Merge branch 'development-v6' into new/antigravity

Signed-off-by: DL6ER <dl6er@dl6er.de>

.github/dependabot.yml

@@ -20,3 +20,24 @@ updates:
   target-branch: development
   reviewers:
     - "pi-hole/core-maintainers"
+# As above, but for development-v6
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "10:00"
+  open-pull-requests-limit: 10
+  target-branch: development-v6
+  reviewers:
+    - "pi-hole/core-maintainers"
+- package-ecosystem: pip
+  directory: "/test"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "10:00"
+  open-pull-requests-limit: 10
+  target-branch: development-v6
+  reviewers:
+    - "pi-hole/core-maintainers"

.github/workflows/codeql-analysis.yml

@@ -25,7 +25,7 @@ jobs:
     steps:
     -
       name: Checkout repository
-      uses: actions/checkout@v3.5.3
+      uses: actions/checkout@v4.0.0
     # Initializes the CodeQL tools for scanning.
     -
       name: Initialize CodeQL

.github/workflows/stale.yml

@@ -37,7 +37,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
       - name: Remove 'stale' label
         run: gh issue edit ${{ github.event.issue.number }} --remove-label $stale_label
         env:

.github/workflows/sync-back-to-dev.yml

@@ -33,7 +33,7 @@ jobs:
     name: Syncing branches
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
       - name: Opening pull request
         run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal'
         env:

.github/workflows/test.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       - name: Check scripts in repository are executable
         run: |
@@ -72,7 +72,7 @@ jobs:
       DISTRO: ${{matrix.distro}}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       - name: Set up Python 3.10
         uses: actions/setup-python@v4.7.0

advanced/Scripts/webpage.sh

@@ -1,100 +0,0 @@
-#!/usr/bin/env bash
-# shellcheck disable=SC1090
-# shellcheck disable=SC2154
-
-
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Web interface settings
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-# TODO - this entire file might be able to be removed in v6
-
-readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
-readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf"
-readonly FTLconf="/etc/pihole/pihole-FTL.conf"
-# 03 -> wildcards
-readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf"
-readonly dnscustomfile="/etc/pihole/custom.list"
-readonly dnscustomcnamefile="/etc/dnsmasq.d/05-pihole-custom-cname.conf"
-
-readonly gravityDBfile="/etc/pihole/gravity.db"
-
-
-readonly setupVars="/etc/pihole/setupVars.conf"
-readonly PI_HOLE_BIN_DIR="/usr/local/bin"
-
-# Root of the web server
-readonly webroot="/var/www/html"
-
-# Source utils script
-utilsfile="/opt/pihole/utils.sh"
-source "${utilsfile}"
-
-coltable="/opt/pihole/COL_TABLE"
-if [[ -f ${coltable} ]]; then
-    source ${coltable}
-fi
-
-helpFunc() {
-    echo "Usage: pihole -a [options]
-Example: pihole -a -p password
-Set options for the API/Web interface
-
-Options:
-  -p, password                    Set API/Web interface password
-  -h, --help                      Show this help dialog"
-    exit 0
-}
-
-# TODO: We can probably remove the reliance on this function too, just tell people to pihole-FTL --config webserver.api.password "password"
-SetWebPassword() {
-    if (( ${#args[2]} > 0 )) ; then
-        readonly PASSWORD="${args[2]}"
-        readonly CONFIRM="${PASSWORD}"
-    else
-        # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed.
-        # So we reset the terminal via stty if the user does press Ctrl+C
-        trap '{ echo -e "\nNot changed" ; stty sane ; exit 1; }' INT
-        read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
-        echo ""
-
-        if [ "${PASSWORD}" == "" ]; then
-            setFTLConfigValue "webserver.api.pwhash" "" >/dev/null
-            echo -e "  ${TICK} Password Removed"
-            exit 0
-        fi
-
-        read -s -r -p "Confirm Password: " CONFIRM
-        echo ""
-    fi
-
-    if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
-        # pihole-FTL will automatically hash the password
-        setFTLConfigValue "webserver.api.password" "${PASSWORD}" >/dev/null
-        echo -e "  ${TICK} New password set"
-    else
-        echo -e "  ${CROSS} Passwords don't match. Your password has not been changed"
-        exit 1
-    fi
-}
-
-main() {
-    args=("$@")
-
-    case "${args[1]}" in
-        "-p" | "password"     ) SetWebPassword;;
-        "-h" | "--help"       ) helpFunc;;
-        *                     ) helpFunc;;
-    esac
-
-    shift
-
-    if [[ $# = 0 ]]; then
-        helpFunc
-    fi
-}

gravity.sh

@@ -383,7 +383,7 @@ gravity_DownloadBlocklists() {
     unset sources
   fi
 
-  local url domain agent str target compression adlist_type
+  local url domain str target compression adlist_type
   echo ""
 
   # Prepare new gravity database
@@ -448,10 +448,7 @@ gravity_DownloadBlocklists() {
     saveLocation="${piholeDir}/list.${id}.${domain}.${domainsExtension}"
     activeDomains[$i]="${saveLocation}"
 
-    # Default user-agent (for Cloudflare's Browser Integrity Check: https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-)
-    agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
-
-    echo -e "  ${INFO} Target: ${url} (${str})"
+    echo -e "  ${INFO} Target: ${url}"
     local regex check_url
     # Check for characters NOT allowed in URLs
     regex="[^a-zA-Z0-9:/?&%=~._()-;]"
@@ -463,7 +460,7 @@ gravity_DownloadBlocklists() {
     if [[ "${check_url}" =~ ${regex} ]]; then
       echo -e "  ${CROSS} Invalid Target"
     else
-      gravity_DownloadBlocklistFromUrl "${url}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" "${adlist_type}"
+      gravity_DownloadBlocklistFromUrl "${url}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" "${adlist_type}"
     fi
     echo ""
   done
@@ -495,7 +492,7 @@ compareLists() {
 
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
-  local url="${1}" agent="${2}" adlistID="${3}" saveLocation="${4}" target="${5}" compression="${6}" gravity_type="${7}"
+  local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}" gravity_type="${6}"
   local heisenbergCompensator="" listCurlBuffer str httpCode success="" ip cmd_ext
 
   # Create temp file to store content on disk instead of RAM
@@ -555,7 +552,7 @@ gravity_DownloadBlocklistFromUrl() {
   fi
 
   # shellcheck disable=SC2086
-  httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${listCurlBuffer}" 2> /dev/null)
+  httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2> /dev/null)
 
   case $url in
     # Did we "download" a local file?

pihole

@@ -30,10 +30,36 @@ if [ -f "${versionsfile}" ]; then
     source "${versionsfile}"
 fi
 
-webpageFunc() {
-  source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
-  main "$@"
-  exit 0
+# TODO: We can probably remove the reliance on this function too, just tell people to pihole-FTL --config webserver.api.password "password"
+SetWebPassword() {
+    if [ -n "$2" ] ; then
+        readonly PASSWORD="$2"
+        readonly CONFIRM="${PASSWORD}"
+    else
+        # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed.
+        # So we reset the terminal via stty if the user does press Ctrl+C
+        trap '{ echo -e "\nNot changed" ; stty sane ; exit 1; }' INT
+        read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
+        echo ""
+
+        if [ "${PASSWORD}" == "" ]; then
+            setFTLConfigValue "webserver.api.pwhash" "" >/dev/null
+            echo -e "  ${TICK} Password Removed"
+            exit 0
+        fi
+
+        read -s -r -p "Confirm Password: " CONFIRM
+        echo ""
+    fi
+
+    if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
+        # pihole-FTL will automatically hash the password
+        setFTLConfigValue "webserver.api.password" "${PASSWORD}" >/dev/null
+        echo -e "  ${TICK} New password set"
+    else
+        echo -e "  ${CROSS} Passwords don't match. Your password has not been changed"
+        exit 1
+    fi
 }
 
 listFunc() {
@@ -466,8 +492,7 @@ Debugging Options:
 
 
 Options:
-  -a, admin           Web interface options
-                        Add '-h' for more info on Web Interface usage
+  setpassword           set the password for the web interface
   -c, chronometer     Calculates stats and displays to an LCD
                         Add '-h' for more info on chronometer usage
   -g, updateGravity   Update the list of ad-serving domains
@@ -526,7 +551,7 @@ case "${1}" in
   "restartdns"                  ) ;;
   "-g" | "updateGravity"        ) need_root=0;;
   "reloaddns"                   ) need_root=0;;
-  "-a" | "admin"                ) ;;
+  "setpassword"                 ) ;;
   "checkout"                    ) ;;
   "updatechecker"               ) ;;
   "arpflush"                    ) ;;
@@ -544,6 +569,13 @@ if [[ ! $EUID -eq 0 && need_root -eq 1 ]];then
     exit 1
   fi
 fi
+
+# In the case of alpine running in a container, the USER variable appears to be blank
+# which prevents the next trap from working correctly. Set it by running whoami
+if [[ -z ${USER} ]]; then
+  USER=$(whoami)
+fi
+
 # Can also be user pihole for other functions
 if [[ ${USER} != "pihole" && need_root -eq 0 ]];then
   if [[ -x "$(command -v sudo)" ]]; then
@@ -574,7 +606,7 @@ case "${1}" in
   "disable"                     ) piholeEnable 0 "$2";;
   "restartdns"                  ) restartDNS "$2";;
   "reloaddns"                   ) restartDNS "reload";;
-  "-a" | "admin"                ) webpageFunc "$@";;
+  "setpassword"                 ) SetWebPassword "$@";;
   "checkout"                    ) piholeCheckoutFunc "$@";;
   "updatechecker"               ) shift; updateCheckFunc "$@";;
   "arpflush"                    ) arpFunc "$@";;

test/requirements.txt

@@ -1,6 +1,6 @@
 pyyaml == 6.0.1
-pytest == 7.4.0
+pytest == 7.4.2
 pytest-xdist == 3.3.1
-pytest-testinfra == 8.1.0
-tox == 4.6.4
+pytest-testinfra == 9.0.0
+tox == 4.11.3