From c6810a012406f4cc944f6123484c764c7da27df2 Mon Sep 17 00:00:00 2001 From: bcambl Date: Tue, 19 Jan 2021 22:58:05 -0600 Subject: [PATCH 1/5] touch sysconfig network script when absent sysconfig network scripts are missing on pure NetworkManager installs. This commit touches a placeholder to allow the network configuration to be generated and loaded via NetworkManager. Signed-off-by: bcambl --- automated install/basic-install.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4ab5c0e2..d9f41a3d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -997,9 +997,14 @@ setStaticIPv4() { # if an ifcfg config does not exists for the interface name, try the connection name via network manager if is_command nmcli && nmcli general status &> /dev/null; then CONNECTION_NAME=$(nmcli dev show "${PIHOLE_INTERFACE}" | grep 'GENERAL.CONNECTION' | cut -d: -f2 | sed 's/^System//' | xargs | tr ' ' '_') - if [[ -f "/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME}" ]];then + IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME} + if [[ -f "${IFCFG_FILE}" ]];then # If it exists, - IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${CONNECTION_NAME} + setIFCFG "${IFCFG_FILE}" + return 0 + else + printf " %b Warning: sysconfig network script not found. Creating ${IFCFG_FILE}\\n" "${INFO}" + touch "${IFCFG_FILE}" setIFCFG "${IFCFG_FILE}" return 0 fi From b62495d89e4632f5118880b912c0de57254114cf Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 21 Jan 2021 20:20:07 -0600 Subject: [PATCH 2/5] update tests to fedora 33 Signed-off-by: bcambl --- .github/workflows/test.yml | 2 +- supportedos.txt | 2 +- test/{_fedora_31.Dockerfile => _fedora_33.Dockerfile} | 2 +- test/{tox.fedora_31.ini => tox.fedora_33.ini} | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) rename test/{_fedora_31.Dockerfile => _fedora_33.Dockerfile} (96%) rename test/{tox.fedora_31.ini => tox.fedora_33.ini} (78%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8e19e550..d19df5ab 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_31, fedora_32] + distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33] env: DISTRO: ${{matrix.distro}} steps: diff --git a/supportedos.txt b/supportedos.txt index 1eb1fde6..6d579132 100644 --- a/supportedos.txt +++ b/supportedos.txt @@ -1,5 +1,5 @@ Raspbian=9,10 Ubuntu=16,18,20 Debian=9,10 -Fedora=31,32 +Fedora=32,33 CentOS=7,8 \ No newline at end of file diff --git a/test/_fedora_31.Dockerfile b/test/_fedora_33.Dockerfile similarity index 96% rename from test/_fedora_31.Dockerfile rename to test/_fedora_33.Dockerfile index 02dcb733..0a1ac59c 100644 --- a/test/_fedora_31.Dockerfile +++ b/test/_fedora_33.Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:31 +FROM fedora:33 ENV GITDIR /etc/.pihole ENV SCRIPTDIR /opt/pihole diff --git a/test/tox.fedora_31.ini b/test/tox.fedora_33.ini similarity index 78% rename from test/tox.fedora_31.ini rename to test/tox.fedora_33.ini index 36ab10ad..00ea732a 100644 --- a/test/tox.fedora_31.ini +++ b/test/tox.fedora_33.ini @@ -4,5 +4,5 @@ envlist = py37 [testenv] whitelist_externals = docker deps = -rrequirements.txt -commands = docker build -f _fedora_31.Dockerfile -t pytest_pihole:test_container ../ +commands = docker build -f _fedora_33.Dockerfile -t pytest_pihole:test_container ../ pytest {posargs:-vv -n auto} ./test_automated_install.py ./test_centos_fedora_common_support.py ./test_fedora_support.py From 45d4ab4c22ca9edee1544648e3327a12a7e69e41 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 19 Mar 2021 18:39:43 +0000 Subject: [PATCH 3/5] Add some validation to passed arguments before running the values through `sed` Signed-off-by: Adam Warner --- advanced/Scripts/webpage.sh | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 53f815c5..8ef4d940 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -564,7 +564,13 @@ AddDHCPStaticAddress() { RemoveDHCPStaticAddress() { mac="${args[2]}" - sed -i "/dhcp-host=${mac}.*/d" "${dhcpstaticconfig}" + if [[ "$mac" =~ ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ ]]; then + sed -i "/dhcp-host=${mac}.*/d" "${dhcpstaticconfig}" + else + echo " ${CROSS} Invalid Mac Passed!" + exit 1 + fi + } SetAdminEmail() { @@ -708,7 +714,13 @@ RemoveCustomDNSAddress() { ip="${args[2]}" host="${args[3]}" - sed -i "/${ip} ${host}/d" "${dnscustomfile}" + + if valid_ip "${ip}" || valid_ip6 "${ip}" ; then + sed -i "/${ip} ${host}/d" "${dnscustomfile}" + else + echo -e " ${CROSS} Invalid IP has been passed" + exit 1 + fi # Restart dnsmasq to update removed custom DNS entries RestartDNS @@ -719,6 +731,7 @@ AddCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" + echo "cname=${domain},${target}" >> "${dnscustomcnamefile}" # Restart dnsmasq to load new custom CNAME records @@ -730,7 +743,20 @@ RemoveCustomCNAMERecord() { domain="${args[2]}" target="${args[3]}" - sed -i "/cname=${domain},${target}/d" "${dnscustomcnamefile}" + + validDomain="$(checkDomain "${domain}")" + if [[ -n "${validDomain}" ]]; then + validTarget="$(checkDomain "${target}")" + if [[ -n "${validDomain}" ]]; then + sed -i "/cname=${validDomain},${validTarget}/d" "${dnscustomcnamefile}" + else + echo " ${CROSS} Invalid Target Passed!" + exit 1 + fi + else + echo " ${CROSS} Invalid Domain passed!" + exit 1 + fi # Restart dnsmasq to update removed custom CNAME records RestartDNS From 25ded7919005d9164a0dab08292835bdde4b630f Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Wed, 14 Apr 2021 09:26:52 -0700 Subject: [PATCH 4/5] Update README --- README.md | 57 ++++++++++++++++++++++++++----------------------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 6d7e5b5e..57dee16d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ +# +

Pi-hole @@ -9,8 +11,6 @@

-# - The Pi-holeĀ® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software. - **Easy-to-install**: our versatile installer walks you through the process, and takes less than ten minutes @@ -26,8 +26,6 @@ The Pi-holeĀ® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) th ----- -Master [![Build Status](https://travis-ci.com/pi-hole/pi-hole.svg?branch=master)](https://travis-ci.com/pi-hole/pi-hole) Development [![Build Status](https://travis-ci.com/pi-hole/pi-hole.svg?branch=development)](https://travis-ci.com/pi-hole/pi-hole) - ## One-Step Automated Install Those who want to get started quickly and conveniently may install Pi-hole using the following command: @@ -71,16 +69,18 @@ Make no mistake: **your support is absolutely vital to help keep us innovating!* ### [Donations](https://pi-hole.net/donate) -Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses: +Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses and rewarding our dedicated development team: ### Alternative support If you'd rather not donate (_which is okay!_), there are other ways you can help support us: -- [Patreon](https://patreon.com/pihole) _Become a patron for rewards_ +- [GitHub Sponsors](https://github.com/sponsors/pi-hole/) +- [Patreon](https://patreon.com/pihole) +- [Hetzner Cloud](https://hetzner.cloud/?ref=7aceisRX3AzA) _affiliate link_ - [Digital Ocean](https://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_ - [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_ -- [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ +- [Amazon US](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ - Spreading the word about our software, and how you have benefited from it ### Contributing via GitHub @@ -95,7 +95,9 @@ You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/ma ## Getting in touch with us -While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets. **Please be sure to check the FAQ's** before starting a new discussion, as we do not have the spare time to reply to every request for assistance. +While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets. + +**Please be sure to check the FAQ's** before starting a new discussion. Many user questions already have answers and can be solved without any additional assistance. - [Frequently Asked Questions](https://discourse.pi-hole.net/c/faqs) - [Feature Requests](https://discourse.pi-hole.net/c/feature-requests?order=votes) @@ -106,12 +108,27 @@ While we are primarily reachable on our [Discourse User Forum](https://discourse ## Breakdown of Features +### [Faster-than-light Engine](https://github.com/pi-hole/ftl) + +[FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! + +Some of the statistics you can integrate include: + +- Total number of domains being blocked +- Total number of DNS queries today +- Total number of ads blocked today +- Percentage of ads blocked +- Unique domains +- Queries forwarded (to your chosen upstream DNS server) +- Queries cached +- Unique clients + +The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). + ### The Command Line Interface The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`. -![Pi-hole Blacklist Demo](https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif) - Some notable features include: - [Whitelisting, Blacklisting and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex) @@ -128,8 +145,6 @@ You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-c This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve! -![Pi-hole Dashboard](https://pi-hole.github.io/graphics/Screenshots/pihole-dashboard.png) - Some notable features include: - Mobile friendly interface @@ -145,21 +160,3 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t 1. `http://pi.hole/admin/` (when using Pi-hole as your DNS server) 2. `http:///admin/` -3. `http://pi.hole/` (when using Pi-hole as your DNS server) - -## Faster-than-light Engine - -FTLDNS is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! - -Some of the statistics you can integrate include: - -- Total number of domains being blocked -- Total number of DNS queries today -- Total number of ads blocked today -- Percentage of ads blocked -- Unique domains -- Queries forwarded (to your chosen upstream DNS server) -- Queries cached -- Unique clients - -The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). From 5df7ed2f3229908267e75cc30630b6393339c73f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 14 Apr 2021 18:33:10 +0200 Subject: [PATCH 5/5] Obtain FTL's PID from the PID file (#4103) * Try to obtain FTL's PID from the PID file. If this fails, try to identify the main process using pgrep --oldest (instead of relying on pkill finding the right one by itself). This allows the script to work in even when FTL is running inside the memory checker valgrind. * Rename FTL_PID -> FTL_PID_FILE * Remove the pgrep fallback after discussions about that it should be more obvious to users if something strange happened to their PID file. Also, simplify the routine using a bashism in the end. * Shorten if [[ regex ]] * Use unset instead of emptying the PID variable Signed-off-by: DL6ER Co-authored-by: Dan Schaper --- pihole | 47 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/pihole b/pihole index 2b2b7bc2..f8085c8e 100755 --- a/pihole +++ b/pihole @@ -16,6 +16,7 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" # error due to modifying a readonly variable. setupVars="/etc/pihole/setupVars.conf" PI_HOLE_BIN_DIR="/usr/local/bin" +readonly FTL_PID_FILE="/run/pihole-FTL.pid" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" source "${colfile}" @@ -98,8 +99,25 @@ versionFunc() { exit 0 } +# Get PID of main pihole-FTL process +getFTLPID() { + local pid + + if [ -s "${FTL_PID_FILE}" ]; then + # -s: FILE exists and has a size greater than zero + pid="$(<"$FTL_PID_FILE")" + # Exploit prevention: unset the variable if there is malicious content + # Verify that the value read from the file is numeric + [[ "$pid" =~ [^[:digit:]] ]] && unset pid + fi + + # If FTL is not running, or the PID file contains malicious stuff, substitute + # negative PID to signal this to the caller + echo "${pid:=-1}" +} + restartDNS() { - local svcOption svc str output status + local svcOption svc str output status pid icon svcOption="${1:-restart}" # Determine if we should reload or restart @@ -108,17 +126,34 @@ restartDNS() { # Note 1: This will NOT re-read any *.conf files # Note 2: We cannot use killall here as it does # not know about real-time signals - svc="pkill -RTMIN pihole-FTL" - str="Reloading DNS lists" + pid="$(getFTLPID)" + if [[ "$pid" -eq "-1" ]]; then + svc="true" + str="FTL is not running" + icon="${INFO}" + else + svc="kill -RTMIN ${pid}" + str="Reloading DNS lists" + icon="${TICK}" + fi elif [[ "${svcOption}" =~ "reload" ]]; then # Reloading of the DNS cache has been requested # Note: This will NOT re-read any *.conf files - svc="pkill -HUP pihole-FTL" - str="Flushing DNS cache" + pid="$(getFTLPID)" + if [[ "$pid" -eq "-1" ]]; then + svc="true" + str="FTL is not running" + icon="${INFO}" + else + svc="kill -HUP ${pid}" + str="Flushing DNS cache" + icon="${TICK}" + fi else # A full restart has been requested svc="service pihole-FTL restart" str="Restarting DNS server" + icon="${TICK}" fi # Print output to Terminal, but not to Web Admin @@ -128,7 +163,7 @@ restartDNS() { status="$?" if [[ "${status}" -eq 0 ]]; then - [[ -t 1 ]] && echo -e "${OVER} ${TICK} ${str}" + [[ -t 1 ]] && echo -e "${OVER} ${icon} ${str}" return 0 else [[ ! -t 1 ]] && local OVER=""