tyler.durden/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole.git synced 2025-07-31 01:24:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: tyler.durden:master
Branches Tags
tyler.durden:master
tyler.durden:development
tyler.durden:unsupported/binary
tyler.durden:fix/etag
tyler.durden:tweak/32bitARM
tyler.durden:fix/declaration
tyler.durden:more_time
tyler.durden:tweak/update
tyler.durden:fix/migration_test
tyler.durden:v6.1.4
tyler.durden:v6.1.3
tyler.durden:v6.1.2
tyler.durden:v6.1.1
tyler.durden:v6.1
tyler.durden:v6.0.6
tyler.durden:v6.0.5
tyler.durden:v6.0.4
tyler.durden:v6.0.3
tyler.durden:v6.0.1
tyler.durden:v6.0
tyler.durden:v5.18.4
tyler.durden:v5.18.3
tyler.durden:v5.18.2
tyler.durden:v5.18.1
tyler.durden:v5.18
tyler.durden:v5.17.3
tyler.durden:v5.17.2
tyler.durden:v5.17.1
tyler.durden:v5.17
tyler.durden:v5.16.2
tyler.durden:v5.16.1
tyler.durden:v5.16
tyler.durden:v5.15.5
tyler.durden:v5.15.4
tyler.durden:v5.15.3
tyler.durden:v5.15.2
tyler.durden:v5.15.1
tyler.durden:v5.15
tyler.durden:v5.14.2
tyler.durden:v5.14.1
tyler.durden:v5.14
tyler.durden:v5.13
tyler.durden:v5.12.2
tyler.durden:v5.12.1
tyler.durden:v5.12
tyler.durden:v5.11.4
tyler.durden:v5.11.3
tyler.durden:v5.11.2
tyler.durden:v5.11.1
tyler.durden:v5.11
tyler.durden:v5.10
tyler.durden:v5.9.1
tyler.durden:v5.9
tyler.durden:v5.8.1
tyler.durden:v5.8
tyler.durden:v5.7
tyler.durden:v5.6
tyler.durden:v5.5
tyler.durden:v5.4
tyler.durden:v5.3.1
tyler.durden:v5.3
tyler.durden:v5.2.4
tyler.durden:v5.2.3
tyler.durden:v5.2.2
tyler.durden:v5.2.1
tyler.durden:v5.2
tyler.durden:v5.1.2
tyler.durden:v5.1.1
tyler.durden:v5.1
tyler.durden:v5.0
tyler.durden:v4.4
tyler.durden:v4.3.5
tyler.durden:v4.3.4
tyler.durden:v4.3.3
tyler.durden:v4.3.2
tyler.durden:v4.3.4int
tyler.durden:v4.3.1
tyler.durden:v4.3
tyler.durden:v4.2.2
tyler.durden:v4.2.1
tyler.durden:v4.2
tyler.durden:v4.1.1
tyler.durden:v4.1
tyler.durden:v4.0
tyler.durden:v3.3.1
tyler.durden:v3.3
tyler.durden:v3.2.1
tyler.durden:v3.2
tyler.durden:v3.1.4
tyler.durden:v3.1
tyler.durden:v3.0.1
tyler.durden:v3.0
tyler.durden:v2.13.2
tyler.durden:v2.13.1
tyler.durden:v2.13
tyler.durden:v2.12.1
tyler.durden:v2.12
tyler.durden:v2.11.2
tyler.durden:v2.11.1
tyler.durden:v2.11
tyler.durden:v2.10.2
tyler.durden:v2.10.1
tyler.durden:v2.10
tyler.durden:v2.9.5
tyler.durden:v2.9.4a
tyler.durden:v2.9.4
tyler.durden:v2.9.3
tyler.durden:V2.9.2
tyler.durden:V2.9.1
tyler.durden:v2.9
tyler.durden:v2.8.1
tyler.durden:2.8
tyler.durden:v2.7.1
tyler.durden:v2.7
tyler.durden:v2.6.3
tyler.durden:v2.9-alpha
tyler.durden:v2.6.2
tyler.durden:v2.6.1.2
tyler.durden:v2.6.1.1
tyler.durden:v2.6.1
tyler.durden:v2.6
tyler.durden:v2.5.3
tyler.durden:v2.5.2
tyler.durden:V2.5.1
tyler.durden:v2.5
tyler.durden:v2.4
tyler.durden:v2.3
tyler.durden:v2.2
tyler.durden:v2.1
tyler.durden:2.0
..
compare: tyler.durden:v6.0.5
Branches Tags
tyler.durden:development
tyler.durden:unsupported/binary
tyler.durden:fix/etag
tyler.durden:master
tyler.durden:tweak/32bitARM
tyler.durden:fix/declaration
tyler.durden:more_time
tyler.durden:tweak/update
tyler.durden:fix/migration_test
tyler.durden:v6.1.4
tyler.durden:v6.1.3
tyler.durden:v6.1.2
tyler.durden:v6.1.1
tyler.durden:v6.1
tyler.durden:v6.0.6
tyler.durden:v6.0.5
tyler.durden:v6.0.4
tyler.durden:v6.0.3
tyler.durden:v6.0.1
tyler.durden:v6.0
tyler.durden:v5.18.4
tyler.durden:v5.18.3
tyler.durden:v5.18.2
tyler.durden:v5.18.1
tyler.durden:v5.18
tyler.durden:v5.17.3
tyler.durden:v5.17.2
tyler.durden:v5.17.1
tyler.durden:v5.17
tyler.durden:v5.16.2
tyler.durden:v5.16.1
tyler.durden:v5.16
tyler.durden:v5.15.5
tyler.durden:v5.15.4
tyler.durden:v5.15.3
tyler.durden:v5.15.2
tyler.durden:v5.15.1
tyler.durden:v5.15
tyler.durden:v5.14.2
tyler.durden:v5.14.1
tyler.durden:v5.14
tyler.durden:v5.13
tyler.durden:v5.12.2
tyler.durden:v5.12.1
tyler.durden:v5.12
tyler.durden:v5.11.4
tyler.durden:v5.11.3
tyler.durden:v5.11.2
tyler.durden:v5.11.1
tyler.durden:v5.11
tyler.durden:v5.10
tyler.durden:v5.9.1
tyler.durden:v5.9
tyler.durden:v5.8.1
tyler.durden:v5.8
tyler.durden:v5.7
tyler.durden:v5.6
tyler.durden:v5.5
tyler.durden:v5.4
tyler.durden:v5.3.1
tyler.durden:v5.3
tyler.durden:v5.2.4
tyler.durden:v5.2.3
tyler.durden:v5.2.2
tyler.durden:v5.2.1
tyler.durden:v5.2
tyler.durden:v5.1.2
tyler.durden:v5.1.1
tyler.durden:v5.1
tyler.durden:v5.0
tyler.durden:v4.4
tyler.durden:v4.3.5
tyler.durden:v4.3.4
tyler.durden:v4.3.3
tyler.durden:v4.3.2
tyler.durden:v4.3.4int
tyler.durden:v4.3.1
tyler.durden:v4.3
tyler.durden:v4.2.2
tyler.durden:v4.2.1
tyler.durden:v4.2
tyler.durden:v4.1.1
tyler.durden:v4.1
tyler.durden:v4.0
tyler.durden:v3.3.1
tyler.durden:v3.3
tyler.durden:v3.2.1
tyler.durden:v3.2
tyler.durden:v3.1.4
tyler.durden:v3.1
tyler.durden:v3.0.1
tyler.durden:v3.0
tyler.durden:v2.13.2
tyler.durden:v2.13.1
tyler.durden:v2.13
tyler.durden:v2.12.1
tyler.durden:v2.12
tyler.durden:v2.11.2
tyler.durden:v2.11.1
tyler.durden:v2.11
tyler.durden:v2.10.2
tyler.durden:v2.10.1
tyler.durden:v2.10
tyler.durden:v2.9.5
tyler.durden:v2.9.4a
tyler.durden:v2.9.4
tyler.durden:v2.9.3
tyler.durden:V2.9.2
tyler.durden:V2.9.1
tyler.durden:v2.9
tyler.durden:v2.8.1
tyler.durden:2.8
tyler.durden:v2.7.1
tyler.durden:v2.7
tyler.durden:v2.6.3
tyler.durden:v2.9-alpha
tyler.durden:v2.6.2
tyler.durden:v2.6.1.2
tyler.durden:v2.6.1.1
tyler.durden:v2.6.1
tyler.durden:v2.6
tyler.durden:v2.5.3
tyler.durden:v2.5.2
tyler.durden:V2.5.1
tyler.durden:v2.5
tyler.durden:v2.4
tyler.durden:v2.3
tyler.durden:v2.2
tyler.durden:v2.1
tyler.durden:2.0

No commits in common. "master" and "v6.0.5" have entirely different histories.
master ... v6.0.5

45 changed files with 765 additions and 655 deletions
Show Stats Expand all files Collapse all files

5
.github/CODEOWNERS vendored
View File

@ -1,5 +0,0 @@
# see https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax
# These owners will be the default owners for everything in
# the repo. Unless a later match takes precedence,
* @pi-hole/core-maintainers

12
.github/dependabot.yml vendored
View File

@ -8,10 +8,8 @@ updates:
time: "10:00"
open-pull-requests-limit: 10
target-branch: development
groups:
github-actions-dependencies:
patterns:
- "*"
reviewers:
- "pi-hole/core-maintainers"
- package-ecosystem: pip
directory: "/test"
schedule:
@ -20,7 +18,5 @@ updates:
time: "10:00"
open-pull-requests-limit: 10
target-branch: development
groups:
python-dependencies:
patterns:
- "*"
reviewers:
- "pi-hole/core-maintainers"

1
.github/release.yml vendored
View File

@ -2,7 +2,6 @@ changelog:
exclude:
labels:
- internal
- dependencies
authors:
- dependabot
- github-actions

2
.github/workflows/stale.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
days-before-close: 5
stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
stale-issue-label: '${{ env.stale_label }}'
exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed, never-stale'
exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
exempt-all-issue-assignees: true
operations-per-run: 300
close-issue-reason: 'not_planned'

20
.github/workflows/test.yml vendored
View File

@ -19,8 +19,6 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0 # Differential ShellCheck requires full git history
- name: Check scripts in repository are executable
run: |
@ -30,12 +28,12 @@ jobs:
# If FAIL is 1 then we fail.
[[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!"
- name: Differential ShellCheck
uses: redhat-plumbers-in-action/differential-shellcheck@v5
- name: Run shellcheck
uses: ludeeus/action-shellcheck@master
with:
severity: warning
display-engine: sarif-fmt
check_together: 'yes'
format: tty
severity: error
- name: Spell-Checking
uses: codespell-project/actions-codespell@master
@ -69,10 +67,8 @@ jobs:
ubuntu_22,
ubuntu_24,
centos_9,
centos_10,
fedora_40,
fedora_41,
fedora_42,
]
env:
DISTRO: ${{matrix.distro}}
@ -80,10 +76,10 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4.2.2
- name: Set up Python
uses: actions/setup-python@v5.6.0
- name: Set up Python 3.10
uses: actions/setup-python@v5.4.0
with:
python-version: "3.13"
python-version: "3.10"
- name: Install wheel
run: pip install wheel

3
.gitignore vendored
View File

@ -10,6 +10,3 @@ __pycache__
.idea/
*.iml
.vscode/
.venv/
.fleet/
.cache/

2
.shellcheckrc
View File

@ -1,2 +0,0 @@
external-sources=true # allow shellcheck to read external sources
disable=SC3043 #disable SC3043: In POSIX sh, local is undefined.

15
README.md
View File

@ -3,9 +3,13 @@
#
<p align="center">
<img src="https://raw.githubusercontent.com/pi-hole/graphics/refs/heads/master/Vortex/vortex_with_text.svg" alt="Pi-hole website" width="168" height="270">
<br>
<strong>Network-wide ad blocking via your own Linux hardware</strong>
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_darkmode.png">
<source media="(prefers-color-scheme: light)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png">
<img src="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png" width="168" height="270" alt="Pi-hole website">
</picture>
<br>
<strong>Network-wide ad blocking via your own Linux hardware</strong>
</p>
<!-- markdownlint-enable MD033 -->
@ -128,10 +132,7 @@ Some of the statistics you can integrate include:
- Queries cached
- Unique clients
Access the API using:
- your browser: http://pi.hole/api/docs
- `curl`: `curl --connect-timeout 2 -ks "https://pi.hole/api/stats/summary" -H "Accept: application/json"`;
- the command line - examples: `pihole api config/webserver/port` or `pihole api stats/summary`.
Access the API via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863).
### The Command-Line Interface

24
advanced/Scripts/COL_TABLE
View File

@ -1,12 +1,10 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034 # Disable warning about unused variables
# Determine if terminal is capable of showing colors
# When COL_TABLE is sourced via gravity invoked by FTL, FORCE_COLOR is set to true
if { [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; } || [ "${FORCE_COLOR}" ]; then
if ([ -t 1 ] && [ $(tput colors) -ge 8 ]) || [ "${WEBCALL}" ]; then
# Bold and underline may not show up on all clients
# If something MUST be emphasized, use both
COL_BOLD=''
COL_ULINE=''
COL_NC=''
COL_GRAY=''
COL_RED=''
@ -18,6 +16,8 @@ if { [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; } || [ "${FORCE_COLOR}" ]; then
else
# Provide empty variables for `set -u`
COL_BOLD=""
COL_ULINE=""
COL_NC=""
COL_GRAY=""
COL_RED=""
@ -28,8 +28,22 @@ else
COL_CYAN=""
fi
# Deprecated variables
COL_WHITE="${COL_BOLD}"
COL_BLACK="${COL_NC}"
COL_LIGHT_BLUE="${COL_BLUE}"
COL_LIGHT_GREEN="${COL_GREEN}"
COL_LIGHT_CYAN="${COL_CYAN}"
COL_LIGHT_RED="${COL_RED}"
COL_URG_RED="${COL_RED}${COL_BOLD}${COL_ULINE}"
COL_LIGHT_PURPLE="${COL_PURPLE}"
COL_BROWN="${COL_YELLOW}"
COL_LIGHT_GRAY="${COL_GRAY}"
COL_DARK_GRAY="${COL_GRAY}"
TICK="[${COL_GREEN}✓${COL_NC}]"
CROSS="[${COL_RED}✗${COL_NC}]"
INFO="[i]"
QST="[?]"
DONE="${COL_GREEN} done!${COL_NC}"
OVER="\\r"

180
advanced/Scripts/api.sh
View File

@ -1,4 +1,5 @@
#!/usr/bin/env sh
# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
@ -19,20 +20,13 @@
TestAPIAvailability() {
local chaos_api_list authResponse authStatus authData apiAvailable DNSport
# as we are running locally, we can get the port value from FTL directly
PI_HOLE_SCRIPT_DIR="/opt/pihole"
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source=./advanced/Scripts/utils.sh
. "${utilsfile}"
DNSport=$(getFTLConfigValue dns.port)
local chaos_api_list availabilityResponse
# Query the API URLs from FTL using CHAOS TXT local.api.ftl
# The result is a space-separated enumeration of full URLs
# e.g., "http://localhost:80/api/" "https://localhost:443/api/"
chaos_api_list="$(dig +short -p "${DNSport}" chaos txt local.api.ftl @127.0.0.1)"
chaos_api_list="$(dig +short chaos txt local.api.ftl @127.0.0.1)"
# If the query was not successful, the variable is empty
if [ -z "${chaos_api_list}" ]; then
@ -54,50 +48,39 @@ TestAPIAvailability() {
API_URL="${API_URL%\"}"
API_URL="${API_URL#\"}"
# Test if the API is available at this URL, include delimiter for ease in splitting payload
authResponse=$(curl --connect-timeout 2 -skS -w ">>%{http_code}" "${API_URL}auth")
# authStatus is the response http_code, eg. 200, 401.
# Shell parameter expansion, remove everything up to and including the >> delim
authStatus=${authResponse#*>>}
# data is everything from response
# Shell parameter expansion, remove the >> delim and everything after
authData=${authResponse%>>*}
# Test if the API is available at this URL
availabilityResponse=$(curl -skS -o /dev/null -w "%{http_code}" "${API_URL}auth")
# Test if http status code was 200 (OK) or 401 (authentication required)
if [ "${authStatus}" = 200 ]; then
# API is available without authentication
apiAvailable=true
needAuth=false
break
elif [ "${authStatus}" = 401 ]; then
# API is available with authentication
apiAvailable=true
needAuth=true
# Check if 2FA is required
needTOTP=$(echo "${authData}"| jq --raw-output .session.totp 2>/dev/null)
break
else
if [ ! "${availabilityResponse}" = 200 ] && [ ! "${availabilityResponse}" = 401 ]; then
# API is not available at this port/protocol combination
apiAvailable=false
# Remove the first URL from the list
local last_api_list
last_api_list="${chaos_api_list}"
chaos_api_list="${chaos_api_list#* }"
API_PORT=""
else
# API is available at this URL combination
# If the list did not change, we are at the last element
if [ "${last_api_list}" = "${chaos_api_list}" ]; then
# Remove the last element
chaos_api_list=""
if [ "${availabilityResponse}" = 200 ]; then
# API is available without authentication
needAuth=false
fi
break
fi
# Remove the first URL from the list
local last_api_list
last_api_list="${chaos_api_list}"
chaos_api_list="${chaos_api_list#* }"
# If the list did not change, we are at the last element
if [ "${last_api_list}" = "${chaos_api_list}" ]; then
# Remove the last element
chaos_api_list=""
fi
done
# if apiAvailable is false, no working API was found
if [ "${apiAvailable}" = false ]; then
echo "API not available. Please check FTL.log"
# if API_PORT is empty, no working API port was found
if [ -n "${API_PORT}" ]; then
echo "API not available at: ${API_URL}"
echo "Exiting."
exit 1
fi
@ -125,51 +108,22 @@ LoginAPI() {
echo "API Authentication: Trying to use CLI password"
fi
# If we can read the CLI password, we can skip 2FA even when it's required otherwise
needTOTP=false
# Try to authenticate using the CLI password
Authentication "${1}"
elif [ "${1}" = "verbose" ]; then
echo "API Authentication: CLI password not available"
fi
if [ -z "${password}" ]; then
# no password read from CLI file
echo "Please enter your password:"
# secretly read the password
secretRead; printf '\n'
fi
if [ "${needTOTP}" = true ]; then
# 2FA required
echo "Please enter the correct second factor."
echo "(Can be any number if you used the app password)"
read -r totp
fi
# Try to authenticate using the supplied password (CLI file or user input) and TOTP
Authentication "${1}"
# Try to login again until the session is valid
while [ ! "${validSession}" = true ] ; do
# If this did not work, ask the user for the password
while [ "${validSession}" = false ] || [ -z "${validSession}" ] ; do
echo "Authentication failed. Please enter your Pi-hole password"
# Print the error message if there is one
if [ ! "${sessionError}" = "null" ] && [ "${1}" = "verbose" ]; then
echo "Error: ${sessionError}"
fi
# Print the session message if there is one
if [ ! "${sessionMessage}" = "null" ] && [ "${1}" = "verbose" ]; then
echo "Error: ${sessionMessage}"
fi
# secretly read the password
secretRead; printf '\n'
if [ "${needTOTP}" = true ]; then
echo "Please enter the correct second factor:"
echo "(Can be any number if you used the app password)"
read -r totp
fi
# Try to authenticate again
Authentication "${1}"
done
@ -177,27 +131,23 @@ LoginAPI() {
}
Authentication() {
sessionResponse="$(curl --connect-timeout 2 -skS -X POST "${API_URL}auth" --user-agent "Pi-hole cli" --data "{\"password\":\"${password}\", \"totp\":${totp:-null}}" )"
sessionResponse="$(curl -skS -X POST "${API_URL}auth" --user-agent "Pi-hole cli " --data "{\"password\":\"${password}\"}" )"
if [ -z "${sessionResponse}" ]; then
echo "No response from FTL server. Please check connectivity"
exit 1
fi
# obtain validity, session ID and sessionMessage from session response
validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null)
SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null)
sessionMessage=$(echo "${sessionResponse}"| jq --raw-output .session.message 2>/dev/null)
# obtain the error message from the session response
sessionError=$(echo "${sessionResponse}"| jq --raw-output .error.message 2>/dev/null)
if [ "${1}" = "verbose" ]; then
if [ "${validSession}" = true ]; then
echo "API Authentication: ${COL_GREEN}Success${COL_NC}"
else
echo "API Authentication: ${COL_RED}Failed${COL_NC}"
fi
if [ -z "${sessionResponse}" ]; then
echo "No response from FTL server. Please check connectivity"
exit 1
fi
# obtain validity and session ID from session response
validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null)
SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null)
if [ "${1}" = "verbose" ]; then
if [ "${validSession}" = true ]; then
echo "API Authentication: ${COL_GREEN}Success${COL_NC}"
else
echo "API Authentication: ${COL_RED}Failed${COL_NC}"
fi
fi
}
LogoutAPI() {
@ -235,7 +185,7 @@ GetFTLData() {
# return only the data
if [ "${status}" = 200 ]; then
# response OK
printf %s "${data}"
echo "${data}"
else
# connection lost
echo "${status}"
@ -309,23 +259,14 @@ secretRead() {
}
apiFunc() {
local data response status status_col verbosity
# Define if the output will be silent (default) or verbose
verbosity="silent"
if [ "$1" = "verbose" ]; then
verbosity="verbose"
shift
fi
local data response status status_col
# Authenticate with the API
LoginAPI "${verbosity}"
LoginAPI verbose
echo ""
if [ "${verbosity}" = "verbose" ]; then
echo ""
echo "Requesting: ${COL_PURPLE}GET ${COL_CYAN}${API_URL}${COL_YELLOW}$1${COL_NC}"
echo ""
fi
echo "Requesting: ${COL_PURPLE}GET ${COL_CYAN}${API_URL}${COL_YELLOW}$1${COL_NC}"
echo ""
# Get the data from the API
response=$(GetFTLData "$1" raw)
@ -342,18 +283,11 @@ apiFunc() {
else
status_col="${COL_RED}"
fi
# Only print the status in verbose mode or if the status is not 200
if [ "${verbosity}" = "verbose" ] || [ "${status}" != 200 ]; then
echo "Status: ${status_col}${status}${COL_NC}"
fi
echo "Status: ${status_col}${status}${COL_NC}"
# Output the data. Format it with jq if available and data is actually JSON.
# Otherwise just print it
if [ "${verbosity}" = "verbose" ]; then
echo "Data:"
fi
echo "Data:"
if command -v jq >/dev/null && echo "${data}" | jq . >/dev/null 2>&1; then
echo "${data}" | jq .
else
@ -361,5 +295,5 @@ apiFunc() {
fi
# Delete the session
LogoutAPI "${verbosity}"
LogoutAPI verbose
}

5
advanced/Scripts/database_migration/gravity-db.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash
# shellcheck disable=SC1090
# Pi-hole: A black hole for Internet advertisements
# (c) 2019 Pi-hole, LLC (https://pi-hole.net)
@ -13,8 +13,9 @@
readonly scriptPath="/etc/.pihole/advanced/Scripts/database_migration/gravity"
upgrade_gravityDB(){
local database version
local database piholeDir version
database="${1}"
piholeDir="${2}"
# Exit early if the database does not exist (e.g. in CI tests)
if [[ ! -f "${database}" ]]; then

4
advanced/Scripts/list.sh
View File

@ -1,4 +1,5 @@
#!/usr/bin/env bash
# shellcheck disable=SC1090
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
@ -11,11 +12,9 @@
readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source="./advanced/Scripts/utils.sh"
source "${utilsfile}"
readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh"
# shellcheck source="./advanced/Scripts/api.sh"
source "${apifile}"
# Determine database location
@ -40,7 +39,6 @@ typeId=""
comment=""
colfile="/opt/pihole/COL_TABLE"
# shellcheck source="./advanced/Scripts/COL_TABLE"
source ${colfile}
helpFunc() {

3
advanced/Scripts/piholeARPTable.sh
View File

@ -1,4 +1,5 @@
#!/usr/bin/env bash
# shellcheck disable=SC1090
# Pi-hole: A black hole for Internet advertisements
# (c) 2019 Pi-hole, LLC (https://pi-hole.net)
@ -11,13 +12,11 @@
coltable="/opt/pihole/COL_TABLE"
if [[ -f ${coltable} ]]; then
# shellcheck source="./advanced/Scripts/COL_TABLE"
source ${coltable}
fi
readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source=./advanced/Scripts/utils.sh
source "${utilsfile}"
# Determine database location

25
advanced/Scripts/piholeCheckout.sh
View File

@ -10,7 +10,6 @@
readonly PI_HOLE_FILES_DIR="/etc/.pihole"
SKIP_INSTALL="true"
# shellcheck source="./automated install/basic-install.sh"
source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
# webInterfaceGitUrl set in basic-install.sh
@ -26,7 +25,7 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
warning1() {
echo " Please note that changing branches severely alters your Pi-hole subsystems"
echo " Features that work on the master branch, may not on a development branch"
echo -e " ${COL_RED}This feature is NOT supported unless a Pi-hole developer explicitly asks!${COL_NC}"
echo -e " ${COL_LIGHT_RED}This feature is NOT supported unless a Pi-hole developer explicitly asks!${COL_NC}"
read -r -p " Have you read and understood this? [y/N] " response
case "${response}" in
[yY][eE][sS]|[yY])
@ -55,19 +54,19 @@ checkout() {
# This is unlikely
if ! is_repo "${PI_HOLE_FILES_DIR}" ; then
echo -e " ${COL_RED}Error: Core Pi-hole repo is missing from system!"
echo -e " ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!"
echo -e " Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}"
exit 1;
fi
if ! is_repo "${webInterfaceDir}" ; then
echo -e " ${COL_RED}Error: Web Admin repo is missing from system!"
echo -e " ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!"
echo -e " Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}"
exit 1;
fi
if [[ -z "${1}" ]]; then
echo -e " ${COL_RED}Invalid option${COL_NC}"
echo -e " ${COL_LIGHT_RED}Invalid option${COL_NC}"
echo -e " Try 'pihole checkout --help' for more information."
exit 1
fi
@ -110,7 +109,7 @@ checkout() {
echo -e "${OVER} ${CROSS} $str"
exit 1
fi
mapfile -t corebranches < <(get_available_branches "${PI_HOLE_FILES_DIR}")
corebranches=($(get_available_branches "${PI_HOLE_FILES_DIR}"))
if [[ "${corebranches[*]}" == *"master"* ]]; then
echo -e "${OVER} ${TICK} $str"
@ -137,7 +136,7 @@ checkout() {
echo -e "${OVER} ${CROSS} $str"
exit 1
fi
mapfile -t webbranches < <(get_available_branches "${webInterfaceDir}")
webbranches=($(get_available_branches "${webInterfaceDir}"))
if [[ "${webbranches[*]}" == *"master"* ]]; then
echo -e "${OVER} ${TICK} $str"
@ -168,7 +167,7 @@ checkout() {
# Check if requested branch is available
echo -e " ${INFO} Checking for availability of branch ${COL_CYAN}${2}${COL_NC} on GitHub"
mapfile -t ftlbranches < <(git ls-remote https://github.com/pi-hole/ftl | grep "refs/heads" | cut -d'/' -f3- -)
ftlbranches=( $(git ls-remote https://github.com/pi-hole/ftl | grep "refs/heads" | cut -d'/' -f3- -) )
# If returned array is empty -> connectivity issue
if [[ ${#ftlbranches[@]} -eq 0 ]]; then
echo -e " ${CROSS} Unable to fetch branches from GitHub. Please check your Internet connection and try again later."
@ -210,15 +209,13 @@ checkout() {
# Update local and remote versions via updatechecker
/opt/pihole/updatecheck.sh
else
local status
status=$?
if [ $status -eq 1 ]; then
if [ $? -eq 1 ]; then
# Binary for requested branch is not available, may still be
# int he process of being built or CI build job failed
printf " %b Binary for requested branch is not available, please try again later.\\n" "${CROSS}"
printf " %b Binary for requested branch is not available, please try again later.\\n" ${CROSS}
printf " If the issue persists, please contact Pi-hole Support and ask them to re-generate the binary.\\n"
exit 1
elif [ $status -eq 2 ]; then
elif [ $? -eq 2 ]; then
printf " %b Unable to download from ftl.pi-hole.net. Please check your Internet connection and try again later.\\n" "${CROSS}"
exit 1
else
@ -238,7 +235,7 @@ checkout() {
if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then
exit 0
else
echo -e " ${COL_RED} Error: Unable to complete update, please contact support${COL_NC}"
echo -e " ${COL_LIGHT_RED} Error: Unable to complete update, please contact support${COL_NC}"
exit 1
fi
fi

136
advanced/Scripts/piholeDebug.sh
View File

@ -8,6 +8,7 @@
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
# shellcheck source=/dev/null
# -e option instructs bash to immediately exit if any command [1] has a non-zero exit status
# -u a reference to any variable you haven't previously defined
@ -26,7 +27,6 @@ PIHOLE_COLTABLE_FILE="${PIHOLE_SCRIPTS_DIRECTORY}/COL_TABLE"
# These provide the colors we need for making the log more readable
if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then
# shellcheck source=./advanced/Scripts/COL_TABLE
source ${PIHOLE_COLTABLE_FILE}
else
COL_NC='\e[0m' # No Color
@ -41,7 +41,7 @@ else
#OVER="\r\033[K"
fi
# shellcheck source=/dev/null
# shellcheck disable=SC1091
. /etc/pihole/versions
# Read the value of an FTL config key. The value is printed to stdout.
@ -213,7 +213,7 @@ compare_local_version_to_git_version() {
local local_status
local_status=$(git status -s)
# echo this information out to the user in a nice format
if [ "${local_version}" ]; then
if [ ${local_version} ]; then
log_write "${TICK} Version: ${local_version}"
elif [ -n "${DOCKER_VERSION}" ]; then
log_write "${TICK} Version: Pi-hole Docker Container ${COL_BOLD}${DOCKER_VERSION}${COL_NC}"
@ -296,12 +296,91 @@ check_component_versions() {
check_ftl_version
}
os_check() {
# This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net
# and determines whether or not the script is running on one of those systems
local remote_os_domain valid_os valid_version detected_os detected_version cmdResult digReturnCode response
remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"}
detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"')
detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
cmdResult="$(dig -4 +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)"
#Get the return code of the previous command (last line)
digReturnCode="${cmdResult##*$'\n'}"
# Extract dig response
response="${cmdResult%%$'\n'*}"
if [ "${digReturnCode}" -ne 0 ]; then
log_write "${INFO} Distro: ${detected_os^}"
log_write "${INFO} Version: ${detected_version}"
log_write "${CROSS} dig IPv4 return code: ${COL_RED}${digReturnCode}${COL_NC}"
log_write "${CROSS} dig response: ${response}"
log_write "${INFO} Retrying via IPv6"
cmdResult="$(dig -6 +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)"
#Get the return code of the previous command (last line)
digReturnCode="${cmdResult##*$'\n'}"
# Extract dig response
response="${cmdResult%%$'\n'*}"
fi
# If also no success via IPv6
if [ "${digReturnCode}" -ne 0 ]; then
log_write "${CROSS} dig IPv6 return code: ${COL_RED}${digReturnCode}${COL_NC}"
log_write "${CROSS} dig response: ${response}"
log_write "${CROSS} Error: ${COL_RED}dig command failed - Unable to check OS${COL_NC}"
else
IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"')
for distro_and_versions in "${supportedOS[@]}"
do
distro_part="${distro_and_versions%%=*}"
versions_part="${distro_and_versions##*=}"
if [[ "${detected_os^^}" =~ ${distro_part^^} ]]; then
valid_os=true
IFS="," read -r -a supportedVer <<<"${versions_part}"
for version in "${supportedVer[@]}"
do
if [[ "${detected_version}" =~ $version ]]; then
valid_version=true
break
fi
done
break
fi
done
# If it is a docker container, we can assume the OS is supported
[ -n "${DOCKER_VERSION}" ] && valid_os=true && valid_version=true
local finalmsg
if [ "$valid_os" = true ]; then
log_write "${TICK} Distro: ${COL_GREEN}${detected_os^}${COL_NC}"
if [ "$valid_version" = true ]; then
log_write "${TICK} Version: ${COL_GREEN}${detected_version}${COL_NC}"
finalmsg="${TICK} ${COL_GREEN}Distro and version supported${COL_NC}"
else
log_write "${CROSS} Version: ${COL_RED}${detected_version}${COL_NC}"
finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported ${COL_NC}(${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}"
fi
else
log_write "${CROSS} Distro: ${COL_RED}${detected_os^}${COL_NC}"
finalmsg="${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro ${COL_NC}(${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}"
fi
# Print dig response and the final check result
log_write "${TICK} dig return code: ${COL_GREEN}${digReturnCode}${COL_NC}"
log_write "${INFO} dig response: ${response}"
log_write "${finalmsg}"
fi
}
diagnose_operating_system() {
# error message in a variable so we can easily modify it later (or reuse it)
local error_msg="Distribution unknown -- most likely you are on an unsupported platform and may run into issues."
local detected_os
local detected_version
# Display the current test that is running
echo_current_diagnostic "Operating system"
@ -310,13 +389,8 @@ diagnose_operating_system() {
# If there is a /etc/*release file, it's probably a supported operating system, so we can
if ls /etc/*release 1> /dev/null 2>&1; then
# display the attributes to the user
detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"')
detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
log_write "${INFO} Distro: ${detected_os^}"
log_write "${INFO} Version: ${detected_version}"
# display the attributes to the user from the function made earlier
os_check
else
# If it doesn't exist, it's not a system we currently support and link to FAQ
log_write "${CROSS} ${COL_RED}${error_msg}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS})"
@ -367,7 +441,7 @@ check_firewalld() {
# test common required service ports
local firewalld_enabled_services
firewalld_enabled_services=$(firewall-cmd --list-services)
local firewalld_expected_services=("http" "https" "dns" "dhcp" "dhcpv6" "ntp")
local firewalld_expected_services=("http" "dns" "dhcp" "dhcpv6")
for i in "${firewalld_expected_services[@]}"; do
if [[ "${firewalld_enabled_services}" =~ ${i} ]]; then
log_write "${TICK} ${COL_GREEN} Allow Service: ${i}${COL_NC}";
@ -388,6 +462,14 @@ check_firewalld() {
else
log_write "${CROSS} ${COL_RED} Local Interface Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
fi
# check FTL custom zone port: 4711
local firewalld_ftl_zone_ports
firewalld_ftl_zone_ports=$(firewall-cmd --zone=ftl --list-ports)
if [[ "${firewalld_ftl_zone_ports}" =~ "4711/tcp" ]]; then
log_write "${TICK} ${COL_GREEN} FTL Port 4711/tcp Detected${COL_NC}";
else
log_write "${CROSS} ${COL_RED} FTL Port 4711/tcp Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
fi
else
log_write "${CROSS} ${COL_RED}FTL Custom Zone Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
fi
@ -406,9 +488,7 @@ run_and_print_command() {
local output
output=$(${cmd} 2>&1)
# If the command was successful,
local return_code
return_code=$?
if [[ "${return_code}" -eq 0 ]]; then
if [[ $? -eq 0 ]]; then
# show the output
log_write "${output}"
else
@ -489,25 +569,16 @@ ping_gateway() {
ping_ipv4_or_ipv6 "${protocol}"
# Check if we are using IPv4 or IPv6
# Find the default gateways using IPv4 or IPv6
local gateway gateway_addr gateway_iface default_route
local gateway gateway_addr gateway_iface
log_write "${INFO} Default IPv${protocol} gateway(s):"
while IFS= read -r default_route; do
gateway_addr=$(jq -r '.gateway' <<< "${default_route}")
gateway_iface=$(jq -r '.dev' <<< "${default_route}")
log_write " ${gateway_addr}%${gateway_iface}"
done < <(ip -j -"${protocol}" route | jq -c '.[] | select(.dst == "default")')
# Find the first default route
default_route=$(ip -j -"${protocol}" route show default)
if echo "$default_route" | grep 'gateway' | grep -q 'dev'; then
gateway_addr=$(echo "$default_route" | jq -r -c '.[0].gateway')
gateway_iface=$(echo "$default_route" | jq -r -c '.[0].dev')
else
log_write " Unable to determine gateway address for IPv${protocol}"
fi
while IFS= read -r gateway; do
log_write " $(cut -d ' ' -f 3 <<< "${gateway}")%$(cut -d ' ' -f 5 <<< "${gateway}")"
done < <(ip -"${protocol}" route | grep default)
gateway_addr=$(ip -"${protocol}" route | grep default | cut -d ' ' -f 3 | head -n 1)
gateway_iface=$(ip -"${protocol}" route | grep default | cut -d ' ' -f 5 | head -n 1)
# If there was at least one gateway
if [ -n "${gateway_addr}" ]; then
# Append the interface to the gateway address if it is a link-local address
@ -862,6 +933,7 @@ parse_file() {
# Get the lines that are in the file(s) and store them in an array for parsing later
local file_info
if [[ -f "$filename" ]]; then
#shellcheck disable=SC2016
IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )'
else
read -r -a file_info <<< "$filename"

102
advanced/Scripts/piholeLogFlush.sh
View File

@ -9,12 +9,10 @@
# Please see LICENSE file for your rights under this license.
colfile="/opt/pihole/COL_TABLE"
# shellcheck source="./advanced/Scripts/COL_TABLE"
source ${colfile}
readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source="./advanced/Scripts/utils.sh"
source "${utilsfile}"
# In case we're running at the same time as a system logrotate, use a
@ -37,46 +35,6 @@ FTLFILE=$(getFTLConfigValue "files.log.ftl")
if [ -z "$FTLFILE" ]; then
FTLFILE="/var/log/pihole/FTL.log"
fi
WEBFILE=$(getFTLConfigValue "files.log.webserver")
if [ -z "$WEBFILE" ]; then
WEBFILE="/var/log/pihole/webserver.log"
fi
# Helper function to handle log rotation for a single file
rotate_log() {
# This function copies x.log over to x.log.1
# and then empties x.log
# Note that moving the file is not an option, as
# dnsmasq would happily continue writing into the
# moved file (it will have the same file handler)
local logfile="$1"
if [[ "$*" != *"quiet"* ]]; then
echo -ne " ${INFO} Rotating ${logfile} ..."
fi
cp -p "${logfile}" "${logfile}.1"
echo " " > "${logfile}"
chmod 640 "${logfile}"
if [[ "$*" != *"quiet"* ]]; then
echo -e "${OVER} ${TICK} Rotated ${logfile} ..."
fi
}
# Helper function to handle log flushing for a single file
flush_log() {
local logfile="$1"
if [[ "$*" != *"quiet"* ]]; then
echo -ne " ${INFO} Flushing ${logfile} ..."
fi
echo " " > "${logfile}"
chmod 640 "${logfile}"
if [ -f "${logfile}.1" ]; then
echo " " > "${logfile}.1"
chmod 640 "${logfile}.1"
fi
if [[ "$*" != *"quiet"* ]]; then
echo -e "${OVER} ${TICK} Flushed ${logfile} ..."
fi
}
if [[ "$*" == *"once"* ]]; then
# Nightly logrotation
@ -88,16 +46,62 @@ if [[ "$*" == *"once"* ]]; then
fi
/usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
else
# Handle rotation for each log file
rotate_log "${LOGFILE}"
rotate_log "${FTLFILE}"
rotate_log "${WEBFILE}"
# Copy pihole.log over to pihole.log.1
# and empty out pihole.log
# Note that moving the file is not an option, as
# dnsmasq would happily continue writing into the
# moved file (it will have the same file handler)
if [[ "$*" != *"quiet"* ]]; then
echo -ne " ${INFO} Rotating ${LOGFILE} ..."
fi
cp -p "${LOGFILE}" "${LOGFILE}.1"
echo " " > "${LOGFILE}"
chmod 640 "${LOGFILE}"
if [[ "$*" != *"quiet"* ]]; then
echo -e "${OVER} ${TICK} Rotated ${LOGFILE} ..."
fi
# Copy FTL.log over to FTL.log.1
# and empty out FTL.log
if [[ "$*" != *"quiet"* ]]; then
echo -ne " ${INFO} Rotating ${FTLFILE} ..."
fi
cp -p "${FTLFILE}" "${FTLFILE}.1"
echo " " > "${FTLFILE}"
chmod 640 "${FTLFILE}"
if [[ "$*" != *"quiet"* ]]; then
echo -e "${OVER} ${TICK} Rotated ${FTLFILE} ..."
fi
fi
else
# Manual flushing
flush_log "${LOGFILE}"
flush_log "${FTLFILE}"
flush_log "${WEBFILE}"
# Flush both pihole.log and pihole.log.1 (if existing)
if [[ "$*" != *"quiet"* ]]; then
echo -ne " ${INFO} Flushing ${LOGFILE} ..."
fi
echo " " > "${LOGFILE}"
chmod 640 "${LOGFILE}"
if [ -f "${LOGFILE}.1" ]; then
echo " " > "${LOGFILE}.1"
chmod 640 "${LOGFILE}.1"
fi
if [[ "$*" != *"quiet"* ]]; then
echo -e "${OVER} ${TICK} Flushed ${LOGFILE} ..."
fi
# Flush both FTL.log and FTL.log.1 (if existing)
if [[ "$*" != *"quiet"* ]]; then
echo -ne " ${INFO} Flushing ${FTLFILE} ..."
fi
echo " " > "${FTLFILE}"
chmod 640 "${FTLFILE}"
if [ -f "${FTLFILE}.1" ]; then
echo " " > "${FTLFILE}.1"
chmod 640 "${FTLFILE}.1"
fi
if [[ "$*" != *"quiet"* ]]; then
echo -e "${OVER} ${TICK} Flushed ${FTLFILE} ..."
fi
if [[ "$*" != *"quiet"* ]]; then
echo -ne " ${INFO} Flushing database, DNS resolution temporarily unavailable ..."

7
advanced/Scripts/query.sh
View File

@ -1,4 +1,9 @@
#!/usr/bin/env sh
# shellcheck disable=SC1090
# Ignore warning about `local` being undefinded in POSIX
# shellcheck disable=SC3043
# https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
# Pi-hole: A black hole for Internet advertisements
# (c) 2023 Pi-hole, LLC (https://pi-hole.net)
@ -17,11 +22,9 @@ domain=""
# Source color table
colfile="/opt/pihole/COL_TABLE"
# shellcheck source="./advanced/Scripts/COL_TABLE"
. "${colfile}"
# Source api functions
# shellcheck source="./advanced/Scripts/api.sh"
. "${PI_HOLE_INSTALL_DIR}/api.sh"
Help() {

44
advanced/Scripts/update.sh
View File

@ -12,31 +12,26 @@
# Variables
readonly ADMIN_INTERFACE_GIT_URL="https://github.com/pi-hole/web.git"
readonly ADMIN_INTERFACE_DIR="/var/www/html/admin"
readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git"
readonly PI_HOLE_FILES_DIR="/etc/.pihole"
# shellcheck disable=SC2034
SKIP_INSTALL=true
# when --check-only is passed to this script, it will not perform the actual update
CHECK_ONLY=false
# shellcheck source="./automated install/basic-install.sh"
# shellcheck disable=SC1090
source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
# shellcheck source=./advanced/Scripts/COL_TABLE
# shellcheck disable=SC1091
source "/opt/pihole/COL_TABLE"
# shellcheck source="./advanced/Scripts/utils.sh"
source "${PI_HOLE_INSTALL_DIR}/utils.sh"
# is_repo() sourced from basic-install.sh
# make_repo() sourced from basic-install.sh
# update_repo() source from basic-install.sh
# getGitFiles() sourced from basic-install.sh
# FTLcheckUpdate() sourced from basic-install.sh
# getFTLConfigValue() sourced from utils.sh
# Honour configured paths for the web application.
ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome")
readonly ADMIN_INTERFACE_DIR
GitCheckUpdateAvail() {
local directory
@ -47,7 +42,7 @@ GitCheckUpdateAvail() {
# Fetch latest changes in this repo
if ! git fetch --quiet origin ; then
echo -e "\\n ${COL_RED}Error: Unable to update local repository. Contact Pi-hole Support.${COL_NC}"
echo -e "\\n ${COL_LIGHT_RED}Error: Unable to update local repository. Contact Pi-hole Support.${COL_NC}"
exit 1
fi
@ -76,13 +71,13 @@ GitCheckUpdateAvail() {
if [[ "${#LOCAL}" == 0 ]]; then
echo -e "\\n ${COL_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
echo -e "\\n ${COL_LIGHT_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
echo -e " Additional debugging output:${COL_NC}"
git status
exit 1
fi
if [[ "${#REMOTE}" == 0 ]]; then
echo -e "\\n ${COL_RED}Error: Remote revision could not be obtained, please contact Pi-hole Support"
echo -e "\\n ${COL_LIGHT_RED}Error: Remote revision could not be obtained, please contact Pi-hole Support"
echo -e " Additional debugging output:${COL_NC}"
git status
exit 1
@ -103,7 +98,7 @@ GitCheckUpdateAvail() {
}
main() {
local basicError="\\n ${COL_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}"
local basicError="\\n ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}"
local core_update
local web_update
local FTL_update
@ -112,6 +107,8 @@ main() {
web_update=false
FTL_update=false
# Perform an OS check to ensure we're on an appropriate operating system
os_check
# Install packages used by this installation script (necessary if users have removed e.g. git from their systems)
package_manager_detect
@ -120,7 +117,7 @@ main() {
# This is unlikely
if ! is_repo "${PI_HOLE_FILES_DIR}" ; then
echo -e "\\n ${COL_RED}Error: Core Pi-hole repo is missing from system!"
echo -e "\\n ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!"
echo -e " Please re-run install script from https://pi-hole.net${COL_NC}"
exit 1;
fi
@ -132,11 +129,11 @@ main() {
echo -e " ${INFO} Pi-hole Core:\\t${COL_YELLOW}update available${COL_NC}"
else
core_update=false
echo -e " ${INFO} Pi-hole Core:\\t${COL_GREEN}up to date${COL_NC}"
echo -e " ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
fi
if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then
echo -e "\\n ${COL_RED}Error: Web Admin repo is missing from system!"
echo -e "\\n ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!"
echo -e " Please re-run install script from https://pi-hole.net${COL_NC}"
exit 1;
fi
@ -146,7 +143,7 @@ main() {
echo -e " ${INFO} Web Interface:\\t${COL_YELLOW}update available${COL_NC}"
else
web_update=false
echo -e " ${INFO} Web Interface:\\t${COL_GREEN}up to date${COL_NC}"
echo -e " ${INFO} Web Interface:\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
fi
local funcOutput
@ -160,18 +157,17 @@ main() {
else
case $? in
1)
echo -e " ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
;;
2)
echo -e " ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
exit 1
echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_LIGHT_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
;;
3)
echo -e " ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Something has gone wrong, cannot reach download server${COL_NC}"
exit 1
;;
*)
echo -e " ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Something has gone wrong, contact support${COL_NC}"
exit 1
esac
FTL_update=false
@ -188,7 +184,7 @@ main() {
if [[ ! "${ftlBranch}" == "master" && ! "${ftlBranch}" == "development" ]]; then
# Notify user that they are on a custom branch which might mean they they are lost
# behind if a branch was merged to development and got abandoned
printf " %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_RED}" "${COL_NC}" "${ftlBranch}"
printf " %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}" "${ftlBranch}"
fi
if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then
@ -213,7 +209,7 @@ main() {
echo ""
echo -e " ${INFO} Pi-hole Web Admin files out of date, updating local repo."
getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}"
echo -e " ${INFO} If you had made any changes in '${ADMIN_INTERFACE_DIR}', they have been stashed using 'git stash'"
echo -e " ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'"
fi
if [[ "${FTL_update}" == true ]]; then

11
advanced/Scripts/updatecheck.sh
View File

@ -39,12 +39,9 @@ function get_remote_hash() {
}
# Source the utils file for addOrEditKeyValPair()
# shellcheck source="./advanced/Scripts/utils.sh"
# shellcheck disable=SC1091
. /opt/pihole/utils.sh
ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome")
readonly ADMIN_INTERFACE_DIR
# Remove the below three legacy files if they exist
rm -f "/etc/pihole/GitHubVersions"
rm -f "/etc/pihole/localbranches"
@ -88,13 +85,13 @@ addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_CORE_HASH" "${GITHUB_CORE_HASH}"
# get Web versions
WEB_VERSION="$(get_local_version "${ADMIN_INTERFACE_DIR}")"
WEB_VERSION="$(get_local_version /var/www/html/admin)"
addOrEditKeyValPair "${VERSION_FILE}" "WEB_VERSION" "${WEB_VERSION}"
WEB_BRANCH="$(get_local_branch "${ADMIN_INTERFACE_DIR}")"
WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
addOrEditKeyValPair "${VERSION_FILE}" "WEB_BRANCH" "${WEB_BRANCH}"
WEB_HASH="$(get_local_hash "${ADMIN_INTERFACE_DIR}")"
WEB_HASH="$(get_local_hash /var/www/html/admin)"
addOrEditKeyValPair "${VERSION_FILE}" "WEB_HASH" "${WEB_HASH}"
GITHUB_WEB_VERSION="$(get_remote_version web "${WEB_BRANCH}")"

5
advanced/Scripts/utils.sh
View File

@ -1,4 +1,5 @@
#!/usr/bin/env sh
# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
@ -87,8 +88,8 @@ getFTLConfigValue(){
#######################
setFTLConfigValue(){
pihole-FTL --config "${1}" "${2}" >/dev/null
if [ $? -eq 5 ]; then
printf " %s %s set by environment variable. Please unset it to use this function\n" "${CROSS}" "${1}"
if [[ $? -eq 5 ]]; then
echo -e " ${CROSS} ${1} set by environment variable. Please unset it to use this function"
exit 5
fi
}

10
advanced/Scripts/version.sh
View File

@ -8,16 +8,20 @@
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
# Source the versions file populated by updatechecker.sh
# Ignore warning about `local` being undefinded in POSIX
# shellcheck disable=SC3043
# https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
# Source the versions file poupulated by updatechecker.sh
cachedVersions="/etc/pihole/versions"
if [ -f ${cachedVersions} ]; then
# shellcheck source=/dev/null
# shellcheck disable=SC1090
. "$cachedVersions"
else
echo "Could not find /etc/pihole/versions. Running update now."
pihole updatechecker
# shellcheck source=/dev/null
# shellcheck disable=SC1090
. "$cachedVersions"
fi

12
advanced/Templates/gravity.db.sql
View File

@ -43,8 +43,8 @@ CREATE TABLE adlist
CREATE TABLE adlist_by_group
(
adlist_id INTEGER NOT NULL REFERENCES adlist (id) ON DELETE CASCADE,
group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE,
adlist_id INTEGER NOT NULL REFERENCES adlist (id),
group_id INTEGER NOT NULL REFERENCES "group" (id),
PRIMARY KEY (adlist_id, group_id)
);
@ -75,8 +75,8 @@ INSERT INTO "info" VALUES('gravity_restored','false');
CREATE TABLE domainlist_by_group
(
domainlist_id INTEGER NOT NULL REFERENCES domainlist (id) ON DELETE CASCADE,
group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE,
domainlist_id INTEGER NOT NULL REFERENCES domainlist (id),
group_id INTEGER NOT NULL REFERENCES "group" (id),
PRIMARY KEY (domainlist_id, group_id)
);
@ -91,8 +91,8 @@ CREATE TABLE client
CREATE TABLE client_by_group
(
client_id INTEGER NOT NULL REFERENCES client (id) ON DELETE CASCADE,
group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE,
client_id INTEGER NOT NULL REFERENCES client (id),
group_id INTEGER NOT NULL REFERENCES "group" (id),
PRIMARY KEY (client_id, group_id)
);

2
advanced/Templates/pihole-FTL-poststop.sh
View File

@ -3,7 +3,7 @@
# Source utils.sh for getFTLConfigValue()
PI_HOLE_SCRIPT_DIR='/opt/pihole'
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source="./advanced/Scripts/utils.sh"
# shellcheck disable=SC1090
. "${utilsfile}"
# Get file paths

9
advanced/Templates/pihole-FTL-prestart.sh
View File

@ -3,7 +3,7 @@
# Source utils.sh for getFTLConfigValue()
PI_HOLE_SCRIPT_DIR='/opt/pihole'
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source="./advanced/Scripts/utils.sh"
# shellcheck disable=SC1090
. "${utilsfile}"
# Get file paths
@ -11,11 +11,7 @@ FTL_PID_FILE="$(getFTLConfigValue files.pid)"
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
mkdir -p /var/log/pihole
chown -R pihole:pihole /etc/pihole/ /var/log/pihole/
# allow all users read version file (and use pihole -v)
chmod 0644 /etc/pihole/versions
chown -R pihole:pihole /etc/pihole /var/log/pihole
# allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs)
find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} +
# Set all files (except TLS-related ones) to u+rw g+r
@ -30,5 +26,4 @@ chown root:root /etc/pihole/logrotate
[ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
[ -f /var/log/pihole/FTL.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
[ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
[ -f /var/log/pihole/webserver.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/webserver.log
[ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases

7
advanced/Templates/pihole-FTL.service
View File

@ -12,7 +12,7 @@
# Source utils.sh for getFTLConfigValue(), getFTLPID()
PI_HOLE_SCRIPT_DIR="/opt/pihole"
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source="./advanced/Scripts/utils.sh"
# shellcheck disable=SC1090
. "${utilsfile}"
@ -57,16 +57,13 @@ start() {
stop() {
if is_running; then
kill "${FTL_PID}"
# Give FTL 60 seconds to gracefully stop
i=1
while [ "${i}" -le 60 ]; do
for i in 1 2 3 4 5; do
if ! is_running; then
break
fi
printf "."
sleep 1
i=$((i + 1))
done
echo

2
advanced/Templates/pihole-FTL.systemd
View File

@ -28,7 +28,7 @@ ExecReload=/bin/kill -HUP $MAINPID
ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh
# Use graceful shutdown with a reasonable timeout
TimeoutStopSec=60s
TimeoutStopSec=10s
# Make /usr, /boot, /etc and possibly some more folders read-only...
ProtectSystem=full

398
automated install/basic-install.sh
View File

@ -1,4 +1,5 @@
#!/usr/bin/env bash
# shellcheck disable=SC1090
# Pi-hole: A black hole for Internet advertisements
# (c) Pi-hole (https://pi-hole.net)
@ -48,6 +49,7 @@ Google (ECS, DNSSEC);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:
OpenDNS (ECS, DNSSEC);208.67.222.222;208.67.220.220;2620:119:35::35;2620:119:53::53
Level3;4.2.2.1;4.2.2.2;;
Comodo;8.26.56.26;8.20.247.20;;
DNS.WATCH (DNSSEC);84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b
Quad9 (filtered, DNSSEC);9.9.9.9;149.112.112.112;2620:fe::fe;2620:fe::9
Quad9 (unfiltered, no DNSSEC);9.9.9.10;149.112.112.10;2620:fe::10;2620:fe::fe:10
Quad9 (filtered, ECS, DNSSEC);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11
@ -55,17 +57,6 @@ Cloudflare (DNSSEC);1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001
EOM
)
DNS_SERVERS_IPV6_ONLY=$(
cat <<EOM
Google (ECS, DNSSEC);2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844
OpenDNS (ECS, DNSSEC);2620:119:35::35;2620:119:53::53
Quad9 (filtered, DNSSEC);2620:fe::fe;2620:fe::9
Quad9 (unfiltered, no DNSSEC);2620:fe::10;2620:fe::fe:10
Quad9 (filtered, ECS, DNSSEC);2620:fe::11;2620:fe::fe:11
Cloudflare (DNSSEC);2606:4700:4700::1111;2606:4700:4700::1001
EOM
)
# Location for final installation log storage
installLogLoc="/etc/pihole/install.log"
# This is a file used for the colorized output
@ -99,7 +90,6 @@ IPV6_ADDRESS=${IPV6_ADDRESS}
# Give settings their default values. These may be changed by prompts later in the script.
QUERY_LOGGING=
PRIVACY_LEVEL=
PIHOLE_INTERFACE=
# Where old configs go to if a v6 migration is performed
V6_CONF_MIGRATION_DIR="/etc/pihole/migration_backup_v6"
@ -116,13 +106,11 @@ c=70
PIHOLE_META_PACKAGE_CONTROL_APT=$(
cat <<EOM
Package: pihole-meta
Version: 0.4
Version: 0.1
Maintainer: Pi-hole team <adblock@pi-hole.net>
Architecture: all
Description: Pi-hole dependency meta package
Depends: awk,bash-completion,binutils,ca-certificates,cron|cron-daemon,curl,dialog,dnsutils,dns-root-data,git,grep,iproute2,iputils-ping,jq,libcap2,libcap2-bin,lshw,netcat-openbsd,procps,psmisc,sudo,unzip
Section: contrib/metapackages
Priority: optional
Depends: grep,dnsutils,binutils,git,iproute2,dialog,ca-certificates,cron,curl,iputils-ping,psmisc,sudo,unzip,libcap2-bin,dns-root-data,libcap2,netcat-openbsd,procps,jq,lshw,bash-completion
EOM
)
@ -130,12 +118,12 @@ EOM
PIHOLE_META_PACKAGE_CONTROL_RPM=$(
cat <<EOM
Name: pihole-meta
Version: 0.2
Version: 0.1
Release: 1
License: EUPL
BuildArch: noarch
Summary: Pi-hole dependency meta package
Requires: bash-completion,bind-utils,binutils,ca-certificates,chkconfig,cronie,curl,dialog,findutils,gawk,git,grep,iproute,jq,libcap,lshw,nmap-ncat,procps-ng,psmisc,sudo,unzip
Requires: grep,curl,psmisc,sudo, unzip,jq,git,dialog,ca-certificates, bind-utils, iproute, procps-ng, chkconfig, binutils, cronie, findutils, libcap, nmap-ncat, lshw, bash-completion
%description
Pi-hole dependency meta package
%prep
@ -143,9 +131,6 @@ Pi-hole dependency meta package
%files
%install
%changelog
* Wed May 28 2025 Pi-hole Team - 0.2
- Add gawk to the list of dependencies
* Sun Sep 29 2024 Pi-hole Team - 0.1
- First version being packaged
EOM
@ -167,17 +152,18 @@ done
# If the color table file exists,
if [[ -f "${coltable}" ]]; then
# source it
# shellcheck source="./advanced/Scripts/COL_TABLE"
source "${coltable}"
# Otherwise,
else
# Set these values so the installer can still run in color
COL_NC='\e[0m' # No Color
COL_GREEN='\e[1;32m'
COL_RED='\e[1;31m'
TICK="[${COL_GREEN}${COL_NC}]"
CROSS="[${COL_RED}${COL_NC}]"
COL_LIGHT_GREEN='\e[1;32m'
COL_LIGHT_RED='\e[1;31m'
TICK="[${COL_LIGHT_GREEN}${COL_NC}]"
CROSS="[${COL_LIGHT_RED}${COL_NC}]"
INFO="[i]"
# shellcheck disable=SC2034
DONE="${COL_LIGHT_GREEN} done!${COL_NC}"
OVER="\\r\\033[K"
fi
@ -185,13 +171,13 @@ fi
# This lets users know that it is a Pi-hole, LLC product
show_ascii_berry() {
echo -e "
${COL_GREEN}.;;,.
${COL_LIGHT_GREEN}.;;,.
.ccccc:,.
:cccclll:. ..,,
:ccccclll. ;ooodc
'ccll:;ll .oooodc
.;cll.;;looo:.
${COL_RED}.. ','.
${COL_LIGHT_RED}.. ','.
.',,,,,,'.
.',,,,,,,,,,.
.',,,,,,,,,,,,....
@ -213,7 +199,7 @@ abort() {
# remove any leftover build directory that may exist
rm -rf /tmp/pihole-meta_*
echo -e "\\n\\n ${COL_RED}Installation was interrupted${COL_NC}\\n"
echo -e "\\n\\n ${COL_LIGHT_RED}Installation was interrupted${COL_NC}\\n"
echo -e "Pi-hole's dependencies might be already installed. If you want to remove them you can try to\\n"
echo -e "a) run 'pihole uninstall' \\n"
echo -e "b) Remove the meta-package 'pihole-meta' manually \\n"
@ -229,10 +215,173 @@ is_command() {
command -v "${check_command}" >/dev/null 2>&1
}
check_fresh_install() {
# in case of an update (can be a v5 -> v6 or v6 -> v6 update) or repair
if [[ -f "${PI_HOLE_V6_CONFIG}" ]] || [[ -f "/etc/pihole/setupVars.conf" ]]; then
fresh_install=false
os_check_dig(){
local protocol="$1"
local domain="$2"
local nameserver="$3"
local response
response="$(dig -"${protocol}" +short -t txt "${domain}" "${nameserver}" 2>&1
echo $?
)"
echo "${response}"
}
os_check_dig_response(){
# Checks the reply from the dig command to determine if it's a valid response
local digReply="$1"
local response
# Dig returned 0 (success), so get the actual response, and loop through it to determine if the detected variables above are valid
response="${digReply%%$'\n'*}"
# If the value of ${response} is a single 0, then this is the return code, not an actual response.
if [ "${response}" == 0 ]; then
echo false
else
echo true
fi
}
os_check() {
if [ "$PIHOLE_SKIP_OS_CHECK" != true ]; then
# This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net
# and determines whether or not the script is running on one of those systems
local remote_os_domain valid_os valid_version valid_response detected_os detected_version display_warning cmdResult digReturnCode response
local piholeNameserver="@ns1.pi-hole.net"
remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"}
detected_os=$(grep '^ID=' /etc/os-release | cut -d '=' -f2 | tr -d '"')
detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
# Test via IPv4 and hardcoded nameserver ns1.pi-hole.net
cmdResult=$(os_check_dig 4 "${remote_os_domain}" "${piholeNameserver}")
# Gets the return code of the previous command (last line)
digReturnCode="${cmdResult##*$'\n'}"
if [ ! "${digReturnCode}" == "0" ]; then
valid_response=false
else
valid_response=$(os_check_dig_response cmdResult)
fi
# Try again via IPv6 and hardcoded nameserver ns1.pi-hole.net
if [ "$valid_response" = false ]; then
unset valid_response
unset cmdResult
unset digReturnCode
cmdResult=$(os_check_dig 6 "${remote_os_domain}" "${piholeNameserver}")
# Gets the return code of the previous command (last line)
digReturnCode="${cmdResult##*$'\n'}"
if [ ! "${digReturnCode}" == "0" ]; then
valid_response=false
else
valid_response=$(os_check_dig_response cmdResult)
fi
fi
# Try again without hardcoded nameserver
if [ "$valid_response" = false ]; then
unset valid_response
unset cmdResult
unset digReturnCode
cmdResult=$(os_check_dig 4 "${remote_os_domain}")
# Gets the return code of the previous command (last line)
digReturnCode="${cmdResult##*$'\n'}"
if [ ! "${digReturnCode}" == "0" ]; then
valid_response=false
else
valid_response=$(os_check_dig_response cmdResult)
fi
fi
if [ "$valid_response" = false ]; then
unset valid_response
unset cmdResult
unset digReturnCode
cmdResult=$(os_check_dig 6 "${remote_os_domain}")
# Gets the return code of the previous command (last line)
digReturnCode="${cmdResult##*$'\n'}"
if [ ! "${digReturnCode}" == "0" ]; then
valid_response=false
else
valid_response=$(os_check_dig_response cmdResult)
fi
fi
if [ "$valid_response" = true ]; then
response="${cmdResult%%$'\n'*}"
IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"')
for distro_and_versions in "${supportedOS[@]}"; do
distro_part="${distro_and_versions%%=*}"
versions_part="${distro_and_versions##*=}"
# If the distro part is a (case-insensitive) substring of the computer OS
if [[ "${detected_os^^}" =~ ${distro_part^^} ]]; then
valid_os=true
IFS="," read -r -a supportedVer <<<"${versions_part}"
for version in "${supportedVer[@]}"; do
if [[ "${detected_version}" =~ $version ]]; then
valid_version=true
break
fi
done
break
fi
done
fi
if [ "$valid_os" = true ] && [ "$valid_version" = true ] && [ "$valid_response" = true ]; then
display_warning=false
fi
if [ "$display_warning" != false ]; then
if [ "$valid_response" = false ]; then
if [ "${digReturnCode}" -eq 0 ]; then
errStr="dig succeeded, but response was blank. Please contact support"
else
errStr="dig failed with return code ${digReturnCode}"
fi
printf " %b %bRetrieval of supported OS list failed. %s. %b\\n" "${CROSS}" "${COL_LIGHT_RED}" "${errStr}" "${COL_NC}"
printf " %bUnable to determine if the detected OS (%s %s) is supported%b\\n" "${COL_LIGHT_RED}" "${detected_os^}" "${detected_version}" "${COL_NC}"
printf " Possible causes for this include:\\n"
printf " - Firewall blocking DNS lookups from Pi-hole device to ns1.pi-hole.net\\n"
printf " - DNS resolution issues of the host system\\n"
printf " - Other internet connectivity issues\\n"
else
printf " %b %bUnsupported OS detected: %s %s%b\\n" "${CROSS}" "${COL_LIGHT_RED}" "${detected_os^}" "${detected_version}" "${COL_NC}"
printf " If you are seeing this message and you do have a supported OS, please contact support.\\n"
fi
printf "\\n"
printf " %bhttps://docs.pi-hole.net/main/prerequisites/#supported-operating-systems%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}"
printf "\\n"
printf " If you wish to attempt to continue anyway, you can try one of the following commands to skip this check:\\n"
printf "\\n"
printf " e.g: If you are seeing this message on a fresh install, you can run:\\n"
printf " %bcurl -sSL https://install.pi-hole.net | sudo PIHOLE_SKIP_OS_CHECK=true bash%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}"
printf "\\n"
printf " If you are seeing this message after having run pihole -up:\\n"
printf " %bsudo PIHOLE_SKIP_OS_CHECK=true pihole -r%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}"
printf " (In this case, your previous run of pihole -up will have already updated the local repository)\\n"
printf "\\n"
printf " It is possible that the installation will still fail at this stage due to an unsupported configuration.\\n"
printf " If that is the case, you can feel free to ask the community on Discourse with the %bCommunity Help%b category:\\n" "${COL_LIGHT_RED}" "${COL_NC}"
printf " %bhttps://discourse.pi-hole.net/c/bugs-problems-issues/community-help/%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}"
printf "\\n"
exit 1
else
printf " %b %bSupported OS detected%b\\n" "${TICK}" "${COL_LIGHT_GREEN}" "${COL_NC}"
fi
else
printf " %b %bPIHOLE_SKIP_OS_CHECK env variable set to true - installer will continue%b\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}"
fi
}
@ -252,6 +401,8 @@ package_manager_detect() {
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
# The command we will use to remove packages (used in the uninstaller)
PKG_REMOVE="${PKG_MANAGER} -y remove --purge"
# Update package cache
update_package_cache || exit 1
# If apt-get is not found, check for rpm.
elif is_command rpm; then
@ -311,7 +462,7 @@ build_dependency_package(){
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
else
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
printf "%b Error: Building pihole-meta.deb failed. %b\\n" "${COL_RED}" "${COL_NC}"
printf "%b Error: Building pihole-meta.deb failed. %b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
return 1
fi
@ -344,7 +495,7 @@ build_dependency_package(){
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
else
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
printf "%b Error: Building pihole-meta.rpm failed. %b\\n" "${COL_RED}" "${COL_NC}"
printf "%b Error: Building pihole-meta.rpm failed. %b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
return 1
fi
@ -486,7 +637,7 @@ getGitFiles() {
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
# Update the repo, returning an error message on failure
update_repo "${directory}" || {
printf "\\n %b: Could not update local repository. Contact support.%b\\n" "${COL_RED}" "${COL_NC}"
printf "\\n %b: Could not update local repository. Contact support.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
}
# If it's not a .git repo,
@ -495,7 +646,7 @@ getGitFiles() {
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
# Attempt to make the repository, showing an error on failure
make_repo "${directory}" "${remoteRepo}" || {
printf "\\n %bError: Could not update local repository. Contact support.%b\\n" "${COL_RED}" "${COL_NC}"
printf "\\n %bError: Could not update local repository. Contact support.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
}
fi
@ -535,11 +686,7 @@ find_IPv4_information() {
local IPv4bare
# Find IP used to route to outside world by checking the route to Google's public DNS server
if ! route="$(ip route get 8.8.8.8 2> /dev/null)"; then
printf " %b No IPv4 route was detected.\n" "${INFO}"
IPV4_ADDRESS=""
return
fi
route=$(ip route get 8.8.8.8)
# Get just the interface IPv4 address
# shellcheck disable=SC2059,SC2086
@ -555,35 +702,10 @@ find_IPv4_information() {
IPV4_ADDRESS=$(ip -oneline -family inet address show | grep "${IPv4bare}/" | awk '{print $4}' | awk 'END {print}')
}
confirm_ipv6_only() {
# Confirm from user before IPv6 only install
dialog --no-shadow --output-fd 1 \
--no-button "Exit" --yes-button "Install IPv6 ONLY" \
--yesno "\\n\\nWARNING - no valid IPv4 route detected.\\n\\n\
This may be due to a temporary connectivity issue,\\n\
or you may be installing on an IPv6 only system.\\n\\n\
Do you wish to continue with an IPv6-only installation?\\n\\n" \
"${r}" "${c}" && result=0 || result="$?"
case "${result}" in
"${DIALOG_CANCEL}" | "${DIALOG_ESC}")
printf " %b Installer exited at IPv6 only message.\\n" "${INFO}"
exit 1
;;
esac
DNS_SERVERS="$DNS_SERVERS_IPV6_ONLY"
printf " %b Proceeding with IPv6 only installation.\\n" "${INFO}"
}
# Get available interfaces that are UP
get_available_interfaces() {
# There may be more than one so it's all stored in a variable
# The ip command list all interfaces that are in the up state
# The awk command filters out any interfaces that have the LOOPBACK flag set
# while using the characters ": " or "@" as a field separator for awk
availableInterfaces=$(ip --oneline link show up | awk -F ': |@' '!/<.*LOOPBACK.*>/ {print $2}')
availableInterfaces=$(ip --oneline link show up | grep -v "lo" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1)
}
# A function for displaying the dialogs the user sees when first running the installer
@ -645,6 +767,7 @@ chooseInterface() {
# All further interfaces are deselected
status="OFF"
done
# shellcheck disable=SC2086
# Disable check for double quote here as we are passing a string with spaces
PIHOLE_INTERFACE=$(dialog --no-shadow --keep-tite --output-fd 1 \
--cancel-label "Exit" --ok-label "Select" \
@ -733,9 +856,6 @@ collect_v4andv6_information() {
printf " %b IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}"
find_IPv6_information
printf " %b IPv6 address: %s\\n" "${INFO}" "${IPV6_ADDRESS}"
if [ "$IPV4_ADDRESS" == "" ] && [ "$IPV6_ADDRESS" != "" ]; then
confirm_ipv6_only
fi
}
# Check an IP address to see if it is a valid one
@ -813,7 +933,7 @@ setDNS() {
result=$?
case ${result} in
"${DIALOG_CANCEL}" | "${DIALOG_ESC}")
printf " %b Cancel was selected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}"
printf " %b Cancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
;;
esac
@ -850,7 +970,7 @@ If you want to specify a port other than 53, separate it with a hash.\
result=$?
case ${result} in
"${DIALOG_CANCEL}" | "${DIALOG_ESC}")
printf " %b Cancel was selected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}"
printf " %b Cancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
;;
esac
@ -904,7 +1024,7 @@ If you want to specify a port other than 53, separate it with a hash.\
DNSSettingsCorrect=False
;;
"${DIALOG_ESC}")
printf " %b Escape pressed, exiting installer at DNS Settings%b\\n" "${COL_RED}" "${COL_NC}"
printf " %b Escape pressed, exiting installer at DNS Settings%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
;;
esac
@ -955,7 +1075,7 @@ setLogging() {
;;
"${DIALOG_ESC}")
# User pressed <ESC>
printf " %b Escape pressed, exiting installer at Query Logging choice.%b\\n" "${COL_RED}" "${COL_NC}"
printf " %b Escape pressed, exiting installer at Query Logging choice.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
;;
esac
@ -980,7 +1100,7 @@ setPrivacyLevel() {
printf " %b Using privacy level: %s\\n" "${INFO}" "${PRIVACY_LEVEL}"
;;
"${DIALOG_CANCEL}" | "${DIALOG_ESC}")
printf " %b Cancelled privacy level selection.%b\\n" "${COL_RED}" "${COL_NC}"
printf " %b Cancelled privacy level selection.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
;;
esac
@ -1014,7 +1134,7 @@ chooseBlocklists() {
;;
"${DIALOG_ESC}")
# User pressed <ESC>
printf " %b Escape pressed, exiting installer at blocklist choice.%b\\n" "${COL_RED}" "${COL_NC}"
printf " %b Escape pressed, exiting installer at blocklist choice.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
;;
esac
@ -1140,7 +1260,7 @@ installScripts() {
else
# Otherwise, show an error and exit
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
printf "\\t\\t%bError: Local repo %s not found, exiting installer%b\\n" "${COL_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
printf "\\t\\t%bError: Local repo %s not found, exiting installer%b\\n" "${COL_LIGHT_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
return 1
fi
}
@ -1155,13 +1275,14 @@ installConfigs() {
# Install empty custom.list file if it does not exist
if [[ ! -r "${PI_HOLE_CONFIG_DIR}/hosts/custom.list" ]]; then
if ! install -D -T -o pihole -g pihole -m 660 /dev/null "${PI_HOLE_CONFIG_DIR}/hosts/custom.list" &>/dev/null; then
printf " %b Error: Unable to initialize configuration file %s/custom.list\\n" "${COL_RED}" "${PI_HOLE_CONFIG_DIR}/hosts"
printf " %b Error: Unable to initialize configuration file %s/custom.list\\n" "${COL_LIGHT_RED}" "${PI_HOLE_CONFIG_DIR}/hosts"
return 1
fi
fi
# Install pihole-FTL systemd or init.d service, based on whether systemd is the init system or not
if ps -p 1 -o comm= | grep -q systemd; then
# Follow debhelper logic, which checks for /run/systemd/system to derive whether systemd is the init system
if [[ -d '/run/systemd/system' ]]; then
install -T -m 0644 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.systemd" '/etc/systemd/system/pihole-FTL.service'
# Remove init.d service if present
@ -1334,7 +1455,7 @@ update_package_cache() {
UPDATE_PKG_CACHE="apt update"
fi
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
printf " %b Error: Unable to update package cache. Please try \"%s\"%b\\n" "${COL_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}"
printf " %b Error: Unable to update package cache. Please try \"%s\"%b\\n" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}"
return 1
fi
}
@ -1352,7 +1473,7 @@ notify_package_updates_available() {
printf "%b %b %s... up to date!\\n\\n" "${OVER}" "${TICK}" "${str}"
else
printf "%b %b %s... %s updates available\\n" "${OVER}" "${TICK}" "${str}" "${updatesToInstall}"
printf " %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_GREEN}" "${COL_NC}"
printf " %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}"
fi
}
@ -1369,11 +1490,11 @@ install_dependent_packages() {
rm /tmp/pihole-meta.deb
else
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
printf " %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_RED}"
printf " %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_LIGHT_RED}"
return 1
fi
else
printf " %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_RED}"
printf " %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_LIGHT_RED}"
return 1
fi
# Install Fedora/CentOS packages
@ -1384,11 +1505,11 @@ install_dependent_packages() {
rm /tmp/pihole-meta.rpm
else
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
printf " %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_RED}"
printf " %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_LIGHT_RED}"
return 1
fi
else
printf " %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_RED}"
printf " %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_LIGHT_RED}"
return 1
fi
@ -1617,20 +1738,19 @@ checkSelinux() {
if [[ "${SELINUX_ENFORCING}" -eq 1 ]] && [[ -z "${PIHOLE_SELINUX}" ]]; then
printf " Pi-hole does not provide an SELinux policy as the required changes modify the security of your system.\\n"
printf " Please refer to https://wiki.centos.org/HowTos/SELinux if SELinux is required for your deployment.\\n"
printf " This check can be skipped by setting the environment variable %bPIHOLE_SELINUX%b to %btrue%b\\n" "${COL_RED}" "${COL_NC}" "${COL_RED}" "${COL_NC}"
printf " This check can be skipped by setting the environment variable %bPIHOLE_SELINUX%b to %btrue%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" "${COL_LIGHT_RED}" "${COL_NC}"
printf " e.g: export PIHOLE_SELINUX=true\\n"
printf " By setting this variable to true you acknowledge there may be issues with Pi-hole during or after the install\\n"
printf "\\n %bSELinux Enforcing detected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}"
printf "\\n %bSELinux Enforcing detected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
exit 1
elif [[ "${SELINUX_ENFORCING}" -eq 1 ]] && [[ -n "${PIHOLE_SELINUX}" ]]; then
printf " %b %bSELinux Enforcing detected%b. PIHOLE_SELINUX env variable set - installer will continue\\n" "${INFO}" "${COL_RED}" "${COL_NC}"
printf " %b %bSELinux Enforcing detected%b. PIHOLE_SELINUX env variable set - installer will continue\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}"
fi
}
check_download_exists() {
# Check if the download exists and we can reach the server
local status
status=$(curl --head --silent "https://ftl.pi-hole.net/${1}" | head -n 1)
local status=$(curl --head --silent "https://ftl.pi-hole.net/${1}" | head -n 1)
# Check the status code
if grep -q "200" <<<"$status"; then
@ -1721,13 +1841,13 @@ clone_or_reset_repos() {
# Reset the Core repo
resetRepo ${PI_HOLE_LOCAL_REPO} ||
{
printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_LIGHT_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
exit 1
}
# Reset the Web repo
resetRepo ${webInterfaceDir} ||
{
printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_RED}" "${webInterfaceDir}" "${COL_NC}"
printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_LIGHT_RED}" "${webInterfaceDir}" "${COL_NC}"
exit 1
}
# Otherwise, a fresh installation is happening
@ -1735,13 +1855,13 @@ clone_or_reset_repos() {
# so get git files for Core
getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} ||
{
printf " %b Unable to clone %s into %s, unable to continue%b\\n" "${COL_RED}" "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
printf " %b Unable to clone %s into %s, unable to continue%b\\n" "${COL_LIGHT_RED}" "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
exit 1
}
# get the Web git files
getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl} ||
{
printf " %b Unable to clone %s into ${webInterfaceDir}, exiting installer%b\\n" "${COL_RED}" "${webInterfaceGitUrl}" "${COL_NC}"
printf " %b Unable to clone %s into ${webInterfaceDir}, exiting installer%b\\n" "${COL_LIGHT_RED}" "${webInterfaceGitUrl}" "${COL_NC}"
exit 1
}
fi
@ -1749,6 +1869,7 @@ clone_or_reset_repos() {
# Download FTL binary to random temp directory and install FTL binary
# Disable directive for SC2120 a value _can_ be passed to this function, but it is passed from an external script that sources this one
# shellcheck disable=SC2120
FTLinstall() {
# Local, named variables
local str="Downloading and Installing FTL"
@ -1817,7 +1938,7 @@ FTLinstall() {
return 1
}
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
printf " %b Error: Download of %s/%s failed (checksum error)%b\\n" "${COL_RED}" "${url}" "${binary}" "${COL_NC}"
printf " %b Error: Download of %s/%s failed (checksum error)%b\\n" "${COL_LIGHT_RED}" "${url}" "${binary}" "${COL_NC}"
# Remove temp dir
remove_dir "${tempdir}"
@ -1831,7 +1952,7 @@ FTLinstall() {
}
printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}"
# The URL could not be found
printf " %b Error: URL %s/%s not found%b\\n" "${COL_RED}" "${url}" "${binary}" "${COL_NC}"
printf " %b Error: URL %s/%s not found%b\\n" "${COL_LIGHT_RED}" "${url}" "${binary}" "${COL_NC}"
# Remove temp dir
remove_dir "${tempdir}"
@ -1908,7 +2029,7 @@ get_binary_name() {
# Something else - we try to use 32bit executable and warn the user
if [[ ! "${machine}" == "i686" ]]; then
printf "%b %b %s...\\n" "${OVER}" "${CROSS}" "${str}"
printf " %b %bNot able to detect architecture (unknown: %s), trying x86 (32bit) executable%b\\n" "${INFO}" "${COL_RED}" "${machine}" "${COL_NC}"
printf " %b %bNot able to detect architecture (unknown: %s), trying x86 (32bit) executable%b\\n" "${INFO}" "${COL_LIGHT_RED}" "${machine}" "${COL_NC}"
printf " %b Contact Pi-hole Support if you experience issues (e.g: FTL not running)\\n" "${INFO}"
else
printf "%b %b Detected 32bit (i686) architecture\\n" "${OVER}" "${TICK}"
@ -1946,13 +2067,13 @@ FTLcheckUpdate() {
path="${ftlBranch}/${binary}"
# Check whether or not the binary for this FTL branch actually exists. If not, then there is no update!
local status
# shellcheck disable=SC1090
if ! check_download_exists "$path"; then
status=$?
if [ "${status}" -eq 1 ]; then
if [ $? -eq 1 ]; then
printf " %b Branch \"%s\" is not available.\\n" "${INFO}" "${ftlBranch}"
printf " %b Use %bpihole checkout ftl [branchname]%b to switch to a valid branch.\\n" "${INFO}" "${COL_GREEN}" "${COL_NC}"
elif [ "${status}" -eq 2 ]; then
printf " %b Use %bpihole checkout ftl [branchname]%b to switch to a valid branch.\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}"
return 2
elif [ $? -eq 2 ]; then
printf " %b Unable to download from ftl.pi-hole.net. Please check your Internet connection and try again later.\\n" "${CROSS}"
return 3
else
@ -1980,14 +2101,12 @@ FTLcheckUpdate() {
# same as the remote one
local FTLversion
FTLversion=$(/usr/bin/pihole-FTL tag)
local FTLlatesttag
# Get the latest version from the GitHub API
local FTLlatesttag
FTLlatesttag=$(curl -s https://api.github.com/repos/pi-hole/FTL/releases/latest | jq -sRr 'fromjson? | .tag_name | values')
if [ -z "${FTLlatesttag}" ]; then
if ! FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep --color=never -i Location: | awk -F / '{print $NF}' | tr -d '[:cntrl:]'); then
# There was an issue while retrieving the latest version
printf " %b Failed to retrieve latest FTL release metadata\\n" "${CROSS}"
printf " %b Failed to retrieve latest FTL release metadata" "${CROSS}"
return 3
fi
@ -2005,7 +2124,6 @@ FTLcheckUpdate() {
# Continue further down...
fi
else
# FTL not installed, then download
return 0
fi
fi
@ -2037,11 +2155,6 @@ FTLdetect() {
if FTLcheckUpdate "${1}"; then
FTLinstall "${1}" || return 1
else
case $? in
1) :;; # FTL is up-to-date
*) exit 1;; # 404 (2), other HTTP or curl error (3), unknown (4)
esac
fi
}
@ -2169,7 +2282,7 @@ main() {
else
# Otherwise, they do not have enough privileges, so let the user know
printf " %b %s\\n" "${INFO}" "${str}"
printf " %b %bScript called with non-root privileges%b\\n" "${INFO}" "${COL_RED}" "${COL_NC}"
printf " %b %bScript called with non-root privileges%b\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}"
printf " The Pi-hole requires elevated privileges to install and run\\n"
printf " Please check the installer for any concerns regarding this requirement\\n"
printf " Make sure to download this script from a trusted source\\n\\n"
@ -2193,7 +2306,7 @@ main() {
# Otherwise, tell the user they need to run the script as root, and bail
printf "%b %b Sudo utility check\\n" "${OVER}" "${CROSS}"
printf " %b Sudo is needed for the Web Interface to run pihole commands\\n\\n" "${INFO}"
printf " %b %bPlease re-run this installer as root${COL_NC}\\n" "${INFO}" "${COL_RED}"
printf " %b %bPlease re-run this installer as root${COL_NC}\\n" "${INFO}" "${COL_LIGHT_RED}"
exit 1
fi
fi
@ -2204,17 +2317,9 @@ main() {
# Check for availability of either the "service" or "systemctl" commands
check_service_command
# Check if this is a fresh install or an update/repair
check_fresh_install
# Check for supported package managers so that we may install dependencies
package_manager_detect
# Update package cache only on apt based systems
if is_command apt-get; then
update_package_cache || exit 1
fi
# Notify user of package availability
notify_package_updates_available
@ -2224,6 +2329,8 @@ main() {
# Install Pi-hole dependencies
install_dependent_packages
# Check that the installed OS is officially supported - display warning if not
os_check
# Check if there is a usable FTL binary available on this architecture - do
# this early on as FTL is a hard dependency for Pi-hole
@ -2235,7 +2342,10 @@ main() {
exit 1
fi
if [[ "${fresh_install}" == false ]]; then
# in case of an update (can be a v5 -> v6 or v6 -> v6 update) or repair
if [[ -f "${PI_HOLE_V6_CONFIG}" ]] || [[ -f "/etc/pihole/setupVars.conf" ]]; then
# retain settings
fresh_install=false
# if it's running unattended,
if [[ "${runUnattended}" == true ]]; then
printf " %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
@ -2288,7 +2398,7 @@ main() {
# /opt/pihole/utils.sh should be installed by installScripts now, so we can use it
if [ -f "${PI_HOLE_INSTALL_DIR}/utils.sh" ]; then
# shellcheck source="./advanced/Scripts/utils.sh"
# shellcheck disable=SC1091
source "${PI_HOLE_INSTALL_DIR}/utils.sh"
else
printf " %b Failure: /opt/pihole/utils.sh does not exist .\\n" "${CROSS}"
@ -2301,28 +2411,16 @@ main() {
# Migrate existing install to v6.0
migrate_dnsmasq_configs
# Cleanup old v5 sudoers file if it exists
sudoers_file="/etc/sudoers.d/pihole"
if [[ -f "${sudoers_file}" ]]; then
# only remove the file if it contains the Pi-hole header
if grep -q "Pi-hole: A black hole for Internet advertisements" "${sudoers_file}"; then
rm -f "${sudoers_file}"
fi
fi
# Check for and disable systemd-resolved-DNSStubListener before reloading resolved
# DNSStubListener needs to remain in place for installer to download needed files,
# so this change needs to be made after installation is complete,
# but before starting or resttarting the ftl service
disable_resolved_stublistener
if [[ "${fresh_install}" == false ]]; then
# Check if gravity database needs to be upgraded. If so, do it without rebuilding
# gravity altogether. This may be a very long running task needlessly blocking
# the update process.
# Only do this on updates, not on fresh installs as the database does not exit yet
/opt/pihole/gravity.sh --upgrade
fi
# Check if gravity database needs to be upgraded. If so, do it without rebuilding
# gravity altogether. This may be a very long running task needlessly blocking
# the update process.
/opt/pihole/gravity.sh --upgrade
printf " %b Restarting services...\\n" "${INFO}"
# Start services
@ -2354,10 +2452,6 @@ main() {
if [ -n "${PRIVACY_LEVEL}" ]; then
setFTLConfigValue "misc.privacylevel" "${PRIVACY_LEVEL}"
fi
if [ -n "${PIHOLE_INTERFACE}" ]; then
setFTLConfigValue "dns.interface" "${PIHOLE_INTERFACE}"
fi
fi
# Download and compile the aggregated block list
@ -2383,10 +2477,8 @@ main() {
printf " %b If you have not done so already, the above IP should be set to static.\\n" "${INFO}"
printf " %b View the web interface at http://pi.hole:${WEBPORT}/admin or http://%s/admin\\n\\n" "${INFO}" "${IPV4_ADDRESS%/*}:${WEBPORT}"
printf " %b Web Interface password: %b%s%b\\n" "${INFO}" "${COL_GREEN}" "${pw}" "${COL_NC}"
printf " %b Web Interface password: %b%s%b\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${pw}" "${COL_NC}"
printf " %b This can be changed using 'pihole setpassword'\\n\\n" "${INFO}"
printf " %b To allow your user to use all CLI functions without authentication, refer to\\n" "${INFO}"
printf " our documentation at: https://docs.pi-hole.net/main/post-install/\\n\\n"
# Final dialog message to the user
dialog --no-shadow --keep-tite \
@ -2395,11 +2487,7 @@ main() {
\\n\\nIPv4: ${IPV4_ADDRESS%/*}\
\\nIPv6: ${IPV6_ADDRESS:-"Not Configured"}\
\\nIf you have not done so already, the above IP should be set to static.\
\\nView the web interface at http://pi.hole/admin:${WEBPORT} or http://${IPV4_ADDRESS%/*}:${WEBPORT}/admin\\n\\nYour Admin Webpage login password is ${pw}\
\\n
\\n
\\nTo allow your user to use all CLI functions without authentication,\
\\nrefer to https://docs.pi-hole.net/main/post-install/" "${r}" "${c}"
\\nView the web interface at http://pi.hole/admin:${WEBPORT} or http://${IPV4_ADDRESS%/*}:${WEBPORT}/admin\\n\\nYour Admin Webpage login password is ${pw}" "${r}" "${c}"
INSTALL_TYPE="Installation"
else
@ -2408,7 +2496,7 @@ main() {
# Display where the log file is
printf "\\n %b The install log is located at: %s\\n" "${INFO}" "${installLogLoc}"
printf " %b %b%s complete! %b\\n" "${TICK}" "${COL_GREEN}" "${INSTALL_TYPE}" "${COL_NC}"
printf " %b %b%s complete! %b\\n" "${TICK}" "${COL_LIGHT_GREEN}" "${INSTALL_TYPE}" "${COL_NC}"
if [[ "${INSTALL_TYPE}" == "Update" ]]; then
printf "\\n"

29
automated install/uninstall.sh
View File

@ -8,19 +8,13 @@
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
# shellcheck source="./advanced/Scripts/COL_TABLE"
source "/opt/pihole/COL_TABLE"
# shellcheck source="./advanced/Scripts/utils.sh"
source "/opt/pihole/utils.sh"
ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome")
readonly ADMIN_INTERFACE_DIR
while true; do
read -rp " ${QST} Are you sure you would like to remove ${COL_BOLD}Pi-hole${COL_NC}? [y/N] " answer
read -rp " ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer
case ${answer} in
[Yy]* ) break;;
* ) echo -e "${OVER} ${COL_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
* ) echo -e "${OVER} ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
esac
done
@ -43,7 +37,6 @@ fi
readonly PI_HOLE_FILES_DIR="/etc/.pihole"
SKIP_INSTALL="true"
# shellcheck source="./automated install/basic-install.sh"
source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
# package_manager_detect() sourced from basic-install.sh
@ -60,9 +53,17 @@ removeMetaPackage() {
}
removePiholeFiles() {
# Remove the web interface of Pi-hole
# Only web directories/files that are created by Pi-hole should be removed
echo -ne " ${INFO} Removing Web Interface..."
${SUDO} rm -rf "${ADMIN_INTERFACE_DIR}" &> /dev/null
${SUDO} rm -rf /var/www/html/admin &> /dev/null
# If the web directory is empty after removing these files, then the parent html directory can be removed.
if [ -d "/var/www/html" ]; then
if [[ ! "$(ls -A /var/www/html)" ]]; then
${SUDO} rm -rf /var/www/html &> /dev/null
fi
fi
echo -e "${OVER} ${TICK} Removed Web Interface"
# Attempt to preserve backwards compatibility with older versions
@ -150,11 +151,11 @@ removePiholeFiles() {
echo -e "\\n We're sorry to see you go, but thanks for checking out Pi-hole!
If you need help, reach out to us on GitHub, Discourse, Reddit or Twitter
Reinstall at any time: ${COL_BOLD}curl -sSL https://install.pi-hole.net | bash${COL_NC}
Reinstall at any time: ${COL_WHITE}curl -sSL https://install.pi-hole.net | bash${COL_NC}
${COL_RED}Please reset the DNS on your router/clients to restore internet connectivity${COL_NC}
${COL_LIGHT_RED}Please reset the DNS on your router/clients to restore internet connectivity${COL_NC}
${INFO} Pi-hole's meta package has been removed, use the 'autoremove' function from your package manager to remove unused dependencies${COL_NC}
${COL_GREEN}Uninstallation Complete! ${COL_NC}"
${COL_LIGHT_GREEN}Uninstallation Complete! ${COL_NC}"
}
######### SCRIPT ###########

171
gravity.sh
View File

@ -1,4 +1,5 @@
#!/usr/bin/env bash
# shellcheck disable=SC1090
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
@ -15,13 +16,13 @@ export LC_ALL=C
PI_HOLE_SCRIPT_DIR="/opt/pihole"
# Source utils.sh for GetFTLConfigValue
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source=./advanced/Scripts/utils.sh
# shellcheck disable=SC1090
. "${utilsfile}"
coltable="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
# shellcheck source=./advanced/Scripts/COL_TABLE
# shellcheck disable=SC1090
. "${coltable}"
# shellcheck source=./advanced/Scripts/database_migration/gravity-db.sh
# shellcheck disable=SC1091
. "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh"
basename="pihole"
@ -50,14 +51,14 @@ etag_support=false
# Check gravity temp directory
if [ ! -d "${GRAVITY_TMPDIR}" ] || [ ! -w "${GRAVITY_TMPDIR}" ]; then
echo -e " ${COL_RED}Gravity temporary directory does not exist or is not a writeable directory, falling back to /tmp. ${COL_NC}"
echo -e " ${COL_LIGHT_RED}Gravity temporary directory does not exist or is not a writeable directory, falling back to /tmp. ${COL_NC}"
GRAVITY_TMPDIR="/tmp"
fi
# Set this only after sourcing pihole-FTL.conf as the gravity database path may
# have changed
gravityDBfile="${GRAVITYDB}"
gravityDBfile_default="${piholeDir}/gravity.db"
gravityDBfile_default="/etc/pihole/gravity.db"
gravityTEMPfile="${GRAVITYDB}_temp"
gravityDIR="$(dirname -- "${gravityDBfile}")"
gravityOLDfile="${gravityDIR}/gravity_old.db"
@ -126,7 +127,7 @@ gravity_swap_databases() {
oldAvail=false
if [ "${availableBlocks}" -gt "$((gravityBlocks * 2))" ] && [ -f "${gravityDBfile}" ]; then
oldAvail=true
cp -p "${gravityDBfile}" "${gravityOLDfile}"
cp "${gravityDBfile}" "${gravityOLDfile}"
fi
# Drop the gravity and antigravity tables + subsequent VACUUM the current
@ -139,7 +140,7 @@ gravity_swap_databases() {
else
# Check if the backup directory exists
if [ ! -d "${gravityBCKdir}" ]; then
mkdir -p "${gravityBCKdir}" && chown pihole:pihole "${gravityBCKdir}"
mkdir -p "${gravityBCKdir}"
fi
# If multiple gravityBCKfile's are present (appended with a number), rotate them
@ -305,7 +306,7 @@ migrate_to_database() {
fi
# Check if gravity database needs to be updated
upgrade_gravityDB "${gravityDBfile}"
upgrade_gravityDB "${gravityDBfile}" "${piholeDir}"
# Migrate list files to new database
if [ -e "${adListFile}" ]; then
@ -333,7 +334,7 @@ migrate_to_database() {
fi
# Check if gravity database needs to be updated
upgrade_gravityDB "${gravityDBfile}"
upgrade_gravityDB "${gravityDBfile}" "${piholeDir}"
}
# Determine if DNS resolution is available before proceeding
@ -348,24 +349,17 @@ gravity_CheckDNSResolutionAvailable() {
echo -e " ${CROSS} DNS resolution is currently unavailable"
fi
str="Waiting up to 120 seconds for DNS resolution..."
str="Waiting until DNS resolution is available..."
echo -ne " ${INFO} ${str}"
# Default DNS timeout is two seconds, plus 1 second for each dot > 120 seconds
for ((i = 0; i < 40; i++)); do
if getent hosts github.com &> /dev/null; then
# If we reach this point, DNS resolution is available
echo -e "${OVER} ${TICK} DNS resolution is available"
return 0
fi
# Append one dot for each second waiting
echo -ne "."
sleep 1
until getent hosts github.com &> /dev/null; do
# Append one dot for each second waiting
str="${str}."
echo -ne " ${OVER} ${INFO} ${str}"
sleep 1
done
# DNS resolution is still unavailable after 120 seconds
return 1
# If we reach this point, DNS resolution is available
echo -e "${OVER} ${TICK} DNS resolution is available"
}
# Function: try_restore_backup
@ -424,7 +418,7 @@ gravity_DownloadBlocklists() {
echo -e " ${INFO} Storing gravity database in ${COL_BOLD}${gravityDBfile}${COL_NC}"
fi
local url domain str compression adlist_type directory success
local url domain str target compression adlist_type directory success
echo ""
# Prepare new gravity database
@ -547,14 +541,16 @@ gravity_DownloadBlocklists() {
# it (in case it doesn't exist)
# First, check if the directory is writable
directory="$(dirname -- "${saveLocation}")"
if [ ! -w "${directory}" ]; then
directory_permissions=$(stat -c %a ${directory})
if [ $directory_permissions -lt 700 ]; then
echo -e " ${CROSS} Unable to write to ${directory}"
echo " Please run pihole -g as root"
echo ""
continue
fi
# Then, check if the file is writable (if it exists)
if [ -e "${saveLocation}" ] && [ ! -w "${saveLocation}" ]; then
saveLocation_permissions=$(stat -c %a ${saveLocation})
if [ -e "${saveLocation}" ] && [ ${saveLocation_permissions} -lt 600 ]; then
echo -e " ${CROSS} Unable to write to ${saveLocation}"
echo " Please run pihole -g as root"
echo ""
@ -573,12 +569,12 @@ gravity_DownloadBlocklists() {
if [[ "${check_url}" =~ ${regex} ]]; then
echo -e " ${CROSS} Invalid Target"
else
timeit gravity_DownloadBlocklistFromUrl "${url}" "${sourceIDs[$i]}" "${saveLocation}" "${compression}" "${adlist_type}" "${domain}"
timeit gravity_DownloadBlocklistFromUrl "${url}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" "${adlist_type}" "${domain}"
fi
echo ""
done
DownloadBlocklists_done=true
gravity_Blackbody=true
}
compareLists() {
@ -607,11 +603,9 @@ compareLists() {
# Download specified URL and perform checks on HTTP status and file content
gravity_DownloadBlocklistFromUrl() {
local url="${1}" adlistID="${2}" saveLocation="${3}" compression="${4}" gravity_type="${5}" domain="${6}"
local listCurlBuffer str httpCode success="" ip customUpstreamResolver=""
local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}" gravity_type="${6}" domain="${7}"
local modifiedOptions="" listCurlBuffer str httpCode success="" ip cmd_ext
local file_path permissions ip_addr port blocked=false download=true
# modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream
local modifiedOptions=()
# Create temp file to store content on disk instead of RAM
# We don't use '--suffix' here because not all implementations of mktemp support it, e.g. on Alpine
@ -628,14 +622,14 @@ gravity_DownloadBlocklistFromUrl() {
# Save HTTP ETag to the specified file. An ETag is a caching related header,
# usually returned in a response. If no ETag is sent by the server, an empty
# file is created and can later be used consistently.
modifiedOptions=("${modifiedOptions[@]}" --etag-save "${saveLocation}".etag)
modifiedOptions="--etag-save ${saveLocation}.etag"
if [[ -f "${saveLocation}.etag" ]]; then
# This option makes a conditional HTTP request for the specific ETag read
# from the given file by sending a custom If-None-Match header using the
# stored ETag. This way, the server will only send the file if it has
# changed since the last request.
modifiedOptions=("${modifiedOptions[@]}" --etag-compare "${saveLocation}".etag)
modifiedOptions="${modifiedOptions} --etag-compare ${saveLocation}.etag"
fi
fi
@ -648,13 +642,39 @@ gravity_DownloadBlocklistFromUrl() {
# Interstingly, this option is not supported by raw.githubusercontent.com
# URLs, however, it is still supported by many older web servers which may
# not support the HTTP ETag method so we keep it as a fallback.
modifiedOptions=("${modifiedOptions[@]}" -z "${saveLocation}")
modifiedOptions="${modifiedOptions} -z ${saveLocation}"
fi
fi
str="Status:"
echo -ne " ${INFO} ${str} Pending..."
blocked=false
case $(getFTLConfigValue dns.blocking.mode) in
"IP-NODATA-AAAA" | "IP")
# Get IP address of this domain
ip="$(dig "${domain}" +short)"
# Check if this IP matches any IP of the system
if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<<"$(ip a)") -gt 0 ]]; then
blocked=true
fi
;;
"NXDOMAIN")
if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
blocked=true
fi
;;
"NODATA")
if [[ $(dig "${domain}" | grep "NOERROR" -c) -ge 1 ]] && [[ -z $(dig +short "${domain}") ]]; then
blocked=true
fi
;;
"NULL" | *)
if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
blocked=true
fi
;;
esac
# Check if this domain is blocked by Pi-hole but only if the domain is not a
# local file or empty
if [[ $url != "file"* ]] && [[ -n "${domain}" ]]; then
@ -714,7 +734,7 @@ gravity_DownloadBlocklistFromUrl() {
fi
echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by one of your lists. Using DNS server ${upstream} instead"
echo -ne " ${INFO} ${str} Pending..."
customUpstreamResolver="--resolve $domain:$port:$ip"
cmd_ext="--resolve $domain:$port:$ip"
fi
fi
@ -752,7 +772,8 @@ gravity_DownloadBlocklistFromUrl() {
fi
if [[ "${download}" == true ]]; then
httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression:+${compression}} ${customUpstreamResolver:+${customUpstreamResolver}} "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
# shellcheck disable=SC2086
httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${modifiedOptions} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
fi
case $url in
@ -802,11 +823,11 @@ gravity_DownloadBlocklistFromUrl() {
done="true"
# Check if $listCurlBuffer is a non-zero length file
elif [[ -s "${listCurlBuffer}" ]]; then
# Move the downloaded list to the final location
mv "${listCurlBuffer}" "${saveLocation}"
# Ensure the file has the correct permissions
fix_owner_permissions "${saveLocation}"
# Compare lists if they are identical
# Determine if blocklist is non-standard and parse as appropriate
gravity_ParseFileIntoDomains "${listCurlBuffer}" "${saveLocation}"
# Remove curl buffer file after its use
rm "${listCurlBuffer}"
# Compare lists if are they identical
compareLists "${adlistID}" "${saveLocation}"
# Add domains to database table file
pihole-FTL "${gravity_type}" parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}"
@ -821,13 +842,13 @@ gravity_DownloadBlocklistFromUrl() {
if [[ "${done}" != "true" ]]; then
# Determine if cached list has read permission
if [[ -r "${saveLocation}" ]]; then
echo -e " ${CROSS} List download failed: ${COL_GREEN}using previously cached list${COL_NC}"
echo -e " ${CROSS} List download failed: ${COL_LIGHT_GREEN}using previously cached list${COL_NC}"
# Set list status to "download-failed/cached"
database_adlist_status "${adlistID}" "3"
# Add domains to database table file
pihole-FTL "${gravity_type}" parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}"
else
echo -e " ${CROSS} List download failed: ${COL_RED}no cached list available${COL_NC}"
echo -e " ${CROSS} List download failed: ${COL_LIGHT_RED}no cached list available${COL_NC}"
# Manually reset these two numbers because we do not call parseList here
database_adlist_number "${adlistID}" 0 0
database_adlist_status "${adlistID}" "4"
@ -835,6 +856,37 @@ gravity_DownloadBlocklistFromUrl() {
fi
}
# Parse source files into domains format
gravity_ParseFileIntoDomains() {
local src="${1}" destination="${2}"
# Remove comments and print only the domain name
# Most of the lists downloaded are already in hosts file format but the spacing/formatting is not contiguous
# This helps with that and makes it easier to read
# It also helps with debugging so each stage of the script can be researched more in depth
# 1) Convert all characters to lowercase
tr '[:upper:]' '[:lower:]' <"${src}" >"${destination}"
# 2) Remove carriage returns
# 3) Remove lines starting with ! (ABP Comments)
# 4) Remove lines starting with [ (ABP Header)
# 5) Remove lines containing ABP extended CSS selectors ("##", "#$#", "#@#", "#?#") and Adguard JavaScript (#%#) preceded by a letter
# 6) Remove comments (text starting with "#", include possible spaces before the hash sign)
# 7) Remove leading tabs, spaces, etc. (Also removes leading IP addresses)
# 8) Remove empty lines
sed -i -r \
-e 's/\r$//' \
-e 's/\s*!.*//g' \
-e 's/\s*\[.*//g' \
-e '/[a-z]\#[$?@%]{0,3}\#/d' \
-e 's/\s*#.*//g' \
-e 's/^.*\s+//g' \
-e '/^$/d' "${destination}"
fix_owner_permissions "${destination}"
}
# Report number of entries in a table
gravity_Table_Count() {
local table="${1}"
@ -864,7 +916,7 @@ gravity_ShowCount() {
# Trap Ctrl-C
gravity_Trap() {
trap '{ echo -e "\\n\\n ${INFO} ${COL_RED}User-abort detected${COL_NC}"; gravity_Cleanup "error"; }' INT
trap '{ echo -e "\\n\\n ${INFO} ${COL_LIGHT_RED}User-abort detected${COL_NC}"; gravity_Cleanup "error"; }' INT
}
# Clean up after Gravity upon exit or cancellation
@ -882,13 +934,13 @@ gravity_Cleanup() {
# invalid_domains location
rm "${GRAVITY_TMPDIR}"/*.ph-non-domains 2>/dev/null
# Ensure this function only runs when gravity_DownloadBlocklists() has completed
if [[ "${DownloadBlocklists_done:-}" == true ]]; then
# Remove any unused .domains/.etag/.sha files
for file in "${listsCacheDir}"/*."${domainsExtension}"; do
# If list is not in active array, then remove it and all associated files
# Ensure this function only runs when gravity_SetDownloadOptions() has completed
if [[ "${gravity_Blackbody:-}" == true ]]; then
# Remove any unused .domains files
for file in "${piholeDir}"/*."${domainsExtension}"; do
# If list is not in active array, then remove it
if [[ ! "${activeDomains[*]}" == *"${file}"* ]]; then
rm -f "${file}"* 2>/dev/null ||
rm -f "${file}" 2>/dev/null ||
echo -e " ${CROSS} Failed to remove ${file##*/}"
fi
done
@ -1022,7 +1074,7 @@ migrate_to_listsCache_dir() {
# If not, we need to migrate the old files to the new directory
local str="Migrating the list's cache directory to new location"
echo -ne " ${INFO} ${str}..."
mkdir -p "${listsCacheDir}" && chown pihole:pihole "${listsCacheDir}"
mkdir -p "${listsCacheDir}"
# Move the old files to the new directory
if mv "${piholeDir}"/list.* "${listsCacheDir}/" 2>/dev/null; then
@ -1081,19 +1133,13 @@ for var in "$@"; do
"-t" | "--timeit") timed=true ;;
"-r" | "--repair") repairSelector "$3" ;;
"-u" | "--upgrade")
upgrade_gravityDB "${gravityDBfile}"
upgrade_gravityDB "${gravityDBfile}" "${piholeDir}"
exit 0
;;
"-h" | "--help") helpFunc ;;
esac
done
# Check if DNS is available, no need to do any database manipulation if we're not able to download adlists
if ! timeit gravity_CheckDNSResolutionAvailable; then
echo -e " ${CROSS} No DNS resolution available. Please contact support."
exit 1
fi
# Remove OLD (backup) gravity file, if it exists
if [[ -f "${gravityOLDfile}" ]]; then
rm "${gravityOLDfile}"
@ -1134,6 +1180,11 @@ if [[ "${forceDelete:-}" == true ]]; then
fi
# Gravity downloads blocklists next
if ! timeit gravity_CheckDNSResolutionAvailable; then
echo -e " ${CROSS} Can not complete gravity update, no DNS is available. Please contact support."
exit 1
fi
if ! gravity_DownloadBlocklists; then
echo -e " ${CROSS} Unable to create gravity database. Please try again later. If the problem persists, please contact support."
exit 1

15
manpages/pihole.8
View File

@ -23,7 +23,7 @@ pihole -r
.br
\fBpihole -g\fR
.br
\fBpihole\fR \fB-q\fR [options]
\fBpihole\fR -\fBq\fR [options]
.br
\fBpihole\fR \fB-l\fR (\fBon|off|off noflush\fR)
.br
@ -43,7 +43,7 @@ pihole -r
.br
\fBpihole\fR \fBcheckout\fR repo [branch]
.br
\fBpihole\fR \fBapi\fR [verbose] endpoint
\fBpihole\fR \api\fR endpoint
.br
\fBpihole\fR \fBhelp\fR
.br
@ -234,14 +234,10 @@ Available commands and options:
branchname Update subsystems to the specified branchname
.br
\fBapi\fR [verbose] endpoint
\fBapi\fR endpoint
.br
Query the Pi-hole API at <endpoint>
.br
verbose Show authentication and status messages
.br
.SH "EXAMPLE"
Some usage examples
@ -327,11 +323,6 @@ Switching Pi-hole subsystem branches
Queries FTL for the stats/summary endpoint
.br
\fBpihole api verbose stats/summary\fR
.br
Same as above, but shows authentication and status messages
.br
.SH "COLOPHON"
Get sucked into the latest news and community activity by entering Pi-hole's orbit. Information about Pi-hole, and the latest version of the software can be found at https://pi-hole.net.

38
pihole
View File

@ -9,7 +9,7 @@
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
PI_HOLE_SCRIPT_DIR="/opt/pihole"
readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
# PI_HOLE_BIN_DIR is not readonly here because in some functions (checkout),
# they might get set again when the installer is sourced. This causes an
@ -17,16 +17,13 @@ PI_HOLE_SCRIPT_DIR="/opt/pihole"
PI_HOLE_BIN_DIR="/usr/local/bin"
readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
# shellcheck source=./advanced/Scripts/COL_TABLE
source "${colfile}"
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
# shellcheck source=./advanced/Scripts/utils.sh
readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
source "${utilsfile}"
# Source api functions
readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh"
# shellcheck source=./advanced/Scripts/api.sh
source "${apifile}"
versionsfile="/etc/pihole/versions"
@ -34,7 +31,6 @@ if [ -f "${versionsfile}" ]; then
# Only source versionsfile if the file exits
# fixes a warning during installation where versionsfile does not exist yet
# but gravity calls `pihole -status` and thereby sourcing the file
# shellcheck source=/dev/null
source "${versionsfile}"
fi
@ -238,7 +234,7 @@ Time:
fi
if [[ ${error} == true ]];then
echo -e " ${COL_RED}Unknown format for blocking timer!${COL_NC}"
echo -e " ${COL_LIGHT_RED}Unknown format for blocking timer!${COL_NC}"
echo -e " Try 'pihole disable --help' for more information."
exit 1
fi
@ -251,14 +247,12 @@ Time:
data=$(PostFTLData "dns/blocking" "{ \"blocking\": ${1}, \"timer\": ${tt} }")
# Check the response
local extra timer
extra=" forever"
timer="$(echo "${data}"| jq --raw-output '.timer' )"
local extra=" forever"
local timer="$(echo "${data}"| jq --raw-output '.timer' )"
if [[ "${timer}" != "null" ]]; then
extra=" for ${timer}s"
fi
local str
str="Pi-hole $(echo "${data}" | jq --raw-output '.blocking')${extra}"
local str="Pi-hole $(echo "${data}" | jq --raw-output '.blocking')${extra}"
# Logout from the API
LogoutAPI
@ -293,7 +287,7 @@ Options:
echo -e " ${INFO} Enabling logging..."
local str="Logging has been enabled!"
else
echo -e " ${COL_RED}Invalid option${COL_NC}
echo -e " ${COL_LIGHT_RED}Invalid option${COL_NC}
Try 'pihole logging --help' for more information."
exit 1
fi
@ -381,22 +375,20 @@ statusFunc() {
tailFunc() {
# Warn user if Pi-hole's logging is disabled
local logging_enabled
logging_enabled=$(getFTLConfigValue dns.queryLogging)
local logging_enabled=$(getFTLConfigValue dns.queryLogging)
if [[ "${logging_enabled}" != "true" ]]; then
echo " ${CROSS} Warning: Query logging is disabled"
fi
echo -e " ${INFO} Press Ctrl-C to exit"
# Get logfile path
LOGFILE=$(getFTLConfigValue files.log.dnsmasq)
readonly LOGFILE
readonly LOGFILE=$(getFTLConfigValue files.log.dnsmasq)
# Strip date from each line
# Color blocklist/denylist/wildcard entries as red
# Color A/AAAA/DHCP strings as white
# Color everything else as gray
tail -f $LOGFILE | grep --line-buffered -- "${1}" | sed -E \
tail -f $LOGFILE | grep --line-buffered "${1}" | sed -E \
-e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
-e "s,(.*(denied |gravity blocked ).*),${COL_RED}&${COL_NC}," \
-e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
@ -431,7 +423,6 @@ piholeCheckoutFunc() {
exit 0
fi
#shellcheck source=./advanced/Scripts/piholeCheckout.sh
source "${PI_HOLE_SCRIPT_DIR}"/piholeCheckout.sh
shift
checkout "$@"
@ -493,7 +484,6 @@ Debugging Options:
Add an optional argument to filter the log
(regular expressions are supported)
api <endpoint> Query the Pi-hole API at <endpoint>
Precede <endpoint> with 'verbose' option to show authentication and status messages
Options:
@ -552,7 +542,7 @@ case "${1}" in
"enable" ) need_root=0;;
"disable" ) need_root=0;;
"-d" | "debug" ) ;;
"-g" | "updateGravity" ) need_root=0;;
"-g" | "updateGravity" ) ;;
"reloaddns" ) ;;
"reloadlists" ) ;;
"setpassword" ) ;;
@ -570,9 +560,9 @@ if [[ -z ${USER} ]]; then
USER=$(whoami)
fi
# Check if the current user is not root and if the command
# Check if the current user is neither root nor pihole and if the command
# requires root. If so, exit with an error message.
if [[ $EUID -ne 0 && need_root -eq 1 ]];then
if [[ $EUID -ne 0 && ${USER} != "pihole" && need_root -eq 1 ]];then
echo -e " ${CROSS} The Pi-hole command requires root privileges, try:"
echo -e " ${COL_GREEN}sudo pihole $*${COL_NC}"
exit 1
@ -602,6 +592,6 @@ case "${1}" in
"updatechecker" ) shift; updateCheckFunc "$@";;
"arpflush" ) arpFunc "$@";;
"-t" | "tail" ) tailFunc "$2";;
"api" ) shift; apiFunc "$@";;
"api" ) apiFunc "$2";;
* ) helpFunc;;
esac

19
test/_centos_10.Dockerfile
View File

@ -1,19 +0,0 @@
FROM quay.io/centos/centos:stream10
# Disable SELinux
RUN echo "SELINUX=disabled" > /etc/selinux/config
RUN yum install -y --allowerasing curl git initscripts
ENV GITDIR=/etc/.pihole
ENV SCRIPTDIR=/opt/pihole
RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
ADD . $GITDIR
RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

1
test/_centos_9.Dockerfile
View File

@ -15,5 +15,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

1
test/_debian_11.Dockerfile
View File

@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

1
test/_debian_12.Dockerfile
View File

@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

1
test/_fedora_40.Dockerfile
View File

@ -13,5 +13,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

1
test/_fedora_41.Dockerfile
View File

@ -13,5 +13,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

17
test/_fedora_42.Dockerfile
View File

@ -1,17 +0,0 @@
FROM fedora:42
RUN dnf install -y git initscripts
ENV GITDIR=/etc/.pihole
ENV SCRIPTDIR=/opt/pihole
RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
ADD . $GITDIR
RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

1
test/_ubuntu_20.Dockerfile
View File

@ -12,5 +12,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

1
test/_ubuntu_22.Dockerfile
View File

@ -13,5 +13,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

1
test/_ubuntu_24.Dockerfile
View File

@ -13,5 +13,6 @@ RUN true && \
chmod +x $SCRIPTDIR/*
ENV SKIP_INSTALL=true
ENV OS_CHECK_DOMAIN_NAME=dev-supportedos.pi-hole.net
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

8
test/requirements.txt
View File

@ -1,6 +1,6 @@
pyyaml == 6.0.2
pytest == 8.4.1
pytest-xdist == 3.8.0
pytest-testinfra == 10.2.2
tox == 4.27.0
pytest == 8.3.4
pytest-xdist == 3.6.1
pytest-testinfra == 10.1.1
tox == 4.24.1
pytest-clarity == 1.0.1

49
test/test_any_automated_install.py
View File

@ -89,8 +89,10 @@ def test_installPihole_fresh_install_readableFiles(host):
export DEBIAN_FRONTEND=noninteractive
umask 0027
runUnattended=true
fresh_install=false
source /opt/pihole/basic-install.sh > /dev/null
runUnattended=true
fresh_install=false
main
/opt/pihole/pihole-FTL-prestart.sh
"""
@ -243,7 +245,6 @@ def test_FTL_detect_no_errors(host, arch, detected_string, supported):
{
"-A /bin/sh": ("Tag_CPU_arch: " + arch, "0"),
"-A /usr/bin/sh": ("Tag_CPU_arch: " + arch, "0"),
"-A /usr/sbin/sh": ("Tag_CPU_arch: " + arch, "0"),
},
host,
)
@ -464,6 +465,50 @@ def test_validate_ip(host):
test_address("0.0.0.0#00001", False)
def test_os_check_fails(host):
"""Confirms install fails on unsupported OS"""
host.run(
"""
source /opt/pihole/basic-install.sh
package_manager_detect
build_dependency_package
install_dependent_packages
cat <<EOT > /etc/os-release
ID=UnsupportedOS
VERSION_ID="2"
EOT
"""
)
detectOS = host.run(
"""t
source /opt/pihole/basic-install.sh
os_check
"""
)
expected_stdout = "Unsupported OS detected: UnsupportedOS"
assert expected_stdout in detectOS.stdout
def test_os_check_passes(host):
"""Confirms OS meets the requirements"""
host.run(
"""
source /opt/pihole/basic-install.sh
package_manager_detect
build_dependency_package
install_dependent_packages
"""
)
detectOS = host.run(
"""
source /opt/pihole/basic-install.sh
os_check
"""
)
expected_stdout = "Supported OS detected"
assert expected_stdout in detectOS.stdout
def test_package_manager_has_pihole_deps(host):
"""Confirms OS is able to install the required packages for Pi-hole"""
mock_command("dialog", {"*": ("", "0")}, host)
@ -471,7 +516,6 @@ def test_package_manager_has_pihole_deps(host):
"""
source /opt/pihole/basic-install.sh
package_manager_detect
update_package_cache
build_dependency_package
install_dependent_packages
"""
@ -488,7 +532,6 @@ def test_meta_package_uninstall(host):
"""
source /opt/pihole/basic-install.sh
package_manager_detect
update_package_cache
build_dependency_package
install_dependent_packages
"""

10
test/tox.centos_10.ini
View File

@ -1,10 +0,0 @@
[tox]
envlist = py3
[testenv:py3]
allowlist_externals = docker
deps = -rrequirements.txt
setenv =
COLUMNS=120
commands = docker buildx build --load --progress plain -f _centos_10.Dockerfile -t pytest_pihole:test_container ../
pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py

10
test/tox.fedora_42.ini
View File

@ -1,10 +0,0 @@
[tox]
envlist = py3
[testenv]
allowlist_externals = docker
deps = -rrequirements.txt
setenv =
COLUMNS=120
commands = docker buildx build --load --progress plain -f _fedora_42.Dockerfile -t pytest_pihole:test_container ../
pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py