With `sudo -E`, the whole environment is passed to the root shell, which is a potential security and/or privacy issue when command overrides/functions, PATH or private user info are passed. To pass `PIHOLE_SKIP_OS_CHECK=true`, it can be passed alone to the bash/script call within the sudo session, so the `-E` flag can be omitted.
Signed-off-by: MichaIng <micha@dietpi.com>
Since Debian Stretch and Ubuntu Bionic, the "netcat" package is a transitional dummy package which pulls in "netcat-traditional" on Debian Stretch+Buster and Ubuntu Bionic, and "netcat-openbsd" on Debian Bullseye, Ubuntu Focal and up.
On Debian Bookworm (testing), however, the "netcat" package has been removed during the last 3 days at time or writing, so that it fails do be installed. While "netcat-traditional" and "netcat-openbsd" both "Provides: netcat", since it's two alternatives, APT does not automatically pick one but aborts, and the only solution is to install one explicitly.
While this is likely a temporary state of the Debian testing suite, having a closer look at the two alternatives shows that "netcat-openbsd" is a much more actively maintained newer version with additional support for IPv6, proxies, and UNIX sockets, which is likely the reason for the gradual transition via meta package from "netcat-traditional" to "netcat-openbsd". This commit hence consequently follows this aim by skipping the transitional dummy package and installing "netcat-openbsd" explicitly as dependency, to avoid any possible errors like the one which occurs currently on Bookworm.
Both packages can be installed concurrently and do no conflict, but are managed via dpkg's "update-alternatives".
For reference:
- https://packages.debian.org/netcat
- https://packages.ubuntu.com/netcat
Signed-off-by: MichaIng <micha@dietpi.com>
* Use ss instead of lsof for pihole status checks
Signed-off-by: DL6ER <dl6er@dl6er.de>
* Use ss FILTER instead of piping into bash
Signed-off-by: DL6ER <dl6er@dl6er.de>
* Use ss in debug log generation
Signed-off-by: DL6ER <dl6er@dl6er.de>
* Remove lsof from dependencies
Signed-off-by: DL6ER <dl6er@dl6er.de>
* Some shellchecks in basic-install.sh
Signed-off-by: ChillerDragon <ChillerDragon@gmail.com>
* Use more explicit grep (thanks to @MichaIng)
Signed-off-by: ChillerDragon <ChillerDragon@gmail.com>
This solves the issue reported here: https://github.com/pi-hole/pi-hole/issues/4196
It replaces the other suggested solution here: https://github.com/pi-hole/pi-hole/pull/4197
The benefit of using a fixed/limited list height, compared to allowing larger whiptail/dialogue dimension, is that it works on small screens as well, where the screen or console size itself is too small to hold the interface list + text above + whiptail frame.
It the amount of list elements exceeds the defined list height, automatically a visual scroll bar is added and the list can be scrolled with up/down pageup/pagedown buttons, hence it is generally not required to adjust a list height based on the amount of elements. The fixed height of "6" is chosen since all other "--radiolist" calls use this fixed height as well, it fits and looks good within a 20 rows high whiptail dialogue, and in the common Pi-hole use cases there are no more than 6 network interfaces.
Signed-off-by: MichaIng <micha@dietpi.com>
The phpInsNewer variable is not set anymore, so that the JSON module is now always tried to be installed. Instead of checking for phpInsNewer to derive whether PHP was installed already, phpInsMajor is now checked. If it is set, PHP is installed already, and only if the major version is lower than 8, the JSON module can be installed.
Signed-off-by: MichaIng <micha@dietpi.com>
Add some smoke tests for the repository.
- Add x bit to piholeCheckout.sh. Possibly not needed, but consistency is no bad thing
- Ensure all files in script directorys have executable bit set
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
The script defines variables for the most important file paths which are not always used to call the file paths. "lighttpdConfig" was never used in the script itself, so that a shellcheck exception needed to be used. With this change, the defined variables are consequently used, which makes the shellcheck exception obsolete as well.
Additionally the assigned strings are quoted, which is not necessary here but aligns with the coding standard and highlights the strings in most editors and development platforms for developer convenience.
Signed-off-by: MichaIng <micha@dietpi.com>
* Do not export unconditionally
Signed-off-by: Christian König <ckoenig@posteo.de>
* Check if variable is unset instead of grep for it
Signed-off-by: Christian König <ckoenig@posteo.de>
* Use bash's buld in word syntax
Signed-off-by: Christian König <ckoenig@posteo.de>
* Move export back to their brothers
Signed-off-by: Christian König <ckoenig@posteo.de>
The installer contains three checks for specific DEB package names, which did change in past Debian/Ubuntu versions. These checks are obsolete with the current set of supported distro versions:
iproute vs iproute2: All distro versions down to Debian Jessie and Ubuntu Xenial ship the iproute2 package:
- https://packages.debian.org/search?keywords=iproute
- https://packages.ubuntu.com/search?suite=all&keywords=iproute
php5 vs php: None of the Ubuntu version down to Xenial and only Debian Jessie ships the php5 package:
- https://packages.debian.org/search?keywords=php5
- https://packages.ubuntu.com/search?suite=all&keywords=php5
Moreover, installs with PHP5 would fail anyway for a longer time, due to the added php-xml module package, which became a dedicated package with PHP7.0 while being part of the core package with PHP5:
- https://packages.debian.org/search?keywords=php5-xml
php-sqlite vs php-sqlite3: With PHP7, the SQLite module package name changed to sqlite3 prefix:
- https://packages.debian.org/search?keywords=php-sqlite
- https://packages.ubuntu.com/search?suite=all&keywords=php-sqlite
Additionally the code comment about minimal apt-get call output was moved to the actual apt-get install call section, as if refers to issues with package installs that require interactive action and hence output about it to the console. The package cache update as well requires an interactive confirmation when the underlying suite code name changes, e.g. when "buster" becomes "oldstable" and "bullseye" becomes "stable". But that is not what the referred issue was about.
The comments around the installer and Pi-hole package dependencies have been aligned with the current v6 branch as attempt to resolve merge conflicts in the first place.
Signed-off-by: MichaIng <micha@dietpi.com>
* Select proper PHP version on RPM based OS after INSTALLER_DEPS have been installed
* Remove check for unsupported RPM distros as it is checked in os_check already
* Add select_rpm_php function to tox tests
Signed-off-by: Christian König <ckoenig@posteo.de>
With the suggested way to call the installer via "curl -sSL https://install.pi-hole.net | bash", STDIN is no terminal, but overridden by the curl output, hence in most cases, the minimum dimensions were applied, even on larger screens. All whiptail calls are hence assured to work fine with those dimensions, aside of one case, making the calculations obsolete.
This commit hardcodes the whiptail dimensions to the prior minimum and removes the calculations. This also helps with testing, as it does not matter anymore how the script is called, and developers have a clearly defined space to make dialogs look nice, including line breaks, menu and list heights.
The only case which does not fit the 70 character width, the second menu entry of the "pihole -r" dialog, has been shortened accordingly. This was not an issue before, as "pihole -r" does not override the scripts STDIN and hence did allow larger dimensions based on the now removed calculations.
See the following discussions for reference:
- https://github.com/pi-hole/pi-hole/issues/3323
- https://github.com/pi-hole/pi-hole/pull/4197#issuecomment-876702380
Signed-off-by: MichaIng <micha@dietpi.com>
1. Ensure we have a compatible package manager
2. Install required packages for os_check to run (we need dnsutils and grep for this
3. Try to install FTL
4. FTL installed? Install installer dependencies and continue as normal - no other dependencies are installed until user has gone through all whiptails
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
The statement "All dependencies are safe to remove on Raspbian" has been added at a time where a much smaller list of dependencies were installed, all indeed relatively safe to purge. Nowadays this list has grown and includes important system packages, like iproute2, psmisc, sudo, curl and others, which are often again dependencies of other packages, like network stacks (ifupdown) and others, so that inexperienced users, following that statement, may break their systems network capabilities and more.
This message has hence been removed.
Signed-off-by: MichaIng <micha@dietpi.com>
sysconfig network scripts are missing on pure NetworkManager installs.
This commit touches a placeholder to allow the network configuration to
be generated and loaded via NetworkManager.
Signed-off-by: bcambl <blayne@blaynecampbell.com>
- "apt-cache show package" succeeds as well if package is listed as (optional) dependency or conflict by another package, hence is not a 100% reliable measure.
- There is no command which explicitly checks which package/name can be selected by apt-get for install. An install simulation/dry-run is possible as it was before Pi-hole v5.1, or the whole package cache can be scraped, which is still the less time consuming solution.
- Allow to succeed if another package "provides" it, like "php7.3-apcu" provided by "php-apcu" or "awk" provided by "mawk" and "gawk", in which case the non-virtual package is selected automatically by apt-get.
For reference: 066b89fa41
Signed-off-by: MichaIng <micha@dietpi.com>
+ Do not ask to install the web server, if the web interface has been deselected before.
+ Add additional info, that PHP modules need to be installed manually, when web server is deselected and the web server user needs to be member of the "pihole" group.
+ Consequently use webroot variable instead of /var/www/html
Signed-off-by: MichaIng <micha@dietpi.com>
If an user installs Pi-hole without selecting any adlists, the installer emits a warning and exits. By touching the file this is prevented.
Signed-off-by: jesterchen <github@jesterweb.de>
* use https when possible
* replace coverage with a link to the docs page in README.md
* remove obsolete affiliate link in README.md
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
"$network" on a systemd-driven OS leads to "After=network-online.target" in the generated systemd unit.
This target is no guarantee that all network interfaces have been fully configured, as it depends on the related network services types, but at least it reduces the risk that those have not fully finished their job when pihole-FTL starts. If this is the case, certain issues can occur:
- https://github.com/pi-hole/pi-hole/issues/2924
- https://discourse.pi-hole.net/t/have-to-pihole-restartdns-after-reboot/28772
Runtime files are now consistently created in "/run" instead of "/var/run". The second is a symlink to the first for backwards compatibility but on none-ancient distro versions one should use "/run", systemd even prints a warnings if service files use "/var/run". The service file used "/run" and "/var/run" both, in cases for the same files/directories before, which does not directly cause issues currently, due to the symlink, but is inconsistent at best.
Signed-off-by: MichaIng <micha@dietpi.com>
- Currently, if the SELinux config file exists, installed SELinux is assumed.
- But removing e.g. an APT package via "apt-get remove" leaves config files in place, or they could be present for other reasons.
- If the getenforce command is not present but the config file is, currently the installer exists without error message when calling getenforce due to "set -e".
- With this change, the presence of getenforce command is checked first. If it is not present, selinux-utils is not installed, which is a core part of SELinux, pulled in by selinux-basics as well. So it can be assumed that no SELinux is active if this command is missing.
Signed-off-by: MichaIng <micha@dietpi.com>
This is and was never required and the pihole user does in fact not get any additional permissions through that group.
Signed-off-by: MichaIng <micha@dietpi.com>
Using the meta package causes several issues:
- Install on Debian prior to Jessie and Ubuntu prior to Xenial is broken, since those do not serve the meta packages but php5-* packages instead.
- If $phpVer != "php", then multiple conflicting PHP versions can be installed.
- If "${phpVer}-intl" does not pull the correct package, then inherently "${phpVer}-xml" etc are wrong, too. This is theoretically possible, e.g. if PHP7.4 was installed while the webserver uses a concurrently installed PHP7.3 instance. Then the "php" shell command output can differ from what the webserver uses. This theoretical issue would need a different approach to derive $phpVer, not based on the shell command output but by asking the webserver somehow in the first place. But using $phpVer for some modules and hardcoded meta for the others can only lead to inconsistencies and issues.
Signed-off-by: MichaIng <micha@dietpi.com>
When checking for available packages in APT repository, running a dry-run install can fail for other reasons, even if the package is available. Currently, in such case, wrong fallback packages are selected: https://github.com/pi-hole/pi-hole/issues/2888
"apt-cache show <pkg>" is a quicker method to check for available packages. This is now done as well to check if the fallbacks are available. If none is found, the installer exits with meaningful error message and exit code.
In rare cases, the APT list files can be missing when the installer is started. E.g. this could be on a fresh system, APT lists could have been moved to RAM or removed as a cleanup step. "apt-cache" calls will then fail, same as dry-run installs were. To assure that current package lists are checked, update the package cache directly after the Ubuntu universe repo has been added, only in the Debian/Ubuntu block. This renders the variable handling in RH/Fedora block obsolete.
Signed-off-by: MichaIng <micha@dietpi.com>