-
-
-
diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian
index 4231a0c9..4545bb2e 100644
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -78,10 +78,21 @@ include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsen
# If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" {
- # Create a response header for debugging using curl -I
+ # X-Pi-hole is a response header for debugging using curl -I
+ # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
+ # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input.
+ # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
+ # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
+ # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
+ # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
- "X-Frame-Options" => "DENY"
+ "X-Frame-Options" => "DENY",
+ "X-XSS-Protection" => "1; mode=block",
+ "X-Content-Type-Options" => "nosniff",
+ "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
+ "X-Permitted-Cross-Domain-Policies" => "none",
+ "Referrer-Policy" => "same-origin"
)
}
diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora
index c3c94986..12930302 100644
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -86,10 +86,21 @@ fastcgi.server = (
# If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" {
- # Create a response header for debugging using curl -I
+ # X-Pi-hole is a response header for debugging using curl -I
+ # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
+ # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input.
+ # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
+ # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
+ # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
+ # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
- "X-Frame-Options" => "DENY"
+ "X-Frame-Options" => "DENY",
+ "X-XSS-Protection" => "1; mode=block",
+ "X-Content-Type-Options" => "nosniff",
+ "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
+ "X-Permitted-Cross-Domain-Policies" => "none",
+ "Referrer-Policy" => "same-origin"
)
}
diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index 5fc61215..a51f5d9a 100755
--- a/automated install/basic-install.sh
+++ b/automated install/basic-install.sh
@@ -82,7 +82,7 @@ PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update versi
PI_HOLE_INSTALL_DIR="/opt/pihole"
PI_HOLE_CONFIG_DIR="/etc/pihole"
PI_HOLE_BIN_DIR="/usr/local/bin"
-PI_HOLE_BLOCKPAGE_DIR="${webroot}/pihole"
+PI_HOLE_404_DIR="${webroot}/pihole"
if [ -z "$useUpdateVars" ]; then
useUpdateVars=false
fi
@@ -330,7 +330,7 @@ package_manager_detect() {
# Packages required to run this install script (stored as an array)
INSTALLER_DEPS=(git iproute2 dialog ca-certificates)
# Packages required to run Pi-hole (stored as an array)
- PIHOLE_DEPS=(cron curl iputils-ping psmisc sudo unzip idn2 libcap2-bin dns-root-data libcap2 netcat-openbsd procps)
+ PIHOLE_DEPS=(cron curl iputils-ping psmisc sudo unzip idn2 libcap2-bin dns-root-data libcap2 netcat-openbsd procps jq)
# Packages required for the Web admin interface (stored as an array)
# It's useful to separate this from Pi-hole, since the two repos are also setup separately
PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl")
@@ -360,12 +360,27 @@ package_manager_detect() {
PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l || true"
OS_CHECK_DEPS=(grep bind-utils)
INSTALLER_DEPS=(git dialog iproute newt procps-ng which chkconfig ca-certificates)
- PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc libcap nmap-ncat)
+ PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc libcap nmap-ncat jq)
PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl)
LIGHTTPD_USER="lighttpd"
LIGHTTPD_GROUP="lighttpd"
LIGHTTPD_CFG="lighttpd.conf.fedora"
+ # If the host OS is centos (or a derivative), epel is required for lighttpd
+ if ! grep -qiE 'fedora|fedberry' /etc/redhat-release; then
+ if rpm -qa | grep -qi 'epel'; then
+ printf " %b EPEL repository already installed\\n" "${TICK}"
+ else
+ local RH_RELEASE EPEL_PKG
+ # EPEL not already installed, add it based on the release version
+ RH_RELEASE=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release)
+ EPEL_PKG="https://dl.fedoraproject.org/pub/epel/epel-release-latest-${RH_RELEASE}.noarch.rpm"
+ printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}"
+ "${PKG_INSTALL[@]}" "${EPEL_PKG}"
+ printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}"
+ fi
+ fi
+
# If neither apt-get or yum/dnf package managers were found
else
# we cannot install required packages
@@ -375,144 +390,6 @@ package_manager_detect() {
fi
}
-select_rpm_php(){
- # If the host OS is Fedora,
- if grep -qiE 'fedora|fedberry' /etc/redhat-release; then
- # all required packages should be available by default with the latest fedora release
- : # continue
- # or if host OS is CentOS,
- elif grep -qiE 'centos|scientific' /etc/redhat-release; then
- # Pi-Hole currently supports CentOS 7+ with PHP7+
- SUPPORTED_CENTOS_VERSION=7
- SUPPORTED_CENTOS_PHP_VERSION=7
- # Check current CentOS major release version
- CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release)
- # Check if CentOS version is supported
- if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then
- printf " %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}"
- printf " Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}"
- # exit the installer
- exit
- fi
- # php-json is not required on CentOS 7 as it is already compiled into php
- # verify via `php -m | grep json`
- if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then
- # create a temporary array as arrays are not designed for use as mutable data structures
- CENTOS7_PIHOLE_WEB_DEPS=()
- for i in "${!PIHOLE_WEB_DEPS[@]}"; do
- if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then
- CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" )
- fi
- done
- # re-assign the clean dependency array back to PIHOLE_WEB_DEPS
- PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}")
- unset CENTOS7_PIHOLE_WEB_DEPS
- fi
-
- if rpm -qa | grep -qi 'epel'; then
- printf " %b EPEL repository already installed\\n" "${TICK}"
- else
- # CentOS requires the EPEL repository to gain access to Fedora packages
- if [[ CURRENT_CENTOS_VERSION -eq 7 ]]; then
- EPEL_PKG="https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm"
- elif [[ CURRENT_CENTOS_VERSION -eq 8 ]]; then
- EPEL_PKG="https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm"
- fi
- printf " %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}"
- "${PKG_INSTALL[@]}" ${EPEL_PKG}
- printf " %b Installed %s\\n" "${TICK}" "${EPEL_PKG}"
- fi
-
-
- # The default php on CentOS 7.x is 5.4 which is EOL
- # Check if the version of PHP available via installed repositories is >= to PHP 7
- AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1)
- if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then
- # Since PHP 7 is available by default, install via default PHP package names
- : # do nothing as PHP is current
- printf "PHP 7 is installed"
- else
- REMI_PKG="remi-release"
- REMI_REPO="remi-php72"
- REMI_REPO_URL="https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm"
-
- # The PHP version available via default repositories is older than version 7
- dialog --no-shadow --keep-tite \
- --title "PHP 7 Update (recommended)" \
- --defaultno \
- --yesno "PHP 7.x is recommended for both security and language features.\
-\\n\\nWould you like to install PHP7 via Remi's RPM repository?\
-\\n\\nSee: https://rpms.remirepo.net for more information"\
- "${r}" "${c}" && result=0 || result=$?
-
- case ${result} in
- "${DIALOG_OK}" )
- printf " %b Installing PHP 7 via Remi's RPM repository\\n" "${INFO}"
- "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null
- if rpm -q ${REMI_PKG} &> /dev/null; then
- printf " %b Remi's RPM repository is already installed\\n" "${TICK}"
- else
- printf " %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}"
- yum -y install "${REMI_REPO_URL}"
- printf " %b Installed %s from %s\\n" "${TICK}" "${REMI_PKG}" "${REMI_REPO_URL}"
- printf " %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}"
- fi
- yum-config-manager --disable 'remi-php*'
- yum-config-manager --enable "${REMI_REPO}"
-
- # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI
- if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then
- printf " %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}"
- else
- printf " %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}"
- exit 1
- fi
- ;;
-
- # User chose not to install PHP 7 via Remi's RPM repository
- "${DIALOG_CANCEL}")
- # User decided to NOT update PHP from REMI, attempt to install the default available PHP version
- printf " %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}"
- ;;
-
- # User closed the dialog window
- "${DIALOG_ESC}")
- printf " %b Escape pressed, exiting installer at Remi dialog window\\n" "${CROSS}"
- exit 1
- ;;
- esac
- fi
-
- else
- # Warn user of unsupported version of Fedora or CentOS
- dialog --no-shadow --keep-tite \
- --title "Unsupported RPM based distribution" \
- --defaultno \
- --no-button "Exit" \
- --yes-button "Continue" \
- --yesno "Would you like to continue installation on an unsupported RPM based distribution?\
-\\n\\nPlease ensure the following packages have been installed manually:\
-\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+"\
- "${r}" "${c}" && result=0 || result=$?
-
- case ${result} in
- # User chose to continue installation on an unsupported RPM based distribution
- "${DIALOG_OK}")
- printf " %b User opted to continue installation on an unsupported RPM based distribution.\\n" "${INFO}"
- ;;
- # User chose not to continue installation on an unsupported RPM based distribution
- "${DIALOG_CANCEL}")
- printf " %b User opted not to continue installation on an unsupported RPM based distribution.\\n" "${INFO}"
- exit 1
- ;;
- "${DIALOG_ESC}")
- printf " %b Escape pressed, exiting installer at unsupported RPM based distribution dialog window\\n" "${CROSS}"
- exit 1
- ;;
- esac
- fi
-}
-
# A function for checking if a directory is a git repository
is_repo() {
# Use a named, local variable instead of the vague $1, which is the first argument passed to this function
@@ -805,7 +682,7 @@ testIPv6() {
find_IPv6_information() {
# Detects IPv6 address used for communication to WAN addresses.
- IPV6_ADDRESSES=($(ip -6 address | grep 'scope global' | awk '{print $2}'))
+ mapfile -t IPV6_ADDRESSES <<<"$(ip -6 address | grep 'scope global' | awk '{print $2}')"
# For each address in the array above, determine the type of IPv6 address it is
for i in "${IPV6_ADDRESSES[@]}"; do
@@ -820,13 +697,13 @@ find_IPv6_information() {
# Determine which address to be used: Prefer ULA over GUA or don't use any if none found
# If the ULA_ADDRESS contains a value,
- if [[ ! -z "${ULA_ADDRESS}" ]]; then
+ if [[ -n "${ULA_ADDRESS}" ]]; then
# set the IPv6 address to the ULA address
IPV6_ADDRESS="${ULA_ADDRESS}"
# Show this info to the user
printf " %b Found IPv6 ULA address\\n" "${INFO}"
# Otherwise, if the GUA_ADDRESS has a value,
- elif [[ ! -z "${GUA_ADDRESS}" ]]; then
+ elif [[ -n "${GUA_ADDRESS}" ]]; then
# Let the user know
printf " %b Found IPv6 GUA address\\n" "${INFO}"
# And assign it to the global variable
@@ -889,9 +766,9 @@ getStaticIPv4Settings() {
--cancel-label "Exit" \
--backtitle "IP information" \
--title "FYI: IP Conflict" \
- --msgbox "\\nIt is possible your router could still try to assign this IP to a device, which would cause a conflict\
-But in most cases the router is smart enough to not do that.\
-If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want.\
+ --msgbox "\\nIt is possible your router could still try to assign this IP to a device, which would cause a conflict, \
+but in most cases the router is smart enough to not do that.\n\n\
+If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want.\n\n\
It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address."\
"${r}" "${c}" && result=0 || result=$?
@@ -1250,8 +1127,8 @@ setAdminFlag() {
;;
esac
- # If the user wants to install the Web admin interface (i.e. it has not been deselected above)
- if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
+ # If the user wants to install the Web admin interface (i.e. it has not been deselected above) and did not deselect the web server via command-line argument
+ if [[ "${INSTALL_WEB_INTERFACE}" == true && "${INSTALL_WEB_SERVER}" == true ]]; then
# Get list of required PHP modules, excluding base package (common) and handler (cgi)
local i php_modules
for i in "${PIHOLE_WEB_DEPS[@]}"; do [[ $i == 'php'* && $i != *'-common' && $i != *'-cgi' ]] && php_modules+=" ${i#*-}"; done
@@ -1525,7 +1402,7 @@ installConfigs() {
install -m 644 /dev/null /etc/lighttpd/external.conf
fi
# If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config
- if [[ -f "${PI_HOLE_BLOCKPAGE_DIR}/custom.php" ]]; then
+ if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then
sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}"
fi
# Make the directories if they do not exist and set the owners
@@ -1751,9 +1628,9 @@ install_dependent_packages() {
# Running apt-get install with minimal output can cause some issues with
# requiring user input (e.g password for phpmyadmin see #218)
printf " %b Processing %s install(s) for: %s, please wait...\\n" "${INFO}" "${PKG_MANAGER}" "${installArray[*]}"
- printf '%*s\n' "$columns" '' | tr " " -;
+ printf '%*s\n' "${c}" '' | tr " " -;
"${PKG_INSTALL[@]}" "${installArray[@]}"
- printf '%*s\n' "$columns" '' | tr " " -;
+ printf '%*s\n' "${c}" '' | tr " " -;
return
fi
printf "\\n"
@@ -1774,9 +1651,9 @@ install_dependent_packages() {
# If there's anything to install, install everything in the list.
if [[ "${#installArray[@]}" -gt 0 ]]; then
printf " %b Processing %s install(s) for: %s, please wait...\\n" "${INFO}" "${PKG_MANAGER}" "${installArray[*]}"
- printf '%*s\n' "$columns" '' | tr " " -;
+ printf '%*s\n' "${c}" '' | tr " " -;
"${PKG_INSTALL[@]}" "${installArray[@]}"
- printf '%*s\n' "$columns" '' | tr " " -;
+ printf '%*s\n' "${c}" '' | tr " " -;
return
fi
printf "\\n"
@@ -1785,19 +1662,14 @@ install_dependent_packages() {
# Install the Web interface dashboard
installPiholeWeb() {
- printf "\\n %b Installing blocking page...\\n" "${INFO}"
+ printf "\\n %b Installing 404 page...\\n" "${INFO}"
- local str="Creating directory for blocking page, and copying files"
+ local str="Creating directory for 404 page, and copying files"
printf " %b %s..." "${INFO}" "${str}"
- # Install the directory,
- install -d -m 0755 ${PI_HOLE_BLOCKPAGE_DIR}
- # and the blockpage
- install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/{index,blockingpage}.* ${PI_HOLE_BLOCKPAGE_DIR}/
-
- # Remove superseded file
- if [[ -e "${PI_HOLE_BLOCKPAGE_DIR}/index.js" ]]; then
- rm "${PI_HOLE_BLOCKPAGE_DIR}/index.js"
- fi
+ # Install the directory
+ install -d -m 0755 ${PI_HOLE_404_DIR}
+ # and the 404 handler
+ install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/index.php ${PI_HOLE_404_DIR}/
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
@@ -1939,6 +1811,7 @@ finalExports() {
# Bring in the current settings and the functions to manipulate them
source "${setupVars}"
+ # shellcheck source=advanced/Scripts/webpage.sh
source "${PI_HOLE_LOCAL_REPO}/advanced/Scripts/webpage.sh"
# Look for DNS server settings which would have to be reapplied
@@ -2248,11 +2121,7 @@ checkout_pull_branch() {
git_pull=$(git pull --no-rebase || return 1)
- if [[ "$git_pull" == *"up-to-date"* ]]; then
- printf " %b %s\\n" "${INFO}" "${git_pull}"
- else
- printf "%s\\n" "$git_pull"
- fi
+ printf " %b %s\\n" "${INFO}" "${git_pull}"
return 0
}
@@ -2656,12 +2525,6 @@ main() {
printf " %b Checking for / installing Required dependencies for this install script...\\n" "${INFO}"
install_dependent_packages "${INSTALLER_DEPS[@]}"
- #In case of RPM based distro, select the proper PHP version
- if [[ "$PKG_MANAGER" == "yum" || "$PKG_MANAGER" == "dnf" ]] ; then
- select_rpm_php
- fi
-
-
# If the setup variable file exists,
if [[ -f "${setupVars}" ]]; then
# if it's running unattended,
@@ -2866,7 +2729,7 @@ main() {
# Display where the log file is
printf "\\n %b The install log is located at: %s\\n" "${INFO}" "${installLogLoc}"
- printf "%b%s Complete! %b\\n" "${COL_LIGHT_GREEN}" "${INSTALL_TYPE}" "${COL_NC}"
+ printf " %b %b%s complete! %b\\n" "${TICK}" "${COL_LIGHT_GREEN}" "${INSTALL_TYPE}" "${COL_NC}"
if [[ "${INSTALL_TYPE}" == "Update" ]]; then
printf "\\n"
diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh
index a58ad753..0b516d0f 100755
--- a/automated install/uninstall.sh
+++ b/automated install/uninstall.sh
@@ -44,8 +44,8 @@ source "${setupVars}"
# package_manager_detect() sourced from basic-install.sh
package_manager_detect
-# Install packages used by the Pi-hole
-DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}")
+# Uninstall packages used by the Pi-hole
+DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}" "${OS_CHECK_DEPS[@]}")
if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
# Install the Web dependencies
DEPS+=("${PIHOLE_WEB_DEPS[@]}")
diff --git a/gravity.sh b/gravity.sh
index 77974694..6f96b845 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -139,9 +139,9 @@ update_gravity_timestamp() {
# Import domains from file and store them in the specified database table
database_table_from_file() {
# Define locals
- local table source backup_path backup_file tmpFile type
+ local table src backup_path backup_file tmpFile list_type
table="${1}"
- source="${2}"
+ src="${2}"
backup_path="${piholeDir}/migration_backup"
backup_file="${backup_path}/$(basename "${2}")"
tmpFile="$(mktemp -p "/tmp" --suffix=".gravity")"
@@ -155,13 +155,13 @@ database_table_from_file() {
# Special handling for domains to be imported into the common domainlist table
if [[ "${table}" == "whitelist" ]]; then
- type="0"
+ list_type="0"
table="domainlist"
elif [[ "${table}" == "blacklist" ]]; then
- type="1"
+ list_type="1"
table="domainlist"
elif [[ "${table}" == "regex" ]]; then
- type="3"
+ list_type="3"
table="domainlist"
fi
@@ -174,9 +174,9 @@ database_table_from_file() {
rowid+=1
fi
- # Loop over all domains in ${source} file
+ # Loop over all domains in ${src} file
# Read file line by line
- grep -v '^ *#' < "${source}" | while IFS= read -r domain
+ grep -v '^ *#' < "${src}" | while IFS= read -r domain
do
# Only add non-empty lines
if [[ -n "${domain}" ]]; then
@@ -185,10 +185,10 @@ database_table_from_file() {
echo "${rowid},\"${domain}\",${timestamp}" >> "${tmpFile}"
elif [[ "${table}" == "adlist" ]]; then
# Adlist table format
- echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\",,0,0,0" >> "${tmpFile}"
+ echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\",,0,0,0" >> "${tmpFile}"
else
# White-, black-, and regexlist table format
- echo "${rowid},${type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\"" >> "${tmpFile}"
+ echo "${rowid},${list_type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\"" >> "${tmpFile}"
fi
rowid+=1
fi
@@ -201,14 +201,14 @@ database_table_from_file() {
status="$?"
if [[ "${status}" -ne 0 ]]; then
- echo -e "\\n ${CROSS} Unable to fill table ${table}${type} in database ${gravityDBfile}\\n ${output}"
+ echo -e "\\n ${CROSS} Unable to fill table ${table}${list_type} in database ${gravityDBfile}\\n ${output}"
gravity_Cleanup "error"
fi
# Move source file to backup directory, create directory if not existing
mkdir -p "${backup_path}"
- mv "${source}" "${backup_file}" 2> /dev/null || \
- echo -e " ${CROSS} Unable to backup ${source} to ${backup_path}"
+ mv "${src}" "${backup_file}" 2> /dev/null || \
+ echo -e " ${CROSS} Unable to backup ${src} to ${backup_path}"
# Delete tmpFile
rm "${tmpFile}" > /dev/null 2>&1 || \
@@ -719,10 +719,10 @@ gravity_DownloadBlocklistFromUrl() {
# Parse source files into domains format
gravity_ParseFileIntoDomains() {
- local source="${1}" destination="${2}" firstLine
+ local src="${1}" destination="${2}" firstLine
# Determine if we are parsing a consolidated list
- #if [[ "${source}" == "${piholeDir}/${matterAndLight}" ]]; then
+ #if [[ "${src}" == "${piholeDir}/${matterAndLight}" ]]; then
# Remove comments and print only the domain name
# Most of the lists downloaded are already in hosts file format but the spacing/formatting is not contiguous
# This helps with that and makes it easier to read
@@ -733,7 +733,7 @@ gravity_ParseFileIntoDomains() {
# 4) Remove lines containing "/"
# 5) Remove leading tabs, spaces, etc.
# 6) Delete lines not matching domain names
- < "${source}" tr -d '\r' | \
+ < "${src}" tr -d '\r' | \
tr '[:upper:]' '[:lower:]' | \
sed 's/\s*#.*//g' | \
sed -r '/(\/).*$/d' | \
@@ -745,16 +745,16 @@ gravity_ParseFileIntoDomains() {
# Individual file parsing: Keep comments, while parsing domains from each line
# We keep comments to respect the list maintainer's licensing
- read -r firstLine < "${source}"
+ read -r firstLine < "${src}"
# Determine how to parse individual source file formats
if [[ "${firstLine,,}" =~ (adblock|ublock|^!) ]]; then
# Compare $firstLine against lower case words found in Adblock lists
echo -e " ${CROSS} Format: Adblock (list type not supported)"
- elif grep -q "^address=/" "${source}" &> /dev/null; then
+ elif grep -q "^address=/" "${src}" &> /dev/null; then
# Parse Dnsmasq format lists
echo -e " ${CROSS} Format: Dnsmasq (list type not supported)"
- elif grep -q -E "^https?://" "${source}" &> /dev/null; then
+ elif grep -q -E "^https?://" "${src}" &> /dev/null; then
# Parse URL list if source file contains "http://" or "https://"
# Scanning for "^IPv4$" is too slow with large (1M) lists on low-end hardware
echo -ne " ${INFO} Format: URL"
@@ -770,13 +770,13 @@ gravity_ParseFileIntoDomains() {
/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ { next }
# Print if nonempty
length { print }
- ' "${source}" 2> /dev/null > "${destination}"
+ ' "${src}" 2> /dev/null > "${destination}"
chmod 644 "${destination}"
echo -e "${OVER} ${TICK} Format: URL"
else
# Default: Keep hosts/domains file in same format as it was downloaded
- output=$( { mv "${source}" "${destination}"; } 2>&1 )
+ output=$( { mv "${src}" "${destination}"; } 2>&1 )
chmod 644 "${destination}"
if [[ ! -e "${destination}" ]]; then
@@ -870,15 +870,19 @@ gravity_Cleanup() {
database_recovery() {
local result
- local str="Checking integrity of existing gravity database"
+ local str="Checking integrity of existing gravity database (this can take a while)"
local option="${1}"
echo -ne " ${INFO} ${str}..."
- if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"; then
+ result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"
+
+ if [[ ${result} = "ok" ]]; then
echo -e "${OVER} ${TICK} ${str} - no errors found"
- str="Checking foreign keys of existing gravity database"
+ str="Checking foreign keys of existing gravity database (this can take a while)"
echo -ne " ${INFO} ${str}..."
- if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"; then
+ unset result
+ result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"
+ if [[ -z ${result} ]]; then
echo -e "${OVER} ${TICK} ${str} - no errors found"
if [[ "${option}" != "force" ]]; then
return
diff --git a/manpages/pihole.8 b/manpages/pihole.8
index 4b1e5154..11c21b28 100644
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -11,8 +11,6 @@ Pi-hole : A black-hole for internet advertisements
.br
\fBpihole -a\fR (\fB-c|-f|-k\fR)
.br
-\fBpihole -a -e\fR email
-.br
\fBpihole -a -i\fR interface
.br
\fBpihole -a -l\fR privacylevel
@@ -132,9 +130,6 @@ Available commands and options:
-f, fahrenheit Set Fahrenheit as preferred temperature unit
.br
-k, kelvin Set Kelvin as preferred temperature unit
-.br
- -e, email Set an administrative contact address for the
- Block Page
.br
-i, interface Specify dnsmasq's interface listening behavior
.br
diff --git a/pihole b/pihole
index c54a3192..eb825965 100755
--- a/pihole
+++ b/pihole
@@ -16,7 +16,6 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
# error due to modifying a readonly variable.
setupVars="/etc/pihole/setupVars.conf"
PI_HOLE_BIN_DIR="/usr/local/bin"
-readonly FTL_PID_FILE="/run/pihole-FTL.pid"
readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
source "${colfile}"
@@ -36,19 +35,20 @@ listFunc() {
}
debugFunc() {
- local automated
- local web
+ local automated
+ local web
+ local check_database_integrity
+ # Pull off the `debug` leaving passed call augmentation flags in $1
+ shift
- # Pull off the `debug` leaving passed call augmentation flags in $1
- shift
- if [[ "$@" == *"-a"* ]]; then
- automated="true"
- fi
- if [[ "$@" == *"-w"* ]]; then
- web="true"
- fi
+ for value in "$@"; do
+ [[ "$value" == *"-a"* ]] && automated="true"
+ [[ "$value" == *"-w"* ]] && web="true"
+ [[ "$value" == *"-c"* ]] && check_database_integrity="true"
+ [[ "$value" == *"--check_database"* ]] && check_database_integrity="true"
+ done
- AUTOMATED=${automated:-} WEBCALL=${web:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
+ AUTOMATED=${automated:-} WEBCALL=${web:-} CHECK_DATABASE=${check_database_integrity:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
exit 0
}
@@ -100,25 +100,8 @@ versionFunc() {
exec "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
}
-# Get PID of main pihole-FTL process
-getFTLPID() {
- local pid
-
- if [ -s "${FTL_PID_FILE}" ]; then
- # -s: FILE exists and has a size greater than zero
- pid="$(<"$FTL_PID_FILE")"
- # Exploit prevention: unset the variable if there is malicious content
- # Verify that the value read from the file is numeric
- [[ "$pid" =~ [^[:digit:]] ]] && unset pid
- fi
-
- # If FTL is not running, or the PID file contains malicious stuff, substitute
- # negative PID to signal this to the caller
- echo "${pid:=-1}"
-}
-
restartDNS() {
- local svcOption svc str output status pid icon
+ local svcOption svc str output status pid icon FTL_PID_FILE
svcOption="${1:-restart}"
# Determine if we should reload or restart
@@ -127,7 +110,11 @@ restartDNS() {
# Note 1: This will NOT re-read any *.conf files
# Note 2: We cannot use killall here as it does
# not know about real-time signals
- pid="$(getFTLPID)"
+
+ # get the current path to the pihole-FTL.pid
+ FTL_PID_FILE="$(getFTLPIDFile)"
+
+ pid="$(getFTLPID ${FTL_PID_FILE})"
if [[ "$pid" -eq "-1" ]]; then
svc="true"
str="FTL is not running"
@@ -140,7 +127,7 @@ restartDNS() {
elif [[ "${svcOption}" =~ "reload" ]]; then
# Reloading of the DNS cache has been requested
# Note: This will NOT re-read any *.conf files
- pid="$(getFTLPID)"
+ pid="$(getFTLPID ${FTL_PID_FILE})"
if [[ "$pid" -eq "-1" ]]; then
svc="true"
str="FTL is not running"
@@ -315,33 +302,37 @@ analyze_ports() {
}
statusFunc() {
- # Determine if there is pihole-FTL service is listening
- local pid port ftl_api_port
+ # Determine if there is pihole-FTL service is listening
+ local pid port ftl_api_port ftl_pid_file ftl_apiport_file
- pid="$(getFTLPID)"
- ftl_api_port="$(getFTLAPIPort)"
- if [[ "$pid" -eq "-1" ]]; then
- case "${1}" in
- "web") echo "-1";;
- *) echo -e " ${CROSS} DNS service is NOT running";;
- esac
- return 0
- else
- #get the DNS port pihole-FTL is listening on by using FTL's telnet API
- port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
- if [[ "${port}" == "0" ]]; then
- case "${1}" in
- "web") echo "-1";;
- *) echo -e " ${CROSS} DNS service is NOT listening";;
- esac
- return 0
+ ftl_pid_file="$(getFTLPIDFile)"
+
+ pid="$(getFTLPID ${ftl_pid_file})"
+
+ ftl_apiport_file="${getFTLAPIPortFile}"
+ ftl_api_port="$(getFTLAPIPort ${ftl_apiport_file})"
+ if [[ "$pid" -eq "-1" ]]; then
+ case "${1}" in
+ "web") echo "-1";;
+ *) echo -e " ${CROSS} DNS service is NOT running";;
+ esac
+ return 0
else
- if [[ "${1}" != "web" ]]; then
- echo -e " ${TICK} FTL is listening on port ${port}"
- analyze_ports "${port}"
- fi
+ #get the DNS port pihole-FTL is listening on by using FTL's telnet API
+ port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
+ if [[ "${port}" == "0" ]]; then
+ case "${1}" in
+ "web") echo "-1";;
+ *) echo -e " ${CROSS} DNS service is NOT listening";;
+ esac
+ return 0
+ else
+ if [[ "${1}" != "web" ]]; then
+ echo -e " ${TICK} FTL is listening on port ${port}"
+ analyze_ports "${port}"
+ fi
+ fi
fi
- fi
# Determine if Pi-hole's blocking is enabled
if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then
@@ -455,6 +446,7 @@ Whitelist/Blacklist Options:
Debugging Options:
-d, debug Start a debugging session
+ Add '-c' or '--check-database' to include a Pi-hole database integrity check
Add '-a' to automatically upload the log to tricorder.pi-hole.net
-f, flush Flush the Pi-hole log
-r, reconfigure Reconfigure or Repair Pi-hole subsystems
diff --git a/test/_centos_7.Dockerfile b/test/_centos_7.Dockerfile
deleted file mode 100644
index b97f1679..00000000
--- a/test/_centos_7.Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-FROM centos:7
-RUN yum install -y dialog git python3
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-ADD test/centos7.epel.override /etc/yum/pluginconf.d/fastestmirror.conf
-RUN true && \
- chmod +x $SCRIPTDIR/*
-
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/_ubuntu_21.Dockerfile b/test/_ubuntu_21.Dockerfile
deleted file mode 100644
index 05801de8..00000000
--- a/test/_ubuntu_21.Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-FROM buildpack-deps:impish-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN true && \
- chmod +x $SCRIPTDIR/*
-
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
diff --git a/test/centos7.epel.override b/test/centos7.epel.override
deleted file mode 100644
index 3451f17d..00000000
--- a/test/centos7.epel.override
+++ /dev/null
@@ -1,7 +0,0 @@
-[main]
-verbose = 0
-socket_timeout = 3
-enabled = 1
-hostfilepath = /var/cache/yum/timedhosts.txt
-maxhostfileage = 1
-exclude=.edu
diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py
index 61849f54..1e2a849b 100644
--- a/test/test_any_automated_install.py
+++ b/test/test_any_automated_install.py
@@ -116,9 +116,9 @@ def test_installPiholeWeb_fresh_install_no_errors(host):
source /opt/pihole/basic-install.sh
installPiholeWeb
''')
- expected_stdout = info_box + ' Installing blocking page...'
+ expected_stdout = info_box + ' Installing 404 page...'
assert expected_stdout in installWeb.stdout
- expected_stdout = tick_box + (' Creating directory for blocking page, '
+ expected_stdout = tick_box + (' Creating directory for 404 page, '
'and copying files')
assert expected_stdout in installWeb.stdout
expected_stdout = info_box + ' Backing up index.lighttpd.html'
@@ -130,7 +130,6 @@ def test_installPiholeWeb_fresh_install_no_errors(host):
assert expected_stdout in installWeb.stdout
web_directory = host.run('ls -r /var/www/html/pihole').stdout
assert 'index.php' in web_directory
- assert 'blockingpage.css' in web_directory
def get_directories_recursive(host, directory):
@@ -240,24 +239,14 @@ def test_installPihole_fresh_install_readableFiles(host):
'r', '/etc/pihole/dns-servers.conf', piholeuser)
actual_rc = host.run(check_servers).rc
assert exit_status_success == actual_rc
- # readable GitHubVersions
- check_version = test_cmd.format(
- 'r', '/etc/pihole/GitHubVersions', piholeuser)
- actual_rc = host.run(check_version).rc
- assert exit_status_success == actual_rc
# readable install.log
check_install = test_cmd.format(
'r', '/etc/pihole/install.log', piholeuser)
actual_rc = host.run(check_install).rc
assert exit_status_success == actual_rc
- # readable localbranches
- check_localbranch = test_cmd.format(
- 'r', '/etc/pihole/localbranches', piholeuser)
- actual_rc = host.run(check_localbranch).rc
- assert exit_status_success == actual_rc
- # readable localversions
+ # readable versions
check_localversion = test_cmd.format(
- 'r', '/etc/pihole/localversions', piholeuser)
+ 'r', '/etc/pihole/versions', piholeuser)
actual_rc = host.run(check_localversion).rc
assert exit_status_success == actual_rc
# readable logrotate
@@ -605,10 +594,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
'r', webroot + '/pihole/index.php', webuser)
actual_rc = host.run(check_index).rc
assert exit_status_success == actual_rc
- check_blockpage = test_cmd.format(
- 'r', webroot + '/pihole/blockingpage.css', webuser)
- actual_rc = host.run(check_blockpage).rc
- assert exit_status_success == actual_rc
if test_webpage is True:
# check webpage for unreadable files
noPHPfopen = re.compile(
@@ -1107,7 +1092,7 @@ def test_package_manager_has_installer_deps(host):
install_dependent_packages ${INSTALLER_DEPS[@]}
''')
- assert 'No package' not in output.stdout # centos7 still exits 0...
+ assert 'No package' not in output.stdout
assert output.rc == 0
@@ -1117,11 +1102,10 @@ def test_package_manager_has_pihole_deps(host):
output = host.run('''
source /opt/pihole/basic-install.sh
package_manager_detect
- select_rpm_php
install_dependent_packages ${PIHOLE_DEPS[@]}
''')
- assert 'No package' not in output.stdout # centos7 still exits 0...
+ assert 'No package' not in output.stdout
assert output.rc == 0
@@ -1131,9 +1115,8 @@ def test_package_manager_has_web_deps(host):
output = host.run('''
source /opt/pihole/basic-install.sh
package_manager_detect
- select_rpm_php
install_dependent_packages ${PIHOLE_WEB_DEPS[@]}
''')
- assert 'No package' not in output.stdout # centos7 still exits 0...
+ assert 'No package' not in output.stdout
assert output.rc == 0
diff --git a/test/test_any_utils.py b/test/test_any_utils.py
index b30ff7fd..5126f263 100644
--- a/test/test_any_utils.py
+++ b/test/test_any_utils.py
@@ -50,25 +50,73 @@ def test_key_removal_works(host):
assert expected_stdout == output.stdout
+def test_getFTLAPIPortFile_default(host):
+ ''' Confirms getFTLAPIPortFile returns the default API port file path '''
+ output = host.run('''
+ source /opt/pihole/utils.sh
+ getFTLAPIPortFile
+ ''')
+ expected_stdout = '/run/pihole-FTL.port\n'
+ assert expected_stdout == output.stdout
+
+
def test_getFTLAPIPort_default(host):
''' Confirms getFTLAPIPort returns the default API port '''
output = host.run('''
source /opt/pihole/utils.sh
- getFTLAPIPort
+ getFTLAPIPort "/run/pihole-FTL.port"
''')
expected_stdout = '4711\n'
assert expected_stdout == output.stdout
-def test_getFTLAPIPort_custom(host):
+def test_getFTLAPIPortFile_and_getFTLAPIPort_custom(host):
''' Confirms getFTLAPIPort returns a custom API port in a custom PORTFILE location '''
host.run('''
- echo "PORTFILE=/tmp/port.file" > /etc/pihole/pihole-FTL.conf
- echo "1234" > /tmp/port.file
+ tmpfile=$(mktemp)
+ echo "PORTFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
+ echo "1234" > ${tmpfile}
''')
output = host.run('''
source /opt/pihole/utils.sh
- getFTLAPIPort
+ FTL_API_PORT_FILE=$(getFTLAPIPortFile)
+ getFTLAPIPort "${FTL_API_PORT_FILE}"
+ ''')
+ expected_stdout = '1234\n'
+ assert expected_stdout == output.stdout
+
+
+def test_getFTLPIDFile_default(host):
+ ''' Confirms getFTLPIDFile returns the default PID file path '''
+ output = host.run('''
+ source /opt/pihole/utils.sh
+ getFTLPIDFile
+ ''')
+ expected_stdout = '/run/pihole-FTL.pid\n'
+ assert expected_stdout == output.stdout
+
+
+def test_getFTLPID_default(host):
+ ''' Confirms getFTLPID returns the default value if FTL is not running '''
+ output = host.run('''
+ source /opt/pihole/utils.sh
+ getFTLPID
+ ''')
+ expected_stdout = '-1\n'
+ assert expected_stdout == output.stdout
+
+
+def test_getFTLPIDFile_and_getFTLPID_custom(host):
+ ''' Confirms getFTLPIDFile returns a custom PID file path '''
+ host.run('''
+ tmpfile=$(mktemp)
+ echo "PIDFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
+ echo "1234" > ${tmpfile}
+ ''')
+ output = host.run('''
+ source /opt/pihole/utils.sh
+ FTL_PID_FILE=$(getFTLPIDFile)
+ getFTLPID "${FTL_PID_FILE}"
''')
expected_stdout = '1234\n'
assert expected_stdout == output.stdout
diff --git a/test/test_centos_7_support.py b/test/test_centos_7_support.py
deleted file mode 100644
index c7e75813..00000000
--- a/test/test_centos_7_support.py
+++ /dev/null
@@ -1,63 +0,0 @@
-from .conftest import (
- tick_box,
- info_box,
- mock_command,
-)
-
-
-def test_php_upgrade_default_optout_centos_eq_7(host):
- '''
- confirms the default behavior to opt-out of installing PHP7 from REMI
- '''
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
- 'Deprecated PHP may be in use.')
- assert expected_stdout in package_manager_detect.stdout
- remi_package = host.package('remi-release')
- assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optout_centos_eq_7(host):
- '''
- confirms installer behavior when user opt-out of installing PHP7 from REMI
- (php not currently installed)
- '''
- # dialog returns Cancel for user prompt
- mock_command('dialog', {'*': ('', '1')}, host)
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
- 'Deprecated PHP may be in use.')
- assert expected_stdout in package_manager_detect.stdout
- remi_package = host.package('remi-release')
- assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optin_centos_eq_7(host):
- '''
- confirms installer behavior when user opt-in to installing PHP7 from REMI
- (php not currently installed)
- '''
- # dialog returns Continue for user prompt
- mock_command('dialog', {'*': ('', '0')}, host)
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- assert 'opt-out' not in package_manager_detect.stdout
- expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
- '(https://rpms.remirepo.net)')
- assert expected_stdout in package_manager_detect.stdout
- expected_stdout = tick_box + (' Remi\'s RPM repository has '
- 'been enabled for PHP7')
- assert expected_stdout in package_manager_detect.stdout
- remi_package = host.package('remi-release')
- assert remi_package.is_installed
diff --git a/test/test_centos_8_support.py b/test/test_centos_8_support.py
deleted file mode 100644
index 9adbe841..00000000
--- a/test/test_centos_8_support.py
+++ /dev/null
@@ -1,68 +0,0 @@
-from .conftest import (
- tick_box,
- info_box,
- mock_command,
-)
-
-
-def test_php_upgrade_default_continue_centos_gte_8(host):
- '''
- confirms the latest version of CentOS continues / does not optout
- (should trigger on CentOS7 only)
- '''
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
- ' Deprecated PHP may be in use.')
- assert unexpected_stdout not in package_manager_detect.stdout
- # ensure remi was not installed on latest CentOS
- remi_package = host.package('remi-release')
- assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optout_skipped_centos_gte_8(host):
- '''
- confirms installer skips user opt-out of installing PHP7 from REMI on
- latest CentOS (should trigger on CentOS7 only)
- (php not currently installed)
- '''
- # dialog dialog returns Cancel for user prompt
- mock_command('dialog', {'*': ('', '1')}, host)
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
- ' Deprecated PHP may be in use.')
- assert unexpected_stdout not in package_manager_detect.stdout
- # ensure remi was not installed on latest CentOS
- remi_package = host.package('remi-release')
- assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optin_skipped_centos_gte_8(host):
- '''
- confirms installer skips user opt-in to installing PHP7 from REMI on
- latest CentOS (should trigger on CentOS7 only)
- (php not currently installed)
- '''
- # dialog dialog returns Continue for user prompt
- mock_command('dialog', {'*': ('', '0')}, host)
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- assert 'opt-out' not in package_manager_detect.stdout
- unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository '
- '(https://rpms.remirepo.net)')
- assert unexpected_stdout not in package_manager_detect.stdout
- unexpected_stdout = tick_box + (' Remi\'s RPM repository has '
- 'been enabled for PHP7')
- assert unexpected_stdout not in package_manager_detect.stdout
- remi_package = host.package('remi-release')
- assert not remi_package.is_installed
diff --git a/test/test_centos_common_support.py b/test/test_centos_common_support.py
index ac408e92..3497267a 100644
--- a/test/test_centos_common_support.py
+++ b/test/test_centos_common_support.py
@@ -7,23 +7,6 @@ from .conftest import (
)
-def test_release_supported_version_check_centos(host):
- '''
- confirms installer exits on unsupported releases of CentOS
- '''
- # modify /etc/redhat-release to mock an unsupported CentOS release
- host.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- expected_stdout = cross_box + (' CentOS 6 is not supported.')
- assert expected_stdout in package_manager_detect.stdout
- expected_stdout = 'Please update to CentOS release 7 or later'
- assert expected_stdout in package_manager_detect.stdout
-
-
def test_enable_epel_repository_centos(host):
'''
confirms the EPEL package repository is enabled when installed on CentOS
@@ -31,7 +14,6 @@ def test_enable_epel_repository_centos(host):
package_manager_detect = host.run('''
source /opt/pihole/basic-install.sh
package_manager_detect
- select_rpm_php
''')
expected_stdout = info_box + (' Enabling EPEL package repository '
'(https://fedoraproject.org/wiki/EPEL)')
@@ -40,86 +22,3 @@ def test_enable_epel_repository_centos(host):
assert expected_stdout in package_manager_detect.stdout
epel_package = host.package('epel-release')
assert epel_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_default_optout_centos(host):
- '''
- confirms the default behavior to opt-out of upgrading to PHP7 from REMI
- '''
- # first we will install the default php version to test installer behavior
- php_install = host.run('yum install -y php')
- assert php_install.rc == 0
- php_package = host.package('php')
- default_centos_php_version = php_package.version.split('.')[0]
- if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended
- pytest.skip("Test deprecated . Detected default PHP version >= 7")
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
- 'Deprecated PHP may be in use.')
- assert expected_stdout in package_manager_detect.stdout
- remi_package = host.package('remi-release')
- assert not remi_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_user_optout_centos(host):
- '''
- confirms installer behavior when user opt-out to upgrade to PHP7 via REMI
- '''
- # first we will install the default php version to test installer behavior
- php_install = host.run('yum install -y php')
- assert php_install.rc == 0
- php_package = host.package('php')
- default_centos_php_version = php_package.version.split('.')[0]
- if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended
- pytest.skip("Test deprecated . Detected default PHP version >= 7")
- # dialog returns Cancel for user prompt
- mock_command('dialog', {'*': ('', '1')}, host)
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- ''')
- expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
- 'Deprecated PHP may be in use.')
- assert expected_stdout in package_manager_detect.stdout
- remi_package = host.package('remi-release')
- assert not remi_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_user_optin_centos(host):
- '''
- confirms installer behavior when user opt-in to upgrade to PHP7 via REMI
- '''
- # first we will install the default php version to test installer behavior
- php_install = host.run('yum install -y php')
- assert php_install.rc == 0
- php_package = host.package('php')
- default_centos_php_version = php_package.version.split('.')[0]
- if int(default_centos_php_version) >= 7: # PHP7 is supported/recommended
- pytest.skip("Test deprecated . Detected default PHP version >= 7")
- # dialog returns Continue for user prompt
- mock_command('dialog', {'*': ('', '0')}, host)
- package_manager_detect = host.run('''
- source /opt/pihole/basic-install.sh
- package_manager_detect
- select_rpm_php
- install_dependent_packages PIHOLE_WEB_DEPS[@]
- ''')
- expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
- 'Deprecated PHP may be in use.')
- assert expected_stdout not in package_manager_detect.stdout
- expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
- '(https://rpms.remirepo.net)')
- assert expected_stdout in package_manager_detect.stdout
- expected_stdout = tick_box + (' Remi\'s RPM repository has '
- 'been enabled for PHP7')
- assert expected_stdout in package_manager_detect.stdout
- remi_package = host.package('remi-release')
- assert remi_package.is_installed
- updated_php_package = host.package('php')
- updated_php_version = updated_php_package.version.split('.')[0]
- assert int(updated_php_version) == 7
diff --git a/test/test_fedora_support.py b/test/test_fedora_support.py
index 63fde90e..57a6c5c4 100644
--- a/test/test_fedora_support.py
+++ b/test/test_fedora_support.py
@@ -6,11 +6,8 @@ def test_epel_and_remi_not_installed_fedora(host):
package_manager_detect = host.run('''
source /opt/pihole/basic-install.sh
package_manager_detect
- select_rpm_php
''')
assert package_manager_detect.stdout == ''
epel_package = host.package('epel-release')
assert not epel_package.is_installed
- remi_package = host.package('remi-release')
- assert not remi_package.is_installed
diff --git a/test/tox.centos_7.ini b/test/tox.centos_7.ini
deleted file mode 100644
index 319465dd..00000000
--- a/test/tox.centos_7.ini
+++ /dev/null
@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _centos_7.Dockerfile -t pytest_pihole:test_container ../
- pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_7_support.py
diff --git a/test/tox.centos_8.ini b/test/tox.centos_8.ini
index c7926289..e94c2433 100644
--- a/test/tox.centos_8.ini
+++ b/test/tox.centos_8.ini
@@ -5,4 +5,4 @@ envlist = py38
whitelist_externals = docker
deps = -rrequirements.txt
commands = docker build -f _centos_8.Dockerfile -t pytest_pihole:test_container ../
- pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_8_support.py
+ pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py
diff --git a/test/tox.ubuntu_21.ini b/test/tox.ubuntu_21.ini
deleted file mode 100644
index 070d3a72..00000000
--- a/test/tox.ubuntu_21.ini
+++ /dev/null
@@ -1,8 +0,0 @@
-[tox]
-envlist = py38
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _ubuntu_21.Dockerfile -t pytest_pihole:test_container ../
- pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
)
-
-
- 
-
+ 
+ 
- 
-
- ');
-} elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) {
- // Serve SVG upon receiving non $validExtTypes URL extension or query string
- // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly
- // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page
- $blockImg = '
-
- ';
- exit(setHeader()."
-
-
-
- $viewPort
-
- $blockImg
- ");
}
-/* Start processing Block Page from here */
+exit(header("HTTP/1.1 404 Not Found"));
-// Define admin email address text based off $svEmail presence
-$bpAskAdmin = !empty($svEmail) ? '' : "";
-
-// Get possible non-standard location of FTL's database
-$FTLsettings = parse_ini_file("/etc/pihole/pihole-FTL.conf");
-if (isset($FTLsettings["GRAVITYDB"])) {
- $gravityDBFile = $FTLsettings["GRAVITYDB"];
-} else {
- $gravityDBFile = "/etc/pihole/gravity.db";
-}
-
-// Connect to gravity.db
-try {
- $db = new SQLite3($gravityDBFile, SQLITE3_OPEN_READONLY);
-} catch (Exception $exception) {
- die("[ERROR]: Failed to connect to gravity.db");
-}
-
-// Get all adlist addresses
-$adlistResults = $db->query("SELECT address FROM vw_adlist");
-$adlistsUrls = array();
-while ($row = $adlistResults->fetchArray()) {
- array_push($adlistsUrls, $row[0]);
-}
-
-if (empty($adlistsUrls))
- die("[ERROR]: There are no adlists enabled");
-
-// Get total number of blocklists (Including Whitelist, Blacklist & Wildcard lists)
-$adlistsCount = count($adlistsUrls) + 3;
-
-// Set query timeout
-ini_set("default_socket_timeout", 3);
-
-// Logic for querying blocklists
-function queryAds($serverName) {
- // Determine the time it takes while querying adlists
- $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
-
- // Determine which protocol should be used
- $protocol = "http";
- if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ||
- (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') ||
- (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
- ) {
- $protocol = "https";
- }
-
- // Format the URL
- $queryAdsURL = sprintf(
- "%s://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
- $protocol,
- $_SERVER["SERVER_PORT"],
- $serverName
- );
-
- // Request the file and receive the response
- $queryAdsFile = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
-
- // $queryAdsFile must be an array (to avoid PHP 8.0+ error)
- if (is_array($queryAdsFile)) {
- $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAdsFile)));
- } else {
- // if not an array, return an error message
- return array("0" => "error", "1" => "