From bef8227cbdd8a370046b08a29d75abe43361629e Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 3 Mar 2025 20:16:07 +0100 Subject: [PATCH 01/76] Use a more general method to determine whether systemd is the init system Signed-off-by: DL6ER --- automated install/basic-install.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e69256ff..f419ab6c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1281,8 +1281,7 @@ installConfigs() { fi # Install pihole-FTL systemd or init.d service, based on whether systemd is the init system or not - # Follow debhelper logic, which checks for /run/systemd/system to derive whether systemd is the init system - if [[ -d '/run/systemd/system' ]]; then + if ps -p 1 -o comm= | grep -q systemd; then install -T -m 0644 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.systemd" '/etc/systemd/system/pihole-FTL.service' # Remove init.d service if present From 4df5c0bb9675eda8d00f8e073f428d1434cd18c6 Mon Sep 17 00:00:00 2001 From: Jack'lul <8418678+jacklul@users.noreply.github.com> Date: Wed, 5 Mar 2025 22:25:33 +0100 Subject: [PATCH 02/76] Add webserver log to piholeLogFlush.sh Signed-off-by: Jack'lul <8418678+jacklul@users.noreply.github.com> --- advanced/Scripts/piholeLogFlush.sh | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 34d96318..58c6a41d 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -35,6 +35,10 @@ FTLFILE=$(getFTLConfigValue "files.log.ftl") if [ -z "$FTLFILE" ]; then FTLFILE="/var/log/pihole/FTL.log" fi +WEBFILE=$(getFTLConfigValue "files.log.webserver") +if [ -z "$WEBFILE" ]; then + WEBFILE="/var/log/pihole/webserver.log" +fi if [[ "$*" == *"once"* ]]; then # Nightly logrotation @@ -71,6 +75,17 @@ if [[ "$*" == *"once"* ]]; then if [[ "$*" != *"quiet"* ]]; then echo -e "${OVER} ${TICK} Rotated ${FTLFILE} ..." fi + # Copy webserver.log over to webserver.log.1 + # and empty out webserver.log + if [[ "$*" != *"quiet"* ]]; then + echo -ne " ${INFO} Rotating ${WEBFILE} ..." + fi + cp -p "${WEBFILE}" "${WEBFILE}.1" + echo " " > "${WEBFILE}" + chmod 640 "${WEBFILE}" + if [[ "$*" != *"quiet"* ]]; then + echo -e "${OVER} ${TICK} Rotated ${WEBFILE} ..." + fi fi else # Manual flushing @@ -103,6 +118,20 @@ else echo -e "${OVER} ${TICK} Flushed ${FTLFILE} ..." fi + # Flush both webserver.log and webserver.log.1 (if existing) + if [[ "$*" != *"quiet"* ]]; then + echo -ne " ${INFO} Flushing ${WEBFILE} ..." + fi + echo " " > "${WEBFILE}" + chmod 640 "${WEBFILE}" + if [ -f "${WEBFILE}.1" ]; then + echo " " > "${WEBFILE}.1" + chmod 640 "${WEBFILE}.1" + fi + if [[ "$*" != *"quiet"* ]]; then + echo -e "${OVER} ${TICK} Flushed ${WEBFILE} ..." + fi + if [[ "$*" != *"quiet"* ]]; then echo -ne " ${INFO} Flushing database, DNS resolution temporarily unavailable ..." fi From dec670a6d63281862edc127cc9f7520753d6a22f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 22 Mar 2025 09:18:02 +0100 Subject: [PATCH 03/76] Move list parsing entirely into FTL Signed-off-by: DL6ER --- gravity.sh | 41 +++++------------------------------------ 1 file changed, 5 insertions(+), 36 deletions(-) diff --git a/gravity.sh b/gravity.sh index 3a7db5ae..c41972f3 100755 --- a/gravity.sh +++ b/gravity.sh @@ -823,11 +823,11 @@ gravity_DownloadBlocklistFromUrl() { done="true" # Check if $listCurlBuffer is a non-zero length file elif [[ -s "${listCurlBuffer}" ]]; then - # Determine if blocklist is non-standard and parse as appropriate - gravity_ParseFileIntoDomains "${listCurlBuffer}" "${saveLocation}" - # Remove curl buffer file after its use - rm "${listCurlBuffer}" - # Compare lists if are they identical + # Move the downloaded list to the final location + mv "${listCurlBuffer}" "${saveLocation}" + # Ensure the file has the correct permissions + fix_owner_permissions "${saveLocation}" + # Compare lists if they are identical compareLists "${adlistID}" "${saveLocation}" # Add domains to database table file pihole-FTL "${gravity_type}" parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}" @@ -856,37 +856,6 @@ gravity_DownloadBlocklistFromUrl() { fi } -# Parse source files into domains format -gravity_ParseFileIntoDomains() { - local src="${1}" destination="${2}" - - # Remove comments and print only the domain name - # Most of the lists downloaded are already in hosts file format but the spacing/formatting is not contiguous - # This helps with that and makes it easier to read - # It also helps with debugging so each stage of the script can be researched more in depth - # 1) Convert all characters to lowercase - tr '[:upper:]' '[:lower:]' <"${src}" >"${destination}" - - # 2) Remove carriage returns - # 3) Remove lines starting with ! (ABP Comments) - # 4) Remove lines starting with [ (ABP Header) - # 5) Remove lines containing ABP extended CSS selectors ("##", "#$#", "#@#", "#?#") and Adguard JavaScript (#%#) preceded by a letter - # 6) Remove comments (text starting with "#", include possible spaces before the hash sign) - # 7) Remove leading tabs, spaces, etc. (Also removes leading IP addresses) - # 8) Remove empty lines - - sed -i -r \ - -e 's/\r$//' \ - -e 's/\s*!.*//g' \ - -e 's/\s*\[.*//g' \ - -e '/[a-z]\#[$?@%]{0,3}\#/d' \ - -e 's/\s*#.*//g' \ - -e 's/^.*\s+//g' \ - -e '/^$/d' "${destination}" - - fix_owner_permissions "${destination}" -} - # Report number of entries in a table gravity_Table_Count() { local table="${1}" From 71ec0a0244bd81592e744357a477dcad90f5373a Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 27 Mar 2025 13:05:09 +0100 Subject: [PATCH 04/76] Add ON DELETE CASCADE to FOREIGN KEY REFERENCES in gravity.db Signed-off-by: DL6ER --- advanced/Templates/gravity.db.sql | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/advanced/Templates/gravity.db.sql b/advanced/Templates/gravity.db.sql index 021f6f67..0187e4e6 100644 --- a/advanced/Templates/gravity.db.sql +++ b/advanced/Templates/gravity.db.sql @@ -43,8 +43,8 @@ CREATE TABLE adlist CREATE TABLE adlist_by_group ( - adlist_id INTEGER NOT NULL REFERENCES adlist (id), - group_id INTEGER NOT NULL REFERENCES "group" (id), + adlist_id INTEGER NOT NULL REFERENCES adlist (id) ON DELETE CASCADE, + group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE, PRIMARY KEY (adlist_id, group_id) ); @@ -75,8 +75,8 @@ INSERT INTO "info" VALUES('gravity_restored','false'); CREATE TABLE domainlist_by_group ( - domainlist_id INTEGER NOT NULL REFERENCES domainlist (id), - group_id INTEGER NOT NULL REFERENCES "group" (id), + domainlist_id INTEGER NOT NULL REFERENCES domainlist (id) ON DELETE CASCADE, + group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE, PRIMARY KEY (domainlist_id, group_id) ); @@ -91,8 +91,8 @@ CREATE TABLE client CREATE TABLE client_by_group ( - client_id INTEGER NOT NULL REFERENCES client (id), - group_id INTEGER NOT NULL REFERENCES "group" (id), + client_id INTEGER NOT NULL REFERENCES client (id) ON DELETE CASCADE, + group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE, PRIMARY KEY (client_id, group_id) ); From 0f482396ee63f1f653ea707ec95925a84520dc0b Mon Sep 17 00:00:00 2001 From: James George Date: Sun, 23 Feb 2025 19:52:15 +0800 Subject: [PATCH 05/76] Update update.sh, updatecheck.sh and uninstall.sh to honour pihole.toml settings for webserver.paths.webroot and webserver.paths.webhome When uninstalling, remove web interface parent directory empty check and possible removal. Signed-off-by: James George --- advanced/Scripts/update.sh | 9 +++++++-- advanced/Scripts/updatecheck.sh | 8 +++++--- automated install/uninstall.sh | 15 +++++---------- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 9ea63b4c..6fb11a2b 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -12,7 +12,6 @@ # Variables readonly ADMIN_INTERFACE_GIT_URL="https://github.com/pi-hole/web.git" -readonly ADMIN_INTERFACE_DIR="/var/www/html/admin" readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git" readonly PI_HOLE_FILES_DIR="/etc/.pihole" @@ -26,12 +25,18 @@ CHECK_ONLY=false source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # shellcheck disable=SC1091 source "/opt/pihole/COL_TABLE" +# shellcheck disable=SC1091 +source "${PI_HOLE_INSTALL_DIR}/utils.sh" # is_repo() sourced from basic-install.sh # make_repo() sourced from basic-install.sh # update_repo() source from basic-install.sh # getGitFiles() sourced from basic-install.sh # FTLcheckUpdate() sourced from basic-install.sh +# getFTLConfigValue() sourced from utils.sh + +# Honour configured paths for the web application. +readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") GitCheckUpdateAvail() { local directory @@ -209,7 +214,7 @@ main() { echo "" echo -e " ${INFO} Pi-hole Web Admin files out of date, updating local repo." getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}" - echo -e " ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'" + echo -e " ${INFO} If you had made any changes in '${ADMIN_INTERFACE_DIR}', they have been stashed using 'git stash'" fi if [[ "${FTL_update}" == true ]]; then diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index b325ee9c..b64917a2 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -42,6 +42,8 @@ function get_remote_hash() { # shellcheck disable=SC1091 . /opt/pihole/utils.sh +readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") + # Remove the below three legacy files if they exist rm -f "/etc/pihole/GitHubVersions" rm -f "/etc/pihole/localbranches" @@ -85,13 +87,13 @@ addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_CORE_HASH" "${GITHUB_CORE_HASH}" # get Web versions -WEB_VERSION="$(get_local_version /var/www/html/admin)" +WEB_VERSION="$(get_local_version "${ADMIN_INTERFACE_DIR}")" addOrEditKeyValPair "${VERSION_FILE}" "WEB_VERSION" "${WEB_VERSION}" -WEB_BRANCH="$(get_local_branch /var/www/html/admin)" +WEB_BRANCH="$(get_local_branch "${ADMIN_INTERFACE_DIR}")" addOrEditKeyValPair "${VERSION_FILE}" "WEB_BRANCH" "${WEB_BRANCH}" -WEB_HASH="$(get_local_hash /var/www/html/admin)" +WEB_HASH="$(get_local_hash "${ADMIN_INTERFACE_DIR}")" addOrEditKeyValPair "${VERSION_FILE}" "WEB_HASH" "${WEB_HASH}" GITHUB_WEB_VERSION="$(get_remote_version web "${WEB_BRANCH}")" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 39c13037..332adbf6 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -9,6 +9,9 @@ # Please see LICENSE file for your rights under this license. source "/opt/pihole/COL_TABLE" +source "/opt/pihole/utils.sh" + +readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") while true; do read -rp " ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer @@ -53,17 +56,9 @@ removeMetaPackage() { } removePiholeFiles() { - # Only web directories/files that are created by Pi-hole should be removed + # Remove the web interface of Pi-hole echo -ne " ${INFO} Removing Web Interface..." - ${SUDO} rm -rf /var/www/html/admin &> /dev/null - - - # If the web directory is empty after removing these files, then the parent html directory can be removed. - if [ -d "/var/www/html" ]; then - if [[ ! "$(ls -A /var/www/html)" ]]; then - ${SUDO} rm -rf /var/www/html &> /dev/null - fi - fi + ${SUDO} rm -rf "${ADMIN_INTERFACE_DIR}" &> /dev/null echo -e "${OVER} ${TICK} Removed Web Interface" # Attempt to preserve backwards compatibility with older versions From 7886cfc80ba781e90536574d74a1495de8ba1338 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 31 Mar 2025 12:13:34 +0200 Subject: [PATCH 06/76] Add CentOS 10 to test suite MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 1 + test/_centos_10.Dockerfile | 20 ++++++++++++++++++++ test/tox.centos_10.ini | 10 ++++++++++ 3 files changed, 31 insertions(+) create mode 100644 test/_centos_10.Dockerfile create mode 100644 test/tox.centos_10.ini diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 43cd8ad4..ff31b080 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -67,6 +67,7 @@ jobs: ubuntu_22, ubuntu_24, centos_9, + centos_10, fedora_40, fedora_41, ] diff --git a/test/_centos_10.Dockerfile b/test/_centos_10.Dockerfile new file mode 100644 index 00000000..ca439e1b --- /dev/null +++ b/test/_centos_10.Dockerfile @@ -0,0 +1,20 @@ +FROM quay.io/centos/centos:stream10 +# Disable SELinux +RUN echo "SELINUX=disabled" > /etc/selinux/config +RUN yum install -y --allowerasing curl git initscripts + +ENV GITDIR=/etc/.pihole +ENV SCRIPTDIR=/opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/ +ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV SKIP_INSTALL=true +ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/tox.centos_10.ini b/test/tox.centos_10.ini new file mode 100644 index 00000000..1a15c766 --- /dev/null +++ b/test/tox.centos_10.ini @@ -0,0 +1,10 @@ +[tox] +envlist = py3 + +[testenv:py3] +allowlist_externals = docker +deps = -rrequirements.txt +setenv = + COLUMNS=120 +commands = docker buildx build --load --progress plain -f _centos_10.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py From 3cb6ea503a1b8f17c077041a37976ebc05cc0e5d Mon Sep 17 00:00:00 2001 From: Michael Woolweaver Date: Tue, 1 Apr 2025 23:57:56 -0500 Subject: [PATCH 07/76] build `gravityDBfile_default` like the other variables seems this one was forgotten Signed-off-by: Michael Woolweaver --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 493f2b15..824ba5e1 100755 --- a/gravity.sh +++ b/gravity.sh @@ -58,7 +58,7 @@ fi # Set this only after sourcing pihole-FTL.conf as the gravity database path may # have changed gravityDBfile="${GRAVITYDB}" -gravityDBfile_default="/etc/pihole/gravity.db" +gravityDBfile_default="${piholeDir}/gravity.db" gravityTEMPfile="${GRAVITYDB}_temp" gravityDIR="$(dirname -- "${gravityDBfile}")" gravityOLDfile="${gravityDIR}/gravity_old.db" From 4efe4dfd4ba12be108a24fb97bc8d564989f5d9a Mon Sep 17 00:00:00 2001 From: Michael Woolweaver Date: Wed, 2 Apr 2025 14:21:45 -0500 Subject: [PATCH 08/76] source with source not dot Signed-off-by: Michael Woolweaver --- advanced/Scripts/piholeDebug.sh | 2 +- advanced/Scripts/query.sh | 4 ++-- advanced/Scripts/updatecheck.sh | 2 +- advanced/Scripts/version.sh | 4 ++-- advanced/Templates/pihole-FTL-poststop.sh | 2 +- advanced/Templates/pihole-FTL-prestart.sh | 2 +- advanced/Templates/pihole-FTL.service | 2 +- gravity.sh | 6 +++--- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f4226299..372df27f 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -42,7 +42,7 @@ else fi # shellcheck disable=SC1091 -. /etc/pihole/versions +source /etc/pihole/versions # Read the value of an FTL config key. The value is printed to stdout. get_ftl_conf_value() { diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 3340bdd2..a65a1f07 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -22,10 +22,10 @@ domain="" # Source color table colfile="/opt/pihole/COL_TABLE" -. "${colfile}" +source "${colfile}" # Source api functions -. "${PI_HOLE_INSTALL_DIR}/api.sh" +source "${PI_HOLE_INSTALL_DIR}/api.sh" Help() { echo "Usage: pihole -q [option] diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index b325ee9c..0124808b 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -40,7 +40,7 @@ function get_remote_hash() { # Source the utils file for addOrEditKeyValPair() # shellcheck disable=SC1091 -. /opt/pihole/utils.sh +source /opt/pihole/utils.sh # Remove the below three legacy files if they exist rm -f "/etc/pihole/GitHubVersions" diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 540924c2..9e6fe75a 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -17,12 +17,12 @@ cachedVersions="/etc/pihole/versions" if [ -f ${cachedVersions} ]; then # shellcheck disable=SC1090 - . "$cachedVersions" + source "$cachedVersions" else echo "Could not find /etc/pihole/versions. Running update now." pihole updatechecker # shellcheck disable=SC1090 - . "$cachedVersions" + source "$cachedVersions" fi main() { diff --git a/advanced/Templates/pihole-FTL-poststop.sh b/advanced/Templates/pihole-FTL-poststop.sh index b5ddbc97..38d3cc33 100755 --- a/advanced/Templates/pihole-FTL-poststop.sh +++ b/advanced/Templates/pihole-FTL-poststop.sh @@ -4,7 +4,7 @@ PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck disable=SC1090 -. "${utilsfile}" +source "${utilsfile}" # Get file paths FTL_PID_FILE="$(getFTLConfigValue files.pid)" diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 37d750a2..99c47a3f 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -4,7 +4,7 @@ PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck disable=SC1090 -. "${utilsfile}" +source "${utilsfile}" # Get file paths FTL_PID_FILE="$(getFTLConfigValue files.pid)" diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 151d4f90..67f509b5 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -13,7 +13,7 @@ PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck disable=SC1090 -. "${utilsfile}" +source "${utilsfile}" is_running() { diff --git a/gravity.sh b/gravity.sh index 824ba5e1..50180d02 100755 --- a/gravity.sh +++ b/gravity.sh @@ -17,13 +17,13 @@ PI_HOLE_SCRIPT_DIR="/opt/pihole" # Source utils.sh for GetFTLConfigValue utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck disable=SC1090 -. "${utilsfile}" +source "${utilsfile}" coltable="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" # shellcheck disable=SC1090 -. "${coltable}" +source "${coltable}" # shellcheck disable=SC1091 -. "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" +source "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" basename="pihole" PIHOLE_COMMAND="/usr/local/bin/${basename}" From 4108c817dc4b478264f44064b90183d9f784ce6a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 19:12:57 +0100 Subject: [PATCH 09/76] Revert "source with source not dot (#6137)" This reverts commit 8fd2ebd3d7bc00fe4c36dcdae0932d7bab4a3c3c, reversing changes made to 557bc6f1794244f55b36258a51e3bd494860b439. --- advanced/Scripts/piholeDebug.sh | 2 +- advanced/Scripts/query.sh | 4 ++-- advanced/Scripts/updatecheck.sh | 2 +- advanced/Scripts/version.sh | 4 ++-- advanced/Templates/pihole-FTL-poststop.sh | 2 +- advanced/Templates/pihole-FTL-prestart.sh | 2 +- advanced/Templates/pihole-FTL.service | 2 +- gravity.sh | 6 +++--- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 372df27f..f4226299 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -42,7 +42,7 @@ else fi # shellcheck disable=SC1091 -source /etc/pihole/versions +. /etc/pihole/versions # Read the value of an FTL config key. The value is printed to stdout. get_ftl_conf_value() { diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index a65a1f07..3340bdd2 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -22,10 +22,10 @@ domain="" # Source color table colfile="/opt/pihole/COL_TABLE" -source "${colfile}" +. "${colfile}" # Source api functions -source "${PI_HOLE_INSTALL_DIR}/api.sh" +. "${PI_HOLE_INSTALL_DIR}/api.sh" Help() { echo "Usage: pihole -q [option] diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 0124808b..b325ee9c 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -40,7 +40,7 @@ function get_remote_hash() { # Source the utils file for addOrEditKeyValPair() # shellcheck disable=SC1091 -source /opt/pihole/utils.sh +. /opt/pihole/utils.sh # Remove the below three legacy files if they exist rm -f "/etc/pihole/GitHubVersions" diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 9e6fe75a..540924c2 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -17,12 +17,12 @@ cachedVersions="/etc/pihole/versions" if [ -f ${cachedVersions} ]; then # shellcheck disable=SC1090 - source "$cachedVersions" + . "$cachedVersions" else echo "Could not find /etc/pihole/versions. Running update now." pihole updatechecker # shellcheck disable=SC1090 - source "$cachedVersions" + . "$cachedVersions" fi main() { diff --git a/advanced/Templates/pihole-FTL-poststop.sh b/advanced/Templates/pihole-FTL-poststop.sh index 38d3cc33..b5ddbc97 100755 --- a/advanced/Templates/pihole-FTL-poststop.sh +++ b/advanced/Templates/pihole-FTL-poststop.sh @@ -4,7 +4,7 @@ PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck disable=SC1090 -source "${utilsfile}" +. "${utilsfile}" # Get file paths FTL_PID_FILE="$(getFTLConfigValue files.pid)" diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 99c47a3f..37d750a2 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -4,7 +4,7 @@ PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck disable=SC1090 -source "${utilsfile}" +. "${utilsfile}" # Get file paths FTL_PID_FILE="$(getFTLConfigValue files.pid)" diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 67f509b5..151d4f90 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -13,7 +13,7 @@ PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck disable=SC1090 -source "${utilsfile}" +. "${utilsfile}" is_running() { diff --git a/gravity.sh b/gravity.sh index 50180d02..824ba5e1 100755 --- a/gravity.sh +++ b/gravity.sh @@ -17,13 +17,13 @@ PI_HOLE_SCRIPT_DIR="/opt/pihole" # Source utils.sh for GetFTLConfigValue utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck disable=SC1090 -source "${utilsfile}" +. "${utilsfile}" coltable="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" # shellcheck disable=SC1090 -source "${coltable}" +. "${coltable}" # shellcheck disable=SC1091 -source "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" +. "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" basename="pihole" PIHOLE_COMMAND="/usr/local/bin/${basename}" From e548ed043fd1e80a77ba3cfbbc77219dac6987f8 Mon Sep 17 00:00:00 2001 From: Michael Woolweaver Date: Mon, 31 Mar 2025 22:18:32 -0500 Subject: [PATCH 10/76] ensure gravity_Cleanup() checks the correct directory for list data also glob with * to ensure .etag & .sha1 are removed as well should fix #6075 Co-authored-by: yubiuser Signed-off-by: Michael Woolweaver --- gravity.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/gravity.sh b/gravity.sh index 493f2b15..151801ed 100755 --- a/gravity.sh +++ b/gravity.sh @@ -572,7 +572,7 @@ gravity_DownloadBlocklists() { echo "" done - gravity_Blackbody=true + DownloadBlocklists_done=true } compareLists() { @@ -932,13 +932,13 @@ gravity_Cleanup() { # invalid_domains location rm "${GRAVITY_TMPDIR}"/*.ph-non-domains 2>/dev/null - # Ensure this function only runs when gravity_SetDownloadOptions() has completed - if [[ "${gravity_Blackbody:-}" == true ]]; then - # Remove any unused .domains files - for file in "${piholeDir}"/*."${domainsExtension}"; do - # If list is not in active array, then remove it + # Ensure this function only runs when gravity_DownloadBlocklists() has completed + if [[ "${DownloadBlocklists_done:-}" == true ]]; then + # Remove any unused .domains/.etag/.sha files + for file in "${listsCacheDir}"/*."${domainsExtension}"; do + # If list is not in active array, then remove it and all associated files if [[ ! "${activeDomains[*]}" == *"${file}"* ]]; then - rm -f "${file}" 2>/dev/null || + rm -f "${file}"* 2>/dev/null || echo -e " ${CROSS} Failed to remove ${file##*/}" fi done From f98b9520e4508b05ebfbff52fdf4e81f892d33bb Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:19:14 +0100 Subject: [PATCH 11/76] v5 sudoers file that allowed www-data to run pihole command is no longer needed. "Fixes" #6066 Signed-off-by: Adam Warner --- automated install/basic-install.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e69256ff..acd83e31 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2411,6 +2411,15 @@ main() { # Migrate existing install to v6.0 migrate_dnsmasq_configs + # Cleanup old v5 sudoers file if it exists + sudoers_file="/etc/sudoers.d/pihole" + if [[ -f "${sudoers_file}" ]]; then + # only remove the file if it contains the Pi-hole header + if grep -q "Pi-hole: A black hole for Internet advertisements" "${sudoers_file}"; then + rm -f "${sudoers_file}" + fi + fi + # Check for and disable systemd-resolved-DNSStubListener before reloading resolved # DNSStubListener needs to remain in place for installer to download needed files, # so this change needs to be made after installation is complete, From fe2b22c57089f83abae8fa27d1d1975e928852d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 6 Mar 2025 19:19:07 +0100 Subject: [PATCH 12/76] Add recommended fields to the deb package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e69256ff..9e0246f0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -106,11 +106,13 @@ c=70 PIHOLE_META_PACKAGE_CONTROL_APT=$( cat < Architecture: all Description: Pi-hole dependency meta package Depends: grep,dnsutils,binutils,git,iproute2,dialog,ca-certificates,cron,curl,iputils-ping,psmisc,sudo,unzip,libcap2-bin,dns-root-data,libcap2,netcat-openbsd,procps,jq,lshw,bash-completion +Section: contrib/metapackages +Priority: optional EOM ) From 07864032de9b0f0f6781cc09db1e39f1f77c3a41 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 5 Apr 2025 10:05:08 +0000 Subject: [PATCH 13/76] Bump pytest-testinfra from 10.1.1 to 10.2.2 in /test Bumps [pytest-testinfra](https://github.com/pytest-dev/pytest-testinfra) from 10.1.1 to 10.2.2. - [Release notes](https://github.com/pytest-dev/pytest-testinfra/releases) - [Changelog](https://github.com/pytest-dev/pytest-testinfra/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-testinfra/compare/10.1.1...10.2.2) --- updated-dependencies: - dependency-name: pytest-testinfra dependency-version: 10.2.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements.txt b/test/requirements.txt index fa536e25..6987ee0c 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,6 +1,6 @@ pyyaml == 6.0.2 pytest == 8.3.5 pytest-xdist == 3.6.1 -pytest-testinfra == 10.1.1 +pytest-testinfra == 10.2.2 tox == 4.25.0 pytest-clarity == 1.0.1 From 6e06a93c31c309c22a21e2bb4c520ad675d141d7 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 5 Apr 2025 00:41:50 +0100 Subject: [PATCH 14/76] functionise log rotation and flushing code to avoid dupliation Signed-off-by: Adam Warner --- advanced/Scripts/piholeLogFlush.sh | 121 ++++++++++------------------- 1 file changed, 43 insertions(+), 78 deletions(-) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 58c6a41d..f3ecd8ad 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -40,6 +40,42 @@ if [ -z "$WEBFILE" ]; then WEBFILE="/var/log/pihole/webserver.log" fi +# Helper function to handle log rotation for a single file +rotate_log() { + # This function copies x.log over to x.log.1 + # and then empties x.log + # Note that moving the file is not an option, as + # dnsmasq would happily continue writing into the + # moved file (it will have the same file handler) + local logfile="$1" + if [[ "$*" != *"quiet"* ]]; then + echo -ne " ${INFO} Rotating ${logfile} ..." + fi + cp -p "${logfile}" "${logfile}.1" + echo " " > "${logfile}" + chmod 640 "${logfile}" + if [[ "$*" != *"quiet"* ]]; then + echo -e "${OVER} ${TICK} Rotated ${logfile} ..." + fi +} + +# Helper function to handle log flushing for a single file +flush_log() { + local logfile="$1" + if [[ "$*" != *"quiet"* ]]; then + echo -ne " ${INFO} Flushing ${logfile} ..." + fi + echo " " > "${logfile}" + chmod 640 "${logfile}" + if [ -f "${logfile}.1" ]; then + echo " " > "${logfile}.1" + chmod 640 "${logfile}.1" + fi + if [[ "$*" != *"quiet"* ]]; then + echo -e "${OVER} ${TICK} Flushed ${logfile} ..." + fi +} + if [[ "$*" == *"once"* ]]; then # Nightly logrotation if command -v /usr/sbin/logrotate >/dev/null; then @@ -50,87 +86,16 @@ if [[ "$*" == *"once"* ]]; then fi /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate else - # Copy pihole.log over to pihole.log.1 - # and empty out pihole.log - # Note that moving the file is not an option, as - # dnsmasq would happily continue writing into the - # moved file (it will have the same file handler) - if [[ "$*" != *"quiet"* ]]; then - echo -ne " ${INFO} Rotating ${LOGFILE} ..." - fi - cp -p "${LOGFILE}" "${LOGFILE}.1" - echo " " > "${LOGFILE}" - chmod 640 "${LOGFILE}" - if [[ "$*" != *"quiet"* ]]; then - echo -e "${OVER} ${TICK} Rotated ${LOGFILE} ..." - fi - # Copy FTL.log over to FTL.log.1 - # and empty out FTL.log - if [[ "$*" != *"quiet"* ]]; then - echo -ne " ${INFO} Rotating ${FTLFILE} ..." - fi - cp -p "${FTLFILE}" "${FTLFILE}.1" - echo " " > "${FTLFILE}" - chmod 640 "${FTLFILE}" - if [[ "$*" != *"quiet"* ]]; then - echo -e "${OVER} ${TICK} Rotated ${FTLFILE} ..." - fi - # Copy webserver.log over to webserver.log.1 - # and empty out webserver.log - if [[ "$*" != *"quiet"* ]]; then - echo -ne " ${INFO} Rotating ${WEBFILE} ..." - fi - cp -p "${WEBFILE}" "${WEBFILE}.1" - echo " " > "${WEBFILE}" - chmod 640 "${WEBFILE}" - if [[ "$*" != *"quiet"* ]]; then - echo -e "${OVER} ${TICK} Rotated ${WEBFILE} ..." - fi + # Handle rotation for each log file + rotate_log "${LOGFILE}" + rotate_log "${FTLFILE}" + rotate_log "${WEBFILE}" fi else # Manual flushing - - # Flush both pihole.log and pihole.log.1 (if existing) - if [[ "$*" != *"quiet"* ]]; then - echo -ne " ${INFO} Flushing ${LOGFILE} ..." - fi - echo " " > "${LOGFILE}" - chmod 640 "${LOGFILE}" - if [ -f "${LOGFILE}.1" ]; then - echo " " > "${LOGFILE}.1" - chmod 640 "${LOGFILE}.1" - fi - if [[ "$*" != *"quiet"* ]]; then - echo -e "${OVER} ${TICK} Flushed ${LOGFILE} ..." - fi - - # Flush both FTL.log and FTL.log.1 (if existing) - if [[ "$*" != *"quiet"* ]]; then - echo -ne " ${INFO} Flushing ${FTLFILE} ..." - fi - echo " " > "${FTLFILE}" - chmod 640 "${FTLFILE}" - if [ -f "${FTLFILE}.1" ]; then - echo " " > "${FTLFILE}.1" - chmod 640 "${FTLFILE}.1" - fi - if [[ "$*" != *"quiet"* ]]; then - echo -e "${OVER} ${TICK} Flushed ${FTLFILE} ..." - fi - - # Flush both webserver.log and webserver.log.1 (if existing) - if [[ "$*" != *"quiet"* ]]; then - echo -ne " ${INFO} Flushing ${WEBFILE} ..." - fi - echo " " > "${WEBFILE}" - chmod 640 "${WEBFILE}" - if [ -f "${WEBFILE}.1" ]; then - echo " " > "${WEBFILE}.1" - chmod 640 "${WEBFILE}.1" - fi - if [[ "$*" != *"quiet"* ]]; then - echo -e "${OVER} ${TICK} Flushed ${WEBFILE} ..." - fi + flush_log "${LOGFILE}" + flush_log "${FTLFILE}" + flush_log "${WEBFILE}" if [[ "$*" != *"quiet"* ]]; then echo -ne " ${INFO} Flushing database, DNS resolution temporarily unavailable ..." From e018a37a8cf59af5c0d81ce54807ee38e49bb55e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:24:51 +0100 Subject: [PATCH 15/76] First things first - bump severity of shellcheck action from error to warning Signed-off-by: Adam Warner --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ff31b080..0fadb6f4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,7 +33,7 @@ jobs: with: check_together: 'yes' format: tty - severity: error + severity: warning - name: Spell-Checking uses: codespell-project/actions-codespell@master From 39f5115135f71b05b7080b7b49750178978d0cf7 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:39:44 +0100 Subject: [PATCH 16/76] In ./automated install/basic-install.sh line 1753: local status=$(curl --head --silent "https://ftl.pi-hole.net/${1}" | head -n 1) ^----^ SC2155 (warning): Declare and assign separately to avoid masking return values. In ./automated install/basic-install.sh line 2076: elif [ $? -eq 2 ]; then ^-- SC2319 (warning): This $? refers to a condition, not a command. Assign to a variable to avoid it being overwritten. Signed-off-by: Adam Warner --- automated install/basic-install.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 3af23793..59dbb94b 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1752,7 +1752,8 @@ checkSelinux() { check_download_exists() { # Check if the download exists and we can reach the server - local status=$(curl --head --silent "https://ftl.pi-hole.net/${1}" | head -n 1) + local status + status=$(curl --head --silent "https://ftl.pi-hole.net/${1}" | head -n 1) # Check the status code if grep -q "200" <<<"$status"; then @@ -2069,13 +2070,13 @@ FTLcheckUpdate() { path="${ftlBranch}/${binary}" # Check whether or not the binary for this FTL branch actually exists. If not, then there is no update! - # shellcheck disable=SC1090 if ! check_download_exists "$path"; then - if [ $? -eq 1 ]; then + local status + status=$? + if [ "${status}" -eq 1 ]; then printf " %b Branch \"%s\" is not available.\\n" "${INFO}" "${ftlBranch}" printf " %b Use %bpihole checkout ftl [branchname]%b to switch to a valid branch.\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}" - return 2 - elif [ $? -eq 2 ]; then + elif [ "${status}" -eq 2 ]; then printf " %b Unable to download from ftl.pi-hole.net. Please check your Internet connection and try again later.\\n" "${CROSS}" return 3 else From a624d3be8d99692e4ed6a64dd9c375a8c57bbfe3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:39:56 +0100 Subject: [PATCH 17/76] In ./advanced/Scripts/utils.sh line 91: if [[ $? -eq 5 ]]; then ^------------^ SC3010 (warning): In POSIX sh, [[ ]] is undefined. Signed-off-by: Adam Warner --- advanced/Scripts/utils.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index 63d51f87..adce8144 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -88,8 +88,8 @@ getFTLConfigValue(){ ####################### setFTLConfigValue(){ pihole-FTL --config "${1}" "${2}" >/dev/null - if [[ $? -eq 5 ]]; then - echo -e " ${CROSS} ${1} set by environment variable. Please unset it to use this function" + if [ $? -eq 5 ]; then + printf " %s %s set by environment variable. Please unset it to use this function\n" "${CROSS}" "${1}" exit 5 fi } From 59d21772710b200cb38b5051cfe73423dfa789f1 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:41:43 +0100 Subject: [PATCH 18/76] In ./advanced/Scripts/database_migration/gravity-db.sh line 18: piholeDir="${2}" ^-------^ SC2034 (warning): piholeDir appears unused. Verify use (or export if used externally). Turns out it is _actually_ unused, the full path of the gravity database is passed to the function, so we'll tidy this up rather than supressing. Signed-off-by: Adam Warner --- advanced/Scripts/database_migration/gravity-db.sh | 3 +-- gravity.sh | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh index b0982bcc..d701f2bf 100755 --- a/advanced/Scripts/database_migration/gravity-db.sh +++ b/advanced/Scripts/database_migration/gravity-db.sh @@ -13,9 +13,8 @@ readonly scriptPath="/etc/.pihole/advanced/Scripts/database_migration/gravity" upgrade_gravityDB(){ - local database piholeDir version + local database version database="${1}" - piholeDir="${2}" # Exit early if the database does not exist (e.g. in CI tests) if [[ ! -f "${database}" ]]; then diff --git a/gravity.sh b/gravity.sh index e4f47719..57df0712 100755 --- a/gravity.sh +++ b/gravity.sh @@ -306,7 +306,7 @@ migrate_to_database() { fi # Check if gravity database needs to be updated - upgrade_gravityDB "${gravityDBfile}" "${piholeDir}" + upgrade_gravityDB "${gravityDBfile}" # Migrate list files to new database if [ -e "${adListFile}" ]; then @@ -334,7 +334,7 @@ migrate_to_database() { fi # Check if gravity database needs to be updated - upgrade_gravityDB "${gravityDBfile}" "${piholeDir}" + upgrade_gravityDB "${gravityDBfile}" } # Determine if DNS resolution is available before proceeding @@ -1100,7 +1100,7 @@ for var in "$@"; do "-t" | "--timeit") timed=true ;; "-r" | "--repair") repairSelector "$3" ;; "-u" | "--upgrade") - upgrade_gravityDB "${gravityDBfile}" "${piholeDir}" + upgrade_gravityDB "${gravityDBfile}" exit 0 ;; "-h" | "--help") helpFunc ;; From 63623c43538c5591c12771d06a28dae7f53ce347 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:46:10 +0100 Subject: [PATCH 19/76] In ./advanced/Scripts/piholeCheckout.sh line 112: corebranches=($(get_available_branches "${PI_HOLE_FILES_DIR}")) ^-- SC2207 (warning): Prefer mapfile or read -a to split command output (or quote to avoid splitting). In ./advanced/Scripts/piholeCheckout.sh line 139: webbranches=($(get_available_branches "${webInterfaceDir}")) ^-- SC2207 (warning): Prefer mapfile or read -a to split command output (or quote to avoid splitting). In ./advanced/Scripts/piholeCheckout.sh line 170: ftlbranches=( $(git ls-remote https://github.com/pi-hole/ftl | grep "refs/heads" | cut -d'/' -f3- -) ) ^-- SC2207 (warning): Prefer mapfile or read -a to split command output (or quote to avoid splitting). In ./advanced/Scripts/piholeCheckout.sh line 218: elif [ $? -eq 2 ]; then ^-- SC2319 (warning): This $? refers to a condition, not a command. Assign to a variable to avoid it being overwritten. Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 84c966df..58d62bc5 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -109,7 +109,7 @@ checkout() { echo -e "${OVER} ${CROSS} $str" exit 1 fi - corebranches=($(get_available_branches "${PI_HOLE_FILES_DIR}")) + mapfile -t corebranches < <(get_available_branches "${PI_HOLE_FILES_DIR}") if [[ "${corebranches[*]}" == *"master"* ]]; then echo -e "${OVER} ${TICK} $str" @@ -136,7 +136,7 @@ checkout() { echo -e "${OVER} ${CROSS} $str" exit 1 fi - webbranches=($(get_available_branches "${webInterfaceDir}")) + mapfile -t webbranches < <(get_available_branches "${webInterfaceDir}") if [[ "${webbranches[*]}" == *"master"* ]]; then echo -e "${OVER} ${TICK} $str" @@ -167,7 +167,7 @@ checkout() { # Check if requested branch is available echo -e " ${INFO} Checking for availability of branch ${COL_CYAN}${2}${COL_NC} on GitHub" - ftlbranches=( $(git ls-remote https://github.com/pi-hole/ftl | grep "refs/heads" | cut -d'/' -f3- -) ) + mapfile -t ftlbranches < <(git ls-remote https://github.com/pi-hole/ftl | grep "refs/heads" | cut -d'/' -f3- -) # If returned array is empty -> connectivity issue if [[ ${#ftlbranches[@]} -eq 0 ]]; then echo -e " ${CROSS} Unable to fetch branches from GitHub. Please check your Internet connection and try again later." @@ -209,13 +209,15 @@ checkout() { # Update local and remote versions via updatechecker /opt/pihole/updatecheck.sh else - if [ $? -eq 1 ]; then + local status + status=$? + if [ $status -eq 1 ]; then # Binary for requested branch is not available, may still be # int he process of being built or CI build job failed printf " %b Binary for requested branch is not available, please try again later.\\n" ${CROSS} printf " If the issue persists, please contact Pi-hole Support and ask them to re-generate the binary.\\n" exit 1 - elif [ $? -eq 2 ]; then + elif [ $status -eq 2 ]; then printf " %b Unable to download from ftl.pi-hole.net. Please check your Internet connection and try again later.\\n" "${CROSS}" exit 1 else From f5dc337d1b819dd359b15e26dfb07fa94bcccc79 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:48:12 +0100 Subject: [PATCH 20/76] In ./advanced/Scripts/piholeLogFlush.sh line 12: source ${colfile} ^--------^ SC1090 (warning): ShellCheck can't follow non-constant source. Use a directive to specify location. In ./advanced/Scripts/piholeLogFlush.sh line 16: source "${utilsfile}" ^------------^ SC1090 (warning): ShellCheck can't follow non-constant source. Use a directive to specify location. Signed-off-by: Adam Warner --- advanced/Scripts/piholeLogFlush.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 58c6a41d..2e67a9ee 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -7,6 +7,7 @@ # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. +# shellcheck disable=SC1090 colfile="/opt/pihole/COL_TABLE" source ${colfile} From 3a9b9c027efcb53d239fc66b2ba8545c01a0e59e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:50:51 +0100 Subject: [PATCH 21/76] In ./pihole line 20: source "${colfile}" ^----------^ SC1090 (warning): ShellCheck can't follow non-constant source. Use a directive to specify location. In ./pihole line 23: source "${utilsfile}" ^------------^ SC1090 (warning): ShellCheck can't follow non-constant source. Use a directive to specify location. In ./pihole line 27: source "${apifile}" ^----------^ SC1090 (warning): ShellCheck can't follow non-constant source. Use a directive to specify location. In ./pihole line 34: source "${versionsfile}" ^---------------^ SC1090 (warning): ShellCheck can't follow non-constant source. Use a directive to specify location. In ./pihole line 251: local timer="$(echo "${data}"| jq --raw-output '.timer' )" ^---^ SC2155 (warning): Declare and assign separately to avoid masking return values. In ./pihole line 255: local str="Pi-hole $(echo "${data}" | jq --raw-output '.blocking')${extra}" ^-^ SC2155 (warning): Declare and assign separately to avoid masking return values. In ./pihole line 378: local logging_enabled=$(getFTLConfigValue dns.queryLogging) ^-------------^ SC2155 (warning): Declare and assign separately to avoid masking return values. In ./pihole line 385: readonly LOGFILE=$(getFTLConfigValue files.log.dnsmasq) ^-----^ SC2155 (warning): Declare and assign separately to avoid masking return values. Signed-off-by: Adam Warner --- pihole | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/pihole b/pihole index bf662a82..efba71f0 100755 --- a/pihole +++ b/pihole @@ -9,6 +9,8 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. +# shellcheck disable=SC1090 + readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" # PI_HOLE_BIN_DIR is not readonly here because in some functions (checkout), @@ -247,12 +249,14 @@ Time: data=$(PostFTLData "dns/blocking" "{ \"blocking\": ${1}, \"timer\": ${tt} }") # Check the response - local extra=" forever" - local timer="$(echo "${data}"| jq --raw-output '.timer' )" + local extra timer + extra=" forever" + timer="$(echo "${data}"| jq --raw-output '.timer' )" if [[ "${timer}" != "null" ]]; then extra=" for ${timer}s" fi - local str="Pi-hole $(echo "${data}" | jq --raw-output '.blocking')${extra}" + local str + str="Pi-hole $(echo "${data}" | jq --raw-output '.blocking')${extra}" # Logout from the API LogoutAPI @@ -375,14 +379,16 @@ statusFunc() { tailFunc() { # Warn user if Pi-hole's logging is disabled - local logging_enabled=$(getFTLConfigValue dns.queryLogging) + local logging_enabled + logging_enabled=$(getFTLConfigValue dns.queryLogging) if [[ "${logging_enabled}" != "true" ]]; then echo " ${CROSS} Warning: Query logging is disabled" fi echo -e " ${INFO} Press Ctrl-C to exit" # Get logfile path - readonly LOGFILE=$(getFTLConfigValue files.log.dnsmasq) + readonly LOGFILE + LOGFILE=$(getFTLConfigValue files.log.dnsmasq) # Strip date from each line # Color blocklist/denylist/wildcard entries as red From f01e8c70d9333c66929e64978df2d56089e5dfb7 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 4 Apr 2025 23:54:34 +0100 Subject: [PATCH 22/76] Weirldly, GHA missed these minor warnings however have disabled them as they are due to variables either being used in or declared in basic-install,.sh Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 4 ++++ automated install/uninstall.sh | 1 + 2 files changed, 5 insertions(+) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 58d62bc5..be5c9dc5 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -9,6 +9,7 @@ # Please see LICENSE file for your rights under this license. readonly PI_HOLE_FILES_DIR="/etc/.pihole" +# shellcheck disable=SC2034 SKIP_INSTALL="true" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" @@ -59,6 +60,7 @@ checkout() { exit 1; fi + # shellcheck disable=SC2154 if ! is_repo "${webInterfaceDir}" ; then echo -e " ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!" echo -e " Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}" @@ -103,6 +105,7 @@ checkout() { echo "master" > /etc/pihole/ftlbranch chmod 644 /etc/pihole/ftlbranch elif [[ "${1}" == "core" ]] ; then + # shellcheck disable=SC2154 str="Fetching branches from ${piholeGitUrl}" echo -ne " ${INFO} $str" if ! fully_fetch_repo "${PI_HOLE_FILES_DIR}" ; then @@ -130,6 +133,7 @@ checkout() { fi checkout_pull_branch "${PI_HOLE_FILES_DIR}" "${2}" elif [[ "${1}" == "web" ]] ; then + # shellcheck disable=SC2154 str="Fetching branches from ${webInterfaceGitUrl}" echo -ne " ${INFO} $str" if ! fully_fetch_repo "${webInterfaceDir}" ; then diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 332adbf6..28917bca 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -39,6 +39,7 @@ else fi readonly PI_HOLE_FILES_DIR="/etc/.pihole" +# shellcheck disable=SC2034 SKIP_INSTALL="true" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" From 48c59cb6cf66546a7b8f2f7a8ca1ccc0bc51281e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 6 Apr 2025 14:18:52 +0100 Subject: [PATCH 23/76] In ./automated install/uninstall.sh line 14: readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") ^-----------------^ SC2155 (warning): Declare and assign separately to avoid masking return values. In ./advanced/Scripts/update.sh line 39: readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") ^-----------------^ SC2155 (warning): Declare and assign separately to avoid masking return values. In ./advanced/Scripts/updatecheck.sh line 45: readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") ^-----------------^ SC2155 (warning): Declare and assign separately to avoid masking return values. Signed-off-by: Adam Warner --- advanced/Scripts/update.sh | 3 ++- advanced/Scripts/updatecheck.sh | 3 ++- automated install/uninstall.sh | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index ed038db9..d7441105 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -36,7 +36,8 @@ source "${PI_HOLE_INSTALL_DIR}/utils.sh" # getFTLConfigValue() sourced from utils.sh # Honour configured paths for the web application. -readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") +ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") +readonly ADMIN_INTERFACE_DIR GitCheckUpdateAvail() { local directory diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index b64917a2..6cd485eb 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -42,7 +42,8 @@ function get_remote_hash() { # shellcheck disable=SC1091 . /opt/pihole/utils.sh -readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") +ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") +readonly ADMIN_INTERFACE_DIR # Remove the below three legacy files if they exist rm -f "/etc/pihole/GitHubVersions" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 28917bca..9020d275 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -11,7 +11,8 @@ source "/opt/pihole/COL_TABLE" source "/opt/pihole/utils.sh" -readonly ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") +ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") +readonly ADMIN_INTERFACE_DIR while true; do read -rp " ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer From 2088601148b0ab1180892f4cab7269eb619a4173 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 6 Apr 2025 14:33:34 +0100 Subject: [PATCH 24/76] Add .shellcheckrc to configure shellcheck ignore SC1090-1 globally Signed-off-by: Adam Warner --- .shellcheckrc | 1 + advanced/Scripts/database_migration/gravity-db.sh | 2 +- advanced/Scripts/list.sh | 1 - advanced/Scripts/piholeARPTable.sh | 1 - advanced/Scripts/piholeLogFlush.sh | 1 - advanced/Scripts/query.sh | 2 +- advanced/Scripts/update.sh | 1 - advanced/Scripts/version.sh | 2 -- advanced/Templates/pihole-FTL-poststop.sh | 1 - advanced/Templates/pihole-FTL-prestart.sh | 1 - advanced/Templates/pihole-FTL.service | 1 - automated install/basic-install.sh | 1 - gravity.sh | 3 --- pihole | 2 -- 14 files changed, 3 insertions(+), 17 deletions(-) create mode 100644 .shellcheckrc diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 00000000..37eee86d --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1 @@ +disable=SC1090,SC1091 # Ignore warnings about being unable to follow sourced files diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh index d701f2bf..41593368 100755 --- a/advanced/Scripts/database_migration/gravity-db.sh +++ b/advanced/Scripts/database_migration/gravity-db.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# shellcheck disable=SC1090 + # Pi-hole: A black hole for Internet advertisements # (c) 2019 Pi-hole, LLC (https://pi-hole.net) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 5c57f878..3280ebfa 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -1,5 +1,4 @@ #!/usr/bin/env bash -# shellcheck disable=SC1090 # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) diff --git a/advanced/Scripts/piholeARPTable.sh b/advanced/Scripts/piholeARPTable.sh index f55b1320..e0565148 100755 --- a/advanced/Scripts/piholeARPTable.sh +++ b/advanced/Scripts/piholeARPTable.sh @@ -1,5 +1,4 @@ #!/usr/bin/env bash -# shellcheck disable=SC1090 # Pi-hole: A black hole for Internet advertisements # (c) 2019 Pi-hole, LLC (https://pi-hole.net) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 2e67a9ee..58c6a41d 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -7,7 +7,6 @@ # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. -# shellcheck disable=SC1090 colfile="/opt/pihole/COL_TABLE" source ${colfile} diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 3340bdd2..43498f17 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# shellcheck disable=SC1090 + # Ignore warning about `local` being undefinded in POSIX # shellcheck disable=SC3043 diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index d7441105..e94ef0fd 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -21,7 +21,6 @@ SKIP_INSTALL=true # when --check-only is passed to this script, it will not perform the actual update CHECK_ONLY=false -# shellcheck disable=SC1090 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # shellcheck disable=SC1091 source "/opt/pihole/COL_TABLE" diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 540924c2..54b89498 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -16,12 +16,10 @@ cachedVersions="/etc/pihole/versions" if [ -f ${cachedVersions} ]; then - # shellcheck disable=SC1090 . "$cachedVersions" else echo "Could not find /etc/pihole/versions. Running update now." pihole updatechecker - # shellcheck disable=SC1090 . "$cachedVersions" fi diff --git a/advanced/Templates/pihole-FTL-poststop.sh b/advanced/Templates/pihole-FTL-poststop.sh index b5ddbc97..d196e3da 100755 --- a/advanced/Templates/pihole-FTL-poststop.sh +++ b/advanced/Templates/pihole-FTL-poststop.sh @@ -3,7 +3,6 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck disable=SC1090 . "${utilsfile}" # Get file paths diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 37d750a2..5bfd1b17 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -3,7 +3,6 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck disable=SC1090 . "${utilsfile}" # Get file paths diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 151d4f90..6cb3e09a 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -12,7 +12,6 @@ # Source utils.sh for getFTLConfigValue(), getFTLPID() PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck disable=SC1090 . "${utilsfile}" diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 59dbb94b..ef6e02c6 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1,5 +1,4 @@ #!/usr/bin/env bash -# shellcheck disable=SC1090 # Pi-hole: A black hole for Internet advertisements # (c) Pi-hole (https://pi-hole.net) diff --git a/gravity.sh b/gravity.sh index 57df0712..102ec15f 100755 --- a/gravity.sh +++ b/gravity.sh @@ -1,5 +1,4 @@ #!/usr/bin/env bash -# shellcheck disable=SC1090 # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) @@ -16,11 +15,9 @@ export LC_ALL=C PI_HOLE_SCRIPT_DIR="/opt/pihole" # Source utils.sh for GetFTLConfigValue utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck disable=SC1090 . "${utilsfile}" coltable="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" -# shellcheck disable=SC1090 . "${coltable}" # shellcheck disable=SC1091 . "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" diff --git a/pihole b/pihole index efba71f0..c780308d 100755 --- a/pihole +++ b/pihole @@ -9,8 +9,6 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. -# shellcheck disable=SC1090 - readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" # PI_HOLE_BIN_DIR is not readonly here because in some functions (checkout), From e579397f51526964e5199ff855937b15567c0f3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 24 Feb 2025 20:03:44 +0100 Subject: [PATCH 25/76] Allow all users to read the version file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Templates/pihole-FTL-prestart.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 37d750a2..ed2e6a2e 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -12,6 +12,9 @@ FTL_PID_FILE="$(getFTLConfigValue files.pid)" # Ensure that permissions are set so that pihole-FTL can edit all necessary files mkdir -p /var/log/pihole chown -R pihole:pihole /etc/pihole/ /var/log/pihole/ +# allow all users read version file +chmod 0664 /etc/pihole/versions + # allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + # Set all files (except TLS-related ones) to u+rw g+r From d28e7952668ca0b2b35dce7eaac55eb1768c74b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 25 Feb 2025 21:12:58 +0100 Subject: [PATCH 26/76] Permissions on versions file should be 640 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/updatecheck.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index b64917a2..b5ae7e46 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -52,7 +52,7 @@ rm -f "/etc/pihole/localversions" # Create new versions file if it does not exist VERSION_FILE="/etc/pihole/versions" touch "${VERSION_FILE}" -chmod 644 "${VERSION_FILE}" +chmod 640 "${VERSION_FILE}" # if /pihole.docker.tag file exists, we will use it's value later in this script DOCKER_TAG=$(cat /pihole.docker.tag 2>/dev/null) From 9f5e18b1cdf65429aeb40c6ad6aa84cf7ec33e7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 6 Apr 2025 20:52:02 +0200 Subject: [PATCH 27/76] Make it 644 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/updatecheck.sh | 2 +- advanced/Templates/pihole-FTL-prestart.sh | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index b5ae7e46..b64917a2 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -52,7 +52,7 @@ rm -f "/etc/pihole/localversions" # Create new versions file if it does not exist VERSION_FILE="/etc/pihole/versions" touch "${VERSION_FILE}" -chmod 640 "${VERSION_FILE}" +chmod 644 "${VERSION_FILE}" # if /pihole.docker.tag file exists, we will use it's value later in this script DOCKER_TAG=$(cat /pihole.docker.tag 2>/dev/null) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index ed2e6a2e..7ad1bfe8 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -12,8 +12,9 @@ FTL_PID_FILE="$(getFTLConfigValue files.pid)" # Ensure that permissions are set so that pihole-FTL can edit all necessary files mkdir -p /var/log/pihole chown -R pihole:pihole /etc/pihole/ /var/log/pihole/ -# allow all users read version file -chmod 0664 /etc/pihole/versions + +# allow all users read version file (and use pihole -v) +chmod 0644 /etc/pihole/versions # allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} + From ca1bab3c1b012533844a8c5c3586886e131bf716 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 10:34:42 +0200 Subject: [PATCH 28/76] Fix more shellcheck warnings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .shellcheckrc | 3 ++- advanced/Scripts/api.sh | 1 - advanced/Scripts/list.sh | 3 +++ advanced/Scripts/piholeARPTable.sh | 2 ++ advanced/Scripts/piholeCheckout.sh | 3 ++- advanced/Scripts/piholeDebug.sh | 10 ++++++---- advanced/Scripts/piholeLogFlush.sh | 2 ++ advanced/Scripts/query.sh | 6 +----- advanced/Scripts/update.sh | 5 +++-- advanced/Scripts/updatecheck.sh | 2 +- advanced/Scripts/utils.sh | 1 - advanced/Scripts/version.sh | 6 ++---- advanced/Templates/pihole-FTL-poststop.sh | 1 + advanced/Templates/pihole-FTL-prestart.sh | 1 + automated install/basic-install.sh | 4 ++-- automated install/uninstall.sh | 3 +++ gravity.sh | 7 ++++--- pihole | 4 ++++ 18 files changed, 39 insertions(+), 25 deletions(-) diff --git a/.shellcheckrc b/.shellcheckrc index 37eee86d..8e0b8387 100644 --- a/.shellcheckrc +++ b/.shellcheckrc @@ -1 +1,2 @@ -disable=SC1090,SC1091 # Ignore warnings about being unable to follow sourced files +external-sources=true # allow shellcheck to read external sources +disable=SC3043 #disable SC3043: In POSIX sh, local is undefined. diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 79fc90f4..65a4eaa5 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -1,5 +1,4 @@ #!/usr/bin/env sh -# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 3280ebfa..c07b0f2d 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -11,9 +11,11 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="./utils.sh" source "${utilsfile}" readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh" +# shellcheck source="./api.sh" source "${apifile}" # Determine database location @@ -38,6 +40,7 @@ typeId="" comment="" colfile="/opt/pihole/COL_TABLE" +# shellcheck source="./COL_TABLE" source ${colfile} helpFunc() { diff --git a/advanced/Scripts/piholeARPTable.sh b/advanced/Scripts/piholeARPTable.sh index e0565148..8257eb3e 100755 --- a/advanced/Scripts/piholeARPTable.sh +++ b/advanced/Scripts/piholeARPTable.sh @@ -11,11 +11,13 @@ coltable="/opt/pihole/COL_TABLE" if [[ -f ${coltable} ]]; then +# shellcheck source="./COL_TABLE" source ${coltable} fi readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="./utils.sh" source "${utilsfile}" # Determine database location diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index be5c9dc5..bde8a355 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -11,6 +11,7 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole" # shellcheck disable=SC2034 SKIP_INSTALL="true" +# shellcheck source="../../automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # webInterfaceGitUrl set in basic-install.sh @@ -218,7 +219,7 @@ checkout() { if [ $status -eq 1 ]; then # Binary for requested branch is not available, may still be # int he process of being built or CI build job failed - printf " %b Binary for requested branch is not available, please try again later.\\n" ${CROSS} + printf " %b Binary for requested branch is not available, please try again later.\\n" "${CROSS}" printf " If the issue persists, please contact Pi-hole Support and ask them to re-generate the binary.\\n" exit 1 elif [ $status -eq 2 ]; then diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f4226299..1b196a80 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -8,7 +8,6 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. -# shellcheck source=/dev/null # -e option instructs bash to immediately exit if any command [1] has a non-zero exit status # -u a reference to any variable you haven't previously defined @@ -27,6 +26,7 @@ PIHOLE_COLTABLE_FILE="${PIHOLE_SCRIPTS_DIRECTORY}/COL_TABLE" # These provide the colors we need for making the log more readable if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then +# shellcheck source=./COL_TABLE source ${PIHOLE_COLTABLE_FILE} else COL_NC='\e[0m' # No Color @@ -41,7 +41,7 @@ else #OVER="\r\033[K" fi -# shellcheck disable=SC1091 +# shellcheck source=/dev/null . /etc/pihole/versions # Read the value of an FTL config key. The value is printed to stdout. @@ -213,7 +213,7 @@ compare_local_version_to_git_version() { local local_status local_status=$(git status -s) # echo this information out to the user in a nice format - if [ ${local_version} ]; then + if [ "${local_version}" ]; then log_write "${TICK} Version: ${local_version}" elif [ -n "${DOCKER_VERSION}" ]; then log_write "${TICK} Version: Pi-hole Docker Container ${COL_BOLD}${DOCKER_VERSION}${COL_NC}" @@ -488,7 +488,9 @@ run_and_print_command() { local output output=$(${cmd} 2>&1) # If the command was successful, - if [[ $? -eq 0 ]]; then + local return_code + return_code=$? + if [[ "${return_code}" -eq 0 ]]; then # show the output log_write "${output}" else diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 58c6a41d..ab88fb73 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -9,10 +9,12 @@ # Please see LICENSE file for your rights under this license. colfile="/opt/pihole/COL_TABLE" +# shellcheck source="./COL_TABLE" source ${colfile} readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="./utils.sh" source "${utilsfile}" # In case we're running at the same time as a system logrotate, use a diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 43498f17..aeebba3a 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -1,10 +1,5 @@ #!/usr/bin/env sh - -# Ignore warning about `local` being undefinded in POSIX -# shellcheck disable=SC3043 -# https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions - # Pi-hole: A black hole for Internet advertisements # (c) 2023 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. @@ -22,6 +17,7 @@ domain="" # Source color table colfile="/opt/pihole/COL_TABLE" +# shellcheck source="./COL_TABLE" . "${colfile}" # Source api functions diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index e94ef0fd..7e13054e 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -21,10 +21,11 @@ SKIP_INSTALL=true # when --check-only is passed to this script, it will not perform the actual update CHECK_ONLY=false +# shellcheck source="../../automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" -# shellcheck disable=SC1091 +# shellcheck source=./COL_TABLE source "/opt/pihole/COL_TABLE" -# shellcheck disable=SC1091 +# shellcheck source="./utils.sh" source "${PI_HOLE_INSTALL_DIR}/utils.sh" # is_repo() sourced from basic-install.sh diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 6cd485eb..62bcbcf3 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -39,7 +39,7 @@ function get_remote_hash() { } # Source the utils file for addOrEditKeyValPair() -# shellcheck disable=SC1091 +# shellcheck source="./utils.sh" . /opt/pihole/utils.sh ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index adce8144..d4a6957c 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -1,5 +1,4 @@ #!/usr/bin/env sh -# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 54b89498..e932fe63 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -8,18 +8,16 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. -# Ignore warning about `local` being undefinded in POSIX -# shellcheck disable=SC3043 -# https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions - # Source the versions file populated by updatechecker.sh cachedVersions="/etc/pihole/versions" if [ -f ${cachedVersions} ]; then + # shellcheck source=/dev/null . "$cachedVersions" else echo "Could not find /etc/pihole/versions. Running update now." pihole updatechecker + # shellcheck source=/dev/null . "$cachedVersions" fi diff --git a/advanced/Templates/pihole-FTL-poststop.sh b/advanced/Templates/pihole-FTL-poststop.sh index d196e3da..e7db109d 100755 --- a/advanced/Templates/pihole-FTL-poststop.sh +++ b/advanced/Templates/pihole-FTL-poststop.sh @@ -3,6 +3,7 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="../Scripts/utils.sh" . "${utilsfile}" # Get file paths diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index aae26cf3..056cb21c 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -3,6 +3,7 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="../Scripts/utils.sh" . "${utilsfile}" # Get file paths diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ef6e02c6..2d9041a2 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -153,6 +153,7 @@ done # If the color table file exists, if [[ -f "${coltable}" ]]; then # source it + # shellcheck source="../advanced/Scripts/COL_TABLE" source "${coltable}" # Otherwise, else @@ -1871,7 +1872,6 @@ clone_or_reset_repos() { # Download FTL binary to random temp directory and install FTL binary # Disable directive for SC2120 a value _can_ be passed to this function, but it is passed from an external script that sources this one -# shellcheck disable=SC2120 FTLinstall() { # Local, named variables local str="Downloading and Installing FTL" @@ -2400,7 +2400,7 @@ main() { # /opt/pihole/utils.sh should be installed by installScripts now, so we can use it if [ -f "${PI_HOLE_INSTALL_DIR}/utils.sh" ]; then - # shellcheck disable=SC1091 + # shellcheck source="../advanced/Scripts/utils.sh" source "${PI_HOLE_INSTALL_DIR}/utils.sh" else printf " %b Failure: /opt/pihole/utils.sh does not exist .\\n" "${CROSS}" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 9020d275..9b118627 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -8,7 +8,9 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. +# shellcheck source="../advanced/Scripts/COL_TABLE" source "/opt/pihole/COL_TABLE" +# shellcheck source="../advanced/Scripts/utils.sh" source "/opt/pihole/utils.sh" ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") @@ -42,6 +44,7 @@ fi readonly PI_HOLE_FILES_DIR="/etc/.pihole" # shellcheck disable=SC2034 SKIP_INSTALL="true" +# shellcheck source="./basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # package_manager_detect() sourced from basic-install.sh diff --git a/gravity.sh b/gravity.sh index 102ec15f..d7dfadf6 100755 --- a/gravity.sh +++ b/gravity.sh @@ -15,11 +15,13 @@ export LC_ALL=C PI_HOLE_SCRIPT_DIR="/opt/pihole" # Source utils.sh for GetFTLConfigValue utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source=./advanced/Scripts/utils.sh . "${utilsfile}" coltable="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" +# shellcheck source=./advanced/Scripts/COL_TABLE . "${coltable}" -# shellcheck disable=SC1091 +# shellcheck source=./advanced/Scripts/database_migration/gravity-db.sh . "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" basename="pihole" @@ -767,8 +769,7 @@ gravity_DownloadBlocklistFromUrl() { fi if [[ "${download}" == true ]]; then - # shellcheck disable=SC2086 - httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${modifiedOptions} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null) + httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L "${compression}" "${cmd_ext}" "${modifiedOptions}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null) fi case $url in diff --git a/pihole b/pihole index c780308d..7b645030 100755 --- a/pihole +++ b/pihole @@ -17,13 +17,16 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" +# shellcheck source=./advanced/Scripts/COL_TABLE.sh source "${colfile}" readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source=./advanced/Scripts/utils.sh source "${utilsfile}" # Source api functions readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh" +# shellcheck source=./advanced/Scripts/api.sh source "${apifile}" versionsfile="/etc/pihole/versions" @@ -31,6 +34,7 @@ if [ -f "${versionsfile}" ]; then # Only source versionsfile if the file exits # fixes a warning during installation where versionsfile does not exist yet # but gravity calls `pihole -status` and thereby sourcing the file + # shellcheck source=/dev/null source "${versionsfile}" fi From 3732ea736542e6651d7f6fd9adcadf78640b29f2 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 7 Apr 2025 10:24:53 +0100 Subject: [PATCH 29/76] Remove shellcheck directives that no longer serve any purpose Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 4 ---- advanced/Scripts/piholeDebug.sh | 1 - advanced/Scripts/update.sh | 1 - automated install/basic-install.sh | 1 - automated install/uninstall.sh | 1 - 5 files changed, 8 deletions(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index bde8a355..21e9df9f 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -9,7 +9,6 @@ # Please see LICENSE file for your rights under this license. readonly PI_HOLE_FILES_DIR="/etc/.pihole" -# shellcheck disable=SC2034 SKIP_INSTALL="true" # shellcheck source="../../automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" @@ -61,7 +60,6 @@ checkout() { exit 1; fi - # shellcheck disable=SC2154 if ! is_repo "${webInterfaceDir}" ; then echo -e " ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!" echo -e " Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}" @@ -106,7 +104,6 @@ checkout() { echo "master" > /etc/pihole/ftlbranch chmod 644 /etc/pihole/ftlbranch elif [[ "${1}" == "core" ]] ; then - # shellcheck disable=SC2154 str="Fetching branches from ${piholeGitUrl}" echo -ne " ${INFO} $str" if ! fully_fetch_repo "${PI_HOLE_FILES_DIR}" ; then @@ -134,7 +131,6 @@ checkout() { fi checkout_pull_branch "${PI_HOLE_FILES_DIR}" "${2}" elif [[ "${1}" == "web" ]] ; then - # shellcheck disable=SC2154 str="Fetching branches from ${webInterfaceGitUrl}" echo -ne " ${INFO} $str" if ! fully_fetch_repo "${webInterfaceDir}" ; then diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 1b196a80..caff6c5e 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -935,7 +935,6 @@ parse_file() { # Get the lines that are in the file(s) and store them in an array for parsing later local file_info if [[ -f "$filename" ]]; then - #shellcheck disable=SC2016 IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )' else read -r -a file_info <<< "$filename" diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 7e13054e..bcd1889a 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -15,7 +15,6 @@ readonly ADMIN_INTERFACE_GIT_URL="https://github.com/pi-hole/web.git" readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git" readonly PI_HOLE_FILES_DIR="/etc/.pihole" -# shellcheck disable=SC2034 SKIP_INSTALL=true # when --check-only is passed to this script, it will not perform the actual update diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2d9041a2..983d75d7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -769,7 +769,6 @@ chooseInterface() { # All further interfaces are deselected status="OFF" done - # shellcheck disable=SC2086 # Disable check for double quote here as we are passing a string with spaces PIHOLE_INTERFACE=$(dialog --no-shadow --keep-tite --output-fd 1 \ --cancel-label "Exit" --ok-label "Select" \ diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 9b118627..1d365a37 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -42,7 +42,6 @@ else fi readonly PI_HOLE_FILES_DIR="/etc/.pihole" -# shellcheck disable=SC2034 SKIP_INSTALL="true" # shellcheck source="./basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" From 23fc53c618d0b4243644be3f950d0b27829dae40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 11:32:14 +0200 Subject: [PATCH 30/76] Set -x option for shellcheck GHA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0fadb6f4..51e48076 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,6 +34,8 @@ jobs: check_together: 'yes' format: tty severity: warning + env: + SHELLCHECK_OPTS: -x # Enable shellcheck -x option (follow external sources) - name: Spell-Checking uses: codespell-project/actions-codespell@master From 135b0cce14db6dd53d35c2cebff2b5118164d00c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 11:47:40 +0200 Subject: [PATCH 31/76] Switch to Differential ShellCheck MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 51e48076..2d8f047c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,9 +16,13 @@ jobs: smoke-tests: if: github.event.pull_request.draft == false runs-on: ubuntu-latest + permissions: + security-events: write # required by Differential ShellCheck steps: - name: Checkout repository uses: actions/checkout@v4.2.2 + with: + fetch-depth: 0 # Differential ShellCheck requires full git history - name: Check scripts in repository are executable run: | @@ -28,14 +32,17 @@ jobs: # If FAIL is 1 then we fail. [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!" - - name: Run shellcheck - uses: ludeeus/action-shellcheck@master + - name: Differential ShellCheck + uses: redhat-plumbers-in-action/differential-shellcheck@v5 with: - check_together: 'yes' - format: tty - severity: warning - env: - SHELLCHECK_OPTS: -x # Enable shellcheck -x option (follow external sources) + token: ${{ secrets.GITHUB_TOKEN }} + + - if: ${{ runner.debug == '1' && !cancelled() }} + name: Upload artifact with ShellCheck defects in SARIF format + uses: actions/upload-artifact@v4 + with: + name: Differential ShellCheck SARIF + path: ${{ steps.ShellCheck.outputs.sarif }} - name: Spell-Checking uses: codespell-project/actions-codespell@master From 5002ce8ba76b0e5b9dc04412c63e14b3e429113e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 14:01:47 +0200 Subject: [PATCH 32/76] Source files relative to the repos root MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/list.sh | 6 +++--- advanced/Scripts/piholeARPTable.sh | 4 ++-- advanced/Scripts/piholeCheckout.sh | 2 +- advanced/Scripts/piholeDebug.sh | 2 +- advanced/Scripts/piholeLogFlush.sh | 4 ++-- advanced/Scripts/query.sh | 3 ++- advanced/Scripts/update.sh | 6 +++--- advanced/Scripts/updatecheck.sh | 2 +- advanced/Templates/pihole-FTL-poststop.sh | 2 +- advanced/Templates/pihole-FTL-prestart.sh | 2 +- automated install/basic-install.sh | 4 ++-- automated install/uninstall.sh | 6 +++--- pihole | 3 ++- 13 files changed, 24 insertions(+), 22 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index c07b0f2d..fa356f16 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -11,11 +11,11 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="./utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" source "${utilsfile}" readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh" -# shellcheck source="./api.sh" +# shellcheck source="./advanced/Scripts/api.sh" source "${apifile}" # Determine database location @@ -40,7 +40,7 @@ typeId="" comment="" colfile="/opt/pihole/COL_TABLE" -# shellcheck source="./COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" source ${colfile} helpFunc() { diff --git a/advanced/Scripts/piholeARPTable.sh b/advanced/Scripts/piholeARPTable.sh index 8257eb3e..c62acdbc 100755 --- a/advanced/Scripts/piholeARPTable.sh +++ b/advanced/Scripts/piholeARPTable.sh @@ -11,13 +11,13 @@ coltable="/opt/pihole/COL_TABLE" if [[ -f ${coltable} ]]; then -# shellcheck source="./COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" source ${coltable} fi readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="./utils.sh" +# shellcheck source=./advanced/Scripts/utils.sh source "${utilsfile}" # Determine database location diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 21e9df9f..beaac5f1 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -10,7 +10,7 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole" SKIP_INSTALL="true" -# shellcheck source="../../automated install/basic-install.sh" +# shellcheck source="./automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # webInterfaceGitUrl set in basic-install.sh diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index caff6c5e..70c0ffe2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -26,7 +26,7 @@ PIHOLE_COLTABLE_FILE="${PIHOLE_SCRIPTS_DIRECTORY}/COL_TABLE" # These provide the colors we need for making the log more readable if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then -# shellcheck source=./COL_TABLE +# shellcheck source=./advanced/Scripts/COL_TABLE source ${PIHOLE_COLTABLE_FILE} else COL_NC='\e[0m' # No Color diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index ab88fb73..84610fda 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -9,12 +9,12 @@ # Please see LICENSE file for your rights under this license. colfile="/opt/pihole/COL_TABLE" -# shellcheck source="./COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" source ${colfile} readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="./utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" source "${utilsfile}" # In case we're running at the same time as a system logrotate, use a diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index aeebba3a..18c018dc 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -17,10 +17,11 @@ domain="" # Source color table colfile="/opt/pihole/COL_TABLE" -# shellcheck source="./COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" . "${colfile}" # Source api functions +# shellcheck source="./advanced/Scripts/api.sh" . "${PI_HOLE_INSTALL_DIR}/api.sh" Help() { diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index bcd1889a..08a50be1 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -20,11 +20,11 @@ SKIP_INSTALL=true # when --check-only is passed to this script, it will not perform the actual update CHECK_ONLY=false -# shellcheck source="../../automated install/basic-install.sh" +# shellcheck source="./automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" -# shellcheck source=./COL_TABLE +# shellcheck source=./advanced/Scripts/COL_TABLE source "/opt/pihole/COL_TABLE" -# shellcheck source="./utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" source "${PI_HOLE_INSTALL_DIR}/utils.sh" # is_repo() sourced from basic-install.sh diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 62bcbcf3..44f21419 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -39,7 +39,7 @@ function get_remote_hash() { } # Source the utils file for addOrEditKeyValPair() -# shellcheck source="./utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" . /opt/pihole/utils.sh ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") diff --git a/advanced/Templates/pihole-FTL-poststop.sh b/advanced/Templates/pihole-FTL-poststop.sh index e7db109d..504e2382 100755 --- a/advanced/Templates/pihole-FTL-poststop.sh +++ b/advanced/Templates/pihole-FTL-poststop.sh @@ -3,7 +3,7 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="../Scripts/utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" . "${utilsfile}" # Get file paths diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 056cb21c..579309d3 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -3,7 +3,7 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="../Scripts/utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" . "${utilsfile}" # Get file paths diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 983d75d7..9d364ffa 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -153,7 +153,7 @@ done # If the color table file exists, if [[ -f "${coltable}" ]]; then # source it - # shellcheck source="../advanced/Scripts/COL_TABLE" + # shellcheck source="./advanced/Scripts/COL_TABLE" source "${coltable}" # Otherwise, else @@ -2399,7 +2399,7 @@ main() { # /opt/pihole/utils.sh should be installed by installScripts now, so we can use it if [ -f "${PI_HOLE_INSTALL_DIR}/utils.sh" ]; then - # shellcheck source="../advanced/Scripts/utils.sh" + # shellcheck source="./advanced/Scripts/utils.sh" source "${PI_HOLE_INSTALL_DIR}/utils.sh" else printf " %b Failure: /opt/pihole/utils.sh does not exist .\\n" "${CROSS}" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 1d365a37..a158e595 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -8,9 +8,9 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. -# shellcheck source="../advanced/Scripts/COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" source "/opt/pihole/COL_TABLE" -# shellcheck source="../advanced/Scripts/utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" source "/opt/pihole/utils.sh" ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") @@ -43,7 +43,7 @@ fi readonly PI_HOLE_FILES_DIR="/etc/.pihole" SKIP_INSTALL="true" -# shellcheck source="./basic-install.sh" +# shellcheck source="./automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # package_manager_detect() sourced from basic-install.sh diff --git a/pihole b/pihole index 7b645030..2c3a433b 100755 --- a/pihole +++ b/pihole @@ -17,7 +17,7 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" -# shellcheck source=./advanced/Scripts/COL_TABLE.sh +# shellcheck source=./advanced/Scripts/COL_TABLE source "${colfile}" readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" @@ -431,6 +431,7 @@ piholeCheckoutFunc() { exit 0 fi + #shellcheck source=./advanced/Scripts/piholeCheckout.sh source "${PI_HOLE_SCRIPT_DIR}"/piholeCheckout.sh shift checkout "$@" From b271dbf606560a50c0e18dea60dfdb7f8a129853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 14:11:39 +0200 Subject: [PATCH 33/76] Set shellcheck level to warning, can be lowered later MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2d8f047c..ea7f71c3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,6 +35,7 @@ jobs: - name: Differential ShellCheck uses: redhat-plumbers-in-action/differential-shellcheck@v5 with: + severity: warning token: ${{ secrets.GITHUB_TOKEN }} - if: ${{ runner.debug == '1' && !cancelled() }} From bda81cb2f5b1785beead193487cffe596d5faa3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 21:25:29 +0200 Subject: [PATCH 34/76] Remove debug SARIF upload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ea7f71c3..b9f38800 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,13 +38,6 @@ jobs: severity: warning token: ${{ secrets.GITHUB_TOKEN }} - - if: ${{ runner.debug == '1' && !cancelled() }} - name: Upload artifact with ShellCheck defects in SARIF format - uses: actions/upload-artifact@v4 - with: - name: Differential ShellCheck SARIF - path: ${{ steps.ShellCheck.outputs.sarif }} - - name: Spell-Checking uses: codespell-project/actions-codespell@master with: From 0f511ad5744167c4dbe821966734ad2b632fbf30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 8 Apr 2025 17:50:19 +0200 Subject: [PATCH 35/76] Remove token and use sarif-fmt for nicer CLI output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b9f38800..5d73f31b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,8 +16,6 @@ jobs: smoke-tests: if: github.event.pull_request.draft == false runs-on: ubuntu-latest - permissions: - security-events: write # required by Differential ShellCheck steps: - name: Checkout repository uses: actions/checkout@v4.2.2 @@ -36,7 +34,8 @@ jobs: uses: redhat-plumbers-in-action/differential-shellcheck@v5 with: severity: warning - token: ${{ secrets.GITHUB_TOKEN }} + display-engine: sarif-fmt + - name: Spell-Checking uses: codespell-project/actions-codespell@master From 48272f3393638a7d6ffa214adb6f4f10fbec792a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 9 Apr 2025 18:00:28 +0100 Subject: [PATCH 36/76] revert a change to gravity.sh that attempted to fix an SC2086 warning from shellcheck. Fixes #6159 Signed-off-by: Adam Warner --- gravity.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index d7dfadf6..e75bb250 100755 --- a/gravity.sh +++ b/gravity.sh @@ -769,7 +769,9 @@ gravity_DownloadBlocklistFromUrl() { fi if [[ "${download}" == true ]]; then - httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L "${compression}" "${cmd_ext}" "${modifiedOptions}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null) + # See https://github.com/pi-hole/pi-hole/issues/6159 for justification of the below disable directive + # shellcheck disable=SC2086 + httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${modifiedOptions} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null) fi case $url in From 9e62625f83e4686407898c0584bb5557e2e8578f Mon Sep 17 00:00:00 2001 From: Rob Gill Date: Tue, 15 Apr 2025 14:13:43 +1000 Subject: [PATCH 37/76] Install on IPv6-only/DNS64/NAT64 system Alters the test for IPv4 route so the installer doesn't fail instantly on IPv6-only. Gives user a dialog to proceed with IPv6 only installation Switches DNS server options to only contain IPv6 addresses. Signed-off-by: Rob Gill --- automated install/basic-install.sh | 43 ++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e69256ff..8a18a6cd 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -49,7 +49,6 @@ Google (ECS, DNSSEC);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860: OpenDNS (ECS, DNSSEC);208.67.222.222;208.67.220.220;2620:119:35::35;2620:119:53::53 Level3;4.2.2.1;4.2.2.2;; Comodo;8.26.56.26;8.20.247.20;; -DNS.WATCH (DNSSEC);84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b Quad9 (filtered, DNSSEC);9.9.9.9;149.112.112.112;2620:fe::fe;2620:fe::9 Quad9 (unfiltered, no DNSSEC);9.9.9.10;149.112.112.10;2620:fe::10;2620:fe::fe:10 Quad9 (filtered, ECS, DNSSEC);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11 @@ -57,6 +56,17 @@ Cloudflare (DNSSEC);1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001 EOM ) +DNS_SERVERS_IPV6_ONLY=$( + cat < Date: Sat, 19 Apr 2025 20:29:19 +0300 Subject: [PATCH 38/76] Allow alternative cron daemons on Debian Add cron-daemon virtual package as an alternative dependency. This way pihole-meta by default still depends on cron, but allows installation of systemd-cron, which completely replaces cron daemon and package. With systemd-cron functionality of crontab files and /etc/cron.* directories works expected, as systemd-cron generates systemd timers from cron files. Signed-off-by: Ihor Urazov --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index af03d93d..496ca07c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -115,11 +115,11 @@ c=70 PIHOLE_META_PACKAGE_CONTROL_APT=$( cat < Architecture: all Description: Pi-hole dependency meta package -Depends: grep,dnsutils,binutils,git,iproute2,dialog,ca-certificates,cron,curl,iputils-ping,psmisc,sudo,unzip,libcap2-bin,dns-root-data,libcap2,netcat-openbsd,procps,jq,lshw,bash-completion +Depends: grep,dnsutils,binutils,git,iproute2,dialog,ca-certificates,cron | cron-daemon,curl,iputils-ping,psmisc,sudo,unzip,libcap2-bin,dns-root-data,libcap2,netcat-openbsd,procps,jq,lshw,bash-completion Section: contrib/metapackages Priority: optional EOM From 1432568d17f78f533583fca2d4fca29c72f5cdff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 20 Apr 2025 20:14:41 +0200 Subject: [PATCH 39/76] Remove duplicated code checking if adlist domain is blocked locally MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/gravity.sh b/gravity.sh index e75bb250..514289d0 100755 --- a/gravity.sh +++ b/gravity.sh @@ -646,32 +646,6 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." blocked=false - case $(getFTLConfigValue dns.blocking.mode) in - "IP-NODATA-AAAA" | "IP") - # Get IP address of this domain - ip="$(dig "${domain}" +short)" - # Check if this IP matches any IP of the system - if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<<"$(ip a)") -gt 0 ]]; then - blocked=true - fi - ;; - "NXDOMAIN") - if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then - blocked=true - fi - ;; - "NODATA") - if [[ $(dig "${domain}" | grep "NOERROR" -c) -ge 1 ]] && [[ -z $(dig +short "${domain}") ]]; then - blocked=true - fi - ;; - "NULL" | *) - if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then - blocked=true - fi - ;; - esac - # Check if this domain is blocked by Pi-hole but only if the domain is not a # local file or empty if [[ $url != "file"* ]] && [[ -n "${domain}" ]]; then From 8733b429dd908644e4d08e25309270ab0cf4f71a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 20 Apr 2025 22:50:55 +0200 Subject: [PATCH 40/76] Treat FTL return data as strings - part II MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 65a4eaa5..006a8d31 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -226,7 +226,7 @@ GetFTLData() { # return only the data if [ "${status}" = 200 ]; then # response OK - echo "${data}" + printf %s "${data}" else # connection lost echo "${status}" From 4a1bcda6f1b0a7f7e56221ad3ac27b7f509e20a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 21 Apr 2025 09:28:19 +0200 Subject: [PATCH 41/76] All gravity related files and dirs should be owned by pihole:pihole MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 514289d0..37a7301b 100755 --- a/gravity.sh +++ b/gravity.sh @@ -126,7 +126,7 @@ gravity_swap_databases() { oldAvail=false if [ "${availableBlocks}" -gt "$((gravityBlocks * 2))" ] && [ -f "${gravityDBfile}" ]; then oldAvail=true - cp "${gravityDBfile}" "${gravityOLDfile}" + cp -p "${gravityDBfile}" "${gravityOLDfile}" fi # Drop the gravity and antigravity tables + subsequent VACUUM the current @@ -140,6 +140,7 @@ gravity_swap_databases() { # Check if the backup directory exists if [ ! -d "${gravityBCKdir}" ]; then mkdir -p "${gravityBCKdir}" + chown pihole:pihole "${gravityBCKdir}" fi # If multiple gravityBCKfile's are present (appended with a number), rotate them @@ -1016,6 +1017,7 @@ migrate_to_listsCache_dir() { local str="Migrating the list's cache directory to new location" echo -ne " ${INFO} ${str}..." mkdir -p "${listsCacheDir}" + chown pihole:pihole "${listsCacheDir}" # Move the old files to the new directory if mv "${piholeDir}"/list.* "${listsCacheDir}/" 2>/dev/null; then From ce0bdac1bd2eb1809722abe62c205f95a049fd81 Mon Sep 17 00:00:00 2001 From: Rob Gill Date: Wed, 23 Apr 2025 06:41:16 +1000 Subject: [PATCH 42/76] Remove reference to telnet and chronometer in README Replace with curl example and commandline example Signed-off-by: Rob Gill --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f320f8c5..622ff202 100644 --- a/README.md +++ b/README.md @@ -128,7 +128,10 @@ Some of the statistics you can integrate include: - Queries cached - Unique clients -Access the API via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863). +Access the API using: +- your browser: http://pi.hole/api/docs +- `curl`: `curl --connect-timeout 2 -ks "https://pi.hole/api/stats/summary" -H "Accept: application/json"`; +- the command line - examples: `pihole api config/webserver/port` or `pihole api stats/summary`. ### The Command-Line Interface From d7b6d6aa339d70b9a2aaeef1245404dcfd370a61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 22 Apr 2025 23:06:01 +0200 Subject: [PATCH 43/76] Remove unused $target from gravity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index 514289d0..03759963 100755 --- a/gravity.sh +++ b/gravity.sh @@ -417,7 +417,7 @@ gravity_DownloadBlocklists() { echo -e " ${INFO} Storing gravity database in ${COL_BOLD}${gravityDBfile}${COL_NC}" fi - local url domain str target compression adlist_type directory success + local url domain str compression adlist_type directory success echo "" # Prepare new gravity database @@ -566,7 +566,7 @@ gravity_DownloadBlocklists() { if [[ "${check_url}" =~ ${regex} ]]; then echo -e " ${CROSS} Invalid Target" else - timeit gravity_DownloadBlocklistFromUrl "${url}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" "${adlist_type}" "${domain}" + timeit gravity_DownloadBlocklistFromUrl "${url}" "${sourceIDs[$i]}" "${saveLocation}" "${compression}" "${adlist_type}" "${domain}" fi echo "" done @@ -600,7 +600,7 @@ compareLists() { # Download specified URL and perform checks on HTTP status and file content gravity_DownloadBlocklistFromUrl() { - local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}" gravity_type="${6}" domain="${7}" + local url="${1}" adlistID="${2}" saveLocation="${3}" compression="${4}" gravity_type="${5}" domain="${6}" local modifiedOptions="" listCurlBuffer str httpCode success="" ip cmd_ext local file_path permissions ip_addr port blocked=false download=true From 72a52807d1ab42ced45bdf893376cdadee9611c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 25 Apr 2025 21:03:09 +0200 Subject: [PATCH 44/76] Fix gravity waiting forever for DNS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/gravity.sh b/gravity.sh index 514289d0..06396d11 100755 --- a/gravity.sh +++ b/gravity.sh @@ -348,17 +348,24 @@ gravity_CheckDNSResolutionAvailable() { echo -e " ${CROSS} DNS resolution is currently unavailable" fi - str="Waiting until DNS resolution is available..." + str="Waiting 120 seconds if DNS resolution becomes available..." echo -ne " ${INFO} ${str}" - until getent hosts github.com &> /dev/null; do - # Append one dot for each second waiting - str="${str}." - echo -ne " ${OVER} ${INFO} ${str}" - sleep 1 + + for ((i = 0; i < 120; i++)); do + if getent hosts github.com &> /dev/null; then + # If we reach this point, DNS resolution is available + echo -e "${OVER} ${TICK} DNS resolution is available" + break + fi + # Append one dot for each second waiting + str="${str}." + echo -ne " ${OVER} ${INFO} ${str}" + sleep 1 done - # If we reach this point, DNS resolution is available - echo -e "${OVER} ${TICK} DNS resolution is available" + # DNS resolution is still unavailable after 120 seconds + return 1 + } # Function: try_restore_backup @@ -1081,6 +1088,12 @@ for var in "$@"; do esac done +# Check if DNS is available, no need to do any database manipulation if we're not able to download adlists +if ! timeit gravity_CheckDNSResolutionAvailable; then + echo -e " ${CROSS} No DNS resolution available. Please contact support." + exit 1 +fi + # Remove OLD (backup) gravity file, if it exists if [[ -f "${gravityOLDfile}" ]]; then rm "${gravityOLDfile}" @@ -1121,11 +1134,6 @@ if [[ "${forceDelete:-}" == true ]]; then fi # Gravity downloads blocklists next -if ! timeit gravity_CheckDNSResolutionAvailable; then - echo -e " ${CROSS} Can not complete gravity update, no DNS is available. Please contact support." - exit 1 -fi - if ! gravity_DownloadBlocklists; then echo -e " ${CROSS} Unable to create gravity database. Please try again later. If the problem persists, please contact support." exit 1 From 1bea6db50adb3a07ba58808791c7c013bc12a671 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Thu, 24 Apr 2025 09:00:07 +0200 Subject: [PATCH 45/76] Fix API logic in api.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/api.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 006a8d31..7e9d4653 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -20,7 +20,7 @@ TestAPIAvailability() { # as we are running locally, we can get the port value from FTL directly - local chaos_api_list authResponse authStatus authData + local chaos_api_list authResponse authStatus authData apiAvailable # Query the API URLs from FTL using CHAOS TXT local.api.ftl # The result is a space-separated enumeration of full URLs @@ -59,7 +59,7 @@ TestAPIAvailability() { # Test if http status code was 200 (OK) or 401 (authentication required) if [ ! "${authStatus}" = 200 ] && [ ! "${authStatus}" = 401 ]; then # API is not available at this port/protocol combination - API_PORT="" + apiAvailable=false else # API is available at this URL combination @@ -71,6 +71,8 @@ TestAPIAvailability() { # Check if 2FA is required needTOTP=$(echo "${authData}"| jq --raw-output .session.totp 2>/dev/null) + apiAvailable=true + break fi @@ -86,9 +88,9 @@ TestAPIAvailability() { fi done - # if API_PORT is empty, no working API port was found - if [ -n "${API_PORT}" ]; then - echo "API not available at: ${API_URL}" + # if apiAvailable is false, no working API was found + if [ "${apiAvailable}" = false ]; then + echo "API not available. Please check FTL.log" echo "Exiting." exit 1 fi From 454f96d0ea2c165ce1587363bb4757cd34bbd01e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Apr 2025 10:25:43 +0000 Subject: [PATCH 46/76] Bump actions/setup-python from 5.5.0 to 5.6.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.5.0 to 5.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.5.0...v5.6.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 5.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5d73f31b..26435035 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -80,7 +80,7 @@ jobs: uses: actions/checkout@v4.2.2 - name: Set up Python 3.10 - uses: actions/setup-python@v5.5.0 + uses: actions/setup-python@v5.6.0 with: python-version: "3.10" From 215003899d78dd5aac0b3ac3f5e442fb7f0cd457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 26 Apr 2025 15:03:01 +0200 Subject: [PATCH 47/76] (2+1)*40 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 06396d11..8d881105 100755 --- a/gravity.sh +++ b/gravity.sh @@ -351,7 +351,8 @@ gravity_CheckDNSResolutionAvailable() { str="Waiting 120 seconds if DNS resolution becomes available..." echo -ne " ${INFO} ${str}" - for ((i = 0; i < 120; i++)); do + # Default DNS timeout is two seconds, plus 1 second for each dot > 120 seconds + for ((i = 0; i < 40; i++)); do if getent hosts github.com &> /dev/null; then # If we reach this point, DNS resolution is available echo -e "${OVER} ${TICK} DNS resolution is available" From 4303a5868ffc47f9d8dd1c1298f7aff24e4ebc85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 26 Apr 2025 15:03:42 +0200 Subject: [PATCH 48/76] Only append dot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index 8d881105..887f9750 100755 --- a/gravity.sh +++ b/gravity.sh @@ -359,8 +359,7 @@ gravity_CheckDNSResolutionAvailable() { break fi # Append one dot for each second waiting - str="${str}." - echo -ne " ${OVER} ${INFO} ${str}" + echo -ne "." sleep 1 done From 3bd6a41795430f63c2c08262960c6d6f50fe73e9 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sat, 26 Apr 2025 15:36:22 +0200 Subject: [PATCH 49/76] Improve wording Co-authored-by: Adam Warner Signed-off-by: yubiuser --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 887f9750..5276d180 100755 --- a/gravity.sh +++ b/gravity.sh @@ -348,7 +348,7 @@ gravity_CheckDNSResolutionAvailable() { echo -e " ${CROSS} DNS resolution is currently unavailable" fi - str="Waiting 120 seconds if DNS resolution becomes available..." + str="Waiting up to 120 seconds for DNS resolution..." echo -ne " ${INFO} ${str}" # Default DNS timeout is two seconds, plus 1 second for each dot > 120 seconds From 40da3a40ec649cc8d0c0edb614755eb1a60c2a00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 28 Apr 2025 21:03:08 +0200 Subject: [PATCH 50/76] Remove os_check from install script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 172 ----------------------------- 1 file changed, 172 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index af03d93d..fda294b4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -227,176 +227,6 @@ is_command() { command -v "${check_command}" >/dev/null 2>&1 } -os_check_dig(){ - local protocol="$1" - local domain="$2" - local nameserver="$3" - local response - - response="$(dig -"${protocol}" +short -t txt "${domain}" "${nameserver}" 2>&1 - echo $? - )" - echo "${response}" -} - -os_check_dig_response(){ - # Checks the reply from the dig command to determine if it's a valid response - local digReply="$1" - local response - - # Dig returned 0 (success), so get the actual response, and loop through it to determine if the detected variables above are valid - response="${digReply%%$'\n'*}" - # If the value of ${response} is a single 0, then this is the return code, not an actual response. - if [ "${response}" == 0 ]; then - echo false - else - echo true - fi -} - -os_check() { - if [ "$PIHOLE_SKIP_OS_CHECK" != true ]; then - # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net - # and determines whether or not the script is running on one of those systems - local remote_os_domain valid_os valid_version valid_response detected_os detected_version display_warning cmdResult digReturnCode response - local piholeNameserver="@ns1.pi-hole.net" - remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"} - - detected_os=$(grep '^ID=' /etc/os-release | cut -d '=' -f2 | tr -d '"') - detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') - - # Test via IPv4 and hardcoded nameserver ns1.pi-hole.net - cmdResult=$(os_check_dig 4 "${remote_os_domain}" "${piholeNameserver}") - - # Gets the return code of the previous command (last line) - digReturnCode="${cmdResult##*$'\n'}" - - if [ ! "${digReturnCode}" == "0" ]; then - valid_response=false - else - valid_response=$(os_check_dig_response cmdResult) - fi - - # Try again via IPv6 and hardcoded nameserver ns1.pi-hole.net - if [ "$valid_response" = false ]; then - unset valid_response - unset cmdResult - unset digReturnCode - - cmdResult=$(os_check_dig 6 "${remote_os_domain}" "${piholeNameserver}") - # Gets the return code of the previous command (last line) - digReturnCode="${cmdResult##*$'\n'}" - - if [ ! "${digReturnCode}" == "0" ]; then - valid_response=false - else - valid_response=$(os_check_dig_response cmdResult) - fi - fi - - # Try again without hardcoded nameserver - if [ "$valid_response" = false ]; then - unset valid_response - unset cmdResult - unset digReturnCode - - cmdResult=$(os_check_dig 4 "${remote_os_domain}") - # Gets the return code of the previous command (last line) - digReturnCode="${cmdResult##*$'\n'}" - - if [ ! "${digReturnCode}" == "0" ]; then - valid_response=false - else - valid_response=$(os_check_dig_response cmdResult) - fi - fi - - if [ "$valid_response" = false ]; then - unset valid_response - unset cmdResult - unset digReturnCode - - cmdResult=$(os_check_dig 6 "${remote_os_domain}") - # Gets the return code of the previous command (last line) - digReturnCode="${cmdResult##*$'\n'}" - - if [ ! "${digReturnCode}" == "0" ]; then - valid_response=false - else - valid_response=$(os_check_dig_response cmdResult) - fi - fi - - if [ "$valid_response" = true ]; then - response="${cmdResult%%$'\n'*}" - IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"') - for distro_and_versions in "${supportedOS[@]}"; do - distro_part="${distro_and_versions%%=*}" - versions_part="${distro_and_versions##*=}" - - # If the distro part is a (case-insensitive) substring of the computer OS - if [[ "${detected_os^^}" =~ ${distro_part^^} ]]; then - valid_os=true - IFS="," read -r -a supportedVer <<<"${versions_part}" - for version in "${supportedVer[@]}"; do - if [[ "${detected_version}" =~ $version ]]; then - valid_version=true - break - fi - done - break - fi - done - fi - - if [ "$valid_os" = true ] && [ "$valid_version" = true ] && [ "$valid_response" = true ]; then - display_warning=false - fi - - if [ "$display_warning" != false ]; then - if [ "$valid_response" = false ]; then - - if [ "${digReturnCode}" -eq 0 ]; then - errStr="dig succeeded, but response was blank. Please contact support" - else - errStr="dig failed with return code ${digReturnCode}" - fi - printf " %b %bRetrieval of supported OS list failed. %s. %b\\n" "${CROSS}" "${COL_LIGHT_RED}" "${errStr}" "${COL_NC}" - printf " %bUnable to determine if the detected OS (%s %s) is supported%b\\n" "${COL_LIGHT_RED}" "${detected_os^}" "${detected_version}" "${COL_NC}" - printf " Possible causes for this include:\\n" - printf " - Firewall blocking DNS lookups from Pi-hole device to ns1.pi-hole.net\\n" - printf " - DNS resolution issues of the host system\\n" - printf " - Other internet connectivity issues\\n" - else - printf " %b %bUnsupported OS detected: %s %s%b\\n" "${CROSS}" "${COL_LIGHT_RED}" "${detected_os^}" "${detected_version}" "${COL_NC}" - printf " If you are seeing this message and you do have a supported OS, please contact support.\\n" - fi - printf "\\n" - printf " %bhttps://docs.pi-hole.net/main/prerequisites/#supported-operating-systems%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}" - printf "\\n" - printf " If you wish to attempt to continue anyway, you can try one of the following commands to skip this check:\\n" - printf "\\n" - printf " e.g: If you are seeing this message on a fresh install, you can run:\\n" - printf " %bcurl -sSL https://install.pi-hole.net | sudo PIHOLE_SKIP_OS_CHECK=true bash%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}" - printf "\\n" - printf " If you are seeing this message after having run pihole -up:\\n" - printf " %bsudo PIHOLE_SKIP_OS_CHECK=true pihole -r%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}" - printf " (In this case, your previous run of pihole -up will have already updated the local repository)\\n" - printf "\\n" - printf " It is possible that the installation will still fail at this stage due to an unsupported configuration.\\n" - printf " If that is the case, you can feel free to ask the community on Discourse with the %bCommunity Help%b category:\\n" "${COL_LIGHT_RED}" "${COL_NC}" - printf " %bhttps://discourse.pi-hole.net/c/bugs-problems-issues/community-help/%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}" - printf "\\n" - exit 1 - - else - printf " %b %bSupported OS detected%b\\n" "${TICK}" "${COL_LIGHT_GREEN}" "${COL_NC}" - fi - else - printf " %b %bPIHOLE_SKIP_OS_CHECK env variable set to true - installer will continue%b\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}" - fi -} - # Compatibility package_manager_detect() { @@ -2369,8 +2199,6 @@ main() { # Install Pi-hole dependencies install_dependent_packages - # Check that the installed OS is officially supported - display warning if not - os_check # Check if there is a usable FTL binary available on this architecture - do # this early on as FTL is a hard dependency for Pi-hole From d9f4ee7aaa4094536fee7b29b497814638395f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 28 Apr 2025 21:04:08 +0200 Subject: [PATCH 51/76] Remove os_check from update script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/update.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 08a50be1..51c1b1a1 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -112,8 +112,6 @@ main() { web_update=false FTL_update=false - # Perform an OS check to ensure we're on an appropriate operating system - os_check # Install packages used by this installation script (necessary if users have removed e.g. git from their systems) package_manager_detect From 54c8dd3d77b8460adea76e72999509eca3ac2374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 28 Apr 2025 21:06:05 +0200 Subject: [PATCH 52/76] Remove os_check from tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/_centos_10.Dockerfile | 1 - test/_centos_9.Dockerfile | 1 - test/_debian_11.Dockerfile | 1 - test/_debian_12.Dockerfile | 1 - test/_fedora_40.Dockerfile | 1 - test/_fedora_41.Dockerfile | 1 - test/_ubuntu_20.Dockerfile | 1 - test/_ubuntu_22.Dockerfile | 1 - test/_ubuntu_24.Dockerfile | 1 - test/test_any_automated_install.py | 44 ------------------------------ 10 files changed, 53 deletions(-) diff --git a/test/_centos_10.Dockerfile b/test/_centos_10.Dockerfile index ca439e1b..78a89789 100644 --- a/test/_centos_10.Dockerfile +++ b/test/_centos_10.Dockerfile @@ -15,6 +15,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_centos_9.Dockerfile b/test/_centos_9.Dockerfile index a5e7cf0b..73f53fa5 100644 --- a/test/_centos_9.Dockerfile +++ b/test/_centos_9.Dockerfile @@ -15,6 +15,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_11.Dockerfile b/test/_debian_11.Dockerfile index b8107244..2389063c 100644 --- a/test/_debian_11.Dockerfile +++ b/test/_debian_11.Dockerfile @@ -12,6 +12,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_debian_12.Dockerfile b/test/_debian_12.Dockerfile index 7446711a..a6c5f1ed 100644 --- a/test/_debian_12.Dockerfile +++ b/test/_debian_12.Dockerfile @@ -12,6 +12,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_fedora_40.Dockerfile b/test/_fedora_40.Dockerfile index 20102a10..43913895 100644 --- a/test/_fedora_40.Dockerfile +++ b/test/_fedora_40.Dockerfile @@ -13,6 +13,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_fedora_41.Dockerfile b/test/_fedora_41.Dockerfile index bf5fe5d5..c03371a5 100644 --- a/test/_fedora_41.Dockerfile +++ b/test/_fedora_41.Dockerfile @@ -13,6 +13,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_20.Dockerfile b/test/_ubuntu_20.Dockerfile index 75c12673..5b8deb5d 100644 --- a/test/_ubuntu_20.Dockerfile +++ b/test/_ubuntu_20.Dockerfile @@ -12,6 +12,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_22.Dockerfile b/test/_ubuntu_22.Dockerfile index 9206a46a..c3be89e1 100644 --- a/test/_ubuntu_22.Dockerfile +++ b/test/_ubuntu_22.Dockerfile @@ -13,6 +13,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/_ubuntu_24.Dockerfile b/test/_ubuntu_24.Dockerfile index 4cab43de..cf57c2aa 100644 --- a/test/_ubuntu_24.Dockerfile +++ b/test/_ubuntu_24.Dockerfile @@ -13,6 +13,5 @@ RUN true && \ chmod +x $SCRIPTDIR/* ENV SKIP_INSTALL=true -ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 5fa0f065..e72b4779 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -465,50 +465,6 @@ def test_validate_ip(host): test_address("0.0.0.0#00001", False) -def test_os_check_fails(host): - """Confirms install fails on unsupported OS""" - host.run( - """ - source /opt/pihole/basic-install.sh - package_manager_detect - build_dependency_package - install_dependent_packages - cat < /etc/os-release -ID=UnsupportedOS -VERSION_ID="2" -EOT - """ - ) - detectOS = host.run( - """t - source /opt/pihole/basic-install.sh - os_check - """ - ) - expected_stdout = "Unsupported OS detected: UnsupportedOS" - assert expected_stdout in detectOS.stdout - - -def test_os_check_passes(host): - """Confirms OS meets the requirements""" - host.run( - """ - source /opt/pihole/basic-install.sh - package_manager_detect - build_dependency_package - install_dependent_packages - """ - ) - detectOS = host.run( - """ - source /opt/pihole/basic-install.sh - os_check - """ - ) - expected_stdout = "Supported OS detected" - assert expected_stdout in detectOS.stdout - - def test_package_manager_has_pihole_deps(host): """Confirms OS is able to install the required packages for Pi-hole""" mock_command("dialog", {"*": ("", "0")}, host) From 5355e9e08491e6167ecdb40b172780527b340a32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 28 Apr 2025 21:10:36 +0200 Subject: [PATCH 53/76] Remove os_check from debug script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeDebug.sh | 94 ++++----------------------------- 1 file changed, 10 insertions(+), 84 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 70c0ffe2..741ff2f4 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -296,91 +296,12 @@ check_component_versions() { check_ftl_version } -os_check() { - # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net - # and determines whether or not the script is running on one of those systems - local remote_os_domain valid_os valid_version detected_os detected_version cmdResult digReturnCode response - remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"} - - detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"') - detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') - - cmdResult="$(dig -4 +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)" - #Get the return code of the previous command (last line) - digReturnCode="${cmdResult##*$'\n'}" - - # Extract dig response - response="${cmdResult%%$'\n'*}" - - if [ "${digReturnCode}" -ne 0 ]; then - log_write "${INFO} Distro: ${detected_os^}" - log_write "${INFO} Version: ${detected_version}" - log_write "${CROSS} dig IPv4 return code: ${COL_RED}${digReturnCode}${COL_NC}" - log_write "${CROSS} dig response: ${response}" - log_write "${INFO} Retrying via IPv6" - - cmdResult="$(dig -6 +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)" - #Get the return code of the previous command (last line) - digReturnCode="${cmdResult##*$'\n'}" - - # Extract dig response - response="${cmdResult%%$'\n'*}" - fi - # If also no success via IPv6 - if [ "${digReturnCode}" -ne 0 ]; then - log_write "${CROSS} dig IPv6 return code: ${COL_RED}${digReturnCode}${COL_NC}" - log_write "${CROSS} dig response: ${response}" - log_write "${CROSS} Error: ${COL_RED}dig command failed - Unable to check OS${COL_NC}" - else - IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"') - for distro_and_versions in "${supportedOS[@]}" - do - distro_part="${distro_and_versions%%=*}" - versions_part="${distro_and_versions##*=}" - - if [[ "${detected_os^^}" =~ ${distro_part^^} ]]; then - valid_os=true - IFS="," read -r -a supportedVer <<<"${versions_part}" - for version in "${supportedVer[@]}" - do - if [[ "${detected_version}" =~ $version ]]; then - valid_version=true - break - fi - done - break - fi - done - - # If it is a docker container, we can assume the OS is supported - [ -n "${DOCKER_VERSION}" ] && valid_os=true && valid_version=true - - local finalmsg - if [ "$valid_os" = true ]; then - log_write "${TICK} Distro: ${COL_GREEN}${detected_os^}${COL_NC}" - - if [ "$valid_version" = true ]; then - log_write "${TICK} Version: ${COL_GREEN}${detected_version}${COL_NC}" - finalmsg="${TICK} ${COL_GREEN}Distro and version supported${COL_NC}" - else - log_write "${CROSS} Version: ${COL_RED}${detected_version}${COL_NC}" - finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported ${COL_NC}(${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" - fi - else - log_write "${CROSS} Distro: ${COL_RED}${detected_os^}${COL_NC}" - finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro ${COL_NC}(${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}" - fi - - # Print dig response and the final check result - log_write "${TICK} dig return code: ${COL_GREEN}${digReturnCode}${COL_NC}" - log_write "${INFO} dig response: ${response}" - log_write "${finalmsg}" - fi -} - diagnose_operating_system() { # error message in a variable so we can easily modify it later (or reuse it) local error_msg="Distribution unknown -- most likely you are on an unsupported platform and may run into issues." + local detected_os + local detected_version + # Display the current test that is running echo_current_diagnostic "Operating system" @@ -389,8 +310,13 @@ diagnose_operating_system() { # If there is a /etc/*release file, it's probably a supported operating system, so we can if ls /etc/*release 1> /dev/null 2>&1; then - # display the attributes to the user from the function made earlier - os_check + # display the attributes to the user + + detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"') + detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"') + + log_write "${INFO} Distro: ${detected_os^}" + log_write "${INFO} Version: ${detected_version}" else # If it doesn't exist, it's not a system we currently support and link to FAQ log_write "${CROSS} ${COL_RED}${error_msg}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS})" From 0c533ec71bece9eb1fcbb764389801d732244c25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 3 May 2025 20:06:24 +0200 Subject: [PATCH 54/76] Use CODEOWNERS instead of deprecated dependbot/reviewers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/CODEOWNERS | 5 +++++ .github/dependabot.yml | 4 ---- 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..58192bc1 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,5 @@ +# see https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax + +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence, +* @pi-hole/core-maintainers diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e140f792..af9b74db 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,8 +8,6 @@ updates: time: "10:00" open-pull-requests-limit: 10 target-branch: development - reviewers: - - "pi-hole/core-maintainers" - package-ecosystem: pip directory: "/test" schedule: @@ -18,5 +16,3 @@ updates: time: "10:00" open-pull-requests-limit: 10 target-branch: development - reviewers: - - "pi-hole/core-maintainers" From b82487ee6a07486693fb58c0e0ce1653a7c8ffc2 Mon Sep 17 00:00:00 2001 From: darkexplosiveqwx <101737077+darkexplosiveqwx@users.noreply.github.com> Date: Sun, 4 May 2025 12:01:09 +0200 Subject: [PATCH 55/76] Add Fedora 42 to tests Signed-off-by: darkexplosiveqwx <101737077+darkexplosiveqwx@users.noreply.github.com> --- .github/workflows/test.yml | 1 + test/_fedora_42.Dockerfile | 17 +++++++++++++++++ test/test_any_automated_install.py | 1 + test/tox.fedora_42.ini | 10 ++++++++++ 4 files changed, 29 insertions(+) create mode 100644 test/_fedora_42.Dockerfile create mode 100644 test/tox.fedora_42.ini diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 26435035..ac496406 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -72,6 +72,7 @@ jobs: centos_10, fedora_40, fedora_41, + fedora_42, ] env: DISTRO: ${{matrix.distro}} diff --git a/test/_fedora_42.Dockerfile b/test/_fedora_42.Dockerfile new file mode 100644 index 00000000..90b17c0b --- /dev/null +++ b/test/_fedora_42.Dockerfile @@ -0,0 +1,17 @@ +FROM fedora:42 +RUN dnf install -y git initscripts + +ENV GITDIR=/etc/.pihole +ENV SCRIPTDIR=/opt/pihole + +RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole +ADD . $GITDIR +RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/ +ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR + +RUN true && \ + chmod +x $SCRIPTDIR/* + +ENV SKIP_INSTALL=true + +#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \ diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index e72b4779..0fa0453a 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -245,6 +245,7 @@ def test_FTL_detect_no_errors(host, arch, detected_string, supported): { "-A /bin/sh": ("Tag_CPU_arch: " + arch, "0"), "-A /usr/bin/sh": ("Tag_CPU_arch: " + arch, "0"), + "-A /usr/sbin/sh": ("Tag_CPU_arch: " + arch, "0"), }, host, ) diff --git a/test/tox.fedora_42.ini b/test/tox.fedora_42.ini new file mode 100644 index 00000000..67eb77e4 --- /dev/null +++ b/test/tox.fedora_42.ini @@ -0,0 +1,10 @@ +[tox] +envlist = py3 + +[testenv] +allowlist_externals = docker +deps = -rrequirements.txt +setenv = + COLUMNS=120 +commands = docker buildx build --load --progress plain -f _fedora_42.Dockerfile -t pytest_pihole:test_container ../ + pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py From 65fd0b099d96bb636c6e431f81981f3d64cb2ab5 Mon Sep 17 00:00:00 2001 From: darkexplosiveqwx <101737077+darkexplosiveqwx@users.noreply.github.com> Date: Sun, 4 May 2025 14:21:53 +0200 Subject: [PATCH 56/76] Extend .gitignore Signed-off-by: darkexplosiveqwx <101737077+darkexplosiveqwx@users.noreply.github.com> --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 8016472b..6322fd3e 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,6 @@ __pycache__ .idea/ *.iml .vscode/ +.venv/ +.fleet/ +.cache/ From 96437dc913e12e531d5d1fedab380e6871c7fd75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 4 May 2025 19:39:43 +0200 Subject: [PATCH 57/76] Set dns.interface during installation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index fda294b4..2e1afe7b 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -99,6 +99,7 @@ IPV6_ADDRESS=${IPV6_ADDRESS} # Give settings their default values. These may be changed by prompts later in the script. QUERY_LOGGING= PRIVACY_LEVEL= +PIHOLE_INTERFACE= # Where old configs go to if a v6 migration is performed V6_CONF_MIGRATION_DIR="/etc/pihole/migration_backup_v6" @@ -2329,6 +2330,10 @@ main() { if [ -n "${PRIVACY_LEVEL}" ]; then setFTLConfigValue "misc.privacylevel" "${PRIVACY_LEVEL}" fi + + if [ -n "${PIHOLE_INTERFACE}" ]; then + setFTLConfigValue "dns.interface" "${PIHOLE_INTERFACE}" + fi fi # Download and compile the aggregated block list From fc103af050c4253ebe616721ba4708163cfa4c2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 4 May 2025 21:45:44 +0200 Subject: [PATCH 58/76] Revert response code logic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/api.sh | 43 ++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 7e9d4653..97192108 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -57,34 +57,33 @@ TestAPIAvailability() { authData=$(printf %s "${authResponse%???}") # Test if http status code was 200 (OK) or 401 (authentication required) - if [ ! "${authStatus}" = 200 ] && [ ! "${authStatus}" = 401 ]; then - # API is not available at this port/protocol combination - apiAvailable=false - else - # API is available at this URL combination - - if [ "${authStatus}" = 200 ]; then - # API is available without authentication - needAuth=false - fi + if [ "${authStatus}" = 200 ]; then + # API is available without authentication + apiAvailable=true + needAuth=false + break + elif [ "${authStatus}" = 401 ]; then + # API is available with authentication + apiAvailable=true + needAuth=true # Check if 2FA is required needTOTP=$(echo "${authData}"| jq --raw-output .session.totp 2>/dev/null) - - apiAvailable=true - break - fi - # Remove the first URL from the list - local last_api_list - last_api_list="${chaos_api_list}" - chaos_api_list="${chaos_api_list#* }" + else + # API is not available at this port/protocol combination + apiAvailable=false + # Remove the first URL from the list + local last_api_list + last_api_list="${chaos_api_list}" + chaos_api_list="${chaos_api_list#* }" - # If the list did not change, we are at the last element - if [ "${last_api_list}" = "${chaos_api_list}" ]; then - # Remove the last element - chaos_api_list="" + # If the list did not change, we are at the last element + if [ "${last_api_list}" = "${chaos_api_list}" ]; then + # Remove the last element + chaos_api_list="" + fi fi done From d45003a8ca4211474ca40a156c39332967ef8e43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 5 May 2025 17:27:53 +0200 Subject: [PATCH 59/76] Do not try to upgrade gravity if it does not exist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2e1afe7b..ce240683 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2295,10 +2295,13 @@ main() { # but before starting or resttarting the ftl service disable_resolved_stublistener - # Check if gravity database needs to be upgraded. If so, do it without rebuilding - # gravity altogether. This may be a very long running task needlessly blocking - # the update process. - /opt/pihole/gravity.sh --upgrade + if [[ "${fresh_install}" == false ]]; then + # Check if gravity database needs to be upgraded. If so, do it without rebuilding + # gravity altogether. This may be a very long running task needlessly blocking + # the update process. + # Only do this on updates, not on fresh installs as the database does not exit yet + /opt/pihole/gravity.sh --upgrade + fi printf " %b Restarting services...\\n" "${INFO}" # Start services From 189da82614a4d9e3a25e526541fa5719f7047bd5 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Mon, 12 May 2025 08:54:58 +0200 Subject: [PATCH 60/76] && chown Co-authored-by: Dan Schaper Signed-off-by: yubiuser --- gravity.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/gravity.sh b/gravity.sh index 37a7301b..f34ac3fb 100755 --- a/gravity.sh +++ b/gravity.sh @@ -139,8 +139,7 @@ gravity_swap_databases() { else # Check if the backup directory exists if [ ! -d "${gravityBCKdir}" ]; then - mkdir -p "${gravityBCKdir}" - chown pihole:pihole "${gravityBCKdir}" + mkdir -p "${gravityBCKdir}" && chown pihole:pihole "${gravityBCKdir}" fi # If multiple gravityBCKfile's are present (appended with a number), rotate them @@ -1016,8 +1015,7 @@ migrate_to_listsCache_dir() { # If not, we need to migrate the old files to the new directory local str="Migrating the list's cache directory to new location" echo -ne " ${INFO} ${str}..." - mkdir -p "${listsCacheDir}" - chown pihole:pihole "${listsCacheDir}" + mkdir -p "${listsCacheDir}" && chown pihole:pihole "${listsCacheDir}" # Move the old files to the new directory if mv "${piholeDir}"/list.* "${listsCacheDir}/" 2>/dev/null; then From 842afc24758e38f29533dc2e9794d7064fcb7dc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 21 Apr 2025 09:43:07 +0200 Subject: [PATCH 61/76] Give FTL 60 seconds for graceful shutdown MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Templates/pihole-FTL.service | 6 +++++- advanced/Templates/pihole-FTL.systemd | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 6cb3e09a..7c7e9962 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -12,6 +12,7 @@ # Source utils.sh for getFTLConfigValue(), getFTLPID() PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" . "${utilsfile}" @@ -56,13 +57,16 @@ start() { stop() { if is_running; then kill "${FTL_PID}" - for i in 1 2 3 4 5; do + # Give FTL 60 seconds to gracefully stop + i=1 + while [ "${i}" -le 60 ]; do if ! is_running; then break fi printf "." sleep 1 + i=$((i + 1)) done echo diff --git a/advanced/Templates/pihole-FTL.systemd b/advanced/Templates/pihole-FTL.systemd index 0a3d270e..fcbb8d8d 100644 --- a/advanced/Templates/pihole-FTL.systemd +++ b/advanced/Templates/pihole-FTL.systemd @@ -28,7 +28,7 @@ ExecReload=/bin/kill -HUP $MAINPID ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh # Use graceful shutdown with a reasonable timeout -TimeoutStopSec=10s +TimeoutStopSec=60s # Make /usr, /boot, /etc and possibly some more folders read-only... ProtectSystem=full From 190798e57247116c8f8ae2b623719bccaefb3177 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Wed, 19 Mar 2025 19:26:17 -0300 Subject: [PATCH 62/76] Allow simple `pihole api` output, containing only the JSON payload Signed-off-by: RD WebDesign --- advanced/Scripts/api.sh | 32 ++++++++++++++++++++++++-------- pihole | 2 +- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 97192108..fda17458 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -301,14 +301,23 @@ secretRead() { } apiFunc() { - local data response status status_col + local data response status status_col verbose + + # Define if the output will be verbose (default) or silent + verbose="verbose" + if [ "$1" = "silent" ] || [ "$1" = "-s" ]; then + verbose="" + shift + fi # Authenticate with the API - LoginAPI verbose - echo "" + LoginAPI "${verbose}" - echo "Requesting: ${COL_PURPLE}GET ${COL_CYAN}${API_URL}${COL_YELLOW}$1${COL_NC}" - echo "" + if [ "${verbose}" = "verbose" ]; then + echo "" + echo "Requesting: ${COL_PURPLE}GET ${COL_CYAN}${API_URL}${COL_YELLOW}$1${COL_NC}" + echo "" + fi # Get the data from the API response=$(GetFTLData "$1" raw) @@ -325,11 +334,18 @@ apiFunc() { else status_col="${COL_RED}" fi - echo "Status: ${status_col}${status}${COL_NC}" + + # Only print the status in verbose mode or if the status is not 200 + if [ "${verbose}" = "verbose" ] || [ "${status}" != 200 ]; then + echo "Status: ${status_col}${status}${COL_NC}" + fi # Output the data. Format it with jq if available and data is actually JSON. # Otherwise just print it - echo "Data:" + if [ "${verbose}" = "verbose" ]; then + echo "Data:" + fi + if command -v jq >/dev/null && echo "${data}" | jq . >/dev/null 2>&1; then echo "${data}" | jq . else @@ -337,5 +353,5 @@ apiFunc() { fi # Delete the session - LogoutAPI verbose + LogoutAPI "${verbose}" } diff --git a/pihole b/pihole index 2c3a433b..248e9a7d 100755 --- a/pihole +++ b/pihole @@ -601,6 +601,6 @@ case "${1}" in "updatechecker" ) shift; updateCheckFunc "$@";; "arpflush" ) arpFunc "$@";; "-t" | "tail" ) tailFunc "$2";; - "api" ) apiFunc "$2";; + "api" ) shift; apiFunc "$@";; * ) helpFunc;; esac From e01d49b3ee36fd39679ac20d9e7a92e618f95e94 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Mon, 12 May 2025 15:53:12 -0300 Subject: [PATCH 63/76] Change FTLcheckUpdate to use api.github.com and `jq` to retrieve tag_name Signed-off-by: RD WebDesign --- automated install/basic-install.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 74a02395..24fb22d2 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1972,12 +1972,14 @@ FTLcheckUpdate() { # same as the remote one local FTLversion FTLversion=$(/usr/bin/pihole-FTL tag) - local FTLlatesttag # Get the latest version from the GitHub API - if ! FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep --color=never -i Location: | awk -F / '{print $NF}' | tr -d '[:cntrl:]'); then + local FTLlatesttag + FTLlatesttag=$(curl -s https://api.github.com/repos/pi-hole/FTL/releases/latest | jq -sRr 'fromjson? | .tag_name | values') + + if [ -z "${FTLlatesttag}" ]; then # There was an issue while retrieving the latest version - printf " %b Failed to retrieve latest FTL release metadata" "${CROSS}" + printf " %b Failed to retrieve latest FTL release metadata\\n" "${CROSS}" return 3 fi @@ -1995,6 +1997,7 @@ FTLcheckUpdate() { # Continue further down... fi else + # FTL not installed, then download return 0 fi fi From de31858950a61a5eb90a0a1c59635b32c1dfcdc1 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 12 May 2025 12:01:34 -0700 Subject: [PATCH 64/76] Use shell parameter expansion to split http_code and payload Codespell editorconfig Signed-off-by: Dan Schaper --- advanced/Scripts/api.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 97192108..20ebef5c 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -47,14 +47,15 @@ TestAPIAvailability() { API_URL="${API_URL%\"}" API_URL="${API_URL#\"}" - # Test if the API is available at this URL - authResponse=$(curl --connect-timeout 2 -skS -w "%{http_code}" "${API_URL}auth") + # Test if the API is available at this URL, include delimiter for ease in splitting payload + authResponse=$(curl --connect-timeout 2 -skS -w ">>%{http_code}" "${API_URL}auth") - # authStatus are the last 3 characters - # not using ${authResponse#"${authResponse%???}"}" here because it's extremely slow on big responses - authStatus=$(printf "%s" "${authResponse}" | tail -c 3) - # data is everything from response without the last 3 characters - authData=$(printf %s "${authResponse%???}") + # authStatus is the response http_code, eg. 200, 401. + # Shell parameter expansion, remove everything up to and including the >> delim + authStatus=${authResponse#*>>} + # data is everything from response + # Shell parameter expansion, remove the >> delim and everything after + authData=${authResponse%>>*} # Test if http status code was 200 (OK) or 401 (authentication required) if [ "${authStatus}" = 200 ]; then From dee44cb3da7aa27c2ee853830c944e3565d5e45e Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Sun, 11 May 2025 19:51:27 -0300 Subject: [PATCH 65/76] Define "silent" as default option and include "verbose" to the man page Signed-off-by: RD WebDesign --- advanced/Scripts/api.sh | 20 ++++++++++---------- manpages/pihole.8 | 15 ++++++++++++--- pihole | 1 + 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index fda17458..2a3d361b 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -301,19 +301,19 @@ secretRead() { } apiFunc() { - local data response status status_col verbose + local data response status status_col verbosity - # Define if the output will be verbose (default) or silent - verbose="verbose" - if [ "$1" = "silent" ] || [ "$1" = "-s" ]; then - verbose="" + # Define if the output will be silent (default) or verbose + verbosity="silent" + if [ "$1" = "verbose" ]; then + verbosity="verbose" shift fi # Authenticate with the API - LoginAPI "${verbose}" + LoginAPI "${verbosity}" - if [ "${verbose}" = "verbose" ]; then + if [ "${verbosity}" = "verbose" ]; then echo "" echo "Requesting: ${COL_PURPLE}GET ${COL_CYAN}${API_URL}${COL_YELLOW}$1${COL_NC}" echo "" @@ -336,13 +336,13 @@ apiFunc() { fi # Only print the status in verbose mode or if the status is not 200 - if [ "${verbose}" = "verbose" ] || [ "${status}" != 200 ]; then + if [ "${verbosity}" = "verbose" ] || [ "${status}" != 200 ]; then echo "Status: ${status_col}${status}${COL_NC}" fi # Output the data. Format it with jq if available and data is actually JSON. # Otherwise just print it - if [ "${verbose}" = "verbose" ]; then + if [ "${verbosity}" = "verbose" ]; then echo "Data:" fi @@ -353,5 +353,5 @@ apiFunc() { fi # Delete the session - LogoutAPI "${verbose}" + LogoutAPI "${verbosity}" } diff --git a/manpages/pihole.8 b/manpages/pihole.8 index 97a6ec68..e0c38828 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -23,7 +23,7 @@ pihole -r .br \fBpihole -g\fR .br -\fBpihole\fR -\fBq\fR [options] +\fBpihole\fR \fB-q\fR [options] .br \fBpihole\fR \fB-l\fR (\fBon|off|off noflush\fR) .br @@ -43,7 +43,7 @@ pihole -r .br \fBpihole\fR \fBcheckout\fR repo [branch] .br -\fBpihole\fR \api\fR endpoint +\fBpihole\fR \fBapi\fR [verbose] endpoint .br \fBpihole\fR \fBhelp\fR .br @@ -234,10 +234,14 @@ Available commands and options: branchname Update subsystems to the specified branchname .br -\fBapi\fR endpoint +\fBapi\fR [verbose] endpoint .br Query the Pi-hole API at .br + + verbose Show authentication and status messages +.br + .SH "EXAMPLE" Some usage examples @@ -323,6 +327,11 @@ Switching Pi-hole subsystem branches Queries FTL for the stats/summary endpoint .br +\fBpihole api verbose stats/summary\fR +.br + Same as above, but shows authentication and status messages +.br + .SH "COLOPHON" Get sucked into the latest news and community activity by entering Pi-hole's orbit. Information about Pi-hole, and the latest version of the software can be found at https://pi-hole.net. diff --git a/pihole b/pihole index 248e9a7d..1d5093c6 100755 --- a/pihole +++ b/pihole @@ -493,6 +493,7 @@ Debugging Options: Add an optional argument to filter the log (regular expressions are supported) api Query the Pi-hole API at + Precede with 'verbose' option to show authentication and status messages Options: From 88934ec81843ebcca64b2fea98bac97212bb1b5f Mon Sep 17 00:00:00 2001 From: Piotr Tyrakowski Date: Wed, 14 May 2025 21:47:34 +0200 Subject: [PATCH 66/76] Update basic-install.sh Signed-off-by: Piotr Tyrakowski --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 24fb22d2..b2bc894f 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -574,7 +574,7 @@ Do you wish to continue with an IPv6-only installation?\\n\\n" \ # Get available interfaces that are UP get_available_interfaces() { # There may be more than one so it's all stored in a variable - availableInterfaces=$(ip --oneline link show up | grep -v "lo" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1) + availableInterfaces=$(ip --oneline link show up | awk '{print $2}' | grep -v "^lo" | cut -d':' -f1 | cut -d'@' -f1) } # A function for displaying the dialogs the user sees when first running the installer From 86d9ac5f8f27a66f2d1201911238185737af311a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 May 2025 10:02:13 +0000 Subject: [PATCH 67/76] Bump tox from 4.25.0 to 4.26.0 in /test Bumps [tox](https://github.com/tox-dev/tox) from 4.25.0 to 4.26.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/4.25.0...4.26.0) --- updated-dependencies: - dependency-name: tox dependency-version: 4.26.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements.txt b/test/requirements.txt index 6987ee0c..b273c351 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -2,5 +2,5 @@ pyyaml == 6.0.2 pytest == 8.3.5 pytest-xdist == 3.6.1 pytest-testinfra == 10.2.2 -tox == 4.25.0 +tox == 4.26.0 pytest-clarity == 1.0.1 From 6ba6b0f0157d5ea3ad0dfdb4de30a1086f114512 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Tue, 20 May 2025 19:46:28 -0300 Subject: [PATCH 68/76] Return 1 only if resolution fails Function gravity_CheckDNSResolutionAvailable() should return 0 if DNS resolution is available Signed-off-by: RD WebDesign --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index cf22065a..16e459c6 100755 --- a/gravity.sh +++ b/gravity.sh @@ -356,7 +356,7 @@ gravity_CheckDNSResolutionAvailable() { if getent hosts github.com &> /dev/null; then # If we reach this point, DNS resolution is available echo -e "${OVER} ${TICK} DNS resolution is available" - break + return 0 fi # Append one dot for each second waiting echo -ne "." From b707890f1048a188c0182642a5dc01d02661fc54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 27 May 2025 20:09:59 +0200 Subject: [PATCH 69/76] Use PID1 to determine which command to use when toggeling services MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d84c8750..f4b51c6d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -228,6 +228,13 @@ is_command() { command -v "${check_command}" >/dev/null 2>&1 } +is_pid1() { + # Checks to see if the given command runs as PID 1 + local is_pid1="$1" + + ps -p 1 -o comm= | grep -q "${is_pid1}" +} + # Compatibility package_manager_detect() { @@ -1152,7 +1159,7 @@ installConfigs() { fi # Install pihole-FTL systemd or init.d service, based on whether systemd is the init system or not - if ps -p 1 -o comm= | grep -q systemd; then + if is_pid1 systemd; then install -T -m 0644 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.systemd" '/etc/systemd/system/pihole-FTL.service' # Remove init.d service if present @@ -1220,9 +1227,12 @@ stop_service() { # Can softfail, as process may not be installed when this is called local str="Stopping ${1} service" printf " %b %s..." "${INFO}" "${str}" - if is_command systemctl; then + # If systemd is PID 1, + if is_pid1 systemd; then + # use that to restart the service systemctl -q stop "${1}" || true else + # Otherwise, fall back to the service command service "${1}" stop >/dev/null || true fi printf "%b %b %s...\\n" "${OVER}" "${TICK}" "${str}" @@ -1233,8 +1243,8 @@ restart_service() { # Local, named variables local str="Restarting ${1} service" printf " %b %s..." "${INFO}" "${str}" - # If systemctl exists, - if is_command systemctl; then + # If systemd is PID 1, + if is_pid1 systemd; then # use that to restart the service systemctl -q restart "${1}" else @@ -1249,8 +1259,8 @@ enable_service() { # Local, named variables local str="Enabling ${1} service to start on reboot" printf " %b %s..." "${INFO}" "${str}" - # If systemctl exists, - if is_command systemctl; then + # If systemd is PID1, + if is_pid1 systemd; then # use that to enable the service systemctl -q enable "${1}" else @@ -1265,8 +1275,8 @@ disable_service() { # Local, named variables local str="Disabling ${1} service" printf " %b %s..." "${INFO}" "${str}" - # If systemctl exists, - if is_command systemctl; then + # If systemd is PID1, + if is_pid1 systemd; then # use that to disable the service systemctl -q disable "${1}" else @@ -1277,8 +1287,8 @@ disable_service() { } check_service_active() { - # If systemctl exists, - if is_command systemctl; then + # If systemd is PID1, + if is_pid1 systemd; then # use that to check the status of the service systemctl -q is-enabled "${1}" 2>/dev/null else From 137338e6a8445347b97cc04693bdb2801e60fa3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 27 May 2025 21:23:56 +0200 Subject: [PATCH 70/76] Use service wrappers in all scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/piholeARPTable.sh | 11 +++++++++-- advanced/Scripts/piholeLogFlush.sh | 11 +++++++++-- automated install/uninstall.sh | 11 ++++++----- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/advanced/Scripts/piholeARPTable.sh b/advanced/Scripts/piholeARPTable.sh index c62acdbc..120df5b8 100755 --- a/advanced/Scripts/piholeARPTable.sh +++ b/advanced/Scripts/piholeARPTable.sh @@ -20,6 +20,13 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck source=./advanced/Scripts/utils.sh source "${utilsfile}" +readonly PI_HOLE_FILES_DIR="/etc/.pihole" +SKIP_INSTALL="true" +# shellcheck source="./automated install/basic-install.sh" +source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" +# stop_service() is defined in basic-install.sh +# restart_service() is defined in basic-install.sh + # Determine database location DBFILE=$(getFTLConfigValue "files.database") if [ -z "$DBFILE" ]; then @@ -33,7 +40,7 @@ flushARP(){ fi # Stop FTL to prevent database access - if ! output=$(service pihole-FTL stop 2>&1); then + if ! output=$(stop_service pihole-FTL 2>&1); then echo -e "${OVER} ${CROSS} Failed to stop FTL" echo " Output: ${output}" return 1 @@ -65,7 +72,7 @@ flushARP(){ fi # Start FTL again - if ! output=$(service pihole-FTL restart 2>&1); then + if ! output=$(restart_service pihole-FTL 2>&1); then echo -e "${OVER} ${CROSS} Failed to restart FTL" echo " Output: ${output}" return 1 diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index ca70f31b..ac0c196f 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -17,6 +17,12 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck source="./advanced/Scripts/utils.sh" source "${utilsfile}" +SKIP_INSTALL="true" +# shellcheck source="./automated install/basic-install.sh" +source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" +# stop_service() is defined in basic-install.sh +# restart_service() is defined in basic-install.sh + # In case we're running at the same time as a system logrotate, use a # separate logrotate state file to prevent stepping on each other's # toes. @@ -104,13 +110,14 @@ else fi # Stop FTL to make sure it doesn't write to the database while we're deleting data - service pihole-FTL stop + stop_service pihole-FTL >/dev/null + # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) deleted=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1") # Restart FTL - service pihole-FTL restart + restart_service pihole-FTL >/dev/null if [[ "$*" != *"quiet"* ]]; then echo -e "${OVER} ${TICK} Deleted ${deleted} queries from long-term query database" fi diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index a158e595..eb1e9e29 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -13,6 +13,11 @@ source "/opt/pihole/COL_TABLE" # shellcheck source="./advanced/Scripts/utils.sh" source "/opt/pihole/utils.sh" +SKIP_INSTALL="true" +# shellcheck source="./automated install/basic-install.sh" +source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" +# stop_service() is defined in basic-install.sh + ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") readonly ADMIN_INTERFACE_DIR @@ -102,11 +107,7 @@ removePiholeFiles() { # Remove FTL if command -v pihole-FTL &> /dev/null; then echo -ne " ${INFO} Removing pihole-FTL..." - if [[ -x "$(command -v systemctl)" ]]; then - systemctl stop pihole-FTL - else - service pihole-FTL stop - fi + stop_service pihole-FTL ${SUDO} rm -f /etc/systemd/system/pihole-FTL.service if [[ -d '/etc/systemd/system/pihole-FTL.service.d' ]]; then read -rp " ${QST} FTL service override directory /etc/systemd/system/pihole-FTL.service.d detected. Do you wish to remove this from your system? [y/N] " answer From f3166d7a785b43efd97d96a15977105359da33c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 27 May 2025 23:51:04 +0200 Subject: [PATCH 71/76] Adjust test to mock PID1 to be systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/_centos_10.Dockerfile | 2 +- test/_centos_9.Dockerfile | 2 +- test/_fedora_40.Dockerfile | 2 +- test/_fedora_41.Dockerfile | 2 +- test/_fedora_42.Dockerfile | 2 +- test/test_any_automated_install.py | 16 +++++++++------- 6 files changed, 14 insertions(+), 12 deletions(-) diff --git a/test/_centos_10.Dockerfile b/test/_centos_10.Dockerfile index 78a89789..c6b2ca75 100644 --- a/test/_centos_10.Dockerfile +++ b/test/_centos_10.Dockerfile @@ -1,7 +1,7 @@ FROM quay.io/centos/centos:stream10 # Disable SELinux RUN echo "SELINUX=disabled" > /etc/selinux/config -RUN yum install -y --allowerasing curl git initscripts +RUN yum install -y --allowerasing curl git ENV GITDIR=/etc/.pihole ENV SCRIPTDIR=/opt/pihole diff --git a/test/_centos_9.Dockerfile b/test/_centos_9.Dockerfile index 73f53fa5..0e12edab 100644 --- a/test/_centos_9.Dockerfile +++ b/test/_centos_9.Dockerfile @@ -1,7 +1,7 @@ FROM quay.io/centos/centos:stream9 # Disable SELinux RUN echo "SELINUX=disabled" > /etc/selinux/config -RUN yum install -y --allowerasing curl git initscripts +RUN yum install -y --allowerasing curl git ENV GITDIR=/etc/.pihole ENV SCRIPTDIR=/opt/pihole diff --git a/test/_fedora_40.Dockerfile b/test/_fedora_40.Dockerfile index 43913895..56be9d84 100644 --- a/test/_fedora_40.Dockerfile +++ b/test/_fedora_40.Dockerfile @@ -1,5 +1,5 @@ FROM fedora:40 -RUN dnf install -y git initscripts +RUN dnf install -y git ENV GITDIR=/etc/.pihole ENV SCRIPTDIR=/opt/pihole diff --git a/test/_fedora_41.Dockerfile b/test/_fedora_41.Dockerfile index c03371a5..2a9ecf70 100644 --- a/test/_fedora_41.Dockerfile +++ b/test/_fedora_41.Dockerfile @@ -1,5 +1,5 @@ FROM fedora:41 -RUN dnf install -y git initscripts +RUN dnf install -y git ENV GITDIR=/etc/.pihole ENV SCRIPTDIR=/opt/pihole diff --git a/test/_fedora_42.Dockerfile b/test/_fedora_42.Dockerfile index 90b17c0b..34c7ef5d 100644 --- a/test/_fedora_42.Dockerfile +++ b/test/_fedora_42.Dockerfile @@ -1,5 +1,5 @@ FROM fedora:42 -RUN dnf install -y git initscripts +RUN dnf install -y git ENV GITDIR=/etc/.pihole ENV SCRIPTDIR=/opt/pihole diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 0fa0453a..f10d2576 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -66,6 +66,14 @@ def test_installPihole_fresh_install_readableFiles(host): mock_command("dialog", {"*": ("", "0")}, host) # mock git pull mock_command_passthrough("git", {"pull": ("", "0")}, host) + # mock PID 1 to pretend to be systemd + mock_command_2( + "ps", + { + "-p 1": ("systemd", "0"), + }, + host, + ) # mock systemctl to not start FTL mock_command_2( "systemctl", @@ -73,6 +81,7 @@ def test_installPihole_fresh_install_readableFiles(host): "enable pihole-FTL": ("", "0"), "restart pihole-FTL": ("", "0"), "start pihole-FTL": ("", "0"), + "stop pihole-FTL": ("", "0"), "*": ('echo "systemctl call with $@"', "0"), }, host, @@ -131,13 +140,6 @@ def test_installPihole_fresh_install_readableFiles(host): check_macvendor = test_cmd.format("r", "/etc/pihole/macvendor.db", piholeuser) actual_rc = host.run(check_macvendor).rc assert exit_status_success == actual_rc - # check readable and executable /etc/init.d/pihole-FTL - check_init = test_cmd.format("x", "/etc/init.d/pihole-FTL", piholeuser) - actual_rc = host.run(check_init).rc - assert exit_status_success == actual_rc - check_init = test_cmd.format("r", "/etc/init.d/pihole-FTL", piholeuser) - actual_rc = host.run(check_init).rc - assert exit_status_success == actual_rc # check readable and executable manpages if maninstalled is True: check_man = test_cmd.format("x", "/usr/local/share/man", piholeuser) From 69473a7b54869233ea40a8d16bf17030ac835656 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 28 May 2025 19:25:35 +0200 Subject: [PATCH 72/76] Add awk to meta package dependencie (is missing on Fedora 42 by default) and order dependencies alphabetically MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f4b51c6d..94ef8002 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -116,11 +116,11 @@ c=70 PIHOLE_META_PACKAGE_CONTROL_APT=$( cat < Architecture: all Description: Pi-hole dependency meta package -Depends: grep,dnsutils,binutils,git,iproute2,dialog,ca-certificates,cron | cron-daemon,curl,iputils-ping,psmisc,sudo,unzip,libcap2-bin,dns-root-data,libcap2,netcat-openbsd,procps,jq,lshw,bash-completion +Depends: awk,bash-completion,binutils,ca-certificates,cron|cron-daemon,curl,dialog,dnsutils,dns-root-data,git,grep,iproute2,iputils-ping,jq,libcap2,libcap2-bin,lshw,netcat-openbsd,procps,psmisc,sudo,unzip Section: contrib/metapackages Priority: optional EOM @@ -130,12 +130,12 @@ EOM PIHOLE_META_PACKAGE_CONTROL_RPM=$( cat < Date: Wed, 28 May 2025 20:47:55 +0200 Subject: [PATCH 73/76] Add gwak to Fedorea 42 test image as other tests also rely on awk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/_fedora_42.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/_fedora_42.Dockerfile b/test/_fedora_42.Dockerfile index 34c7ef5d..0d235e2d 100644 --- a/test/_fedora_42.Dockerfile +++ b/test/_fedora_42.Dockerfile @@ -1,5 +1,5 @@ FROM fedora:42 -RUN dnf install -y git +RUN dnf install -y git gawk ENV GITDIR=/etc/.pihole ENV SCRIPTDIR=/opt/pihole From d177c4c776be2f9e7adf044660827f3405ec1905 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Fri, 30 May 2025 19:03:12 +0200 Subject: [PATCH 74/76] Add useful comment Co-authored-by: Dan Schaper Signed-off-by: yubiuser --- automated install/basic-install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 94ef8002..6cc69008 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -235,7 +235,9 @@ is_pid1() { # Checks to see if the given command runs as PID 1 local is_pid1="$1" - ps -p 1 -o comm= | grep -q "${is_pid1}" + # select PID 1, format output to show only CMD column without header + # quietly grep for a match on the function passed parameter + ps --pid 1 --format comm= | grep -q "${is_pid1}" } # Compatibility From fd40fa6f396273c8d6b95d123ecbc8590b47bf25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 30 May 2025 20:52:37 +0200 Subject: [PATCH 75/76] Test need adjustment to long arument syntax MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/test_any_automated_install.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index f10d2576..64d8c28a 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -70,7 +70,7 @@ def test_installPihole_fresh_install_readableFiles(host): mock_command_2( "ps", { - "-p 1": ("systemd", "0"), + "--pid 1": ("systemd", "0"), }, host, ) From 6f429d82b429531e24b8e41e7859f01871ab4992 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 30 May 2025 21:05:08 +0200 Subject: [PATCH 76/76] Allow to get API URL from local.api.ftl even if DNS port has changed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/api.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 6969b45f..613a8d86 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -19,13 +19,19 @@ TestAPIAvailability() { + local chaos_api_list authResponse authStatus authData apiAvailable DNSport + # as we are running locally, we can get the port value from FTL directly - local chaos_api_list authResponse authStatus authData apiAvailable + readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" + # shellcheck source=./advanced/Scripts/utils.sh + . "${utilsfile}" + + DNSport=$(getFTLConfigValue dns.port) # Query the API URLs from FTL using CHAOS TXT local.api.ftl # The result is a space-separated enumeration of full URLs # e.g., "http://localhost:80/api/" "https://localhost:443/api/" - chaos_api_list="$(dig +short chaos txt local.api.ftl @127.0.0.1)" + chaos_api_list="$(dig +short -p "${DNSport}" chaos txt local.api.ftl @127.0.0.1)" # If the query was not successful, the variable is empty if [ -z "${chaos_api_list}" ]; then