tyler.durden/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole.git synced 2025-07-30 17:14:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Pi-hole Core v6.0.6 (#6118)

Browse Source
This commit is contained in:
Adam Warner 2025-03-30 17:54:55 +01:00 committed by GitHub
commit 0f7803b775
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 79 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/test.yml vendored
View File

@ -77,7 +77,7 @@ jobs:
uses: actions/checkout@v4.2.2 uses: actions/checkout@v4.2.2
- name: Set up Python 3.10 - name: Set up Python 3.10
uses: actions/setup-python@v5.4.0 uses: actions/setup-python@v5.5.0
with: with:
python-version: "3.10" python-version: "3.10"

10
README.md
View File

@ -3,13 +3,9 @@
# #
<p align="center"> <p align="center">
<picture> <img src="https://raw.githubusercontent.com/pi-hole/graphics/refs/heads/master/Vortex/vortex_with_text.svg" alt="Pi-hole website" width="168" height="270">
<source media="(prefers-color-scheme: dark)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_darkmode.png"> <br>
<source media="(prefers-color-scheme: light)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png"> <strong>Network-wide ad blocking via your own Linux hardware</strong>
<img src="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png" width="168" height="270" alt="Pi-hole website">
</picture>
<br>
<strong>Network-wide ad blocking via your own Linux hardware</strong>
</p> </p>
<!-- markdownlint-enable MD033 --> <!-- markdownlint-enable MD033 -->

3
advanced/Scripts/COL_TABLE
View File

@ -1,5 +1,6 @@
#!/usr/bin/env sh
# Determine if terminal is capable of showing colors # Determine if terminal is capable of showing colors
if ([ -t 1 ] && [ $(tput colors) -ge 8 ]) || [ "${WEBCALL}" ]; then if [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; then
# Bold and underline may not show up on all clients # Bold and underline may not show up on all clients
# If something MUST be emphasized, use both # If something MUST be emphasized, use both
COL_BOLD='' COL_BOLD=''

90
advanced/Scripts/api.sh
View File

@ -21,7 +21,7 @@
TestAPIAvailability() { TestAPIAvailability() {
# as we are running locally, we can get the port value from FTL directly # as we are running locally, we can get the port value from FTL directly
local chaos_api_list availabilityResponse local chaos_api_list authResponse authStatus authData
# Query the API URLs from FTL using CHAOS TXT local.api.ftl # Query the API URLs from FTL using CHAOS TXT local.api.ftl
# The result is a space-separated enumeration of full URLs # The result is a space-separated enumeration of full URLs
@ -49,20 +49,29 @@ TestAPIAvailability() {
API_URL="${API_URL#\"}" API_URL="${API_URL#\"}"
# Test if the API is available at this URL # Test if the API is available at this URL
availabilityResponse=$(curl -skS -o /dev/null -w "%{http_code}" "${API_URL}auth") authResponse=$(curl --connect-timeout 2 -skS -w "%{http_code}" "${API_URL}auth")
# authStatus are the last 3 characters
# not using ${authResponse#"${authResponse%???}"}" here because it's extremely slow on big responses
authStatus=$(printf "%s" "${authResponse}" | tail -c 3)
# data is everything from response without the last 3 characters
authData=$(printf %s "${authResponse%???}")
# Test if http status code was 200 (OK) or 401 (authentication required) # Test if http status code was 200 (OK) or 401 (authentication required)
if [ ! "${availabilityResponse}" = 200 ] && [ ! "${availabilityResponse}" = 401 ]; then if [ ! "${authStatus}" = 200 ] && [ ! "${authStatus}" = 401 ]; then
# API is not available at this port/protocol combination # API is not available at this port/protocol combination
API_PORT="" API_PORT=""
else else
# API is available at this URL combination # API is available at this URL combination
if [ "${availabilityResponse}" = 200 ]; then if [ "${authStatus}" = 200 ]; then
# API is available without authentication # API is available without authentication
needAuth=false needAuth=false
fi fi
# Check if 2FA is required
needTOTP=$(echo "${authData}"| jq --raw-output .session.totp 2>/dev/null)
break break
fi fi
@ -108,22 +117,51 @@ LoginAPI() {
echo "API Authentication: Trying to use CLI password" echo "API Authentication: Trying to use CLI password"
fi fi
# Try to authenticate using the CLI password # If we can read the CLI password, we can skip 2FA even when it's required otherwise
Authentication "${1}" needTOTP=false
elif [ "${1}" = "verbose" ]; then elif [ "${1}" = "verbose" ]; then
echo "API Authentication: CLI password not available" echo "API Authentication: CLI password not available"
fi fi
if [ -z "${password}" ]; then
# no password read from CLI file
echo "Please enter your password:"
# secretly read the password
secretRead; printf '\n'
fi
if [ "${needTOTP}" = true ]; then
# 2FA required
echo "Please enter the correct second factor."
echo "(Can be any number if you used the app password)"
read -r totp
fi
# If this did not work, ask the user for the password # Try to authenticate using the supplied password (CLI file or user input) and TOTP
while [ "${validSession}" = false ] || [ -z "${validSession}" ] ; do Authentication "${1}"
# Try to login again until the session is valid
while [ ! "${validSession}" = true ] ; do
echo "Authentication failed. Please enter your Pi-hole password" echo "Authentication failed. Please enter your Pi-hole password"
# Print the error message if there is one
if [ ! "${sessionError}" = "null" ] && [ "${1}" = "verbose" ]; then
echo "Error: ${sessionError}"
fi
# Print the session message if there is one
if [ ! "${sessionMessage}" = "null" ] && [ "${1}" = "verbose" ]; then
echo "Error: ${sessionMessage}"
fi
# secretly read the password # secretly read the password
secretRead; printf '\n' secretRead; printf '\n'
if [ "${needTOTP}" = true ]; then
echo "Please enter the correct second factor:"
echo "(Can be any number if you used the app password)"
read -r totp
fi
# Try to authenticate again # Try to authenticate again
Authentication "${1}" Authentication "${1}"
done done
@ -131,23 +169,27 @@ LoginAPI() {
} }
Authentication() { Authentication() {
sessionResponse="$(curl -skS -X POST "${API_URL}auth" --user-agent "Pi-hole cli " --data "{\"password\":\"${password}\"}" )" sessionResponse="$(curl --connect-timeout 2 -skS -X POST "${API_URL}auth" --user-agent "Pi-hole cli" --data "{\"password\":\"${password}\", \"totp\":${totp:-null}}" )"
if [ -z "${sessionResponse}" ]; then if [ -z "${sessionResponse}" ]; then
echo "No response from FTL server. Please check connectivity" echo "No response from FTL server. Please check connectivity"
exit 1 exit 1
fi fi
# obtain validity and session ID from session response # obtain validity, session ID and sessionMessage from session response
validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null) validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null)
SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null) SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null)
sessionMessage=$(echo "${sessionResponse}"| jq --raw-output .session.message 2>/dev/null)
if [ "${1}" = "verbose" ]; then
if [ "${validSession}" = true ]; then # obtain the error message from the session response
echo "API Authentication: ${COL_GREEN}Success${COL_NC}" sessionError=$(echo "${sessionResponse}"| jq --raw-output .error.message 2>/dev/null)
else
echo "API Authentication: ${COL_RED}Failed${COL_NC}" if [ "${1}" = "verbose" ]; then
if [ "${validSession}" = true ]; then
echo "API Authentication: ${COL_GREEN}Success${COL_NC}"
else
echo "API Authentication: ${COL_RED}Failed${COL_NC}"
fi
fi fi
fi
} }
LogoutAPI() { LogoutAPI() {

2
advanced/Scripts/version.sh
View File

@ -12,7 +12,7 @@
# shellcheck disable=SC3043 # shellcheck disable=SC3043
# https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions # https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
# Source the versions file poupulated by updatechecker.sh # Source the versions file populated by updatechecker.sh
cachedVersions="/etc/pihole/versions" cachedVersions="/etc/pihole/versions"
if [ -f ${cachedVersions} ]; then if [ -f ${cachedVersions} ]; then

3
advanced/Templates/pihole-FTL-prestart.sh
View File

@ -11,7 +11,7 @@ FTL_PID_FILE="$(getFTLConfigValue files.pid)"
# Ensure that permissions are set so that pihole-FTL can edit all necessary files # Ensure that permissions are set so that pihole-FTL can edit all necessary files
mkdir -p /var/log/pihole mkdir -p /var/log/pihole
chown -R pihole:pihole /etc/pihole /var/log/pihole chown -R pihole:pihole /etc/pihole/ /var/log/pihole/
# allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) # allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs)
find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} +
# Set all files (except TLS-related ones) to u+rw g+r # Set all files (except TLS-related ones) to u+rw g+r
@ -26,4 +26,5 @@ chown root:root /etc/pihole/logrotate
[ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" [ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
[ -f /var/log/pihole/FTL.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log [ -f /var/log/pihole/FTL.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
[ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log [ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
[ -f /var/log/pihole/webserver.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/webserver.log
[ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases [ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases

6
gravity.sh
View File

@ -541,16 +541,14 @@ gravity_DownloadBlocklists() {
# it (in case it doesn't exist) # it (in case it doesn't exist)
# First, check if the directory is writable # First, check if the directory is writable
directory="$(dirname -- "${saveLocation}")" directory="$(dirname -- "${saveLocation}")"
directory_permissions=$(stat -c %a ${directory}) if [ ! -w "${directory}" ]; then
if [ $directory_permissions -lt 700 ]; then
echo -e " ${CROSS} Unable to write to ${directory}" echo -e " ${CROSS} Unable to write to ${directory}"
echo " Please run pihole -g as root" echo " Please run pihole -g as root"
echo "" echo ""
continue continue
fi fi
# Then, check if the file is writable (if it exists) # Then, check if the file is writable (if it exists)
saveLocation_permissions=$(stat -c %a ${saveLocation}) if [ -e "${saveLocation}" ] && [ ! -w "${saveLocation}" ]; then
if [ -e "${saveLocation}" ] && [ ${saveLocation_permissions} -lt 600 ]; then
echo -e " ${CROSS} Unable to write to ${saveLocation}" echo -e " ${CROSS} Unable to write to ${saveLocation}"
echo " Please run pihole -g as root" echo " Please run pihole -g as root"
echo "" echo ""

4
test/requirements.txt
View File

@ -1,6 +1,6 @@
pyyaml == 6.0.2 pyyaml == 6.0.2
pytest == 8.3.4 pytest == 8.3.5
pytest-xdist == 3.6.1 pytest-xdist == 3.6.1
pytest-testinfra == 10.1.1 pytest-testinfra == 10.1.1
tox == 4.24.1 tox == 4.25.0
pytest-clarity == 1.0.1 pytest-clarity == 1.0.1