chkconfig is a dependency of spawn-fcgi which is a dependency of lighttpd which is installed via PIHOLE_WEB_DEPS in phase 2
adding chkconfig to INSTALLER_DEPS to ensure /etc/init.d is present during the installation prompts (phase 1)
Signed-off-by: bcambl <blayne@blaynecampbell.com>
During install in `valid_ip`, we split up the IP address into octets to verify it is valid (each is <= 255).
This validation was broken in #2743 when a variable usage was quoted where it should have stayed unquoted:
```
./automated install/basic-install.sh: line 942: [[: 192.241.211.120: syntax error: invalid arithmetic operator (error token is ".241.211.120")
```
Due to this error, `127.0.0.1` would be used instead of the requested IP address. Also, this prevented the user from entering a custom DNS server as it would be marked as an invalid IP address.
Signed-off-by: Mark Drobnak <mark.drobnak@gmail.com>
chkconfig is a dependency of spawn-fcgi which is a dependency of lighttpd which is installed via PIHOLE_WEB_DEPS in phase 2
adding chkconfig to INSTALLER_DEPS to ensure /etc/init.d is present during the installation prompts (phase 1)
Signed-off-by: bcambl <blayne@blaynecampbell.com>
Previously, install_dependent_packages would receive an array variable
name as its single parameter, and would use variable indirection to
access it; this change simplifies that function so that it instead
receives the expanded array.
Signed-off-by: David Haguenauer <ml@kurokatta.org>
This greatly reduces the number of warnings emitted by ShellCheck, and
in turn should make it more likely that errors are caught in the
future.
Signed-off-by: David Haguenauer <ml@kurokatta.org>
Fixes the typo in update_package_cache(), where the error message
contained the color code twice, instead of the $UPDATE_PKG_CACHE text.
Signed-off-by: Jan Piskvor Martinec <github@piskvor.org>
Only a user has been created beforehand. Only some distributions create
a group with the same name based on their configuration. We cannot
assume this is always the default.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
`sqlite3` is provided by the `sqlite` package on CentOS & Fedora
Signed-off-by: bcambl <blayne@blaynecampbell.com>
(cherry picked from commit 724afc000f)
- move some logic from setStaticIPv4 to setDHCPCD
- breakout ifcfg configuration into separate function which takes a config path as an argument
- setStaticIPv4 now checks for configs and calls the appropriate function accordingly
- add logic to check ifcfg file by _connection name_ if file is not found by _interface name_
Signed-off-by: bcambl <blayne@blaynecampbell.com>
It has a bug/regression causing it to fail if external.conf does not exist,
so touch external.conf when installing lighttpd config
Signed-off-by: Mark Drobnak <mark.drobnak@gmail.com>
- FedBerry (Fedora based ARM image)
- Scientific Linux (CentOS based)
- Add prompt to continue installing on unsupported RPM based distros
Signed-off-by: bcambl <blayne@blaynecampbell.com>
The other permission calls will always be run so that the file is in the
expected state after install and repair.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
I could not find documentation on a `--head` flag, but there is a `--heads` flag which does the same thing.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
The only use of net-tools is the use of route in chronometer.sh so
instead use the same method as used in piholeDebug.sh to get the
default gateway so there's no need to depend on net-tools anylonger.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Fixed up the version checking. Thanks for your help @dschaper.
No longer uses the version string as returned, but uses the major and minor version numbers extracted from it, against the minimum of 5.5.
Tested against real install of php 7.0, (and the version check logic separately tested against a variety of artificial version numbers, of multiple digits for both major and minor version. - Lesson learned, I'm never trusting bash again)
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
This hands checking of lighttpd's status over to the existing check_service_active() function.
All other checks of service status within the install script are handled by this function.
Use of existing function:
Avoids duplication of service detection logic.
Uses return code to determine status, thereby avoids parsing text to determine status, and reliance on English language locale to determine activity, (which may also be broken on some systems (# 2204)
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
Function to install man page.
Verifies that man pages are installed, and correct directory for the pihole manpage is present.
Copies file, and runs man-db to update man page database.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
The check for systemd-resolved DNSStubListener, and disabling as necessary is a new function, called just prior to start_service pihole-FTL.
The check for ubuntu bionic 18.04 specifically is removed.
The check if resolved is enabled is made with check_service_active()
An additional check that the dnsstublistener is enabled is made.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
- Move some functions from checkout to basic-install
- provide helpful error message on downlaod not existing
Signed-off-by: Adam Warner <adamw@rner.email>
This bug was introduced by #1758 where the CIDR was removed from the static IP check.
The CIDR was acting as a boundary so we need to test for a boundary or a slash character.
Signed-off-by: bcambl <blayne@blaynecampbell.com>
Removed updatePihole() function and updated if/then statements in installPihole() and main(). Corrected minor typos.
Signed-off-by: Fauxsys <fiber.cipher@gmail.com>
+ Fix indentation
+ Stick with case, add "On" to provide INFO print out, although its not
technically required as INSTALL_WEB_SERVER=true is default value.
Debian 9.4 does not install `psmisc` by default and the following error will happen during installation:
```
[✗] /usr/local/bin/pihole: line 353: killall: command not found
/usr/local/bin/pihole: line 364: killall: command not found
```
This patch adds `psmisc` (that contains `killall`) as dependency
Signed-off-by: Michele Bologna <michele.bologna@gmail.com>
Remove duplicate code. get_binary_name is now in the install script
Add some "version" checking to ftl download when using an alt branch, uses checksum
Greatly simplify update process. Source pihole-FTL version checker from basic-install.sh
Always run install script to finalise changes.
Install script now outputs versions after an update
(This is a Squash of previous work into one commit)
Signed-off-by: Adam Warner <adamw@rner.email>
With a very minor code change, individuals can now implement restrictions on dangers, disturbing, or otherwise adult oriented content without the need for managed restrictions.
This is a fairly non-invasive change and will benefit users who intend to use VPN for home or small business uses where access to such material may be undesirable.
- Some formatting tweaks to the `start_service` `stop_`service` `disable_service` and `enable_service` commands
Signed-off-by: Adam Warner <adamw@rner.email>
- Check if downloaded binary file can resolve queries, if so stop and disable dnsmasq
- Add service_disable function
- Add dependency libcap2-bin on debian to enable setcap. Need to check other distos
-Always download FTL binary if /etc/pihole/ftlbranch does not contain "master"
- Change some strings/variables that reference dnsmasq and change them to pihole/pihole-FTL
Signed-off-by: Adam Warner <adamw@rner.email>
Do not expect CIDR format IP addresses in /etc/sysconfig/network-scripts/ifcfg-* files as it is not a requirement.
Expect only:
IPADDR=10.10.10.10
Do not expect:
IPADDR=10.10.10.10/24
* Print newline on error message
* Output last three lines of error if update fails
* Consistent error messages & housekeeping
* Add shellcheck directive to ignore COL_TABLE
* Quoted and braced variables for codebase consistency
* Escaped newlines correctly
* Made error messages consistent (indenting and wording)
* Removed consecutive echos
* Conditional formatting consistency
* Braced, quoted and used [[ on conditionals
* Fix specific ShellCheck issues
* Fixed issues that could be safely changed without extensive testing
* Update SELinux whiptail behaviour & more
* Colourised some strings
* Fixed multiple line string indenting
* Made output consistent with existing codebase
* Removed sequential echos
* Make SELinux whiptail use "--defaultno", and change text wording
* Add help text for hostrecord, and colourise output
* this should fix the tests...
Signed-off-by: Adam Warner <adamw@rner.email>
* revert changes to `update_package_cache()` to prove tests
Signed-off-by: Adam Warner <adamw@rner.email>
* Always process DNS and DHCP settings in installer
* Make sure dnsmasq config exists before modifying it
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
* Make sure the dnsmasq config directory exists
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
* Only remove the DHCP config if it exists (fixes tests, hopefully)
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
* Always process DNS and DHCP settings in installer
* change where finalExports is called and where LIGHTTPD_ENABLED is set.
Signed-off-by: Adam Warner <adamw@rner.email>
* this may or may not work. If it does, can be functionised to reduce code duping
Signed-off-by: Adam Warner <adamw@rner.email>
* This will fix the tests, but break the patch
Signed-off-by: Adam Warner <adamw@rner.email>
* Do not activate disabled lighttpd upon update
* Fixes#1362
* Use systemctl when available
* Move `finalexports` to the very end of the install script
set value of LIGHTTPD_ENABLED to 1 or 0 depending on whether or not lighttpd is enabled or disabled.
actually save LIGHTTPD_ENABLED value to setupvars.conf
Signed-off-by: Adam Warner <adamw@rner.email>
* add [[ -z "${LIGHTTPD_ENABLED}" ]] back in!
Signed-off-by: Adam Warner <adamw@rner.email>
* Ensure "Loaded:" is the line being checked
* Colourise disabled lighttpd message
* Prevent disabled lighttpd triggering error
* change of plan, don't need that [[ -z "${LIGHTTPD_ENABLED}" ]]
Signed-off-by: Adam Warner <adamw@rner.email>
This will probably break some tests. I'll work that out in a bit
Signed-off-by: Adam Warner <adamw@rner.email>
Signed-off-by: Adam Warner <adamw@rner.email>
* Define colours within COL_TABLE
* Do not output colours for non-terminal instances
* Removed ":::"
* Fixed indenting & spacing
* Made output consistent throughout project
* Reworded text to fit on standard 80 char wide Terminal screen
* Made 'sudo raspi-config' warning (insufficient disk space) only show on RPi
* Make "Installation/Update Complete" the final msg
* Remove redundant messages
* Simplify update available message
* Confirm user would like to begin uninstall
* If "git pull" string says "Already up-to-date.", place [i] before it
* Colour Temp/Interface output
* Made `pihole disable 5z` invalid
* Added error fallback if invalid argument (not s/m) is detected
* Quoted "$2" for consistency
* Updated help text
* L185/286: Replaced echo with redirect
* User agents for adblock.mahakala.is/adaway.org unnecessary
* Print newline on confirmation of repository reset
* Add output to admin-related dnsmasq restarts
* Return error message for "pihole -q"
* Imply default checkout behaviour with y/N
* Fix uninstall failing to remove pihole user
* Print checkout 'git remote show origin' STDERR on new line
* Replaced checkout "AdminLTE" wording with "Web Admin"
* Fix handling of wildcard help text
* Rewrite help text for better handling of params
* Replace misleading letter variable
* stash changes on branch switch, else it fails if any changes have been made.
* Make changes according to comment in #1384
* Update queryFunc()
* Allow scanList() to search files using a wildcard by removing quotes wrapped around `${list}`
* scanList() will not provide a domain ouput on each string if exact is specified (`grep -l`)
* Remove unused processWildcards() function
* Return a message if no domain is specified
* IDN domains are converted to punycode when running a `pihole -q` search if the `python` package is available, otherwise will revert to current behaviour
* Scan Blacklist & Wildcards first, exiting from search if a match is found (Fixes#1330)
* Use one `grep` subshell to search for all "*.domains" lists at once (opposed to looping to get every matching file name, and then spawning a `grep` instance for every matching file)
* queryFunc() will not return "(0 results)" output from files where no match is found
* Sort results based off list number
* Return a message if no results are found
* Update basic-install.sh
* Update block page. Allow for setupVars setting of CUSTOMBLOCKPAGE (bool) to prevent it being overwritten
* simplify
* further simplify
* fix inteliJ IDEA complaints
* even further simplify
* tidy up output
* revert line, looks tidyer
* clarify
* Revert "Ensure any changes to blocking page are updated."
* We test for dpkg lock on line 830 directly, no need for the check also
in the template section.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* Display FTL version & version.sh rewrite
While testing to make sure `pihole -v` would output `pihole-FTL version`, I noticed some options didn't work how I expected them to. For example, if I use `pihole -v -p`, I would expect to see the version output of Pi-hole Core. Instead, I'm informed that it's an invalid option.
I've had the following things in mind while rewriting this:
* I'm operating under the assumption that FTL is only installed if the Admin Console is (Line 113 exit 0)
* I have modified the help text to only output with `pihole -v --help`
* I have modified all output to be more similar to the output style of `grep` and `curl` (Ditching ":::")
Testing output:
```
w3k@MCT:~$ pihole -v
Pi-hole version is v3.0.1-14-ga928cd3 (Latest: v3.0.1)
Admin Console version is v3.0-9-g3760482 (Latest: v3.0.1)
FTL version is v2.6.2 (Latest: v2.6.2)
w3k@MCT:~$ pihole -v -c
Current Pi-hole version is v3.0.1-14-ga928cd3
Current Admin Console version is v3.0-9-g3760482
Current FTL version is v2.6.2
w3k@MCT:~$ pihole -v -l
Latest Pi-hole version is v3.0.1
Latest Admin Console version is v3.0.1
Latest FTL version is v2.6.2
w3k@MCT:~$ pihole -v -p --hash
Current Pi-hole hash is a928cd3
w3k@MCT:~$ pihole -v -a --hash
Current Admin Console hash is 3760482
w3k@MCT:~$ pihole -v --help
Usage: pihole -v [REPO | OPTION] [OPTION]
Show Pi-hole, Web Admin & FTL versions
<Shows all Repositories and Options>
w3k@MCT:~$ pihole -v -foo
Invalid Option!
```
* Update -h to work as --hash
Also provide error output as per https://github.com/pi-hole/pi-hole/pull/1447#issuecomment-300600093
* Perform EXACT searches on HOSTS lists correctly
`\s` on the end may be overkill, but it is the existing scanList() behaviour.
* Fixed indentation
* Minimise string duplication & other minor changes
Instead of duplicating output strings, rewrite core/web/ftlOutput() into one neat versionOutput().
* Modified syntax to be valid for Shellcheck
* Log and echo gateway responses
* Update queryFunc() to search Whitelist
If there is a match in Whitelist/Blacklist/Wildcards, `[ ! -t 1 ]` will cause the search to end if the terminal is closed when the script is called. This has the intended effect of allowing a user to search for a W/B/W domain (as well as all the adlists it's found in) using `pihole -q` via Terminal, but the script will stop searching after a W/B/W match when called by the block page.
* Wrap in double brackets
* Provide remote hashes for version.sh
* Provide remote hashes for comparison
* Use double braces for all conditions (for consistency)
* Suppress potential "cd" error output
* Provide "not applicable" output upon any hash request for FTL
* whitelist on website blocked doesnt work (#1452)
Since Pi-hole redirects ad domains to itself, accessing the script via de.ign.com is the same as pi.hole in this case. The fix should be as simple as adding a / before admin on this line.
* Solve piholeLogFlush.sh having to be issued 2 x to clear logs (#1460)
Simplified the command -v syntax, and added a sleep 3 timer to the first execution of the log rotation. The second execution was being issued while the first was still running, thus it would fail and you would have to issue the "Flush Logs" command a second time.
* Use `echo "ABC" | pihole tricorder` to upload to Pi-hole's medical tricorder. Uses SSL if available.
* Update list.sh
I believe this has feature parity with `sed /foo/ Id` but also supports busybox, and my alpine docker ;)
* Document `sed` substitution for user readability
Comment the oneliner with explanations of what each step does.
* Update Help Output (#1467)
* File consistency
* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals
* Standardise core help text
* Added help text for disable command
* Added help text for logging command
* Clean up
* Fixed certain new lines and spaces
* Sync with development branch
* Formatting consistency
* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals
* Fixed certain newlines and spaces
* Admin help text
* Added help text for interface command
* Sync with development branch
* Formatting consistency
* Tabs to 2 spaces
* Fixed some wording
* Fixed certain spaces
* Formatting consistency
* Minor wording changes
* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals
* Fixed certain newlines and spaces
* Blacklist help text
* Formatting consistency
* Tabs to 2 spaces
* Corrected indenting
* Cronometer help text
* Formatting consistency
* Fixed certain newlines and spaces
* Corrected indenting
* Checkout warning alteration
* Add checkout help text
* Corrected help output
* Show help for "pihole -a -i --help"
* Fix "pihole disable --help" and "pihole -l --help"
* Show help for "pihole -v -h"
* Indent output text
* Minor help text change
* Show help for "pihole checkout --help"
* Tricorder: Insecure Opt-out
* Check to see if Tricorder is being called directly
* Provide opt-out for insecure transmission of debug log
* Remove mention of internal function from help menu
* 🌮 is the new :shipit: squirrel
* Wording changes and bug fix
* Fix wildcard help text
* -wild is not a valid option since we're already using -wild
* Fix logrotation: manual flushing should be done twice, but automated rotation at midnight should only be done *once*!
* Print echos only when manual flushing is requested
* Add "quiet" mode + update comments in the cron file
* Confirm Tricorder is online
* Scan port 9998 to confirm the availability of "tricorder.pi-hole.net"
* Exit codes for upload process
* Formatting consistency
* Add link to Windows DNS Swapper
See #1400
* Install loopback firewall rules for FTL (#1419)
* Install loopback firewall rules for FTL
* FirewallD FTL ports
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* Remove firewallD FTL local rules.
Local rules should not be blocked in firewallD, not requred for internal service FTD>
* Reinstate https rules, and delete FTL rules
Fixes earlier commit.
* Retrieve local repos on repair (#1481)
* Retrieve local repos on repair
* Change conditional to check for repair
* Change wording of Update/Reconfigure message
* Fixed indenting
* Perform "git reset --hard" on reconfigure
* Change directory before trying to reset repository. Fixes#1489
* No need to `cd $PWD` as it doesn't affect flow of caller script.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* Refine output of password status in basic-install.sh:displayFinalMessage(). Fixes#1488 (#1490)
* Rewrite Chronometer to output more stats
* Fix output IPv4 addr when removing CIDR notation (#1498)
* Move wildcards file if blocking is disabled (#1495)
* Move wildcards file if blocking is diabled
* Delete newline
* Roll back merge #1417 (#1494)
* Update ISSUE_TEMPLATE.md
* Remove Question option
* Prefer ULA over GUA addresses [IPv6] (#1508)
* On installs with GUA and ULA's we should prefer ULA's as it's been demonstrated that GUA's can and often are rotated by ISPs. Fixes#1473
* Add test for link-local address detection
* Add ULA-only and GUA-only tests
* Add test_IPv6_GUA_ULA_test and test_IPv6_ULA_GUA_test
* Add ""
* Add mock_command_2 command that can mock a command with more than one argument (as "ip -6 address") and result multiple lines of results
* Make mock_command_2 more similar to the original mock_command
* Correct comments
* Fixed remaining comments
* Fixed one last comment...
* Fixed a comment...
* Add weekly logrotation of FTL's log (#1509)
* Update LICENSE of the project to EUPL v1.2
* Make clear that NO is the default if the user just hits return (#1514)
* Add tricorderFunc back as usable function (#1515)
As per #1464
* Don't update FTL when there is a core update (as this will update FTL a second time). Fixes#1516
* Add FTL tests to the test suite (#1510)
* Add first version of FTL tests
* Wait one second to allow FTL to start up and analyze our mock log
* Add test_FTL_telnet_statistics
* Added test_FTL_telnet_top_clients
* Add test_FTL_telnet_top_domains
* Revert "Add FTL tests to the test suite (#1510)" (#1519)
This reverts commit cf6a1ac9ad.
* Trim version output when update is successful (#1527)
* Change ownership of /etc/pihole to user/group pihole. Fixes#1529 (#1530)
* Delete temporary files after installing the FTL binary. Fixes#1525
* Change from admin to approvers teams
* Introduce new file black.list for blacklist content
* Add "pihole -g -b" to *only* update black.list (saves a bunch of time when adding/changing only blacklisted files - won'tdownload lal lists, but only processes the blacklist and restars dnsmasq)
* Remove useless cat
* Improve displayed messages and overall logic
* Disable black.list on "pihole disable"
* cp + rm === mv (well, almost)
* On installs with GUA and ULA's we should prefer ULA's as it's been demonstrated that GUA's can and often are rotated by ISPs. Fixes#1473
* Add test for link-local address detection
* Add ULA-only and GUA-only tests
* Add test_IPv6_GUA_ULA_test and test_IPv6_ULA_GUA_test
* Add ""
* Add mock_command_2 command that can mock a command with more than one argument (as "ip -6 address") and result multiple lines of results
* Make mock_command_2 more similar to the original mock_command
* Correct comments
* Fixed remaining comments
* Fixed one last comment...
* Fixed a comment...
* Retrieve local repos on repair
* Change conditional to check for repair
* Change wording of Update/Reconfigure message
* Fixed indenting
* Perform "git reset --hard" on reconfigure
* Install loopback firewall rules for FTL
* FirewallD FTL ports
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* Remove firewallD FTL local rules.
Local rules should not be blocked in firewallD, not requred for internal service FTD>
* Reinstate https rules, and delete FTL rules
Fixes earlier commit.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
`"${pw}"`
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Absolute path for pihole
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Debian PKG_INSTALL as array
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Take out some whiptail subshells that aren't needed.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
default rule DROP or REJECT as last rule.
Regex the conditions to make sure we are getting the right conditions.
Reframe the logic to simplify the chains and rules
Reframe the logic to simplify the chains and rules
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Modify Fedora dependency installer
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Fedora now installs and arrays only non-installed packages. Fedora also noops the cache update, since it updates at every dnf call anyays.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>