From e437e3a805d1a3add6a56f3bacaa8e38434b9333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 6 Mar 2025 09:48:06 +0100 Subject: [PATCH 01/11] Create webserver.log on FTL startup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Templates/pihole-FTL-prestart.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 49b0f0d4..5813959d 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -26,4 +26,5 @@ chown root:root /etc/pihole/logrotate [ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" [ -f /var/log/pihole/FTL.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log [ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log +[ -f /var/log/pihole/webserver.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/webserver.log [ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases From d094b197e3a6eb941fc1ca6dc1a4fd06b331171d Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Thu, 6 Mar 2025 15:06:34 +0200 Subject: [PATCH 02/11] README.md: switch to the SVG logo Signed-off-by: XhmikosR --- README.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index fddd3d2d..f320f8c5 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,9 @@ #

- - - - Pi-hole website - -
- Network-wide ad blocking via your own Linux hardware + Pi-hole website +
+ Network-wide ad blocking via your own Linux hardware

From 45cb722e5035c70cb49278f8a4f53f799d3d3c6a Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Thu, 6 Mar 2025 21:40:17 +0200 Subject: [PATCH 03/11] version.sh: fix typo in comment Signed-off-by: XhmikosR --- advanced/Scripts/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 2b0883af..540924c2 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -12,7 +12,7 @@ # shellcheck disable=SC3043 # https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions -# Source the versions file poupulated by updatechecker.sh +# Source the versions file populated by updatechecker.sh cachedVersions="/etc/pihole/versions" if [ -f ${cachedVersions} ]; then From f3dc202e36bbcb3a1ce337f3bdbe89302b819bc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 7 Mar 2025 10:16:25 +0100 Subject: [PATCH 04/11] Remove WEB_CALL from COL_TABLE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/COL_TABLE | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advanced/Scripts/COL_TABLE b/advanced/Scripts/COL_TABLE index 4344c7b8..f9a014fc 100644 --- a/advanced/Scripts/COL_TABLE +++ b/advanced/Scripts/COL_TABLE @@ -1,5 +1,6 @@ +#!/usr/bin/env sh # Determine if terminal is capable of showing colors -if ([ -t 1 ] && [ $(tput colors) -ge 8 ]) || [ "${WEBCALL}" ]; then +if [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; then # Bold and underline may not show up on all clients # If something MUST be emphasized, use both COL_BOLD='' From 5de9b6ae698fbf7e13985ab78a4b3674b64c37c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 7 Mar 2025 13:43:41 +0100 Subject: [PATCH 05/11] Add 2FA handling to api.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/api.sh | 90 ++++++++++++++++++++++++++++++----------- 1 file changed, 66 insertions(+), 24 deletions(-) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index b8c7fe99..79fc90f4 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -21,7 +21,7 @@ TestAPIAvailability() { # as we are running locally, we can get the port value from FTL directly - local chaos_api_list availabilityResponse + local chaos_api_list authResponse authStatus authData # Query the API URLs from FTL using CHAOS TXT local.api.ftl # The result is a space-separated enumeration of full URLs @@ -49,20 +49,29 @@ TestAPIAvailability() { API_URL="${API_URL#\"}" # Test if the API is available at this URL - availabilityResponse=$(curl -skS -o /dev/null -w "%{http_code}" "${API_URL}auth") + authResponse=$(curl --connect-timeout 2 -skS -w "%{http_code}" "${API_URL}auth") + + # authStatus are the last 3 characters + # not using ${authResponse#"${authResponse%???}"}" here because it's extremely slow on big responses + authStatus=$(printf "%s" "${authResponse}" | tail -c 3) + # data is everything from response without the last 3 characters + authData=$(printf %s "${authResponse%???}") # Test if http status code was 200 (OK) or 401 (authentication required) - if [ ! "${availabilityResponse}" = 200 ] && [ ! "${availabilityResponse}" = 401 ]; then + if [ ! "${authStatus}" = 200 ] && [ ! "${authStatus}" = 401 ]; then # API is not available at this port/protocol combination API_PORT="" else # API is available at this URL combination - if [ "${availabilityResponse}" = 200 ]; then + if [ "${authStatus}" = 200 ]; then # API is available without authentication needAuth=false fi + # Check if 2FA is required + needTOTP=$(echo "${authData}"| jq --raw-output .session.totp 2>/dev/null) + break fi @@ -108,22 +117,51 @@ LoginAPI() { echo "API Authentication: Trying to use CLI password" fi - # Try to authenticate using the CLI password - Authentication "${1}" - + # If we can read the CLI password, we can skip 2FA even when it's required otherwise + needTOTP=false elif [ "${1}" = "verbose" ]; then echo "API Authentication: CLI password not available" fi + if [ -z "${password}" ]; then + # no password read from CLI file + echo "Please enter your password:" + # secretly read the password + secretRead; printf '\n' + fi + if [ "${needTOTP}" = true ]; then + # 2FA required + echo "Please enter the correct second factor." + echo "(Can be any number if you used the app password)" + read -r totp + fi - # If this did not work, ask the user for the password - while [ "${validSession}" = false ] || [ -z "${validSession}" ] ; do + # Try to authenticate using the supplied password (CLI file or user input) and TOTP + Authentication "${1}" + + # Try to login again until the session is valid + while [ ! "${validSession}" = true ] ; do echo "Authentication failed. Please enter your Pi-hole password" + # Print the error message if there is one + if [ ! "${sessionError}" = "null" ] && [ "${1}" = "verbose" ]; then + echo "Error: ${sessionError}" + fi + # Print the session message if there is one + if [ ! "${sessionMessage}" = "null" ] && [ "${1}" = "verbose" ]; then + echo "Error: ${sessionMessage}" + fi + # secretly read the password secretRead; printf '\n' + if [ "${needTOTP}" = true ]; then + echo "Please enter the correct second factor:" + echo "(Can be any number if you used the app password)" + read -r totp + fi + # Try to authenticate again Authentication "${1}" done @@ -131,23 +169,27 @@ LoginAPI() { } Authentication() { - sessionResponse="$(curl -skS -X POST "${API_URL}auth" --user-agent "Pi-hole cli " --data "{\"password\":\"${password}\"}" )" + sessionResponse="$(curl --connect-timeout 2 -skS -X POST "${API_URL}auth" --user-agent "Pi-hole cli" --data "{\"password\":\"${password}\", \"totp\":${totp:-null}}" )" - if [ -z "${sessionResponse}" ]; then - echo "No response from FTL server. Please check connectivity" - exit 1 - fi - # obtain validity and session ID from session response - validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null) - SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null) - - if [ "${1}" = "verbose" ]; then - if [ "${validSession}" = true ]; then - echo "API Authentication: ${COL_GREEN}Success${COL_NC}" - else - echo "API Authentication: ${COL_RED}Failed${COL_NC}" + if [ -z "${sessionResponse}" ]; then + echo "No response from FTL server. Please check connectivity" + exit 1 + fi + # obtain validity, session ID and sessionMessage from session response + validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null) + SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null) + sessionMessage=$(echo "${sessionResponse}"| jq --raw-output .session.message 2>/dev/null) + + # obtain the error message from the session response + sessionError=$(echo "${sessionResponse}"| jq --raw-output .error.message 2>/dev/null) + + if [ "${1}" = "verbose" ]; then + if [ "${validSession}" = true ]; then + echo "API Authentication: ${COL_GREEN}Success${COL_NC}" + else + echo "API Authentication: ${COL_RED}Failed${COL_NC}" + fi fi - fi } LogoutAPI() { From 9b4502a7a93e67fd1de0f1de7a06daa2636aaece Mon Sep 17 00:00:00 2001 From: casperklein Date: Fri, 7 Mar 2025 23:00:40 +0100 Subject: [PATCH 06/11] Add trailing / to directories Signed-off-by: casperklein --- advanced/Templates/pihole-FTL-prestart.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 49b0f0d4..70405a0b 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -11,7 +11,7 @@ FTL_PID_FILE="$(getFTLConfigValue files.pid)" # Ensure that permissions are set so that pihole-FTL can edit all necessary files mkdir -p /var/log/pihole -chown -R pihole:pihole /etc/pihole /var/log/pihole +chown -R pihole:pihole /etc/pihole/ /var/log/pihole/ # allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + # Set all files (except TLS-related ones) to u+rw g+r From 27aeed76f0aaa411acb8249c47762e8df3251fbf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 Mar 2025 10:30:22 +0000 Subject: [PATCH 07/11] Bump tox from 4.24.1 to 4.24.2 in /test Bumps [tox](https://github.com/tox-dev/tox) from 4.24.1 to 4.24.2. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/4.24.1...4.24.2) --- updated-dependencies: - dependency-name: tox dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- test/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements.txt b/test/requirements.txt index 7b7e679f..b1dd923c 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -2,5 +2,5 @@ pyyaml == 6.0.2 pytest == 8.3.4 pytest-xdist == 3.6.1 pytest-testinfra == 10.1.1 -tox == 4.24.1 +tox == 4.24.2 pytest-clarity == 1.0.1 From 6b873b2d7f06720de7a6808514a1c6fbed9bd88d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 Mar 2025 10:46:01 +0000 Subject: [PATCH 08/11] Bump pytest from 8.3.4 to 8.3.5 in /test Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.4 to 8.3.5. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.3.4...8.3.5) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- test/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements.txt b/test/requirements.txt index b1dd923c..46d614e7 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,5 +1,5 @@ pyyaml == 6.0.2 -pytest == 8.3.4 +pytest == 8.3.5 pytest-xdist == 3.6.1 pytest-testinfra == 10.1.1 tox == 4.24.2 From 3a592471c69ddfbe68867bc3045b31a1dbc0d6a1 Mon Sep 17 00:00:00 2001 From: Michael Woolweaver Date: Fri, 14 Mar 2025 14:32:29 -0500 Subject: [PATCH 09/11] revert pi-hole/pi-hole/pull/6030 in preparation for pi-hole/docker-pi-hole/pull/1786 Signed-off-by: Michael Woolweaver --- gravity.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/gravity.sh b/gravity.sh index 3a7db5ae..493f2b15 100755 --- a/gravity.sh +++ b/gravity.sh @@ -541,16 +541,14 @@ gravity_DownloadBlocklists() { # it (in case it doesn't exist) # First, check if the directory is writable directory="$(dirname -- "${saveLocation}")" - directory_permissions=$(stat -c %a ${directory}) - if [ $directory_permissions -lt 700 ]; then + if [ ! -w "${directory}" ]; then echo -e " ${CROSS} Unable to write to ${directory}" echo " Please run pihole -g as root" echo "" continue fi # Then, check if the file is writable (if it exists) - saveLocation_permissions=$(stat -c %a ${saveLocation}) - if [ -e "${saveLocation}" ] && [ ${saveLocation_permissions} -lt 600 ]; then + if [ -e "${saveLocation}" ] && [ ! -w "${saveLocation}" ]; then echo -e " ${CROSS} Unable to write to ${saveLocation}" echo " Please run pihole -g as root" echo "" From 315528d74036975816a83fb22b5228fc22ae80fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 29 Mar 2025 10:25:08 +0000 Subject: [PATCH 10/11] Bump tox from 4.24.2 to 4.25.0 in /test Bumps [tox](https://github.com/tox-dev/tox) from 4.24.2 to 4.25.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/4.24.2...4.25.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements.txt b/test/requirements.txt index 46d614e7..fa536e25 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -2,5 +2,5 @@ pyyaml == 6.0.2 pytest == 8.3.5 pytest-xdist == 3.6.1 pytest-testinfra == 10.1.1 -tox == 4.24.2 +tox == 4.25.0 pytest-clarity == 1.0.1 From 49fbdc4c00dc8cae39c04fc7fe4d73b5678e06de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 29 Mar 2025 10:25:36 +0000 Subject: [PATCH 11/11] Bump actions/setup-python from 5.4.0 to 5.5.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.4.0 to 5.5.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.4.0...v5.5.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e96bf7d5..43cd8ad4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -77,7 +77,7 @@ jobs: uses: actions/checkout@v4.2.2 - name: Set up Python 3.10 - uses: actions/setup-python@v5.4.0 + uses: actions/setup-python@v5.5.0 with: python-version: "3.10"