showing the user about IPv6 blocking From 162a7b56fe9f04ce12b395760a0928026fefd082 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Dec 2017 22:41:31 +0000 Subject: [PATCH 064/121] force mode is no longer referenced. Regression. Same with `domToRemoveList` Signed-off-by: Adam Warner --- advanced/Scripts/list.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 9ddfe8f3..72250afd 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -19,7 +19,6 @@ addmode=true verbose=true domList=() -domToRemoveList=() listMain="" listAlt="" @@ -240,7 +239,6 @@ for var in "$@"; do "-wild" | "wildcard" ) listMain="${wildcardlist}";; "-nr"| "--noreload" ) reload=false;; "-d" | "--delmode" ) addmode=false;; - "-f" | "--force" ) force=true;; "-q" | "--quiet" ) verbose=false;; "-h" | "--help" ) helpFunc;; "-l" | "--list" ) Displaylist;; From 79aada0b87d1f8b4992acedcdff03f6eff78180b Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Dec 2017 22:57:05 +0000 Subject: [PATCH 065/121] travis didn't like that Signed-off-by: Adam Warner --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 139627e0..79754872 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -507,15 +507,15 @@ testIPv6() { # will contain 162 which is the decimal value corresponding to 0xa2 value2=$(( (0x$first)%256 )) # the ULA test is testing for fc00::/7 according to RFC 4193 - if (( value1&254 == 252 )); then + if (( (value1&254)==252 )); then echo "ULA" fi # the GUA test is testing for 2000::/3 according to RFC 4291 - if (( value1&112 == 32 )); then + if (( (value1&112)==32 )); then echo "GUA" fi # the LL test is testing for fe80::/10 according to RFC 4193 - if (( value1 == 254 )) && (( value2&192 == 128 )); then + if (( (value1)==254 )) && (( (value2&192)==128 )); then echo "Link-local" fi } From a9a40ca46c7f086b2efa9464fa90026e47004f72 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 6 Dec 2017 23:27:40 +0000 Subject: [PATCH 066/121] Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead. Signed-off-by: Adam Warner --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 43393ee9..d69c5e4d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -499,7 +499,7 @@ does_ip_match_setup_vars() { # IP address to check for local ip_address="${2}" # See what IP is in the setupVars.conf file - local setup_vars_ip=$(cat ${PIHOLE_SETUP_VARS_FILE} | grep IPV${protocol}_ADDRESS | cut -d '=' -f2) + local setup_vars_ip=$(< ${PIHOLE_SETUP_VARS_FILE} grep IPV${protocol}_ADDRESS | cut -d '=' -f2) # If it's an IPv6 address if [[ "${protocol}" == "6" ]]; then # Strip off the / (CIDR notation) From f89d69b0819e7bbf1b4ee7a4db4692e66133078a Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 7 Dec 2017 21:33:31 -0600 Subject: [PATCH 067/121] check NetworkManager status prior to using the cli (#1653) Closes #1653 Signed-off-by: bcambl --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 61d759ff..80ebd5fa 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -709,8 +709,8 @@ setStaticIPv4() { }> "${IFCFG_FILE}" # Use ip to immediately set the new address ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}" - # If NetworkMangler command line interface exists, - if command -v nmcli &> /dev/null;then + # If NetworkMangler command line interface exists and ready to mangle, + if command -v nmcli &> /dev/null && nmcli general status &> /dev/null; then # Tell NetworkManagler to read our new sysconfig file nmcli con load "${IFCFG_FILE}" > /dev/null fi From 80e17ab72180f15ac4d5ff0044d4e8eafd95bc29 Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Thu, 7 Dec 2017 22:38:47 -0600 Subject: [PATCH 068/121] potentially fixes #1806 by falling back to dig if getent fails Signed-off-by: Jacob Salmela --- gravity.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/gravity.sh b/gravity.sh index eb69b49f..e7aed5e5 100755 --- a/gravity.sh +++ b/gravity.sh @@ -88,6 +88,19 @@ gravity_DNSLookup() { exit 1 fi + # If the /etc/resolv.conf contains resolvers other than 127.0.0.1 then the local dnsmasq will not be queried and pi.hole is NXDOMAIN. + # This means that even though name resolution is working, the getent hosts check fails and the holddown timer keeps ticking and eventualy fails + # So we check the output of the last command and if it failed, attempt to use dig +short as a fallback + if timeout 1 dig +short "${lookupDomain}" &> /dev/null; then + if [[ -n "${secs:-}" ]]; then + echo -e "${OVER} ${TICK} DNS resolution is now available\\n" + fi + return 0 + elif [[ -n "${secs:-}" ]]; then + echo -e "${OVER} ${CROSS} DNS resolution is not available" + exit 1 + fi + # Determine error output message if pidof dnsmasq &> /dev/null; then echo -e " ${CROSS} DNS resolution is currently unavailable" From 6ecd93d0c9c05cfc67576ecc36b37f980b9ef16d Mon Sep 17 00:00:00 2001 From: Joe Date: Fri, 8 Dec 2017 22:25:01 +0000 Subject: [PATCH 069/121] pihole.log permissions This change makes pihole more friendly to the non-existence of the pihole.log file. This can help with systems that are configured to mount /var/log as a tmpfs volume. It may also help with systems where the pihole.log file is accidentally/unintentionally removed. Further discussion around the details of this change are in https://github.com/pi-hole/pi-hole/issues/1798 --- advanced/pihole-FTL.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/pihole-FTL.service b/advanced/pihole-FTL.service index 627fad8c..b7def22c 100644 --- a/advanced/pihole-FTL.service +++ b/advanced/pihole-FTL.service @@ -25,9 +25,9 @@ start() { if is_running; then echo "pihole-FTL is already running" else - touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port + touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole - chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port + chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" echo fi From 6f03e3015154bb018a920c4cd27c9c2663d7b76e Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Fri, 8 Dec 2017 18:23:55 -0600 Subject: [PATCH 070/121] fixes #1537 by checking if systemctl is found Signed-off-by: Jacob Salmela --- advanced/Scripts/piholeDebug.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index d69c5e4d..f8955637 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -212,7 +212,7 @@ copy_to_debug_log() { # uploaded to our server, since it can't properly display in color # This is accomplished by use sed to remove characters matching that patter # The entire file is then copied over to a sanitized version of the log - sed 's/\[[0-9;]\{1,5\}m//g' > "${PIHOLE_DEBUG_LOG_SANITIZED}" <<< cat "${PIHOLE_DEBUG_LOG}" + # sed 's/\[[0-9;]\{1,5\}m//g' > "${PIHOLE_DEBUG_LOG_SANITIZED}" <<< cat "${PIHOLE_DEBUG_LOG}" } initiate_debug() { @@ -809,8 +809,14 @@ process_status(){ local i # For each process, for i in "${PIHOLE_PROCESSES[@]}"; do - # get its status via systemctl - local status_of_process=$(systemctl is-active "${i}") + # If systemd + if command -v systemctl &> /dev/null; then + # get its status via systemctl + local status_of_process=$(systemctl is-active "${i}") + else + # Otherwise, use the service command + local status_of_process=$(service "${i}" status | awk '/Active:/ {print $2}') &> /dev/null + fi # and print it out to the user if [[ "${status_of_process}" == "active" ]]; then # If it's active, show it in green From 28bed0041ec668447d7e26de1870ed8977207b33 Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Fri, 8 Dec 2017 18:29:28 -0600 Subject: [PATCH 071/121] remove comment Signed-off-by: Jacob Salmela --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f8955637..64334241 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -212,7 +212,7 @@ copy_to_debug_log() { # uploaded to our server, since it can't properly display in color # This is accomplished by use sed to remove characters matching that patter # The entire file is then copied over to a sanitized version of the log - # sed 's/\[[0-9;]\{1,5\}m//g' > "${PIHOLE_DEBUG_LOG_SANITIZED}" <<< cat "${PIHOLE_DEBUG_LOG}" + sed 's/\[[0-9;]\{1,5\}m//g' > "${PIHOLE_DEBUG_LOG_SANITIZED}" <<< cat "${PIHOLE_DEBUG_LOG}" } initiate_debug() { From 05d015169c19b5da163553ec9791783780b9cd4a Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 9 Dec 2017 19:00:46 +0100 Subject: [PATCH 072/121] Check for local version and branches every 10 minutes, check for remote versions only once a day Signed-off-by: DL6ER --- advanced/Scripts/updatecheck.sh | 49 +++++++++++++++++---------------- advanced/pihole.cron | 7 +++-- pihole | 2 +- 3 files changed, 32 insertions(+), 26 deletions(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 9b79c4cb..f8ce59dd 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -3,7 +3,7 @@ # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. # -# Checks for updates via GitHub +# Checks for local or remote versions and branches # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. @@ -25,35 +25,38 @@ function json_extract() { fi } -GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")" -GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" -GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")" - -echo "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions" - function get_local_branch() { # Return active branch cd "${1}" 2> /dev/null || return 1 git rev-parse --abbrev-ref HEAD || return 1 } -CORE_BRANCH="$(get_local_branch /etc/.pihole)" -WEB_BRANCH="$(get_local_branch /var/www/html/admin)" -#FTL_BRANCH="$(pihole-FTL branch)" -# Don't store FTL branch until the next release of FTL which -# supports returning the branch in an easy way -FTL_BRANCH="XXX" - -echo "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches" - function get_local_version() { - # Return active branch - cd "${1}" 2> /dev/null || return 1 - git describe --long --dirty --tags || return 1 +# Return active branch +cd "${1}" 2> /dev/null || return 1 +git describe --long --dirty --tags || return 1 } -CORE_VERSION="$(get_local_version /etc/.pihole)" -WEB_VERSION="$(get_local_version /var/www/html/admin)" -FTL_VERSION="$(pihole-FTL version)" +if [[ "$2" == "remote" ]]; then -echo "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions" + GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")" + GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" + GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")" + + echo "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions" + +else + + CORE_BRANCH="$(get_local_branch /etc/.pihole)" + WEB_BRANCH="$(get_local_branch /var/www/html/admin)" + FTL_BRANCH="$(pihole-FTL branch)" + + echo "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches" + + CORE_VERSION="$(get_local_version /etc/.pihole)" + WEB_VERSION="$(get_local_version /var/www/html/admin)" + FTL_VERSION="$(pihole-FTL version)" + + echo "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions" + +fi diff --git a/advanced/pihole.cron b/advanced/pihole.cron index 2273358b..87a2bd3c 100644 --- a/advanced/pihole.cron +++ b/advanced/pihole.cron @@ -29,5 +29,8 @@ @reboot root /usr/sbin/logrotate /etc/pihole/logrotate -# Pi-hole: Grab remote version and branch every 10 minutes -*/10 * * * * root PATH="$PATH:/usr/local/bin/" pihole updatechecker +# Pi-hole: Grab local version and branch every 10 minutes +*/10 * * * * root PATH="$PATH:/usr/local/bin/" pihole updatechecker local + +# Pi-hole: Grab remote version every 24 hours +00 00 * * * root PATH="$PATH:/usr/local/bin/" pihole updatechecker remote diff --git a/pihole b/pihole index 652f4acb..e4d6215c 100755 --- a/pihole +++ b/pihole @@ -658,6 +658,6 @@ case "${1}" in "-t" | "tail" ) tailFunc;; "checkout" ) piholeCheckoutFunc "$@";; "tricorder" ) tricorderFunc;; - "updatechecker" ) updateCheckFunc;; + "updatechecker" ) updateCheckFunc "$@";; * ) helpFunc;; esac From 45ab2a3d7aadba25ee29e0f52dc943d9031c60b9 Mon Sep 17 00:00:00 2001 From: Keith Bentrup Date: Sat, 9 Dec 2017 17:03:20 -0500 Subject: [PATCH 073/121] send HTTP headers before HTML Signed-off-by: Keith Bentrup --- advanced/index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/index.php b/advanced/index.php index 5c2f250d..999acebb 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -213,6 +213,8 @@ if (explode("-", $phVersion)[1] != "0") // Please Note: Text is added via CSS to allow an admin to provide a localised // language without the need to edit this file + +setHeader(); ?>