From 45521b377a88240d883e78800546c3cba3666b99 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Thu, 26 Jul 2018 17:46:51 +0100 Subject: [PATCH 001/103] Use ip route rather than old net-tools route in chronometer.sh The only use of net-tools is the use of route in chronometer.sh so instead use the same method as used in piholeDebug.sh to get the default gateway so there's no need to depend on net-tools anylonger. Signed-off-by: Peter Robinson --- advanced/Scripts/chronometer.sh | 2 +- automated install/basic-install.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 046a98c4..ed2c8ab9 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -243,7 +243,7 @@ get_sys_stats() { disk_total="${disk_raw[1]}" disk_perc="${disk_raw[2]}" - net_gateway=$(route -n | awk '$4 == "UG" {print $2;exit}') + net_gateway=$(ip route | grep default | cut -d ' ' -f 3) # Get DHCP stats, if feature is enabled if [[ "$DHCP_ACTIVE" == "true" ]]; then diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 3d1a779d..90a05a6c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -323,7 +323,7 @@ elif command -v rpm &> /dev/null; then UPDATE_PKG_CACHE=":" PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" - INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng which) + INSTALLER_DEPS=(dialog git iproute newt procps-ng which) PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc) PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo) LIGHTTPD_USER="lighttpd" From 32b50f8188d4e88aecebb00e50a847635a60f285 Mon Sep 17 00:00:00 2001 From: Borats Nolan Date: Sat, 28 Jul 2018 02:35:39 +1000 Subject: [PATCH 002/103] Change the word "folder" to "directory" since the pi-hole is intended to run on rpi with Linux on it. Signed-off-by: Borats Nolan --- automated install/basic-install.sh | 8 ++++---- automated install/uninstall.sh | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 79e8e1ae..ad7d313c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -38,14 +38,14 @@ lighttpdConfig=/etc/lighttpd/lighttpd.conf # This is a file used for the colorized output coltable=/opt/pihole/COL_TABLE -# We store several other folders and +# We store several other directories and webInterfaceGitUrl="https://github.com/pi-hole/AdminLTE.git" webInterfaceDir="/var/www/html/admin" piholeGitUrl="https://github.com/pi-hole/pi-hole.git" PI_HOLE_LOCAL_REPO="/etc/.pihole" # These are the names of pi-holes files, stored in an array PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage) -# This folder is where the Pi-hole scripts will be installed +# This directory is where the Pi-hole scripts will be installed PI_HOLE_INSTALL_DIR="/opt/pihole" useUpdateVars=false @@ -318,7 +318,7 @@ else fi } -# A function for checking if a folder is a git repository +# A function for checking if a directory is a git repository is_repo() { # Use a named, local variable instead of the vague $1, which is the first argument passed to this function # These local variables should always be lowercase @@ -333,7 +333,7 @@ is_repo() { if [[ -d "${directory}" ]]; then # move into the directory cd "${directory}" - # Use git to check if the folder is a repo + # Use git to check if the directory is a repo # git -C is not used here to support git versions older than 1.8.4 git status --short &> /dev/null || rc=$? # If the command was not successful, diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 9322de92..52760cfb 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -106,7 +106,7 @@ removeNoPurge() { ${SUDO} rm -rf /var/www/html/pihole &> /dev/null ${SUDO} rm -f /var/www/html/index.lighttpd.orig &> /dev/null - # If the web directory is empty after removing these files, then the parent html folder can be removed. + # If the web directory is empty after removing these files, then the parent html directory can be removed. if [ -d "/var/www/html" ]; then if [[ ! "$(ls -A /var/www/html)" ]]; then ${SUDO} rm -rf /var/www/html &> /dev/null From 0081a7ca9285205369cd06ef6788bbcff443bf9c Mon Sep 17 00:00:00 2001 From: Mark McGuire Date: Sun, 5 Aug 2018 10:09:56 -0500 Subject: [PATCH 003/103] set noninteractive during unattended install Signed-off-by: Mark McGuire --- automated install/basic-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ad7d313c..3b9d7ba9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2327,6 +2327,8 @@ main() { echo -e " ${INFO} Performing unattended setup, no whiptail dialogs will be displayed" # Use the setup variables useUpdateVars=true + # also disable debconf-apt-progress dialogs + export DEBIAN_FRONTEND="noninteractive" # Otherwise, else # show the available options (repair/reconfigure) From eef948d79780be8e941c715f1dc0a9c419760ac5 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Tue, 7 Aug 2018 10:45:30 +1000 Subject: [PATCH 004/103] Fix header newlines * Added \\n to each $xxx_ver_str, resolving issue #2325 Signed-off-by: WaLLy3K --- advanced/Scripts/chronometer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 046a98c4..3f99a781 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -478,7 +478,7 @@ chronoFunc() { ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC} ${COL_DARK_GRAY}$scr_line_str${COL_NC}" else - echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str|_| |_| |_||_\\___/_\\___|$ftl_ver_str ${COL_DARK_GRAY}$scr_line_str${COL_NC}" + echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}" fi printFunc " Hostname: " "$sys_name" "$host_info" From e01eea8ba8005bb394c844efbac56db15467cdd0 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 6 Aug 2018 21:15:16 -0400 Subject: [PATCH 005/103] Remove PowerPC from FTL binaries It is no longer built, and may cause 404 errors if it attempts to download the binary. Signed-off-by: Mcat12 --- automated install/basic-install.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 77e02b58..61dfe831 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2151,11 +2151,6 @@ get_binary_name() { # set the binary to be used binary="pihole-FTL-arm-linux-gnueabi" fi - elif [[ "${machine}" == "ppc" ]]; then - # PowerPC - echo -e "${OVER} ${TICK} Detected PowerPC architecture" - # set the binary to be used - binary="pihole-FTL-powerpc-linux-gnu" elif [[ "${machine}" == "x86_64" ]]; then # This gives the architecture of packages dpkg installs (for example, "i386") local dpkgarch From f5c3dc5d9d4f00caed58eddfc40d712d565ab038 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Aug 2018 16:51:58 +0200 Subject: [PATCH 006/103] Improve download error message that is shown when downloading or verifying the binary failed Signed-off-by: DL6ER --- automated install/basic-install.sh | 4 ++-- test/test_automated_install.py | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 61dfe831..b12028a5 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2099,7 +2099,7 @@ FTLinstall() { # the download failed, so just go back to the original directory popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" - echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" + echo -e " ${COL_LIGHT_RED}Error: Download of ${url}/${binary} failed (checksum error)${COL_NC}" return 1 fi # Otherwise, @@ -2107,7 +2107,7 @@ FTLinstall() { popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" # The URL could not be found - echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" + echo -e " ${COL_LIGHT_RED}Error: URL ${url}/${binary} not found${COL_NC}" return 1 fi } diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 876b06eb..2cded451 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -501,8 +501,10 @@ def test_FTL_download_unknown_fails_no_errors(Pihole): ''') expected_stdout = cross_box + ' Downloading and Installing FTL' assert expected_stdout in download_binary.stdout - error = 'Error: URL not found' - assert error in download_binary.stdout + error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/' + assert error1 in download_binary.stdout + error2 = 'not found' + assert error2 in download_binary.stdout def test_FTL_binary_installed_and_responsive_no_errors(Pihole): From 5bf90cb77d3d84fc7049a15287dc4ca5df3f6cc4 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Aug 2018 18:02:01 +0200 Subject: [PATCH 007/103] Use alternative logic for counting regex file entries, skipping commented out lines Signed-off-by: DL6ER --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 50c37784..2836ec1f 100755 --- a/gravity.sh +++ b/gravity.sh @@ -464,7 +464,7 @@ gravity_ShowBlockCount() { fi if [[ -f "${regexFile}" ]]; then - num=$(grep -c "^(?!#)" "${regexFile}") + num=$(grep -c "^[^#]" "${regexFile}") echo -e " ${INFO} Number of regex filters: ${num}" fi } From 760dd01b50330cb97affeddfe5462d847bac3df0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Aug 2018 18:36:06 +0200 Subject: [PATCH 008/103] Use grep invert-match Signed-off-by: DL6ER --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 2836ec1f..026cd4a4 100755 --- a/gravity.sh +++ b/gravity.sh @@ -464,7 +464,7 @@ gravity_ShowBlockCount() { fi if [[ -f "${regexFile}" ]]; then - num=$(grep -c "^[^#]" "${regexFile}") + num=$(grep -cv "^#" "${regexFile}") echo -e " ${INFO} Number of regex filters: ${num}" fi } From 94e4ed664431faae47b093de8ba5fcd06aafb14b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 10 Aug 2018 18:22:55 +0200 Subject: [PATCH 009/103] Add facility to add multiple audit list entries at once and to nuke audit list Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index c3dede05..0d4cab90 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -525,9 +525,19 @@ Teleporter() { php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.zip" } -audit() +addAudit() { - echo "${args[2]}" >> /etc/pihole/auditlog.list + shift # skip "-a" + shift # skip "audit" + for var in "$@" + do + echo "${var}" >> /etc/pihole/auditlog.list + done +} + +clearAudit() +{ + echo -n "" > /etc/pihole/auditlog.list } SetPrivacyLevel() { @@ -565,7 +575,8 @@ main() { "-i" | "interface" ) SetListeningMode "$@";; "-t" | "teleporter" ) Teleporter;; "adlist" ) CustomizeAdLists;; - "audit" ) audit;; + "audit" ) addAudit "$@";; + "clearaudit" ) clearAudit;; "-l" | "privacylevel" ) SetPrivacyLevel;; * ) helpFunc;; esac From a1bf9fad98f3ac97fe4330337197b7b5a4d62512 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Sat, 11 Aug 2018 12:55:18 +1000 Subject: [PATCH 010/103] Fix colour tail for use with new blocking methods Signed-off-by: WaLLy3K --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 8be03f79..b444efe7 100755 --- a/pihole +++ b/pihole @@ -303,7 +303,7 @@ tailFunc() { # Colour everything else as gray tail -f /var/log/pihole.log | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \ - -e "s,(.*(gravity.list|black.list| config ).* is (${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(gravity.list|black.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 From 3e5c6afaee2755503ce1e7124d0413e44f496e6c Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sat, 11 Aug 2018 14:33:33 +0200 Subject: [PATCH 011/103] Don't let one blocklist, block an other If a blocklist is blocked by an other and 'pihole -g' is run, update the blocked blocklist by useing an alternate dns server (in this case 1.1.1.1) to acquire the IP adres and download the blocklist using the 'curl --resolve' (https://curl.haxx.se/docs/manpage.html#--resolve) --- gravity.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/gravity.sh b/gravity.sh index 50c37784..a9136990 100755 --- a/gravity.sh +++ b/gravity.sh @@ -217,6 +217,17 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." # shellcheck disable=SC2086 + if [ `dig $domain +short | grep 0.0.0.0 -c` -ge 1 ]; then + ip=`dig @1.1.1.1 +short $domain` + if [ `echo $url | awk -F '://' '{print $1}'` = "https" ]; then + port=443; + else + port=80 + fi + echo -e "${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again"; + echo -ne " ${INFO} ${str} Pending..." + cmd_ext="--resolve $domain:$port:$ip $cmd_ext" + fi httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null) case $url in From e58142b4ac8d8120ede147d09f85c0e807bc692c Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sat, 11 Aug 2018 15:14:45 +0200 Subject: [PATCH 012/103] Added comments --- gravity.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index a9136990..6338f1dc 100755 --- a/gravity.sh +++ b/gravity.sh @@ -216,18 +216,23 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." - # shellcheck disable=SC2086 + # Determine if the domain is blocked by Pi-hole if [ `dig $domain +short | grep 0.0.0.0 -c` -ge 1 ]; then + # If the domain is blocked by Pi-hole, use an alternate dns server to lookup the ip adres ip=`dig @1.1.1.1 +short $domain` + # Determine the port to be used by curl. If "https://" is not present, port 80 is asumed if [ `echo $url | awk -F '://' '{print $1}'` = "https" ]; then port=443; else port=80 fi + # Print some extra info echo -e "${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again"; echo -ne " ${INFO} ${str} Pending..." + # Add extra options to $cmd_ext cmd_ext="--resolve $domain:$port:$ip $cmd_ext" fi + # shellcheck disable=SC2086 httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null) case $url in From 926b25fd54bf96b08165a912ee25036a3c920241 Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 01:15:42 +0200 Subject: [PATCH 013/103] Not hardcoding dns and covering all blockingmodes --- gravity.sh | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/gravity.sh b/gravity.sh index 6338f1dc..03df870b 100755 --- a/gravity.sh +++ b/gravity.sh @@ -68,6 +68,17 @@ else exit 1 fi +# Source pihole-FTL from install script +pihole_FTL="${piholeDir}/pihole-FTL.conf" +if [[ -f "${pihole_FTL}" ]]; then + source "${pihole_FTL}" + if [[ -z "${BLOCKINGMODE}" ]] ; then + BLOCKINGMODE="Default (NULL)" + fi +else + BLOCKINGMODE="Default (NULL)" +fi + # Determine if superseded pihole.conf exists if [[ -r "${piholeDir}/pihole.conf" ]]; then echo -e " ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}" @@ -216,20 +227,31 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." - # Determine if the domain is blocked by Pi-hole - if [ `dig $domain +short | grep 0.0.0.0 -c` -ge 1 ]; then - # If the domain is blocked by Pi-hole, use an alternate dns server to lookup the ip adres - ip=`dig @1.1.1.1 +short $domain` - # Determine the port to be used by curl. If "https://" is not present, port 80 is asumed - if [ `echo $url | awk -F '://' '{print $1}'` = "https" ]; then + blocked=false + case $BLOCKINGMODE in + "IP-NODATA-AAAA"|"IP") + if [ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]; then + blocked=true + fi;; + "NXDOMAIN") + if [ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]; then + blocked=true + fi;; + "NULL"|"Default (NULL)"|*) + if [ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]; then + blocked=true + fi;; + esac + + if [ "${blocked}" = true ]; then + ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") + if [ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]; then port=443; - else - port=80 + else port=80 fi - # Print some extra info - echo -e "${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again"; + bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}') + echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:} on Pi-hole. Using DNS on ${CONDITIONAL_FORWARDING_IP} to download ${url}"; echo -ne " ${INFO} ${str} Pending..." - # Add extra options to $cmd_ext cmd_ext="--resolve $domain:$port:$ip $cmd_ext" fi # shellcheck disable=SC2086 From 1c6c35f86161cee290f4ce8b67605feb6294456d Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 01:50:23 +0200 Subject: [PATCH 014/103] Using double brackets --- gravity.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index 03df870b..433e85b0 100755 --- a/gravity.sh +++ b/gravity.sh @@ -230,15 +230,15 @@ gravity_DownloadBlocklistFromUrl() { blocked=false case $BLOCKINGMODE in "IP-NODATA-AAAA"|"IP") - if [ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]; then + if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then blocked=true fi;; "NXDOMAIN") - if [ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]; then + if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then blocked=true fi;; "NULL"|"Default (NULL)"|*) - if [ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]; then + if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then blocked=true fi;; esac From fe46dee19435e23154d04309b4fc1c6316920f09 Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 02:06:32 +0200 Subject: [PATCH 015/103] Mode double brackets --- gravity.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index 433e85b0..2bd8d371 100755 --- a/gravity.sh +++ b/gravity.sh @@ -243,9 +243,9 @@ gravity_DownloadBlocklistFromUrl() { fi;; esac - if [ "${blocked}" = true ]; then + if [[ "${blocked}" = true ]]; then ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") - if [ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]; then + if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then port=443; else port=80 fi From 03a9d3bc5b5edb033aeed62bf46fb66e44e52e9b Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 01:15:42 +0200 Subject: [PATCH 016/103] Not hardcoding dns and covering all blockingmodes Using double brackets Mode double brackets --- gravity.sh | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/gravity.sh b/gravity.sh index 6338f1dc..2bd8d371 100755 --- a/gravity.sh +++ b/gravity.sh @@ -68,6 +68,17 @@ else exit 1 fi +# Source pihole-FTL from install script +pihole_FTL="${piholeDir}/pihole-FTL.conf" +if [[ -f "${pihole_FTL}" ]]; then + source "${pihole_FTL}" + if [[ -z "${BLOCKINGMODE}" ]] ; then + BLOCKINGMODE="Default (NULL)" + fi +else + BLOCKINGMODE="Default (NULL)" +fi + # Determine if superseded pihole.conf exists if [[ -r "${piholeDir}/pihole.conf" ]]; then echo -e " ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}" @@ -216,20 +227,31 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." - # Determine if the domain is blocked by Pi-hole - if [ `dig $domain +short | grep 0.0.0.0 -c` -ge 1 ]; then - # If the domain is blocked by Pi-hole, use an alternate dns server to lookup the ip adres - ip=`dig @1.1.1.1 +short $domain` - # Determine the port to be used by curl. If "https://" is not present, port 80 is asumed - if [ `echo $url | awk -F '://' '{print $1}'` = "https" ]; then + blocked=false + case $BLOCKINGMODE in + "IP-NODATA-AAAA"|"IP") + if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then + blocked=true + fi;; + "NXDOMAIN") + if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then + blocked=true + fi;; + "NULL"|"Default (NULL)"|*) + if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then + blocked=true + fi;; + esac + + if [[ "${blocked}" = true ]]; then + ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") + if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then port=443; - else - port=80 + else port=80 fi - # Print some extra info - echo -e "${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again"; + bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}') + echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:} on Pi-hole. Using DNS on ${CONDITIONAL_FORWARDING_IP} to download ${url}"; echo -ne " ${INFO} ${str} Pending..." - # Add extra options to $cmd_ext cmd_ext="--resolve $domain:$port:$ip $cmd_ext" fi # shellcheck disable=SC2086 From 2feb5f22cc3ac17b494da95c6808b3b3083e91d9 Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 10:05:58 +0200 Subject: [PATCH 017/103] Signed-off-by This is my commit message Signed-off-by: Gusher123 --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 2bd8d371..e5152fe5 100755 --- a/gravity.sh +++ b/gravity.sh @@ -243,7 +243,7 @@ gravity_DownloadBlocklistFromUrl() { fi;; esac - if [[ "${blocked}" = true ]]; then + if [[ "${blocked}" == true ]]; then ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then port=443; From c00357663b424d5a88c90c288babb9f7301b367c Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 12 Aug 2018 18:36:07 +0200 Subject: [PATCH 018/103] Reload pihole-FTL instead of restart the entire service on "pihole enable/disable" Signed-off-by: DL6ER --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 8be03f79..19f7bcb8 100755 --- a/pihole +++ b/pihole @@ -199,7 +199,7 @@ Time: fi fi - restartDNS + restartDNS reload echo -e "${OVER} ${TICK} ${str}" } From 20b946eae5ea27704666ed3ccc6a7018385233d2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 12 Aug 2018 19:31:00 +0200 Subject: [PATCH 019/103] Instead of changing the dnsmasq configuration, we replace gravity.list and black.list by empty files for disabling. When pihole-FTL receives SIGHUP, it will clear its cache and reload all configured lists. If the files are empty, blocking will be disabled as no content to be blocked will be imported. Signed-off-by: DL6ER --- pihole | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/pihole b/pihole index 19f7bcb8..a4fcadb3 100755 --- a/pihole +++ b/pihole @@ -10,7 +10,8 @@ # Please see LICENSE file for your rights under this license. readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" -readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf" +readonly gravitylist="/etc/pihole/gravity.list" +readonly blacklist="/etc/pihole/black.list" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" source "${colfile}" @@ -146,10 +147,13 @@ Time: elif [[ "${1}" == "0" ]]; then # Disable Pi-hole - sed -i 's/^addn-hosts=\/etc\/pihole\/gravity.list/#addn-hosts=\/etc\/pihole\/gravity.list/' /etc/dnsmasq.d/01-pihole.conf - sed -i 's/^addn-hosts=\/etc\/pihole\/black.list/#addn-hosts=\/etc\/pihole\/black.list/' /etc/dnsmasq.d/01-pihole.conf - if [[ -e "$wildcardlist" ]]; then - mv "$wildcardlist" "/etc/pihole/wildcard.list" + if [[ -e "${gravitylist}" ]]; then + mv "${gravitylist}" "${gravitylist}.bck" + echo "" > "${gravitylist}" + fi + if [[ -e "${blacklist}" ]]; then + mv "${blacklist}" "${blacklist}.bck" + echo "" > "${blacklist}" fi if [[ $# > 1 ]]; then local error=false @@ -193,9 +197,11 @@ Time: echo -e " ${INFO} Enabling blocking" local str="Pi-hole Enabled" - sed -i 's/^#addn-hosts/addn-hosts/' /etc/dnsmasq.d/01-pihole.conf - if [[ -e "/etc/pihole/wildcard.list" ]]; then - mv "/etc/pihole/wildcard.list" "$wildcardlist" + if [[ -e "${gravitylist}.bck" ]]; then + mv "${gravitylist}.bck" "${gravitylist}" + fi + if [[ -e "${blacklist}" ]]; then + mv "${blacklist}.bck" "${blacklist}" fi fi From d9195970b7da98e685945abe8a7dcd7417ccf44c Mon Sep 17 00:00:00 2001 From: Realtbo Date: Sun, 12 Aug 2018 23:19:16 +0200 Subject: [PATCH 020/103] Create adlist file while running unattended setup Signed-off-by: Realtebo --- automated install/basic-install.sh | 45 +++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a7f590ab..8f54e440 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1087,19 +1087,42 @@ chooseBlocklists() { # For each choice available, for choice in ${choices} do - # Set the values to true - case ${choice} in - StevenBlack ) echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> "${adlistFile}";; - MalwareDom ) echo "https://mirror1.malwaredomains.com/files/justdomains" >> "${adlistFile}";; - Cameleon ) echo "http://sysctl.org/cameleon/hosts" >> "${adlistFile}";; - ZeusTracker ) echo "https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist" >> "${adlistFile}";; - DisconTrack ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}";; - DisconAd ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}";; - HostsFile ) echo "https://hosts-file.net/ad_servers.txt" >> "${adlistFile}";; - esac + appendToListsFile choice done } +# Accept a string parameter, it must be one of the default lists +# This function allow to not duplicate code in chooseBlocklists and +# in installDefaultBlocklists +appendToListsFile() { + case $1 in + StevenBlack ) echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> "${adlistFile}";; + MalwareDom ) echo "https://mirror1.malwaredomains.com/files/justdomains" >> "${adlistFile}";; + Cameleon ) echo "http://sysctl.org/cameleon/hosts" >> "${adlistFile}";; + ZeusTracker ) echo "https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist" >> "${adlistFile}";; + DisconTrack ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}";; + DisconAd ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}";; + HostsFile ) echo "https://hosts-file.net/ad_servers.txt" >> "${adlistFile}";; + esac +} + +# Used only in unattended setup +# If there is already the adListFile, we keep it, else we create it using all default lists +installDefaultBlocklists() { + # In unattended setup, could be usefull to use userdefined blocklist. + # If this file exists, we avoid to override it. + if [[ -f "${adlistFile}" ]]; then + return; + fi + appendToListsFile StevenBlack + appendToListsFile MalwareDom + appendToListsFile Cameleon + appendToListsFile ZeusTracker + appendToListsFile DisconTrack + appendToListsFile DisconAd + appendToListsFile HostsFile +} + # Check if /etc/dnsmasq.conf is from pi-hole. If so replace with an original and install new in .d directory version_check_dnsmasq() { # Local, named variables @@ -2391,6 +2414,8 @@ main() { # Let the user decide if they want query logging enabled... setLogging else + # Setup adlist file if not exists + installDefaultBlocklists # Source ${setupVars} to use predefined user variables in the functions source ${setupVars} fi From d163e3838070a9d427f1d1240d4059b254da2e14 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Mon, 13 Aug 2018 14:56:38 +1000 Subject: [PATCH 021/103] Ensure regex-blocked lines are red * Add `regex.list` to seds list Signed-off-by: WaLLy3K --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index b444efe7..0f584b15 100755 --- a/pihole +++ b/pihole @@ -303,7 +303,7 @@ tailFunc() { # Colour everything else as gray tail -f /var/log/pihole.log | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \ - -e "s,(.*(gravity.list|black.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(gravity.list|black.list|regex.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 From 6cde066eddebcb0cf069e74386dc673a1c5a883a Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 13 Aug 2018 13:43:14 +0200 Subject: [PATCH 022/103] Have gravity detect the presence of files like gravity.list.bck and update this file if present (assuming blocking is disabled) Signed-off-by: DL6ER --- gravity.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/gravity.sh b/gravity.sh index 026cd4a4..5624b659 100755 --- a/gravity.sh +++ b/gravity.sh @@ -73,6 +73,19 @@ if [[ -r "${piholeDir}/pihole.conf" ]]; then echo -e " ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}" fi +# Determine if Pi-hole blocking is disabled +# If this is the case, we want to update +# gravity.list.bck and black.list.bck instead of +# gravity.list and black.list +detect_pihole_blocking_status() { + if [[ -e "${adList}.bck" ]]; then + adList="${adList}.bck" + fi + if [[ -e "${blackList}.bck" ]]; then + blackList="${blackList}.bck" + fi +} + # Determine if DNS resolution is available before proceeding gravity_CheckDNSResolutionAvailable() { local lookupDomain="pi.hole" @@ -621,6 +634,8 @@ if [[ "${forceDelete:-}" == true ]]; then echo -e "${OVER} ${TICK} ${str}" fi +detect_pihole_blocking_status + # Determine which functions to run if [[ "${skipDownload}" == false ]]; then # Gravity needs to download blocklists From d8abc1d2666d725e58da52bcb2e8191ff7b3b0db Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 13 Aug 2018 13:49:47 +0200 Subject: [PATCH 023/103] Storing BLOCKING=true/false in setupVars.conf Signed-off-by: DL6ER --- pihole | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pihole b/pihole index a4fcadb3..e08e026a 100755 --- a/pihole +++ b/pihole @@ -191,6 +191,8 @@ Time: fi local str="Pi-hole Disabled" + sed -i "/BLOCKING=/d" "${setupVars}" + echo "BLOCKING=true" >> "${setupVars}" fi else # Enable Pi-hole @@ -203,6 +205,8 @@ Time: if [[ -e "${blacklist}" ]]; then mv "${blacklist}.bck" "${blacklist}" fi + sed -i "/BLOCKING=/d" "${setupVars}" + echo "BLOCKING=false" >> "${setupVars}" fi restartDNS reload From b011adc4535c6397ae7e7d198d964be0ab70bc58 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 13 Aug 2018 14:19:59 +0200 Subject: [PATCH 024/103] Use new setupVars BLOCKING variable to determine which file to update via gravity Signed-off-by: DL6ER --- gravity.sh | 7 ++++--- pihole | 5 +++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/gravity.sh b/gravity.sh index 5624b659..3ccd5a5d 100755 --- a/gravity.sh +++ b/gravity.sh @@ -78,11 +78,12 @@ fi # gravity.list.bck and black.list.bck instead of # gravity.list and black.list detect_pihole_blocking_status() { - if [[ -e "${adList}.bck" ]]; then + if [[ "${BLOCKING}" == false ]]; then + echo -e " ${INFO} Pi-hole blocking is disabled" adList="${adList}.bck" - fi - if [[ -e "${blackList}.bck" ]]; then blackList="${blackList}.bck" + else + echo -e " ${INFO} Pi-hole blocking is enabled" fi } diff --git a/pihole b/pihole index e08e026a..8733c4af 100755 --- a/pihole +++ b/pihole @@ -12,6 +12,7 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" readonly gravitylist="/etc/pihole/gravity.list" readonly blacklist="/etc/pihole/black.list" +readonly setupVars="/etc/pihole/setupVars.conf" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" source "${colfile}" @@ -192,7 +193,7 @@ Time: local str="Pi-hole Disabled" sed -i "/BLOCKING=/d" "${setupVars}" - echo "BLOCKING=true" >> "${setupVars}" + echo "BLOCKING=false" >> "${setupVars}" fi else # Enable Pi-hole @@ -206,7 +207,7 @@ Time: mv "${blacklist}.bck" "${blacklist}" fi sed -i "/BLOCKING=/d" "${setupVars}" - echo "BLOCKING=false" >> "${setupVars}" + echo "BLOCKING=true" >> "${setupVars}" fi restartDNS reload From 4e4d6b5d1f7a54c11502d37837bfc8b6afc5fe09 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 13 Aug 2018 15:01:46 +0200 Subject: [PATCH 025/103] Adjust "pihole status" command Signed-off-by: DL6ER --- pihole | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pihole b/pihole index 8733c4af..2fcdbfbb 100755 --- a/pihole +++ b/pihole @@ -268,16 +268,17 @@ statusFunc() { return 0 fi - # Determine if Pi-hole's addn-hosts configs are commented out - addnConfigs=$(grep -i "addn-hosts=/" /etc/dnsmasq.d/01-pihole.conf) + # Determine if Pi-hole's blocking is enabled - if [[ "${addnConfigs}" =~ "#" ]]; then + addnConfigs=$? + + if grep -q "BLOCKING=false" /etc/pihole/setupVars.conf; then # A config is commented out case "${1}" in "web") echo 0;; *) echo -e " ${CROSS} Pi-hole blocking is Disabled";; esac - elif [[ -n "${addnConfigs}" ]]; then + elif grep -q "BLOCKING=true" /etc/pihole/setupVars.conf; then # Configs are set case "${1}" in "web") echo 1;; @@ -289,9 +290,8 @@ statusFunc() { "web") echo 99;; *) echo -e " ${INFO} No hosts file linked to dnsmasq, adding it in enabled state";; esac - # Add addn-host= to dnsmasq - echo "addn-hosts=/etc/pihole/gravity.list" >> /etc/dnsmasq.d/01-pihole.conf - restartDNS + # Enable blocking + pihole enable fi } From 337cc5ca187118e87c0200cede812a2c8f3239d7 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 13 Aug 2018 17:22:10 +0200 Subject: [PATCH 026/103] BLOCKING -> BLOCKING_ENABLED Signed-off-by: DL6ER --- gravity.sh | 2 +- pihole | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/gravity.sh b/gravity.sh index 3ccd5a5d..b5694b76 100755 --- a/gravity.sh +++ b/gravity.sh @@ -78,7 +78,7 @@ fi # gravity.list.bck and black.list.bck instead of # gravity.list and black.list detect_pihole_blocking_status() { - if [[ "${BLOCKING}" == false ]]; then + if [[ "${BLOCKING_ENABLED}" == false ]]; then echo -e " ${INFO} Pi-hole blocking is disabled" adList="${adList}.bck" blackList="${blackList}.bck" diff --git a/pihole b/pihole index 2fcdbfbb..b4e4b0b8 100755 --- a/pihole +++ b/pihole @@ -192,8 +192,8 @@ Time: fi local str="Pi-hole Disabled" - sed -i "/BLOCKING=/d" "${setupVars}" - echo "BLOCKING=false" >> "${setupVars}" + sed -i "/BLOCKING_ENABLED=/d" "${setupVars}" + echo "BLOCKING_ENABLED=false" >> "${setupVars}" fi else # Enable Pi-hole @@ -206,8 +206,8 @@ Time: if [[ -e "${blacklist}" ]]; then mv "${blacklist}.bck" "${blacklist}" fi - sed -i "/BLOCKING=/d" "${setupVars}" - echo "BLOCKING=true" >> "${setupVars}" + sed -i "/BLOCKING_ENABLED=/d" "${setupVars}" + echo "BLOCKING_ENABLED=true" >> "${setupVars}" fi restartDNS reload @@ -272,13 +272,13 @@ statusFunc() { addnConfigs=$? - if grep -q "BLOCKING=false" /etc/pihole/setupVars.conf; then + if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then # A config is commented out case "${1}" in "web") echo 0;; *) echo -e " ${CROSS} Pi-hole blocking is Disabled";; esac - elif grep -q "BLOCKING=true" /etc/pihole/setupVars.conf; then + elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf; then # Configs are set case "${1}" in "web") echo 1;; From f794018e0cb0847b1a65818986c1e72b3c9199d0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 13 Aug 2018 18:17:14 +0200 Subject: [PATCH 027/103] Acknowledge temporary file if disabled for "pihole -b" command Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 87e4ab44..55e07222 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -13,6 +13,10 @@ basename=pihole piholeDir=/etc/"${basename}" whitelist="${piholeDir}"/whitelist.txt blacklist="${piholeDir}"/blacklist.txt +if [[ "${BLOCKING_ENABLED}" == false ]]; then + blacklist="${blacklist}.bck" +fi + readonly regexlist="/etc/pihole/regex.list" reload=false addmode=true From 165affc39b9d787d0e9ab41005a7f8d15d26b840 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 13 Aug 2018 18:53:31 +0200 Subject: [PATCH 028/103] list.sh writes into blacklist.txt not black.list so does not need to account for a possibly changed list location Signed-off-by: DL6ER --- advanced/Scripts/list.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 55e07222..c1d95aae 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -13,9 +13,6 @@ basename=pihole piholeDir=/etc/"${basename}" whitelist="${piholeDir}"/whitelist.txt blacklist="${piholeDir}"/blacklist.txt -if [[ "${BLOCKING_ENABLED}" == false ]]; then - blacklist="${blacklist}.bck" -fi readonly regexlist="/etc/pihole/regex.list" reload=false From 0ebd68f17fe934e0a59967e3e700b58c839e0d57 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 14 Aug 2018 09:55:16 +0200 Subject: [PATCH 029/103] Review comments Signed-off-by: DL6ER --- pihole | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/pihole b/pihole index b4e4b0b8..80b395a9 100755 --- a/pihole +++ b/pihole @@ -203,7 +203,7 @@ Time: if [[ -e "${gravitylist}.bck" ]]; then mv "${gravitylist}.bck" "${gravitylist}" fi - if [[ -e "${blacklist}" ]]; then + if [[ -e "${blacklist}.bck" ]]; then mv "${blacklist}.bck" "${blacklist}" fi sed -i "/BLOCKING_ENABLED=/d" "${setupVars}" @@ -253,8 +253,6 @@ Options: } statusFunc() { - local addnConfigs - # Determine if service is running on port 53 (Cr: https://superuser.com/a/806331) if (echo > /dev/tcp/127.0.0.1/53) >/dev/null 2>&1; then if [[ "${1}" != "web" ]]; then @@ -269,9 +267,6 @@ statusFunc() { fi # Determine if Pi-hole's blocking is enabled - - addnConfigs=$? - if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then # A config is commented out case "${1}" in From ca309d3b282b4cf83051b925046db7239be6ab58 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 14 Aug 2018 13:14:39 +0200 Subject: [PATCH 030/103] Restart pihole-FTL after log flushing to force reloading history. Fixes #2339 Signed-off-by: DL6ER --- advanced/Scripts/piholeLogFlush.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 4847282f..561fbce7 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -58,6 +58,8 @@ else # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1") + # Restart pihole-FTL to force reloading history + sudo pihole restartdns fi if [[ "$@" != *"quiet"* ]]; then From 476fecbcf5b28634a7e3a963697a79f01aa7e159 Mon Sep 17 00:00:00 2001 From: Mirko Tebaldi Date: Tue, 14 Aug 2018 14:59:41 +0200 Subject: [PATCH 031/103] Fixed typos as suggestes Signed-off-by: Realtebo --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 23d8a896..f91d64a7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1109,8 +1109,8 @@ appendToListsFile() { # Used only in unattended setup # If there is already the adListFile, we keep it, else we create it using all default lists installDefaultBlocklists() { - # In unattended setup, could be usefull to use userdefined blocklist. - # If this file exists, we avoid to override it. + # In unattended setup, could be useful to use userdefined blocklist. + # If this file exists, we avoid overriding it. if [[ -f "${adlistFile}" ]]; then return; fi From 0d1b3cee4f96290db52df19e563c3ecad3991850 Mon Sep 17 00:00:00 2001 From: Realtebo Date: Thu, 16 Aug 2018 17:52:47 +0200 Subject: [PATCH 032/103] Enable FTL service before starting it Signed-off-by: Realtebo --- automated install/basic-install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f91d64a7..9f596b45 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2483,9 +2483,12 @@ main() { echo -e " ${INFO} Restarting services..." # Start services - # Enable FTL - start_service pihole-FTL + # Enable FTL + # Ensure the service is enabled before trying to start it + # Fixes a problem reported on Ubuntu 18.04 where trying to start + # the service before enabling causes installer to exit enable_service pihole-FTL + start_service pihole-FTL # Download and compile the aggregated block list runGravity From d30b565d98149dfa68b84cf8b2756cf548a296e2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 19 Aug 2018 13:53:34 +0200 Subject: [PATCH 033/103] Touch dhcp.leases to ensure it exists. There are some systems out there where the installer didn't finish on the first run and some users don't have this file being created. Although /etc/pihole should be owned by pihole:pihole, pihole-FTL sometimes fails to open this file and - if this is the case and DHCP is enabled - refuses to start altogether. Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index ecc7a52a..04fae69a 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -26,13 +26,16 @@ start() { if is_running; then echo "pihole-FTL is already running" else - touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + touch /var/log/pihole-FTL.log /var/log/pihole.log + touch /run/pihole-FTL.pid /run/pihole-FTL.port + touch /etc/pihole/dhcp.leases mkdir -p /var/run/pihole mkdir -p /var/log/pihole chown pihole:pihole /var/run/pihole /var/log/pihole rm /var/run/pihole/FTL.sock 2> /dev/null - chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port - chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log + chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port + chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases + chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)" echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL @@ -78,7 +81,7 @@ status() { echo "[ ] pihole-FTL is not running" exit 1 fi -} +} ### main logic ### From 5cd3b11391b719f18313f614a062d29a5e702752 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 19 Aug 2018 14:32:19 +0200 Subject: [PATCH 034/103] Start pihole-FTL as root if capabilities are not supported by the system Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index ecc7a52a..266ecd3e 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -34,9 +34,13 @@ start() { chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log - setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)" echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL - su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"; then + su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" + else + echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" + pihole-FTL + fi echo fi } @@ -78,7 +82,7 @@ status() { echo "[ ] pihole-FTL is not running" exit 1 fi -} +} ### main logic ### From ec2426b24d9e82a3f507b624b232f867f096e3f8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 19 Aug 2018 19:55:47 +0200 Subject: [PATCH 035/103] Add clarifying comments Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 04fae69a..14205fe7 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -26,6 +26,7 @@ start() { if is_running; then echo "pihole-FTL is already running" else + # Touch files to ensure they exist (create if non-existing, preserve if existing) touch /var/log/pihole-FTL.log /var/log/pihole.log touch /run/pihole-FTL.pid /run/pihole-FTL.port touch /etc/pihole/dhcp.leases @@ -33,6 +34,7 @@ start() { mkdir -p /var/log/pihole chown pihole:pihole /var/run/pihole /var/log/pihole rm /var/run/pihole/FTL.sock 2> /dev/null + # Ensure that permissions are set so that pihole-FTL can edit all necessary files chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log From 28c6b1393fbabf5cd375a7a01c33523d00f48d17 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 20 Aug 2018 22:52:22 +0200 Subject: [PATCH 036/103] Backup existing /etc/dnsmasq.conf if present and ensure that /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d" Signed-off-by: DL6ER --- automated install/basic-install.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9f596b45..37077a36 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1092,7 +1092,7 @@ chooseBlocklists() { } # Accept a string parameter, it must be one of the default lists -# This function allow to not duplicate code in chooseBlocklists and +# This function allow to not duplicate code in chooseBlocklists and # in installDefaultBlocklists appendToListsFile() { case $1 in @@ -1113,7 +1113,7 @@ installDefaultBlocklists() { # If this file exists, we avoid overriding it. if [[ -f "${adlistFile}" ]]; then return; - fi + fi appendToListsFile StevenBlack appendToListsFile MalwareDom appendToListsFile Cameleon @@ -2109,12 +2109,14 @@ FTLinstall() { fi fi - #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d` - confdir="conf-dir=/etc/dnsmasq.d" - conffile="/etc/dnsmasq.conf" - if ! grep -q "$confdir" "$conffile"; then - echo "$confdir" >> "$conffile" + # Backup existing /etc/dnsmasq.conf if present and ensure that + # /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d" + local conffile="/etc/dnsmasq.conf" + if [[ -f "${conffile}" ]]; then + mv "${conffile}" "${conffile}.old" fi + # Create /etc/dnsmasq.conf + echo "conf-dir=/etc/dnsmasq.d" > "${conffile}" return 0 # Otherwise, @@ -2483,7 +2485,7 @@ main() { echo -e " ${INFO} Restarting services..." # Start services - # Enable FTL + # Enable FTL # Ensure the service is enabled before trying to start it # Fixes a problem reported on Ubuntu 18.04 where trying to start # the service before enabling causes installer to exit From 1dca1efbc6df3d31ebf4e9ba13beedade074a8b9 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 20 Aug 2018 23:11:23 +0200 Subject: [PATCH 037/103] Don't use extra query logging Signed-off-by: DL6ER --- advanced/01-pihole.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index 85d260b2..f7b78ab0 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -39,7 +39,7 @@ interface=@INT@ cache-size=10000 -log-queries=extra +log-queries log-facility=/var/log/pihole.log local-ttl=2 From f141b9f778065a60cac0e313987b19dca934c81d Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 20 Aug 2018 17:36:16 -0400 Subject: [PATCH 038/103] Add support for privacy level 4 Signed-off-by: Mcat12 --- advanced/Scripts/webpage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 0d4cab90..cba7af00 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -541,8 +541,8 @@ clearAudit() } SetPrivacyLevel() { - # Set privacy level. Minimum is 0, maximum is 3 - if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then + # Set privacy level. Minimum is 0, maximum is 4 + if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 4 ]; then changeFTLsetting "PRIVACYLEVEL" "${args[2]}" fi } From 4aafa8cf4797711d982958427bb0105946923d4a Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 20 Aug 2018 19:04:58 -0400 Subject: [PATCH 039/103] Set the FTL privacy level during install Signed-off-by: Mcat12 --- automated install/basic-install.sh | 57 ++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9f596b45..f8da68ab 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -59,6 +59,7 @@ IPV6_ADDRESS="" # By default, query logging is enabled and the dashboard is set to be installed QUERY_LOGGING=true INSTALL_WEB_INTERFACE=true +PRIVACY_LEVEL=0 if [ -z "${USER}" ]; then USER="$(id -un)" @@ -1015,6 +1016,47 @@ setLogging() { esac } +# Allow the user to set their FTL privacy level +setPrivacyLevel() { + local LevelCommand + local LevelOptions + local LevelChoice + + LevelCommand=(whiptail --separate-output --radiolist "Select a privacy mode for FTL." "${r}" "${c}" 6) + + # The default selection is level 0 + LevelOptions=( + "0 - Show everything" on + "1 - Hide domains" off + "2 - Hide domains and clients" off + "3 - Anonymous mode" off + "4 - Disabled statistics" off + ) + + # Get the user's choice + LevelChoice=$("${LevelCommand[@]}" "${LevelOptions[@]}" 2>&1 >/dev/tty) || (echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}" && exit 1) + + case "${LevelChoice}" in + "0 - Show everything") + PRIVACY_LEVEL=0 + ;; + "1 - Hide domains") + PRIVACY_LEVEL=1 + ;; + "2 - Hide domains and clients") + PRIVACY_LEVEL=2 + ;; + "3 - Anonymous mode") + PRIVACY_LEVEL=3 + ;; + "4 - Disabled statistics") + PRIVACY_LEVEL=4 + ;; + esac + + echo -en " ${INFO} Privacy level ${PRIVACY_LEVEL}" +} + # Function to ask the user if they want to install the dashboard setAdminFlag() { # Local, named variables @@ -1718,6 +1760,10 @@ finalExports() { echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" }>> "${setupVars}" + # Set the privacy level + sed -i '/PRIVACYLEVEL/d' "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" + echo "PRIVACYLEVEL=${PRIVACY_LEVEL}" >> "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" + # Bring in the current settings and the functions to manipulate them source "${setupVars}" source "${PI_HOLE_LOCAL_REPO}/advanced/Scripts/webpage.sh" @@ -2413,11 +2459,22 @@ main() { setAdminFlag # Let the user decide if they want query logging enabled... setLogging + # Let the user decide the FTL privacy level + setPrivacyLevel else # Setup adlist file if not exists installDefaultBlocklists + # Source ${setupVars} to use predefined user variables in the functions source ${setupVars} + + # Get the privacy level if it exists (default is 0) + if [[ -f "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" ]]; then + PRIVACY_LEVEL=$(sed -ne 's/PRIVACYLEVEL=\(.*\)/\1/p' "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf") + + # If no setting was found, default to 0 + PRIVACY_LEVEL="${PRIVACY_LEVEL:-0}" + fi fi # Clone/Update the repos clone_or_update_repos From c22e94c9c736e48cad889fad8ce656a91012a59d Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 20 Aug 2018 19:33:15 -0400 Subject: [PATCH 040/103] Update test to include empty FTL config The installer ensures that an FTL config will exist, and creates an empty file if it doesn't. Signed-off-by: Mcat12 --- test/test_automated_install.py | 1 + 1 file changed, 1 insertion(+) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 2cded451..a2593d83 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -81,6 +81,7 @@ def test_setupVars_saved_to_file(Pihole): {} mkdir -p /etc/dnsmasq.d version_check_dnsmasq + echo "" > /etc/pihole/pihole-FTL.conf finalExports cat /etc/pihole/setupVars.conf '''.format(set_setup_vars)) From 6a26a05dbf1a0dcc576e61946a83b0069b59d27a Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 20 Aug 2018 19:40:43 -0400 Subject: [PATCH 041/103] Fix privacy level whiptail option format Signed-off-by: Mcat12 --- automated install/basic-install.sh | 31 ++++++------------------------ 1 file changed, 6 insertions(+), 25 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f8da68ab..e255fd7e 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1020,39 +1020,20 @@ setLogging() { setPrivacyLevel() { local LevelCommand local LevelOptions - local LevelChoice LevelCommand=(whiptail --separate-output --radiolist "Select a privacy mode for FTL." "${r}" "${c}" 6) # The default selection is level 0 LevelOptions=( - "0 - Show everything" on - "1 - Hide domains" off - "2 - Hide domains and clients" off - "3 - Anonymous mode" off - "4 - Disabled statistics" off + "0" "Show everything" on + "1" "Hide domains" off + "2" "Hide domains and clients" off + "3" "Anonymous mode" off + "4" "Disabled statistics" off ) # Get the user's choice - LevelChoice=$("${LevelCommand[@]}" "${LevelOptions[@]}" 2>&1 >/dev/tty) || (echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}" && exit 1) - - case "${LevelChoice}" in - "0 - Show everything") - PRIVACY_LEVEL=0 - ;; - "1 - Hide domains") - PRIVACY_LEVEL=1 - ;; - "2 - Hide domains and clients") - PRIVACY_LEVEL=2 - ;; - "3 - Anonymous mode") - PRIVACY_LEVEL=3 - ;; - "4 - Disabled statistics") - PRIVACY_LEVEL=4 - ;; - esac + PRIVACY_LEVEL=$("${LevelCommand[@]}" "${LevelOptions[@]}" 2>&1 >/dev/tty) || (echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}" && exit 1) echo -en " ${INFO} Privacy level ${PRIVACY_LEVEL}" } From 5d0d7336ff9b6791ba1dd3b28f435ce8900a9102 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 20 Aug 2018 20:21:03 -0400 Subject: [PATCH 042/103] Echo with newline when setting privacy level Signed-off-by: Mcat12 --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e255fd7e..d339c271 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1035,7 +1035,7 @@ setPrivacyLevel() { # Get the user's choice PRIVACY_LEVEL=$("${LevelCommand[@]}" "${LevelOptions[@]}" 2>&1 >/dev/tty) || (echo -e " ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}" && exit 1) - echo -en " ${INFO} Privacy level ${PRIVACY_LEVEL}" + echo -e " ${INFO} Privacy level ${PRIVACY_LEVEL}" } # Function to ask the user if they want to install the dashboard From 1813c25117c828e36b1c3398c41e2546718a2b6f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 21 Aug 2018 13:07:23 +0200 Subject: [PATCH 043/103] If config file was backed up: Print info message Signed-off-by: DL6ER --- automated install/basic-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 37077a36..a08bb3e3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2113,6 +2113,7 @@ FTLinstall() { # /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d" local conffile="/etc/dnsmasq.conf" if [[ -f "${conffile}" ]]; then + echo " ${INFO} Backing up ${conffile} to ${conffile}.old" mv "${conffile}" "${conffile}.old" fi # Create /etc/dnsmasq.conf From 048e5bb9a2bbad4fdf603e9d124b1db5e53a4d44 Mon Sep 17 00:00:00 2001 From: Patrik Cyvoct Date: Wed, 22 Aug 2018 09:11:55 +0200 Subject: [PATCH 044/103] Remove external ipv6 brackets if any in servername Signed-off-by: Patrik Cyvoct --- advanced/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/index.php b/advanced/index.php index cad59ec7..f104bcf6 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -8,6 +8,8 @@ // Sanitise HTTP_HOST output $serverName = htmlspecialchars($_SERVER["HTTP_HOST"]); +// Remove external ipv6 brackets if any +$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName); if (!is_file("/etc/pihole/setupVars.conf")) die("[ERROR] File not found: /etc/pihole/setupVars.conf"); From 45bf4b02e7e96708e7d4cf5a5cd97b9a0ca8c294 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 27 Aug 2018 16:51:33 +0200 Subject: [PATCH 045/103] Ensure that when pihole-FTL is launched as user root, it will drop permissions as soon as this is possible. We tell pihole-FTL to change UID/GID to pihole:pihole instead of the default nobody:nogroup. This default causes conflicts with our SQLite3 database. See that corresponding pull request for further details. Signed-off-by: DL6ER --- advanced/01-pihole.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index f7b78ab0..d86b660f 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -24,6 +24,9 @@ addn-hosts=/etc/pihole/gravity.list addn-hosts=/etc/pihole/black.list addn-hosts=/etc/pihole/local.list +user=pihole +group=pihole + domain-needed localise-queries From 24b4aabae95397fd8521ac804ff87c5ec3ff1338 Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 29 Aug 2018 20:45:20 -0600 Subject: [PATCH 046/103] allow installer to continue with additional rpm based distros - FedBerry (Fedora based ARM image) - Scientific Linux (CentOS based) - Add prompt to continue installing on unsupported RPM based distros Signed-off-by: bcambl --- automated install/basic-install.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a08bb3e3..6b8274be 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -244,17 +244,17 @@ elif command -v rpm &> /dev/null; then LIGHTTPD_GROUP="lighttpd" LIGHTTPD_CFG="lighttpd.conf.fedora" # If the host OS is Fedora, - if grep -qi 'fedora' /etc/redhat-release; then + if grep -qiE 'fedora|fedberry' /etc/redhat-release; then # all required packages should be available by default with the latest fedora release # ensure 'php-json' is installed on Fedora (installed as dependency on CentOS7 + Remi repository) PIHOLE_WEB_DEPS+=('php-json') # or if host OS is CentOS, - elif grep -qi 'centos' /etc/redhat-release; then + elif grep -qiE 'centos|scientific' /etc/redhat-release; then # Pi-Hole currently supports CentOS 7+ with PHP7+ SUPPORTED_CENTOS_VERSION=7 SUPPORTED_CENTOS_PHP_VERSION=7 # Check current CentOS major release version - CURRENT_CENTOS_VERSION=$(rpm -q --queryformat '%{VERSION}' centos-release) + CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.)' /etc/redhat-release) # Check if CentOS version is supported if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then echo -e " ${CROSS} CentOS $CURRENT_CENTOS_VERSION is not suported." @@ -305,13 +305,15 @@ elif command -v rpm &> /dev/null; then fi fi else - # If not a supported version of Fedora or CentOS, - echo -e " ${CROSS} Unsupported RPM based distribution" - # exit the installer - exit + # Warn user of unsupported version of Fedora or CentOS + if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" ${r} ${c}; then + exit # exit the installer + else + : # continue with unsupported RPM distribution + fi fi -# If neither apt-get or rmp/dnf are found +# If neither apt-get or yum/dnf are found else # it's not an OS we can support, echo -e " ${CROSS} OS distribution not supported" From 6f8e8e98bbc4db871e14ed4a44c8ff7756c35121 Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 29 Aug 2018 22:16:11 -0600 Subject: [PATCH 047/103] update centos version check test Signed-off-by: bcambl --- automated install/basic-install.sh | 2 +- test/test_centos_fedora_support.py | 13 +++---------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6b8274be..53a01b9d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -257,7 +257,7 @@ elif command -v rpm &> /dev/null; then CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.)' /etc/redhat-release) # Check if CentOS version is supported if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then - echo -e " ${CROSS} CentOS $CURRENT_CENTOS_VERSION is not suported." + echo -e " ${CROSS} CentOS $CURRENT_CENTOS_VERSION is not supported." echo -e " Please update to CentOS release $SUPPORTED_CENTOS_VERSION or later" # exit the installer exit diff --git a/test/test_centos_fedora_support.py b/test/test_centos_fedora_support.py index 8318e44a..df53d73f 100644 --- a/test/test_centos_fedora_support.py +++ b/test/test_centos_fedora_support.py @@ -31,20 +31,13 @@ def test_release_supported_version_check_centos(Pihole): ''' confirms installer exits on unsupported releases of CentOS ''' - # mock CentOS release < 7 (unsupported) - mock_command_2( - 'rpm', - {"-q --queryformat '%{VERSION}' centos-release'": ( - '5', - '0' - )}, - Pihole - ) + # modify /etc/redhat-release to mock an unsupported CentOS release + Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release') distro_check = Pihole.run(''' source /opt/pihole/basic-install.sh distro_check ''') - expected_stdout = cross_box + (' CentOS is not suported.') + expected_stdout = cross_box + (' CentOS 6 is not supported.') assert expected_stdout in distro_check.stdout expected_stdout = 'Please update to CentOS release 7 or later' assert expected_stdout in distro_check.stdout From f20e4ddf3bc62effe28e9b3c0d79b07301158a01 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 30 Aug 2018 22:28:15 +0200 Subject: [PATCH 048/103] Change message for unknown state to something more useful Signed-off-by: DL6ER --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 8a9cd2f3..4f76c98d 100755 --- a/pihole +++ b/pihole @@ -283,7 +283,7 @@ statusFunc() { # No configs were found case "${1}" in "web") echo 99;; - *) echo -e " ${INFO} No hosts file linked to dnsmasq, adding it in enabled state";; + *) echo -e " ${INFO} Pi-hole blocking will be enabled";; esac # Enable blocking pihole enable From c58e3acc78bcd4845fcd31ac780d019e623e8983 Mon Sep 17 00:00:00 2001 From: bcambl Date: Fri, 31 Aug 2018 10:04:52 -0600 Subject: [PATCH 049/103] add unsupported RPM distro warnings Signed-off-by: bcambl --- automated install/basic-install.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 53a01b9d..b5221fc3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -307,13 +307,14 @@ elif command -v rpm &> /dev/null; then else # Warn user of unsupported version of Fedora or CentOS if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" ${r} ${c}; then + echo -e " ${CROSS} Aborting installation due to unsupported RPM based distribution" exit # exit the installer else - : # continue with unsupported RPM distribution + echo -e " ${INFO} Continuing installation with unsupported RPM based distribution" fi fi -# If neither apt-get or yum/dnf are found +# If neither apt-get or yum/dnf package managers were found else # it's not an OS we can support, echo -e " ${CROSS} OS distribution not supported" From c976bbcfd238d7735059065f395b34731cb43b6d Mon Sep 17 00:00:00 2001 From: Mark Drobnak Date: Sat, 1 Sep 2018 22:11:45 -0400 Subject: [PATCH 050/103] Fix checkout error due to readonly variable Signed-off-by: Mark Drobnak --- pihole | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pihole b/pihole index 4f76c98d..0d6a45ce 100755 --- a/pihole +++ b/pihole @@ -12,7 +12,12 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" readonly gravitylist="/etc/pihole/gravity.list" readonly blacklist="/etc/pihole/black.list" -readonly setupVars="/etc/pihole/setupVars.conf" + +# setupVars is not readonly here because in some funcitons (checkout), +# it might get set again when the installer is sourced. This causes an +# error due to modifying a readonly variable. +setupVars="/etc/pihole/setupVars.conf" + readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" source "${colfile}" From 3cea1bd423c9d3bec1edff0bb6e4706c2e78b369 Mon Sep 17 00:00:00 2001 From: Mark Drobnak Date: Fri, 7 Sep 2018 12:09:37 -0400 Subject: [PATCH 051/103] Fix lighttpd v1.4.50 crashing on startup It has a bug/regression causing it to fail if external.conf does not exist, so touch external.conf when installing lighttpd config Signed-off-by: Mark Drobnak --- automated install/basic-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b5221fc3..60a32960 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1290,6 +1290,8 @@ installConfigs() { fi # and copy in the config file Pi-hole needs cp ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf + # Make sure the external.conf file exists, as lighttpd v1.4.50 crashes without it + touch /etc/lighttpd/external.conf # if there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config if [[ -f "/var/www/html/pihole/custom.php" ]]; then sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' /etc/lighttpd/lighttpd.conf From dac27f1f181f0c107ed623ca17e946fc9aafc045 Mon Sep 17 00:00:00 2001 From: Mark Drobnak Date: Sun, 9 Sep 2018 15:12:48 -0400 Subject: [PATCH 052/103] Only get the first gateway for chronometer Signed-off-by: Mark Drobnak --- advanced/Scripts/chronometer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 2a942df6..fe531513 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -243,7 +243,7 @@ get_sys_stats() { disk_total="${disk_raw[1]}" disk_perc="${disk_raw[2]}" - net_gateway=$(ip route | grep default | cut -d ' ' -f 3) + net_gateway=$(ip route | grep default | cut -d ' ' -f 3 | head -n 1) # Get DHCP stats, if feature is enabled if [[ "$DHCP_ACTIVE" == "true" ]]; then From 3c36c22ca89d74fc8dbcca901a0b0de53858edd7 Mon Sep 17 00:00:00 2001 From: Stuart Skelton Date: Mon, 10 Sep 2018 20:16:23 +0100 Subject: [PATCH 053/103] Remove Norton Connect Safe as its EOL 2018-11-15 Signed-off-by: Stuart Skelton --- automated install/basic-install.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 10e43b6c..da096e95 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -858,7 +858,6 @@ setDNS() { DNSChooseOptions=(Google "" OpenDNS "" Level3 "" - Norton "" Comodo "" DNSWatch "" Quad9 "" @@ -890,11 +889,6 @@ setDNS() { PIHOLE_DNS_1="4.2.2.1" PIHOLE_DNS_2="4.2.2.2" ;; - Norton) - echo "Norton ConnectSafe servers" - PIHOLE_DNS_1="199.85.126.10" - PIHOLE_DNS_2="199.85.127.10" - ;; Comodo) echo "Comodo Secure servers" PIHOLE_DNS_1="8.26.56.26" From 8684356b4486f77bc7c49dd5e08620d2a20aa975 Mon Sep 17 00:00:00 2001 From: mrmajik45 <35823544+mrmajik45@users.noreply.github.com> Date: Wed, 26 Sep 2018 10:31:44 -0400 Subject: [PATCH 054/103] read without -r will mangle backslashes. --- advanced/Scripts/webpage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index c3dede05..283e60d5 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -110,7 +110,7 @@ SetWebPassword() { # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed. # So we reset the terminal via stty if the user does press Ctrl+C trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT - read -s -p "Enter New Password (Blank for no password): " PASSWORD + read -s -p -r "Enter New Password (Blank for no password): " PASSWORD echo "" if [ "${PASSWORD}" == "" ]; then @@ -119,7 +119,7 @@ SetWebPassword() { exit 0 fi - read -s -p "Confirm Password: " CONFIRM + read -s -p -r "Confirm Password: " CONFIRM echo "" fi From 00f98543ad6835527fd170d535fe6d295bdae69a Mon Sep 17 00:00:00 2001 From: mrmajik45 <35823544+mrmajik45@users.noreply.github.com> Date: Wed, 26 Sep 2018 10:32:22 -0400 Subject: [PATCH 055/103] read without -r will mangle backslashes. --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index b8377f73..4ef0e935 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -907,7 +907,7 @@ parse_file() { #shellcheck disable=SC2016 IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )' else - read -a file_info <<< $filename + read -a -r file_info <<< $filename fi # Set a named variable for better readability local file_lines From 24e1dc92ba72a991d5c38fce6d28012dc6234fe9 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Fri, 28 Sep 2018 10:34:49 +1000 Subject: [PATCH 056/103] Resolve issue #2428 Signed-off-by: WaLLy3K --- advanced/Scripts/chronometer.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index fe531513..7c2d8b52 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -8,6 +8,7 @@ # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. +LC_ALL=C LC_NUMERIC=C # Retrieve stats from FTL engine From c338eab3c634e2e3218d4eee3a4d084b2c8f8af3 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 28 Sep 2018 11:11:30 +0200 Subject: [PATCH 057/103] According to the PHP documentation, PHP 7.0.0+ does not longer recognize hash marks (#) as comments. As FTL has been trained to understand PHP-style (comment lines start with ";") as well, we switch to using them. Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.conf | 140 ++++++++++++++--------------- 1 file changed, 70 insertions(+), 70 deletions(-) diff --git a/advanced/Templates/pihole-FTL.conf b/advanced/Templates/pihole-FTL.conf index 03f42932..03f68c79 100644 --- a/advanced/Templates/pihole-FTL.conf +++ b/advanced/Templates/pihole-FTL.conf @@ -1,84 +1,84 @@ -### This file contains parameters for FTL behavior. -### At install, all parameters are commented out. The user can select desired options. -### Options shown are the default configuration. No modification is needed for most -### installations. -### Visit https://docs.pi-hole.net/ftldns/configfile/ for more detailed parameter explanations +;;; This file contains parameters for FTL behavior. +;;; At install, all parameters are commented out. The user can select desired options. +;;; Options shown are the default configuration. No modification is needed for most +;;; installations. +;;; Visit https://docs.pi-hole.net/ftldns/configfile/ for more detailed parameter explanations -## Socket Listening -## Listen only for local socket connections or permit all connections -## Options: localonly, all -#SOCKET_LISTENING=localonly +;; Socket Listening +;; Listen only for local socket connections or permit all connections +;; Options: localonly, all +;SOCKET_LISTENING=localonly -## Query Display -## Display all queries? Set to no to hide query display -## Options: yes, no -#QUERY_DISPLAY=yes +;; Query Display +;; Display all queries? Set to no to hide query display +;; Options: yes, no +;QUERY_DISPLAY=yes -## AAA Query Analysis -## Allow FTL to analyze AAAA queries from pihole.log? -## Options: yes, no -#AAAA_QUERY_ANALYSIS=yes +;; AAA Query Analysis +;; Allow FTL to analyze AAAA queries from pihole.log? +;; Options: yes, no +;AAAA_QUERY_ANALYSIS=yes -## Resolve IPv6 -## Should FTL try to resolve IPv6 addresses to host names? -## Options: yes, no -#RESOLVE_IPV6=yes +;; Resolve IPv6 +;; Should FTL try to resolve IPv6 addresses to host names? +;; Options: yes, no +;RESOLVE_IPV6=yes -## Resolve IPv4 -## Should FTL try to resolve IPv4 addresses to host names? -## Options: yes, no -#RESOLVE_IPV4=yes +;; Resolve IPv4 +;; Should FTL try to resolve IPv4 addresses to host names? +;; Options: yes, no +;RESOLVE_IPV4=yes -## Max Database Days -## How long should queries be stored in the database (days)? -## Setting this to 0 disables the database -## See: https://docs.pi-hole.net/ftldns/database/ -## Options: number of days -#MAXDBDAYS=365 +;; Max Database Days +;; How long should queries be stored in the database (days)? +;; Setting this to 0 disables the database +;; See: https://docs.pi-hole.net/ftldns/database/ +;; Options: number of days +;MAXDBDAYS=365 -## Database Interval -## How often do we store queries in FTL's database (minutes)? -## See: https://docs.pi-hole.net/ftldns/database/ -## Options: number of minutes -#DBINTERVAL=1.0 +;; Database Interval +;; How often do we store queries in FTL's database (minutes)? +;; See: https://docs.pi-hole.net/ftldns/database/ +;; Options: number of minutes +;DBINTERVAL=1.0 -## Database File -## Specify path and filename of FTL's SQLite3 long-term database. -## Setting this to DBFILE= disables the database altogether -## See: https://docs.pi-hole.net/ftldns/database/ -## Option: path to db file -#DBFILE=/etc/pihole/pihole-FTL.db +;; Database File +;; Specify path and filename of FTL's SQLite3 long-term database. +;; Setting this to DBFILE= disables the database altogether +;; See: https://docs.pi-hole.net/ftldns/database/ +;; Option: path to db file +;DBFILE=/etc/pihole/pihole-FTL.db -## Max Log Age -## Up to how many hours of queries should be imported from the database and logs (hours)? -## Maximum is 744 (31 days) -## Options: number of days -#MAXLOGAGE=24.0 +;; Max Log Age +;; Up to how many hours of queries should be imported from the database and logs (hours)? +;; Maximum is 744 (31 days) +;; Options: number of days +;MAXLOGAGE=24.0 -## FTL Port -## On which port should FTL be listening? -## Options: tcp port -#FTLPORT=4711 +;; FTL Port +;; On which port should FTL be listening? +;; Options: tcp port +;FTLPORT=4711 -## Privacy Level -## Which privacy level is used? -## See: https://docs.pi-hole.net/ftldns/privacylevels/ -## Options: 0, 1, 2, 3 -#PRIVACYLEVEL=0 +;; Privacy Level +;; Which privacy level is used? +;; See: https://docs.pi-hole.net/ftldns/privacylevels/ +;; Options: 0, 1, 2, 3 +;PRIVACYLEVEL=0 -## Ignore Localhost -## Should FTL ignore queries coming from the local machine? -## Options: yes, no -#IGNORE_LOCALHOST=no +;; Ignore Localhost +;; Should FTL ignore queries coming from the local machine? +;; Options: yes, no +;IGNORE_LOCALHOST=no -## Blocking Mode -## How should FTL reply to blocked queries? -## See: https://docs.pi-hole.net/ftldns/blockingmode/ -## Options: NULL, IP-AAAA-NODATA, IP, NXDOMAIN -#BLOCKINGMODE=NULL +;; Blocking Mode +;; How should FTL reply to blocked queries? +;; See: https://docs.pi-hole.net/ftldns/blockingmode/ +;; Options: NULL, IP-AAAA-NODATA, IP, NXDOMAIN +;BLOCKINGMODE=NULL -## Regex Debug Mode -## Controls if FTLDNS should print extended details about regex matching into pihole-FTL.log. -## See: https://docs.pi-hole.net/ftldns/regex/overview/ -## Options: true, false -#REGEX_DEBUGMODE=false +;; Regex Debug Mode +;; Controls if FTLDNS should print extended details about regex matching into pihole-FTL.log. +;; See: https://docs.pi-hole.net/ftldns/regex/overview/ +;; Options: true, false +;REGEX_DEBUGMODE=false From b043000044424bf8a5676839ebf7944fa194434f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 28 Sep 2018 12:08:39 +0200 Subject: [PATCH 058/103] Improve template by removing it. PHP cannot digest comments starting in "#" as of v7.0.0 Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.conf | 84 ------------------------------ 1 file changed, 84 deletions(-) delete mode 100644 advanced/Templates/pihole-FTL.conf diff --git a/advanced/Templates/pihole-FTL.conf b/advanced/Templates/pihole-FTL.conf deleted file mode 100644 index 03f68c79..00000000 --- a/advanced/Templates/pihole-FTL.conf +++ /dev/null @@ -1,84 +0,0 @@ -;;; This file contains parameters for FTL behavior. -;;; At install, all parameters are commented out. The user can select desired options. -;;; Options shown are the default configuration. No modification is needed for most -;;; installations. -;;; Visit https://docs.pi-hole.net/ftldns/configfile/ for more detailed parameter explanations - -;; Socket Listening -;; Listen only for local socket connections or permit all connections -;; Options: localonly, all -;SOCKET_LISTENING=localonly - -;; Query Display -;; Display all queries? Set to no to hide query display -;; Options: yes, no -;QUERY_DISPLAY=yes - -;; AAA Query Analysis -;; Allow FTL to analyze AAAA queries from pihole.log? -;; Options: yes, no -;AAAA_QUERY_ANALYSIS=yes - -;; Resolve IPv6 -;; Should FTL try to resolve IPv6 addresses to host names? -;; Options: yes, no -;RESOLVE_IPV6=yes - -;; Resolve IPv4 -;; Should FTL try to resolve IPv4 addresses to host names? -;; Options: yes, no -;RESOLVE_IPV4=yes - -;; Max Database Days -;; How long should queries be stored in the database (days)? -;; Setting this to 0 disables the database -;; See: https://docs.pi-hole.net/ftldns/database/ -;; Options: number of days -;MAXDBDAYS=365 - -;; Database Interval -;; How often do we store queries in FTL's database (minutes)? -;; See: https://docs.pi-hole.net/ftldns/database/ -;; Options: number of minutes -;DBINTERVAL=1.0 - -;; Database File -;; Specify path and filename of FTL's SQLite3 long-term database. -;; Setting this to DBFILE= disables the database altogether -;; See: https://docs.pi-hole.net/ftldns/database/ -;; Option: path to db file -;DBFILE=/etc/pihole/pihole-FTL.db - -;; Max Log Age -;; Up to how many hours of queries should be imported from the database and logs (hours)? -;; Maximum is 744 (31 days) -;; Options: number of days -;MAXLOGAGE=24.0 - -;; FTL Port -;; On which port should FTL be listening? -;; Options: tcp port -;FTLPORT=4711 - -;; Privacy Level -;; Which privacy level is used? -;; See: https://docs.pi-hole.net/ftldns/privacylevels/ -;; Options: 0, 1, 2, 3 -;PRIVACYLEVEL=0 - -;; Ignore Localhost -;; Should FTL ignore queries coming from the local machine? -;; Options: yes, no -;IGNORE_LOCALHOST=no - -;; Blocking Mode -;; How should FTL reply to blocked queries? -;; See: https://docs.pi-hole.net/ftldns/blockingmode/ -;; Options: NULL, IP-AAAA-NODATA, IP, NXDOMAIN -;BLOCKINGMODE=NULL - -;; Regex Debug Mode -;; Controls if FTLDNS should print extended details about regex matching into pihole-FTL.log. -;; See: https://docs.pi-hole.net/ftldns/regex/overview/ -;; Options: true, false -;REGEX_DEBUGMODE=false From 0f509f4a34f103730a79e5225cea8d4a4762d357 Mon Sep 17 00:00:00 2001 From: mrmajik45 <35823544+mrmajik45@users.noreply.github.com> Date: Fri, 28 Sep 2018 17:22:31 -0400 Subject: [PATCH 059/103] Update piholeDebug.sh --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 4ef0e935..022265fd 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -907,7 +907,7 @@ parse_file() { #shellcheck disable=SC2016 IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )' else - read -a -r file_info <<< $filename + read -a -r file_info <<< "$filename" fi # Set a named variable for better readability local file_lines From 7d78f6314ac875c1560dc3e868cde0a72e8b03a6 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 30 Sep 2018 19:41:04 +0100 Subject: [PATCH 060/103] Source Setupvars file and only check local/remote Web branch/version if the web interface is installed. Signed-off-by: Adam Warner --- advanced/Scripts/updatecheck.sh | 40 ++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 767c5461..b8cd9654 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -37,30 +37,54 @@ function get_local_version() { git describe --long --dirty --tags || return 1 } +# Source the setupvars config file +. /etc/pihole/setupVars.conf + if [[ "$2" == "remote" ]]; then if [[ "$3" == "reboot" ]]; then sleep 30 fi + GITHUB_VERSION_FILE="/etc/pihole/GitHubVersions" + GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")" - GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" - GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")" + echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}" - echo -n "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions" + if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then + GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" + echo -n " ${GITHUB_WEB_VERSION}" > "${GITHUB_VERSION_FILE}" + fi + + GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")" + echo -n " ${GITHUB_FTL_VERSION}" > "${GITHUB_VERSION_FILE}" else + LOCAL_BRANCH_FILE="/etc/pihole/localbranches" + CORE_BRANCH="$(get_local_branch /etc/.pihole)" - WEB_BRANCH="$(get_local_branch /var/www/html/admin)" + echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}" + + if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then + WEB_BRANCH="$(get_local_branch /var/www/html/admin)" + echo -n " ${WEB_BRANCH}" > "${LOCAL_BRANCH_FILE}" + fi + FTL_BRANCH="$(pihole-FTL branch)" + echo -n " ${FTL_BRANCH}" > "${LOCAL_BRANCH_FILE}" - echo -n "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches" + LOCAL_VERSION_FILE="/etc/pihole/localversions" CORE_VERSION="$(get_local_version /etc/.pihole)" - WEB_VERSION="$(get_local_version /var/www/html/admin)" - FTL_VERSION="$(pihole-FTL version)" + echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}" - echo -n "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions" + if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then + WEB_VERSION="$(get_local_version /var/www/html/admin)" + echo -n " ${WEB_VERSION}" > "${LOCAL_VERSION_FILE}" + fi + + FTL_VERSION="$(pihole-FTL version)" + echo -n " ${FTL_VERSION}" > "${LOCAL_VERSION_FILE}" fi From 0627e68078d7f0b8303b2dbab5bed4be9ba6bf9c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 30 Sep 2018 19:45:04 +0100 Subject: [PATCH 061/103] Shellcheck is not a fan of sourcing scripts it does not know about. Add Directive to stop shellcheck from checking this. Signed-off-by: Adam Warner --- advanced/Scripts/updatecheck.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index b8cd9654..16b0d707 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -38,6 +38,7 @@ function get_local_version() { } # Source the setupvars config file +# shellcheck disable=SC1091 . /etc/pihole/setupVars.conf if [[ "$2" == "remote" ]]; then From 0131055ec9856b16a9a145d01710dbd1cb2fc743 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 30 Sep 2018 20:00:06 +0100 Subject: [PATCH 062/103] Submission stale, addressing @mcat12's comments Signed-off-by: Adam Warner --- gravity.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/gravity.sh b/gravity.sh index e5152fe5..3468110d 100755 --- a/gravity.sh +++ b/gravity.sh @@ -72,11 +72,10 @@ fi pihole_FTL="${piholeDir}/pihole-FTL.conf" if [[ -f "${pihole_FTL}" ]]; then source "${pihole_FTL}" - if [[ -z "${BLOCKINGMODE}" ]] ; then - BLOCKINGMODE="Default (NULL)" - fi -else - BLOCKINGMODE="Default (NULL)" +fi + +if [[ -z "${BLOCKINGMODE}" ]] ; then + BLOCKINGMODE="NULL" fi # Determine if superseded pihole.conf exists @@ -237,20 +236,20 @@ gravity_DownloadBlocklistFromUrl() { if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then blocked=true fi;; - "NULL"|"Default (NULL)"|*) + "NULL"|*) if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then blocked=true fi;; esac - if [[ "${blocked}" == true ]]; then - ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") + if [[ "${blocked}" == true ]]; then + ip=$(dig "@${PIHOLE_DNS_1}" +short "${domain}") if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then port=443; else port=80 fi bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}') - echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:} on Pi-hole. Using DNS on ${CONDITIONAL_FORWARDING_IP} to download ${url}"; + echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:}. Using DNS on ${PIHOLE_DNS_1} to download ${url}"; echo -ne " ${INFO} ${str} Pending..." cmd_ext="--resolve $domain:$port:$ip $cmd_ext" fi From e4cbf5023a811c2dd7b073ea109978f088e6fe86 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sun, 30 Sep 2018 18:09:59 -0400 Subject: [PATCH 063/103] Fix error when reading in new password Signed-off-by: Mcat12 --- advanced/Scripts/webpage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 86dbeb70..cba7af00 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -110,7 +110,7 @@ SetWebPassword() { # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed. # So we reset the terminal via stty if the user does press Ctrl+C trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT - read -s -p -r "Enter New Password (Blank for no password): " PASSWORD + read -s -p "Enter New Password (Blank for no password): " PASSWORD echo "" if [ "${PASSWORD}" == "" ]; then @@ -119,7 +119,7 @@ SetWebPassword() { exit 0 fi - read -s -p -r "Confirm Password: " CONFIRM + read -s -p "Confirm Password: " CONFIRM echo "" fi From 7c6eecc9c85934dedf6c085218f62adbcb6ddf05 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sun, 30 Sep 2018 18:16:08 -0400 Subject: [PATCH 064/103] Ignore shellcheck warning Signed-off-by: Mcat12 --- advanced/Scripts/webpage.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index cba7af00..128d4d97 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -110,6 +110,7 @@ SetWebPassword() { # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed. # So we reset the terminal via stty if the user does press Ctrl+C trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT + # shellcheck disable=SC2162 read -s -p "Enter New Password (Blank for no password): " PASSWORD echo "" @@ -119,6 +120,7 @@ SetWebPassword() { exit 0 fi + # shellcheck disable=SC2162 read -s -p "Confirm Password: " CONFIRM echo "" fi From d55012f7245c5e4bbbb47dde9623b1de9833ffbf Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sun, 30 Sep 2018 20:56:44 -0400 Subject: [PATCH 065/103] Append versions (after the first) instead of overwriting in updatecheck Fixes an issue brought up in #2435 Signed-off-by: Mcat12 --- advanced/Scripts/updatecheck.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 16b0d707..1d741283 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -54,11 +54,11 @@ if [[ "$2" == "remote" ]]; then if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" - echo -n " ${GITHUB_WEB_VERSION}" > "${GITHUB_VERSION_FILE}" + echo -n " ${GITHUB_WEB_VERSION}" >> "${GITHUB_VERSION_FILE}" fi GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")" - echo -n " ${GITHUB_FTL_VERSION}" > "${GITHUB_VERSION_FILE}" + echo -n " ${GITHUB_FTL_VERSION}" >> "${GITHUB_VERSION_FILE}" else @@ -69,11 +69,11 @@ else if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then WEB_BRANCH="$(get_local_branch /var/www/html/admin)" - echo -n " ${WEB_BRANCH}" > "${LOCAL_BRANCH_FILE}" + echo -n " ${WEB_BRANCH}" >> "${LOCAL_BRANCH_FILE}" fi FTL_BRANCH="$(pihole-FTL branch)" - echo -n " ${FTL_BRANCH}" > "${LOCAL_BRANCH_FILE}" + echo -n " ${FTL_BRANCH}" >> "${LOCAL_BRANCH_FILE}" LOCAL_VERSION_FILE="/etc/pihole/localversions" @@ -82,10 +82,10 @@ else if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then WEB_VERSION="$(get_local_version /var/www/html/admin)" - echo -n " ${WEB_VERSION}" > "${LOCAL_VERSION_FILE}" + echo -n " ${WEB_VERSION}" >> "${LOCAL_VERSION_FILE}" fi FTL_VERSION="$(pihole-FTL version)" - echo -n " ${FTL_VERSION}" > "${LOCAL_VERSION_FILE}" + echo -n " ${FTL_VERSION}" >> "${LOCAL_VERSION_FILE}" fi From e5c8f5e2fa63989c35891942da94c90f7112567b Mon Sep 17 00:00:00 2001 From: Andreas Elia Date: Tue, 2 Oct 2018 17:43:13 +0100 Subject: [PATCH 066/103] Readme grammar fixes Signed-off-by: Andreas Elia --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 77f259e6..eea6f2c8 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a BountySource ## One-Step Automated Install -Those who want to get started quickly and conveniently, may install Pi-hole using the following command: +Those who want to get started quickly and conveniently may install Pi-hole using the following command: #### `curl -sSL https://install.pi-hole.net | bash` @@ -46,14 +46,14 @@ sudo bash basic-install.sh Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention. -If your router does not support setting the DNS server, you can [use Pi-hole's built in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available). +If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available). As a last resort, you can always manually set each device to use Pi-hole as their DNS server. ----- ## Pi-hole is free, but powered by your support -There are many reoccurring costs involved with maintaining free, open source, and privacy respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. +There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. Make no mistake: **your support is absolutely vital to help keep us innovating!** @@ -82,7 +82,7 @@ We welcome _everyone_ to contribute to issue reports, suggest new features, and If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve. -You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it, and submit a pull request for us to review. +You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review. ### Presentations about Pi-hole Word-of-mouth continues to help our project grow immensely, and so we are helping make this easier for people. @@ -110,7 +110,7 @@ While we are primarily reachable on our Pi-hole Blacklist Demo @@ -137,7 +137,7 @@ Some notable features include: * Detailed graphs and doughnut charts * Top lists of domains and clients * A filterable and sortable query log -* Long Term Statistics to view data over user defined time ranges +* Long Term Statistics to view data over user-defined time ranges * The ability to easily manage and configure Pi-hole features * ... and all the main features of the Command Line Interface! @@ -165,15 +165,15 @@ The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web ----- ## The Origin Of Pi-hole -Pi-hole being a **advertising-aware DNS/Web server**, makes use of the following technologies: +Pi-hole being an **advertising-aware DNS/Web server**, makes use of the following technologies: * [`dnsmasq`](http://www.thekelleys.org.uk/dnsmasq/doc.html) - a lightweight DNS and DHCP server * [`curl`](https://curl.haxx.se) - A command line tool for transferring data with URL syntax -* [`lighttpd`](https://www.lighttpd.net) - webserver designed and optimized for high performance +* [`lighttpd`](https://www.lighttpd.net) - web server designed and optimized for high performance * [`php`](https://secure.php.net) - a popular general-purpose web scripting language * [AdminLTE Dashboard](https://github.com/almasaeed2010/AdminLTE) - premium admin control panel based on Bootstrap 3.x -While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally setup and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state. +While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally set up and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state. ----- ## Coverage From cc2f375b13d2f26ffb0a403217947db8c500de4d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 7 Oct 2018 11:51:36 +0100 Subject: [PATCH 067/103] fix for #2450 Signed-off-by: Adam Warner --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 752a709b..337a4bfb 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1259,7 +1259,7 @@ installConfigs() { version_check_dnsmasq # Install empty file if it does not exist if [[ ! -f "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" ]]; then - if ! install -o pihole -g pihole -m 664 /dev/null "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" &>/dev/nul; then + if ! install -o pihole -g pihole -m 664 /dev/null "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" &>/dev/null; then echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file ${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" return 1 fi From e7e03e36de561853cd120fca282e3e746918b783 Mon Sep 17 00:00:00 2001 From: bcambl Date: Fri, 12 Oct 2018 11:05:44 -0600 Subject: [PATCH 068/103] fix pihole user creation function - fix stdout newlines - catch failed user creation Signed-off-by: bcambl --- automated install/basic-install.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 337a4bfb..b8eb7864 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1633,15 +1633,18 @@ create_pihole_user() { # If the user pihole exists, if id -u pihole &> /dev/null; then # just show a success - echo -ne "${OVER} ${TICK} ${str}" + echo -e "${OVER} ${TICK} ${str}" # Otherwise, else echo -ne "${OVER} ${CROSS} ${str}" local str="Creating user 'pihole'" - echo -ne " ${INFO} ${str}..." + echo -ne "${OVER} ${INFO} ${str}..." # create her with the useradd command - useradd -r -s /usr/sbin/nologin pihole - echo -ne "${OVER} ${TICK} ${str}" + if useradd -r -s /usr/sbin/nologin pihole; then + echo -e "${OVER} ${TICK} ${str}" + else + echo -e "${OVER} ${CROSS} ${str}" + fi fi } From 85dceb12a199e4a744ae95b4fa158fccca19df4e Mon Sep 17 00:00:00 2001 From: Mark Drobnak Date: Fri, 12 Oct 2018 23:53:21 -0400 Subject: [PATCH 069/103] Use curl -s instead of -q See #2416 Signed-off-by: Mark Drobnak --- advanced/Scripts/updatecheck.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 1d741283..257c1929 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -49,15 +49,15 @@ if [[ "$2" == "remote" ]]; then GITHUB_VERSION_FILE="/etc/pihole/GitHubVersions" - GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")" + GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")" echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}" if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then - GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" + GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" echo -n " ${GITHUB_WEB_VERSION}" >> "${GITHUB_VERSION_FILE}" fi - GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")" + GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")" echo -n " ${GITHUB_FTL_VERSION}" >> "${GITHUB_VERSION_FILE}" else From ec38105b08a45755157fd6049383a2db8f6e2bbd Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Wed, 17 Oct 2018 10:46:56 +1100 Subject: [PATCH 070/103] Update coverage links Signed-off-by: WaLLy3K --- README.md | 47 +++++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 77f259e6..cbb571fc 100644 --- a/README.md +++ b/README.md @@ -177,28 +177,31 @@ While quite outdated at this point, [this original blog post about Pi-hole](http ----- ## Coverage -- [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/) -- [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers) -- [Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/) -- [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole) -- [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/) -- [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) -- [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/) -- [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s) -- [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m) -- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s) -- [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d) -- [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/) -- [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585) -- [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s) -- [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/) -- [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s) -- [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) -- [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) -- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole) -- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) -- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) -- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355) +- [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/) (Feburary, 2015) +- [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) (March, 2015) +- [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/) (September, 2015) +- [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s) (October, 2015) +- [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m) (December, 2015) +- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s) (December, 2015) +- [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d) (December, 2015) +- [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/) (December, 2015) +- [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585) (December, 2015) +- [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s) (January, 2016) +- [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/) (March, 2016) +- [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s) (March, 2016) +- [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) (June, 2016) +- [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) (December, 2016) +- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole) (July, 2017) +- [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole) (August, 2017) +- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) (October, 2017) +- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) (November, 2017) +- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355) (November, 2017) +- [Scott Helme: Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/) (April, 2018) +- [Scott Helme: Catching and dealing with naughty devices on my home network](https://scotthelme.co.uk/catching-naughty-devices-on-my-home-network/) (April, 2018) +- [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers) (May, 2018) +- [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/) (May, 2018) +- [Raspberry Pi: Block ads at home using Pi-hole and a Raspberry Pi](https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/) (July, 2018) +- [Troy Hunt: Mmm... Pi-hole...](https://www.troyhunt.com/mmm-pi-hole/) (September, 2018) ----- From 7f92671765b436aa439e4a0afc5c3e24746475d5 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Wed, 17 Oct 2018 11:01:28 +1100 Subject: [PATCH 071/103] Update dnsmasq config license * Also updated "separate config" text Signed-off-by: WaLLy3K --- advanced/01-pihole.conf | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index 85d260b2..fb6983cc 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -1,13 +1,11 @@ # Pi-hole: A black hole for Internet advertisements -# (c) 2015, 2016 by Jacob Salmela -# Network-wide ad blocking via your Raspberry Pi -# http://pi-hole.net -# dnsmasq config for Pi-hole +# (c) 2017 Pi-hole, LLC (https://pi-hole.net) +# Network-wide ad blocking via your own hardware. # -# Pi-hole is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# (at your option) any later version. +# Dnsmasq config for Pi-hole's FTLDNS +# +# This file is copyright under the latest version of the EUPL. +# Please see LICENSE file for your rights under this license. ############################################################################### # FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # @@ -16,8 +14,8 @@ # IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: # # /etc/pihole/setupVars.conf # # # -# ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE # -# OR IN /etc/dnsmasq.conf # +# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # +# WITHIN /etc/dnsmasq.d/yourname.conf # ############################################################################### addn-hosts=/etc/pihole/gravity.list From 69b2a5a876f995a3f2d4b23fbba44bcded0a161d Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 17 Oct 2018 06:23:34 -0400 Subject: [PATCH 072/103] lighttpd: use file glob for optional external.conf lighttpd 1.4.50 config parse will error if include_shell exits non-zero and pi-hole sample config: include_shell "cat external.conf 2>/dev/null" is an error if external.conf does not exist Replace with: include "external*.conf" file glob supported since lighttpd 1.4.40 and is not an error if there is no file which matches the file glob Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 3 ++- advanced/lighttpd.conf.fedora | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index b5bece72..50eebce7 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -72,4 +72,5 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { } # Add user chosen options held in external file -include_shell "cat external.conf 2>/dev/null" +# (use file glob for optional file) +include "external*.conf" diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 43d94d84..605bfb58 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -90,4 +90,5 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { } # Add user chosen options held in external file -include_shell "cat external.conf 2>/dev/null" +# (use file glob for optional file) +include "external*.conf" From 67bdcbcf19b0ccce34cdfff405861cc428fa8f59 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 17 Oct 2018 06:42:54 -0400 Subject: [PATCH 073/103] lighttpd: slightly more efficient sample config Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 8 ++++---- advanced/lighttpd.conf.fedora | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 50eebce7..8b04be71 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -64,11 +64,11 @@ $HTTP["url"] =~ "^/admin/" { # Allow Block Page access to local fonts setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) } -} -# Block . files from being served, such as .git, .github, .gitignore -$HTTP["url"] =~ "^/admin/\.(.*)" { - url.access-deny = ("") + # Block . files from being served, such as .git, .github, .gitignore + $HTTP["url"] =~ "^/admin/\." { + url.access-deny = ("") + } } # Add user chosen options held in external file diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 605bfb58..4a782060 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -82,11 +82,11 @@ $HTTP["url"] =~ "^/admin/" { # Allow Block Page access to local fonts setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) } -} -# Block . files from being served, such as .git, .github, .gitignore -$HTTP["url"] =~ "^/admin/\.(.*)" { - url.access-deny = ("") + # Block . files from being served, such as .git, .github, .gitignore + $HTTP["url"] =~ "^/admin/\." { + url.access-deny = ("") + } } # Add user chosen options held in external file From d3ac8bb6f8899d13e6725c3a780ee810179426c7 Mon Sep 17 00:00:00 2001 From: jeremysherriff Date: Fri, 19 Oct 2018 18:21:11 +1300 Subject: [PATCH 074/103] Silence updateGravity job unless errors occur No need for append/logrotate as we are only interested in the latest output Signed-off-by: jeremysherriff --- advanced/Templates/pihole.cron | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/advanced/Templates/pihole.cron b/advanced/Templates/pihole.cron index 02a63b74..8dc98721 100644 --- a/advanced/Templates/pihole.cron +++ b/advanced/Templates/pihole.cron @@ -16,7 +16,9 @@ # Pi-hole: Update the ad sources once a week on Sunday at a random time in the # early morning. Download any updates from the adlists -59 1 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updateGravity +# Squash output to log, then splat the log to stdout on error to allow for +# standard crontab job error handling. +59 1 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log # Pi-hole: Flush the log daily at 00:00 # The flush script will use logrotate if available From d986da63a5742dc2a5e4eab490740e58a098ee22 Mon Sep 17 00:00:00 2001 From: jeremysherriff Date: Fri, 19 Oct 2018 18:27:35 +1300 Subject: [PATCH 075/103] Pass gravity exit code back to caller to allow for cron error handling Signed-off-by: jeremysherriff --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 0d6a45ce..fb398f29 100755 --- a/pihole +++ b/pihole @@ -80,7 +80,7 @@ reconfigurePiholeFunc() { updateGravityFunc() { "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@" - exit 0 + exit $? } queryFunc() { From 180d29c7b3cdbc588f614a0ade5c56aa1be96f5c Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Sun, 21 Oct 2018 11:08:22 +1100 Subject: [PATCH 076/103] Prevent BASH from expanding Web Password * Resolves issue #2471 Signed-off-by: WaLLy3K --- advanced/Scripts/webpage.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 86dbeb70..4f951d90 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -124,7 +124,8 @@ SetWebPassword() { fi if [ "${PASSWORD}" == "${CONFIRM}" ] ; then - hash=$(HashPassword "${PASSWORD}") + # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax + hash=$(HashPassword "$PASSWORD") # Save hash to file change_setting "WEBPASSWORD" "${hash}" echo -e " ${TICK} New password set" From 3ec84553ef1dd50d057839205d0f3960c52d680b Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 24 Oct 2018 10:06:11 -0600 Subject: [PATCH 077/103] fix debug service check via sysvinit Signed-off-by: bcambl --- advanced/Scripts/piholeDebug.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 022265fd..384c708b 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -836,9 +836,13 @@ process_status(){ local status_of_process status_of_process=$(systemctl is-active "${i}") else - # Otherwise, use the service command + # Otherwise, use the service command and mock the output of `systemctl is-active` local status_of_process - status_of_process=$(service "${i}" status | awk '/Active:/ {print $2}') &> /dev/null + if service "${i}" status | grep -E 'is\srunning' &> /dev/null; then + status_of_process="active" + else + status_of_process="inactive" + fi fi # and print it out to the user if [[ "${status_of_process}" == "active" ]]; then From f33584511c13c9a685e4e0b462cd6bb8579864e5 Mon Sep 17 00:00:00 2001 From: Jacob Salmela Date: Thu, 25 Oct 2018 05:58:17 -0500 Subject: [PATCH 078/103] update broken link, add coverage, and fix formatting Signed-off-by: Jacob Salmela --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 68296e24..a6f23bb3 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ Sending a donation using our links below is **extremely helpful** in offsetting If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us: - [Patreon](https://patreon.com/pihole) _Become a patron for rewards_ - [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_ -- [UNIXstickers.com](http://unixstickers.refr.cc/jacobs) _save $5 when you spend $9 using our affiliate link_ +- [Stickermule](https://www.stickermule.com/unlock?ref_id=6055890701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_ - [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_ - [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ - [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_ @@ -148,7 +148,7 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t 3. `http://pi.hole/` (when using Pi-hole as your DNS server) ## Faster-than-light Engine -FTLDNS[™](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! +FTLDNS is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! Some of the statistics you can integrate include: * Total number of domains being blocked @@ -174,6 +174,7 @@ Pi-hole being an **advertising-aware DNS/Web server**, makes use of the followin * [AdminLTE Dashboard](https://github.com/almasaeed2010/AdminLTE) - premium admin control panel based on Bootstrap 3.x While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally set up and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state. + ----- ## Coverage @@ -202,6 +203,7 @@ While quite outdated at this point, [this original blog post about Pi-hole](http - [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/) (May, 2018) - [Raspberry Pi: Block ads at home using Pi-hole and a Raspberry Pi](https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/) (July, 2018) - [Troy Hunt: Mmm... Pi-hole...](https://www.troyhunt.com/mmm-pi-hole/) (September, 2018) +- [PEBKAK Podcast: Interview With Jacob Salmela](https://www.jerseystudios.net/2018/10/11/150-pi-hole/) (October, 2018) ----- From f67064495468fdceebdb0b1f17eb7b4afa6f7ec9 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 26 Oct 2018 19:12:11 +0100 Subject: [PATCH 079/103] Revert "lighttpd conf enhancements" --- advanced/lighttpd.conf.debian | 11 +++++------ advanced/lighttpd.conf.fedora | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 8b04be71..b5bece72 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -64,13 +64,12 @@ $HTTP["url"] =~ "^/admin/" { # Allow Block Page access to local fonts setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) } +} - # Block . files from being served, such as .git, .github, .gitignore - $HTTP["url"] =~ "^/admin/\." { - url.access-deny = ("") - } +# Block . files from being served, such as .git, .github, .gitignore +$HTTP["url"] =~ "^/admin/\.(.*)" { + url.access-deny = ("") } # Add user chosen options held in external file -# (use file glob for optional file) -include "external*.conf" +include_shell "cat external.conf 2>/dev/null" diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 4a782060..43d94d84 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -82,13 +82,12 @@ $HTTP["url"] =~ "^/admin/" { # Allow Block Page access to local fonts setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) } +} - # Block . files from being served, such as .git, .github, .gitignore - $HTTP["url"] =~ "^/admin/\." { - url.access-deny = ("") - } +# Block . files from being served, such as .git, .github, .gitignore +$HTTP["url"] =~ "^/admin/\.(.*)" { + url.access-deny = ("") } # Add user chosen options held in external file -# (use file glob for optional file) -include "external*.conf" +include_shell "cat external.conf 2>/dev/null" From 3d4fea65108100772ba1b49c1c5a4c3aadfdbb94 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 26 Oct 2018 19:17:49 +0100 Subject: [PATCH 080/103] Move -r to before the -p Signed-off-by: Adam Warner --- advanced/Scripts/webpage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 128d4d97..035bca18 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -111,7 +111,7 @@ SetWebPassword() { # So we reset the terminal via stty if the user does press Ctrl+C trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT # shellcheck disable=SC2162 - read -s -p "Enter New Password (Blank for no password): " PASSWORD + read -s -r -p "Enter New Password (Blank for no password): " PASSWORD echo "" if [ "${PASSWORD}" == "" ]; then @@ -121,7 +121,7 @@ SetWebPassword() { fi # shellcheck disable=SC2162 - read -s -p "Confirm Password: " CONFIRM + read -s -r -p "Confirm Password: " CONFIRM echo "" fi From d57f9906bd124c5668f07b482d34cde8c658c672 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 26 Oct 2018 19:24:43 +0100 Subject: [PATCH 081/103] read -r -a, not read -a -r Signed-off-by: Adam Warner --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 022265fd..dcbd5861 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -907,7 +907,7 @@ parse_file() { #shellcheck disable=SC2016 IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )' else - read -a -r file_info <<< "$filename" + read -r -a file_info <<< "$filename" fi # Set a named variable for better readability local file_lines From 72829be281b073307438c25ec8d2cc3d76f18b80 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 26 Oct 2018 12:14:10 -0700 Subject: [PATCH 082/103] Remove shellcheck overrides Signed-off-by: Dan Schaper --- advanced/Scripts/webpage.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 035bca18..14d80355 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -110,7 +110,6 @@ SetWebPassword() { # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed. # So we reset the terminal via stty if the user does press Ctrl+C trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT - # shellcheck disable=SC2162 read -s -r -p "Enter New Password (Blank for no password): " PASSWORD echo "" @@ -120,7 +119,6 @@ SetWebPassword() { exit 0 fi - # shellcheck disable=SC2162 read -s -r -p "Confirm Password: " CONFIRM echo "" fi From 28cbf45d1d6c3d0423534c17f00ae61ac7b4aa1f Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Tue, 30 Oct 2018 21:52:42 -0400 Subject: [PATCH 083/103] Add explanatory comment for include_shell Signed-off-by: Mcat12 --- advanced/lighttpd.conf.debian | 1 + advanced/lighttpd.conf.fedora | 1 + 2 files changed, 2 insertions(+) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index b5bece72..d9c4a110 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -72,4 +72,5 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { } # Add user chosen options held in external file +# This uses include_shell instead of an include wildcard for compatibility include_shell "cat external.conf 2>/dev/null" diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 43d94d84..27bc33cc 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -90,4 +90,5 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { } # Add user chosen options held in external file +# This uses include_shell instead of an include wildcard for compatibility include_shell "cat external.conf 2>/dev/null" From a0fc38d6a2b5592aa04733ff4379c3b1302816f6 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Wed, 31 Oct 2018 11:14:05 -0700 Subject: [PATCH 084/103] All terminal echo commands changed to printf. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 526 ++++++++++++++--------------- 1 file changed, 261 insertions(+), 265 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b8eb7864..2a08ce17 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -66,9 +66,11 @@ fi # Find the rows and columns will default to 80x24 if it can not be detected -screen_size=$(stty size 2>/dev/null || echo 24 80) -rows=$(echo "${screen_size}" | awk '{print $1}') -columns=$(echo "${screen_size}" | awk '{print $2}') +screen_size=$(stty size || printf '%d %d' 24 80) +# Set rows variable to contain first number +printf -v rows '%d' "${screen_size%% *}" +# Set columns variable to contain second number +printf -v columns '%d' "${screen_size##* }" # Divide by two so the dialogs take up half of the screen, which looks nice. r=$(( rows / 2 )) @@ -165,11 +167,11 @@ if command -v apt-get &> /dev/null; then # Check for and determine version number (major and minor) of current php install if command -v php &> /dev/null; then phpInsVersion="$(php -v | head -n1 | grep -Po '(?<=PHP )[^ ]+')" - echo -e " ${INFO} Existing PHP installation detected : PHP version $phpInsVersion" - phpInsMajor="$(echo "$phpInsVersion" | cut -d\. -f1)" - phpInsMinor="$(echo "$phpInsVersion" | cut -d\. -f2)" + printf " %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "${phpInsVersion}" + printf -v phpInsMajor "%d" "${phpInsVersion%%.*}" + printf -v phpInsMinor "%d" "${phpInsVersion##*.}" # Is installed php version 7.0 or greater - if [ "$(echo "$phpInsMajor.$phpInsMinor < 7.0" | bc )" == 0 ]; then + if [ "${phpInsMajor}" -ge 7 ]; then phpInsNewer=true fi fi @@ -257,8 +259,8 @@ elif command -v rpm &> /dev/null; then CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.)' /etc/redhat-release) # Check if CentOS version is supported if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then - echo -e " ${CROSS} CentOS $CURRENT_CENTOS_VERSION is not supported." - echo -e " Please update to CentOS release $SUPPORTED_CENTOS_VERSION or later" + printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}" + printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}" # exit the installer exit fi @@ -266,9 +268,9 @@ elif command -v rpm &> /dev/null; then EPEL_PKG="epel-release" rpm -q ${EPEL_PKG} &> /dev/null || rc=$? if [[ $rc -ne 0 ]]; then - echo -e " ${INFO} Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)" + printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}" "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null - echo -e " ${TICK} Installed ${EPEL_PKG}" + printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}" fi # The default php on CentOS 7.x is 5.4 which is EOL @@ -285,20 +287,20 @@ elif command -v rpm &> /dev/null; then # The PHP version available via default repositories is older than version 7 if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" ${r} ${c}; then # User decided to NOT update PHP from REMI, attempt to install the default available PHP version - echo -e " ${INFO} User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use." + printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}" : # continue with unsupported php version else - echo -e " ${INFO} Enabling Remi's RPM repository (https://rpms.remirepo.net)" + printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}" "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null # enable the PHP 7 repository via yum-config-manager (provided by yum-utils) "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null yum-config-manager --enable ${REMI_REPO} &> /dev/null - echo -e " ${TICK} Remi's RPM repository has been enabled for PHP7" + printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}" # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then - echo -e " ${TICK} PHP7 installed/updated via Remi's RPM repository" + printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}" else - echo -e " ${CROSS} There was a problem updating to PHP7 via Remi's RPM repository" + printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}" exit 1 fi fi @@ -307,17 +309,17 @@ elif command -v rpm &> /dev/null; then else # Warn user of unsupported version of Fedora or CentOS if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" ${r} ${c}; then - echo -e " ${CROSS} Aborting installation due to unsupported RPM based distribution" + printf " %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}" exit # exit the installer else - echo -e " ${INFO} Continuing installation with unsupported RPM based distribution" + printf " %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}" fi fi # If neither apt-get or yum/dnf package managers were found else # it's not an OS we can support, - echo -e " ${CROSS} OS distribution not supported" + printf " %b OS distribution not supported\\n" "${CROSS}" # so exit the installer exit fi @@ -360,7 +362,7 @@ make_repo() { # The message to display when this function is running str="Clone ${remoteRepo} into ${directory}" # Display the message and use the color table to preface the message with an "info" indicator - echo -ne " ${INFO} ${str}..." + printf " %b %s..." "${INFO}" "${str}" # If the directory exists, if [[ -d "${directory}" ]]; then # delete everything in it so git can clone into it @@ -369,7 +371,7 @@ make_repo() { # Clone the repo and return the return code from this command git clone -q --depth 1 "${remoteRepo}" "${directory}" &> /dev/null || return $? # Show a colored message showing it's status - echo -e "${OVER} ${TICK} ${str}" + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" # Always return 0? Not sure this is correct return 0 } @@ -393,14 +395,14 @@ update_repo() { # Move into the directory that was passed as an argument cd "${directory}" &> /dev/null || return 1 # Let the user know what's happening - echo -ne " ${INFO} ${str}..." + printf " %b %s..." "${INFO}" "${str}" # Stash any local commits as they conflict with our working code git stash --all --quiet &> /dev/null || true # Okay for stash failure git clean --quiet --force -d || true # Okay for already clean directory # Pull the latest commits git pull --quiet &> /dev/null || return $? # Show a completion message - echo -e "${OVER} ${TICK} ${str}" + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" # Move back into the original directory cd "${curdir}" &> /dev/null || return 1 return 0 @@ -416,19 +418,19 @@ getGitFiles() { # A local variable containing the message to be displayed local str="Check for existing repository in ${1}" # Show the message - echo -ne " ${INFO} ${str}..." + printf " %b %s..." "${INFO}" "${str}" # Check if the directory is a repository if is_repo "${directory}"; then # Show that we're checking it - echo -e "${OVER} ${TICK} ${str}" + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" # Update the repo, returning an error message on failure - update_repo "${directory}" || { echo -e "\\n ${COL_LIGHT_RED}Error: Could not update local repository. Contact support.${COL_NC}"; exit 1; } + update_repo "${directory}" || { printf "\\n %b: Could not update local repository. Contact support.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; } # If it's not a .git repo, else # Show an error - echo -e "${OVER} ${CROSS} ${str}" + printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" # Attempt to make the repository, showing an error on failure - make_repo "${directory}" "${remoteRepo}" || { echo -e "\\n ${COL_LIGHT_RED}Error: Could not update local repository. Contact support.${COL_NC}"; exit 1; } + make_repo "${directory}" "${remoteRepo}" || { printf "\\n %bError: Could not update local repository. Contact support.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; } fi # echo a blank line echo "" @@ -445,11 +447,11 @@ resetRepo() { # Store the message in a variable str="Resetting repository within ${1}..." # Show the message - echo -ne " ${INFO} ${str}" + printf " %b %s..." "${INFO}" "${str}" # Use git to remove the local changes git reset --hard &> /dev/null || return $? # And show the status - echo -e "${OVER} ${TICK} ${str}" + printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" # Returning success anyway? return 0 } @@ -505,36 +507,36 @@ verifyFreeDiskSpace() { # If the existing space is not an integer, if ! [[ "${existing_free_kilobytes}" =~ ^([0-9])+$ ]]; then # show an error that we can't determine the free space - echo -e " ${CROSS} ${str}" - echo -e " ${INFO} Unknown free disk space!" - echo -e " ${INFO} We were unable to determine available free disk space on this system." - echo -e " ${INFO} You may override this check, however, it is not recommended" - echo -e " ${INFO} The option '${COL_LIGHT_RED}--i_do_not_follow_recommendations${COL_NC}' can override this" - echo -e " ${INFO} e.g: curl -L https://install.pi-hole.net | bash /dev/stdin ${COL_LIGHT_RED}