diff --git a/.github/dependabot.yml b/.github/dependabot.yml index af9b74db..7a5d2064 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,10 @@ updates: time: "10:00" open-pull-requests-limit: 10 target-branch: development + groups: + github-actions-dependencies: + patterns: + - "*" - package-ecosystem: pip directory: "/test" schedule: @@ -16,3 +20,7 @@ updates: time: "10:00" open-pull-requests-limit: 10 target-branch: development + groups: + python-dependencies: + patterns: + - "*" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index a0dd9a31..34ffb64e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -24,7 +24,7 @@ jobs: days-before-close: 5 stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.' stale-issue-label: '${{ env.stale_label }}' - exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed' + exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed, never-stale' exempt-all-issue-assignees: true operations-per-run: 300 close-issue-reason: 'not_planned' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ac496406..c2e8f951 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -80,10 +80,10 @@ jobs: - name: Checkout repository uses: actions/checkout@v4.2.2 - - name: Set up Python 3.10 + - name: Set up Python uses: actions/setup-python@v5.6.0 with: - python-version: "3.10" + python-version: "3.13" - name: Install wheel run: pip install wheel diff --git a/advanced/Scripts/COL_TABLE b/advanced/Scripts/COL_TABLE index f9a014fc..7d339c0e 100644 --- a/advanced/Scripts/COL_TABLE +++ b/advanced/Scripts/COL_TABLE @@ -1,11 +1,12 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 # Disable warning about unused variables + # Determine if terminal is capable of showing colors -if [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; then +# When COL_TABLE is sourced via gravity invoked by FTL, FORCE_COLOR is set to true +if { [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; } || [ "${FORCE_COLOR}" ]; then # Bold and underline may not show up on all clients # If something MUST be emphasized, use both COL_BOLD='' - COL_ULINE='' - COL_NC='' COL_GRAY='' COL_RED='' @@ -17,8 +18,6 @@ if [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; then else # Provide empty variables for `set -u` COL_BOLD="" - COL_ULINE="" - COL_NC="" COL_GRAY="" COL_RED="" @@ -29,22 +28,8 @@ else COL_CYAN="" fi -# Deprecated variables -COL_WHITE="${COL_BOLD}" -COL_BLACK="${COL_NC}" -COL_LIGHT_BLUE="${COL_BLUE}" -COL_LIGHT_GREEN="${COL_GREEN}" -COL_LIGHT_CYAN="${COL_CYAN}" -COL_LIGHT_RED="${COL_RED}" -COL_URG_RED="${COL_RED}${COL_BOLD}${COL_ULINE}" -COL_LIGHT_PURPLE="${COL_PURPLE}" -COL_BROWN="${COL_YELLOW}" -COL_LIGHT_GRAY="${COL_GRAY}" -COL_DARK_GRAY="${COL_GRAY}" - TICK="[${COL_GREEN}✓${COL_NC}]" CROSS="[${COL_RED}✗${COL_NC}]" INFO="[i]" QST="[?]" -DONE="${COL_GREEN} done!${COL_NC}" OVER="\\r" diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 613a8d86..e5eacd41 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -22,7 +22,8 @@ TestAPIAvailability() { local chaos_api_list authResponse authStatus authData apiAvailable DNSport # as we are running locally, we can get the port value from FTL directly - readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" + PI_HOLE_SCRIPT_DIR="/opt/pihole" + utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # shellcheck source=./advanced/Scripts/utils.sh . "${utilsfile}" diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index beaac5f1..a6df46f2 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -26,7 +26,7 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" warning1() { echo " Please note that changing branches severely alters your Pi-hole subsystems" echo " Features that work on the master branch, may not on a development branch" - echo -e " ${COL_LIGHT_RED}This feature is NOT supported unless a Pi-hole developer explicitly asks!${COL_NC}" + echo -e " ${COL_RED}This feature is NOT supported unless a Pi-hole developer explicitly asks!${COL_NC}" read -r -p " Have you read and understood this? [y/N] " response case "${response}" in [yY][eE][sS]|[yY]) @@ -55,19 +55,19 @@ checkout() { # This is unlikely if ! is_repo "${PI_HOLE_FILES_DIR}" ; then - echo -e " ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!" + echo -e " ${COL_RED}Error: Core Pi-hole repo is missing from system!" echo -e " Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}" exit 1; fi if ! is_repo "${webInterfaceDir}" ; then - echo -e " ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!" + echo -e " ${COL_RED}Error: Web Admin repo is missing from system!" echo -e " Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}" exit 1; fi if [[ -z "${1}" ]]; then - echo -e " ${COL_LIGHT_RED}Invalid option${COL_NC}" + echo -e " ${COL_RED}Invalid option${COL_NC}" echo -e " Try 'pihole checkout --help' for more information." exit 1 fi @@ -238,7 +238,7 @@ checkout() { if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then exit 0 else - echo -e " ${COL_LIGHT_RED} Error: Unable to complete update, please contact support${COL_NC}" + echo -e " ${COL_RED} Error: Unable to complete update, please contact support${COL_NC}" exit 1 fi fi diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 741ff2f4..2b903e50 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -367,7 +367,7 @@ check_firewalld() { # test common required service ports local firewalld_enabled_services firewalld_enabled_services=$(firewall-cmd --list-services) - local firewalld_expected_services=("http" "dns" "dhcp" "dhcpv6") + local firewalld_expected_services=("http" "https" "dns" "dhcp" "dhcpv6" "ntp") for i in "${firewalld_expected_services[@]}"; do if [[ "${firewalld_enabled_services}" =~ ${i} ]]; then log_write "${TICK} ${COL_GREEN} Allow Service: ${i}${COL_NC}"; @@ -388,14 +388,6 @@ check_firewalld() { else log_write "${CROSS} ${COL_RED} Local Interface Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})" fi - # check FTL custom zone port: 4711 - local firewalld_ftl_zone_ports - firewalld_ftl_zone_ports=$(firewall-cmd --zone=ftl --list-ports) - if [[ "${firewalld_ftl_zone_ports}" =~ "4711/tcp" ]]; then - log_write "${TICK} ${COL_GREEN} FTL Port 4711/tcp Detected${COL_NC}"; - else - log_write "${CROSS} ${COL_RED} FTL Port 4711/tcp Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})" - fi else log_write "${CROSS} ${COL_RED}FTL Custom Zone Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})" fi @@ -497,16 +489,25 @@ ping_gateway() { ping_ipv4_or_ipv6 "${protocol}" # Check if we are using IPv4 or IPv6 # Find the default gateways using IPv4 or IPv6 - local gateway gateway_addr gateway_iface + local gateway gateway_addr gateway_iface default_route log_write "${INFO} Default IPv${protocol} gateway(s):" - while IFS= read -r gateway; do - log_write " $(cut -d ' ' -f 3 <<< "${gateway}")%$(cut -d ' ' -f 5 <<< "${gateway}")" - done < <(ip -"${protocol}" route | grep default) + while IFS= read -r default_route; do + gateway_addr=$(jq -r '.gateway' <<< "${default_route}") + gateway_iface=$(jq -r '.dev' <<< "${default_route}") + log_write " ${gateway_addr}%${gateway_iface}" + done < <(ip -j -"${protocol}" route | jq -c '.[] | select(.dst == "default")') + + # Find the first default route + default_route=$(ip -j -"${protocol}" route show default) + if echo "$default_route" | grep 'gateway' | grep -q 'dev'; then + gateway_addr=$(echo "$default_route" | jq -r -c '.[0].gateway') + gateway_iface=$(echo "$default_route" | jq -r -c '.[0].dev') + else + log_write " Unable to determine gateway address for IPv${protocol}" + fi - gateway_addr=$(ip -"${protocol}" route | grep default | cut -d ' ' -f 3 | head -n 1) - gateway_iface=$(ip -"${protocol}" route | grep default | cut -d ' ' -f 5 | head -n 1) # If there was at least one gateway if [ -n "${gateway_addr}" ]; then # Append the interface to the gateway address if it is a link-local address diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 51c1b1a1..4e0d973e 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -47,7 +47,7 @@ GitCheckUpdateAvail() { # Fetch latest changes in this repo if ! git fetch --quiet origin ; then - echo -e "\\n ${COL_LIGHT_RED}Error: Unable to update local repository. Contact Pi-hole Support.${COL_NC}" + echo -e "\\n ${COL_RED}Error: Unable to update local repository. Contact Pi-hole Support.${COL_NC}" exit 1 fi @@ -76,13 +76,13 @@ GitCheckUpdateAvail() { if [[ "${#LOCAL}" == 0 ]]; then - echo -e "\\n ${COL_LIGHT_RED}Error: Local revision could not be obtained, please contact Pi-hole Support" + echo -e "\\n ${COL_RED}Error: Local revision could not be obtained, please contact Pi-hole Support" echo -e " Additional debugging output:${COL_NC}" git status exit 1 fi if [[ "${#REMOTE}" == 0 ]]; then - echo -e "\\n ${COL_LIGHT_RED}Error: Remote revision could not be obtained, please contact Pi-hole Support" + echo -e "\\n ${COL_RED}Error: Remote revision could not be obtained, please contact Pi-hole Support" echo -e " Additional debugging output:${COL_NC}" git status exit 1 @@ -103,7 +103,7 @@ GitCheckUpdateAvail() { } main() { - local basicError="\\n ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}" + local basicError="\\n ${COL_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}" local core_update local web_update local FTL_update @@ -120,7 +120,7 @@ main() { # This is unlikely if ! is_repo "${PI_HOLE_FILES_DIR}" ; then - echo -e "\\n ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!" + echo -e "\\n ${COL_RED}Error: Core Pi-hole repo is missing from system!" echo -e " Please re-run install script from https://pi-hole.net${COL_NC}" exit 1; fi @@ -132,11 +132,11 @@ main() { echo -e " ${INFO} Pi-hole Core:\\t${COL_YELLOW}update available${COL_NC}" else core_update=false - echo -e " ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" + echo -e " ${INFO} Pi-hole Core:\\t${COL_GREEN}up to date${COL_NC}" fi if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then - echo -e "\\n ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!" + echo -e "\\n ${COL_RED}Error: Web Admin repo is missing from system!" echo -e " Please re-run install script from https://pi-hole.net${COL_NC}" exit 1; fi @@ -146,7 +146,7 @@ main() { echo -e " ${INFO} Web Interface:\\t${COL_YELLOW}update available${COL_NC}" else web_update=false - echo -e " ${INFO} Web Interface:\\t${COL_LIGHT_GREEN}up to date${COL_NC}" + echo -e " ${INFO} Web Interface:\\t${COL_GREEN}up to date${COL_NC}" fi local funcOutput @@ -160,17 +160,18 @@ main() { else case $? in 1) - echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}" + echo -e " ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}" ;; 2) - echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_LIGHT_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch." + echo -e " ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch." + exit 1 ;; 3) - echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Something has gone wrong, cannot reach download server${COL_NC}" + echo -e " ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}" exit 1 ;; *) - echo -e " ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Something has gone wrong, contact support${COL_NC}" + echo -e " ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}" exit 1 esac FTL_update=false @@ -187,7 +188,7 @@ main() { if [[ ! "${ftlBranch}" == "master" && ! "${ftlBranch}" == "development" ]]; then # Notify user that they are on a custom branch which might mean they they are lost # behind if a branch was merged to development and got abandoned - printf " %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}" "${ftlBranch}" + printf " %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_RED}" "${COL_NC}" "${ftlBranch}" fi if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 279dc1d1..ac467dda 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -173,13 +173,11 @@ if [[ -f "${coltable}" ]]; then else # Set these values so the installer can still run in color COL_NC='\e[0m' # No Color - COL_LIGHT_GREEN='\e[1;32m' - COL_LIGHT_RED='\e[1;31m' - TICK="[${COL_LIGHT_GREEN}✓${COL_NC}]" - CROSS="[${COL_LIGHT_RED}✗${COL_NC}]" + COL_GREEN='\e[1;32m' + COL_RED='\e[1;31m' + TICK="[${COL_GREEN}✓${COL_NC}]" + CROSS="[${COL_RED}✗${COL_NC}]" INFO="[i]" - # shellcheck disable=SC2034 - DONE="${COL_LIGHT_GREEN} done!${COL_NC}" OVER="\\r\\033[K" fi @@ -187,13 +185,13 @@ fi # This lets users know that it is a Pi-hole, LLC product show_ascii_berry() { echo -e " - ${COL_LIGHT_GREEN}.;;,. + ${COL_GREEN}.;;,. .ccccc:,. :cccclll:. ..,, :ccccclll. ;ooodc 'ccll:;ll .oooodc .;cll.;;looo:. - ${COL_LIGHT_RED}.. ','. + ${COL_RED}.. ','. .',,,,,,'. .',,,,,,,,,,. .',,,,,,,,,,,,.... @@ -215,7 +213,7 @@ abort() { # remove any leftover build directory that may exist rm -rf /tmp/pihole-meta_* - echo -e "\\n\\n ${COL_LIGHT_RED}Installation was interrupted${COL_NC}\\n" + echo -e "\\n\\n ${COL_RED}Installation was interrupted${COL_NC}\\n" echo -e "Pi-hole's dependencies might be already installed. If you want to remove them you can try to\\n" echo -e "a) run 'pihole uninstall' \\n" echo -e "b) Remove the meta-package 'pihole-meta' manually \\n" @@ -231,6 +229,13 @@ is_command() { command -v "${check_command}" >/dev/null 2>&1 } +check_fresh_install() { + # in case of an update (can be a v5 -> v6 or v6 -> v6 update) or repair + if [[ -f "${PI_HOLE_V6_CONFIG}" ]] || [[ -f "/etc/pihole/setupVars.conf" ]]; then + fresh_install=false + fi +} + # Compatibility package_manager_detect() { @@ -247,8 +252,6 @@ package_manager_detect() { PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" # The command we will use to remove packages (used in the uninstaller) PKG_REMOVE="${PKG_MANAGER} -y remove --purge" - # Update package cache - update_package_cache || exit 1 # If apt-get is not found, check for rpm. elif is_command rpm; then @@ -308,7 +311,7 @@ build_dependency_package(){ printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" else printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf "%b Error: Building pihole-meta.deb failed. %b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf "%b Error: Building pihole-meta.deb failed. %b\\n" "${COL_RED}" "${COL_NC}" return 1 fi @@ -341,7 +344,7 @@ build_dependency_package(){ printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" else printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf "%b Error: Building pihole-meta.rpm failed. %b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf "%b Error: Building pihole-meta.rpm failed. %b\\n" "${COL_RED}" "${COL_NC}" return 1 fi @@ -483,7 +486,7 @@ getGitFiles() { printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" # Update the repo, returning an error message on failure update_repo "${directory}" || { - printf "\\n %b: Could not update local repository. Contact support.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf "\\n %b: Could not update local repository. Contact support.%b\\n" "${COL_RED}" "${COL_NC}" exit 1 } # If it's not a .git repo, @@ -492,7 +495,7 @@ getGitFiles() { printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" # Attempt to make the repository, showing an error on failure make_repo "${directory}" "${remoteRepo}" || { - printf "\\n %bError: Could not update local repository. Contact support.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf "\\n %bError: Could not update local repository. Contact support.%b\\n" "${COL_RED}" "${COL_NC}" exit 1 } fi @@ -577,7 +580,10 @@ Do you wish to continue with an IPv6-only installation?\\n\\n" \ # Get available interfaces that are UP get_available_interfaces() { # There may be more than one so it's all stored in a variable - availableInterfaces=$(ip --oneline link show up | awk '{print $2}' | grep -v "^lo" | cut -d':' -f1 | cut -d'@' -f1) + # The ip command list all interfaces that are in the up state + # The awk command filters out any interfaces that have the LOOPBACK flag set + # while using the characters ": " or "@" as a field separator for awk + availableInterfaces=$(ip --oneline link show up | awk -F ': |@' '!/<.*LOOPBACK.*>/ {print $2}') } # A function for displaying the dialogs the user sees when first running the installer @@ -807,7 +813,7 @@ setDNS() { result=$? case ${result} in "${DIALOG_CANCEL}" | "${DIALOG_ESC}") - printf " %b Cancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf " %b Cancel was selected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}" exit 1 ;; esac @@ -844,7 +850,7 @@ If you want to specify a port other than 53, separate it with a hash.\ result=$? case ${result} in "${DIALOG_CANCEL}" | "${DIALOG_ESC}") - printf " %b Cancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf " %b Cancel was selected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}" exit 1 ;; esac @@ -898,7 +904,7 @@ If you want to specify a port other than 53, separate it with a hash.\ DNSSettingsCorrect=False ;; "${DIALOG_ESC}") - printf " %b Escape pressed, exiting installer at DNS Settings%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf " %b Escape pressed, exiting installer at DNS Settings%b\\n" "${COL_RED}" "${COL_NC}" exit 1 ;; esac @@ -949,7 +955,7 @@ setLogging() { ;; "${DIALOG_ESC}") # User pressed - printf " %b Escape pressed, exiting installer at Query Logging choice.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf " %b Escape pressed, exiting installer at Query Logging choice.%b\\n" "${COL_RED}" "${COL_NC}" exit 1 ;; esac @@ -974,7 +980,7 @@ setPrivacyLevel() { printf " %b Using privacy level: %s\\n" "${INFO}" "${PRIVACY_LEVEL}" ;; "${DIALOG_CANCEL}" | "${DIALOG_ESC}") - printf " %b Cancelled privacy level selection.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf " %b Cancelled privacy level selection.%b\\n" "${COL_RED}" "${COL_NC}" exit 1 ;; esac @@ -1008,7 +1014,7 @@ chooseBlocklists() { ;; "${DIALOG_ESC}") # User pressed - printf " %b Escape pressed, exiting installer at blocklist choice.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf " %b Escape pressed, exiting installer at blocklist choice.%b\\n" "${COL_RED}" "${COL_NC}" exit 1 ;; esac @@ -1134,7 +1140,7 @@ installScripts() { else # Otherwise, show an error and exit printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf "\\t\\t%bError: Local repo %s not found, exiting installer%b\\n" "${COL_LIGHT_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}" + printf "\\t\\t%bError: Local repo %s not found, exiting installer%b\\n" "${COL_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}" return 1 fi } @@ -1149,7 +1155,7 @@ installConfigs() { # Install empty custom.list file if it does not exist if [[ ! -r "${PI_HOLE_CONFIG_DIR}/hosts/custom.list" ]]; then if ! install -D -T -o pihole -g pihole -m 660 /dev/null "${PI_HOLE_CONFIG_DIR}/hosts/custom.list" &>/dev/null; then - printf " %b Error: Unable to initialize configuration file %s/custom.list\\n" "${COL_LIGHT_RED}" "${PI_HOLE_CONFIG_DIR}/hosts" + printf " %b Error: Unable to initialize configuration file %s/custom.list\\n" "${COL_RED}" "${PI_HOLE_CONFIG_DIR}/hosts" return 1 fi fi @@ -1328,7 +1334,7 @@ update_package_cache() { UPDATE_PKG_CACHE="apt update" fi printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %b Error: Unable to update package cache. Please try \"%s\"%b\\n" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" + printf " %b Error: Unable to update package cache. Please try \"%s\"%b\\n" "${COL_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}" return 1 fi } @@ -1346,7 +1352,7 @@ notify_package_updates_available() { printf "%b %b %s... up to date!\\n\\n" "${OVER}" "${TICK}" "${str}" else printf "%b %b %s... %s updates available\\n" "${OVER}" "${TICK}" "${str}" "${updatesToInstall}" - printf " %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}" + printf " %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_GREEN}" "${COL_NC}" fi } @@ -1363,11 +1369,11 @@ install_dependent_packages() { rm /tmp/pihole-meta.deb else printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_LIGHT_RED}" + printf " %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_RED}" return 1 fi else - printf " %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_LIGHT_RED}" + printf " %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_RED}" return 1 fi # Install Fedora/CentOS packages @@ -1378,11 +1384,11 @@ install_dependent_packages() { rm /tmp/pihole-meta.rpm else printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_LIGHT_RED}" + printf " %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_RED}" return 1 fi else - printf " %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_LIGHT_RED}" + printf " %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_RED}" return 1 fi @@ -1611,13 +1617,13 @@ checkSelinux() { if [[ "${SELINUX_ENFORCING}" -eq 1 ]] && [[ -z "${PIHOLE_SELINUX}" ]]; then printf " Pi-hole does not provide an SELinux policy as the required changes modify the security of your system.\\n" printf " Please refer to https://wiki.centos.org/HowTos/SELinux if SELinux is required for your deployment.\\n" - printf " This check can be skipped by setting the environment variable %bPIHOLE_SELINUX%b to %btrue%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" "${COL_LIGHT_RED}" "${COL_NC}" + printf " This check can be skipped by setting the environment variable %bPIHOLE_SELINUX%b to %btrue%b\\n" "${COL_RED}" "${COL_NC}" "${COL_RED}" "${COL_NC}" printf " e.g: export PIHOLE_SELINUX=true\\n" printf " By setting this variable to true you acknowledge there may be issues with Pi-hole during or after the install\\n" - printf "\\n %bSELinux Enforcing detected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" + printf "\\n %bSELinux Enforcing detected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}" exit 1 elif [[ "${SELINUX_ENFORCING}" -eq 1 ]] && [[ -n "${PIHOLE_SELINUX}" ]]; then - printf " %b %bSELinux Enforcing detected%b. PIHOLE_SELINUX env variable set - installer will continue\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}" + printf " %b %bSELinux Enforcing detected%b. PIHOLE_SELINUX env variable set - installer will continue\\n" "${INFO}" "${COL_RED}" "${COL_NC}" fi } @@ -1715,13 +1721,13 @@ clone_or_reset_repos() { # Reset the Core repo resetRepo ${PI_HOLE_LOCAL_REPO} || { - printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_LIGHT_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}" + printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}" exit 1 } # Reset the Web repo resetRepo ${webInterfaceDir} || { - printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_LIGHT_RED}" "${webInterfaceDir}" "${COL_NC}" + printf " %b Unable to reset %s, exiting installer%b\\n" "${COL_RED}" "${webInterfaceDir}" "${COL_NC}" exit 1 } # Otherwise, a fresh installation is happening @@ -1729,13 +1735,13 @@ clone_or_reset_repos() { # so get git files for Core getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} || { - printf " %b Unable to clone %s into %s, unable to continue%b\\n" "${COL_LIGHT_RED}" "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}" + printf " %b Unable to clone %s into %s, unable to continue%b\\n" "${COL_RED}" "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}" exit 1 } # get the Web git files getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl} || { - printf " %b Unable to clone %s into ${webInterfaceDir}, exiting installer%b\\n" "${COL_LIGHT_RED}" "${webInterfaceGitUrl}" "${COL_NC}" + printf " %b Unable to clone %s into ${webInterfaceDir}, exiting installer%b\\n" "${COL_RED}" "${webInterfaceGitUrl}" "${COL_NC}" exit 1 } fi @@ -1811,7 +1817,7 @@ FTLinstall() { return 1 } printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" - printf " %b Error: Download of %s/%s failed (checksum error)%b\\n" "${COL_LIGHT_RED}" "${url}" "${binary}" "${COL_NC}" + printf " %b Error: Download of %s/%s failed (checksum error)%b\\n" "${COL_RED}" "${url}" "${binary}" "${COL_NC}" # Remove temp dir remove_dir "${tempdir}" @@ -1825,7 +1831,7 @@ FTLinstall() { } printf "%b %b %s\\n" "${OVER}" "${CROSS}" "${str}" # The URL could not be found - printf " %b Error: URL %s/%s not found%b\\n" "${COL_LIGHT_RED}" "${url}" "${binary}" "${COL_NC}" + printf " %b Error: URL %s/%s not found%b\\n" "${COL_RED}" "${url}" "${binary}" "${COL_NC}" # Remove temp dir remove_dir "${tempdir}" @@ -1902,7 +1908,7 @@ get_binary_name() { # Something else - we try to use 32bit executable and warn the user if [[ ! "${machine}" == "i686" ]]; then printf "%b %b %s...\\n" "${OVER}" "${CROSS}" "${str}" - printf " %b %bNot able to detect architecture (unknown: %s), trying x86 (32bit) executable%b\\n" "${INFO}" "${COL_LIGHT_RED}" "${machine}" "${COL_NC}" + printf " %b %bNot able to detect architecture (unknown: %s), trying x86 (32bit) executable%b\\n" "${INFO}" "${COL_RED}" "${machine}" "${COL_NC}" printf " %b Contact Pi-hole Support if you experience issues (e.g: FTL not running)\\n" "${INFO}" else printf "%b %b Detected 32bit (i686) architecture\\n" "${OVER}" "${TICK}" @@ -1940,12 +1946,12 @@ FTLcheckUpdate() { path="${ftlBranch}/${binary}" # Check whether or not the binary for this FTL branch actually exists. If not, then there is no update! + local status if ! check_download_exists "$path"; then - local status status=$? if [ "${status}" -eq 1 ]; then printf " %b Branch \"%s\" is not available.\\n" "${INFO}" "${ftlBranch}" - printf " %b Use %bpihole checkout ftl [branchname]%b to switch to a valid branch.\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}" + printf " %b Use %bpihole checkout ftl [branchname]%b to switch to a valid branch.\\n" "${INFO}" "${COL_GREEN}" "${COL_NC}" elif [ "${status}" -eq 2 ]; then printf " %b Unable to download from ftl.pi-hole.net. Please check your Internet connection and try again later.\\n" "${CROSS}" return 3 @@ -2031,6 +2037,11 @@ FTLdetect() { if FTLcheckUpdate "${1}"; then FTLinstall "${1}" || return 1 + else + case $? in + 1) :;; # FTL is up-to-date + *) exit 1;; # 404 (2), other HTTP or curl error (3), unknown (4) + esac fi } @@ -2158,7 +2169,7 @@ main() { else # Otherwise, they do not have enough privileges, so let the user know printf " %b %s\\n" "${INFO}" "${str}" - printf " %b %bScript called with non-root privileges%b\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}" + printf " %b %bScript called with non-root privileges%b\\n" "${INFO}" "${COL_RED}" "${COL_NC}" printf " The Pi-hole requires elevated privileges to install and run\\n" printf " Please check the installer for any concerns regarding this requirement\\n" printf " Make sure to download this script from a trusted source\\n\\n" @@ -2182,7 +2193,7 @@ main() { # Otherwise, tell the user they need to run the script as root, and bail printf "%b %b Sudo utility check\\n" "${OVER}" "${CROSS}" printf " %b Sudo is needed for the Web Interface to run pihole commands\\n\\n" "${INFO}" - printf " %b %bPlease re-run this installer as root${COL_NC}\\n" "${INFO}" "${COL_LIGHT_RED}" + printf " %b %bPlease re-run this installer as root${COL_NC}\\n" "${INFO}" "${COL_RED}" exit 1 fi fi @@ -2193,9 +2204,17 @@ main() { # Check for availability of either the "service" or "systemctl" commands check_service_command + # Check if this is a fresh install or an update/repair + check_fresh_install + # Check for supported package managers so that we may install dependencies package_manager_detect + # Update package cache only on apt based systems + if is_command apt-get; then + update_package_cache || exit 1 + fi + # Notify user of package availability notify_package_updates_available @@ -2216,10 +2235,7 @@ main() { exit 1 fi - # in case of an update (can be a v5 -> v6 or v6 -> v6 update) or repair - if [[ -f "${PI_HOLE_V6_CONFIG}" ]] || [[ -f "/etc/pihole/setupVars.conf" ]]; then - # retain settings - fresh_install=false + if [[ "${fresh_install}" == false ]]; then # if it's running unattended, if [[ "${runUnattended}" == true ]]; then printf " %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}" @@ -2367,8 +2383,10 @@ main() { printf " %b If you have not done so already, the above IP should be set to static.\\n" "${INFO}" printf " %b View the web interface at http://pi.hole:${WEBPORT}/admin or http://%s/admin\\n\\n" "${INFO}" "${IPV4_ADDRESS%/*}:${WEBPORT}" - printf " %b Web Interface password: %b%s%b\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${pw}" "${COL_NC}" + printf " %b Web Interface password: %b%s%b\\n" "${INFO}" "${COL_GREEN}" "${pw}" "${COL_NC}" printf " %b This can be changed using 'pihole setpassword'\\n\\n" "${INFO}" + printf " %b To allow your user to use all CLI functions without authentication, refer to\\n" "${INFO}" + printf " our documentation at: https://docs.pi-hole.net/main/post-install/\\n\\n" # Final dialog message to the user dialog --no-shadow --keep-tite \ @@ -2377,7 +2395,11 @@ main() { \\n\\nIPv4: ${IPV4_ADDRESS%/*}\ \\nIPv6: ${IPV6_ADDRESS:-"Not Configured"}\ \\nIf you have not done so already, the above IP should be set to static.\ -\\nView the web interface at http://pi.hole/admin:${WEBPORT} or http://${IPV4_ADDRESS%/*}:${WEBPORT}/admin\\n\\nYour Admin Webpage login password is ${pw}" "${r}" "${c}" +\\nView the web interface at http://pi.hole/admin:${WEBPORT} or http://${IPV4_ADDRESS%/*}:${WEBPORT}/admin\\n\\nYour Admin Webpage login password is ${pw}\ +\\n +\\n +\\nTo allow your user to use all CLI functions without authentication,\ +\\nrefer to https://docs.pi-hole.net/main/post-install/" "${r}" "${c}" INSTALL_TYPE="Installation" else @@ -2386,7 +2408,7 @@ main() { # Display where the log file is printf "\\n %b The install log is located at: %s\\n" "${INFO}" "${installLogLoc}" - printf " %b %b%s complete! %b\\n" "${TICK}" "${COL_LIGHT_GREEN}" "${INSTALL_TYPE}" "${COL_NC}" + printf " %b %b%s complete! %b\\n" "${TICK}" "${COL_GREEN}" "${INSTALL_TYPE}" "${COL_NC}" if [[ "${INSTALL_TYPE}" == "Update" ]]; then printf "\\n" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index a158e595..e8dec36a 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -17,10 +17,10 @@ ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfig readonly ADMIN_INTERFACE_DIR while true; do - read -rp " ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer + read -rp " ${QST} Are you sure you would like to remove ${COL_BOLD}Pi-hole${COL_NC}? [y/N] " answer case ${answer} in [Yy]* ) break;; - * ) echo -e "${OVER} ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;; + * ) echo -e "${OVER} ${COL_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;; esac done @@ -150,11 +150,11 @@ removePiholeFiles() { echo -e "\\n We're sorry to see you go, but thanks for checking out Pi-hole! If you need help, reach out to us on GitHub, Discourse, Reddit or Twitter - Reinstall at any time: ${COL_WHITE}curl -sSL https://install.pi-hole.net | bash${COL_NC} + Reinstall at any time: ${COL_BOLD}curl -sSL https://install.pi-hole.net | bash${COL_NC} - ${COL_LIGHT_RED}Please reset the DNS on your router/clients to restore internet connectivity${COL_NC} + ${COL_RED}Please reset the DNS on your router/clients to restore internet connectivity${COL_NC} ${INFO} Pi-hole's meta package has been removed, use the 'autoremove' function from your package manager to remove unused dependencies${COL_NC} - ${COL_LIGHT_GREEN}Uninstallation Complete! ${COL_NC}" + ${COL_GREEN}Uninstallation Complete! ${COL_NC}" } ######### SCRIPT ########### diff --git a/gravity.sh b/gravity.sh index 16e459c6..fd5d45de 100755 --- a/gravity.sh +++ b/gravity.sh @@ -50,7 +50,7 @@ etag_support=false # Check gravity temp directory if [ ! -d "${GRAVITY_TMPDIR}" ] || [ ! -w "${GRAVITY_TMPDIR}" ]; then - echo -e " ${COL_LIGHT_RED}Gravity temporary directory does not exist or is not a writeable directory, falling back to /tmp. ${COL_NC}" + echo -e " ${COL_RED}Gravity temporary directory does not exist or is not a writeable directory, falling back to /tmp. ${COL_NC}" GRAVITY_TMPDIR="/tmp" fi @@ -608,8 +608,10 @@ compareLists() { # Download specified URL and perform checks on HTTP status and file content gravity_DownloadBlocklistFromUrl() { local url="${1}" adlistID="${2}" saveLocation="${3}" compression="${4}" gravity_type="${5}" domain="${6}" - local modifiedOptions="" listCurlBuffer str httpCode success="" ip cmd_ext + local listCurlBuffer str httpCode success="" ip customUpstreamResolver="" local file_path permissions ip_addr port blocked=false download=true + # modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream + local modifiedOptions=() # Create temp file to store content on disk instead of RAM # We don't use '--suffix' here because not all implementations of mktemp support it, e.g. on Alpine @@ -626,14 +628,14 @@ gravity_DownloadBlocklistFromUrl() { # Save HTTP ETag to the specified file. An ETag is a caching related header, # usually returned in a response. If no ETag is sent by the server, an empty # file is created and can later be used consistently. - modifiedOptions="--etag-save ${saveLocation}.etag" + modifiedOptions=("${modifiedOptions[@]}" --etag-save "${saveLocation}".etag) if [[ -f "${saveLocation}.etag" ]]; then # This option makes a conditional HTTP request for the specific ETag read # from the given file by sending a custom If-None-Match header using the # stored ETag. This way, the server will only send the file if it has # changed since the last request. - modifiedOptions="${modifiedOptions} --etag-compare ${saveLocation}.etag" + modifiedOptions=("${modifiedOptions[@]}" --etag-compare "${saveLocation}".etag) fi fi @@ -646,7 +648,7 @@ gravity_DownloadBlocklistFromUrl() { # Interstingly, this option is not supported by raw.githubusercontent.com # URLs, however, it is still supported by many older web servers which may # not support the HTTP ETag method so we keep it as a fallback. - modifiedOptions="${modifiedOptions} -z ${saveLocation}" + modifiedOptions=("${modifiedOptions[@]}" -z "${saveLocation}") fi fi @@ -712,7 +714,7 @@ gravity_DownloadBlocklistFromUrl() { fi echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by one of your lists. Using DNS server ${upstream} instead" echo -ne " ${INFO} ${str} Pending..." - cmd_ext="--resolve $domain:$port:$ip" + customUpstreamResolver="--resolve $domain:$port:$ip" fi fi @@ -750,9 +752,7 @@ gravity_DownloadBlocklistFromUrl() { fi if [[ "${download}" == true ]]; then - # See https://github.com/pi-hole/pi-hole/issues/6159 for justification of the below disable directive - # shellcheck disable=SC2086 - httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${modifiedOptions} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null) + httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression:+${compression}} ${customUpstreamResolver:+${customUpstreamResolver}} "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null) fi case $url in @@ -821,13 +821,13 @@ gravity_DownloadBlocklistFromUrl() { if [[ "${done}" != "true" ]]; then # Determine if cached list has read permission if [[ -r "${saveLocation}" ]]; then - echo -e " ${CROSS} List download failed: ${COL_LIGHT_GREEN}using previously cached list${COL_NC}" + echo -e " ${CROSS} List download failed: ${COL_GREEN}using previously cached list${COL_NC}" # Set list status to "download-failed/cached" database_adlist_status "${adlistID}" "3" # Add domains to database table file pihole-FTL "${gravity_type}" parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}" else - echo -e " ${CROSS} List download failed: ${COL_LIGHT_RED}no cached list available${COL_NC}" + echo -e " ${CROSS} List download failed: ${COL_RED}no cached list available${COL_NC}" # Manually reset these two numbers because we do not call parseList here database_adlist_number "${adlistID}" 0 0 database_adlist_status "${adlistID}" "4" @@ -864,7 +864,7 @@ gravity_ShowCount() { # Trap Ctrl-C gravity_Trap() { - trap '{ echo -e "\\n\\n ${INFO} ${COL_LIGHT_RED}User-abort detected${COL_NC}"; gravity_Cleanup "error"; }' INT + trap '{ echo -e "\\n\\n ${INFO} ${COL_RED}User-abort detected${COL_NC}"; gravity_Cleanup "error"; }' INT } # Clean up after Gravity upon exit or cancellation diff --git a/pihole b/pihole index 1dfab754..c1566ed7 100755 --- a/pihole +++ b/pihole @@ -238,7 +238,7 @@ Time: fi if [[ ${error} == true ]];then - echo -e " ${COL_LIGHT_RED}Unknown format for blocking timer!${COL_NC}" + echo -e " ${COL_RED}Unknown format for blocking timer!${COL_NC}" echo -e " Try 'pihole disable --help' for more information." exit 1 fi @@ -293,7 +293,7 @@ Options: echo -e " ${INFO} Enabling logging..." local str="Logging has been enabled!" else - echo -e " ${COL_LIGHT_RED}Invalid option${COL_NC} + echo -e " ${COL_RED}Invalid option${COL_NC} Try 'pihole logging --help' for more information." exit 1 fi @@ -396,7 +396,7 @@ tailFunc() { # Color blocklist/denylist/wildcard entries as red # Color A/AAAA/DHCP strings as white # Color everything else as gray - tail -f $LOGFILE | grep --line-buffered "${1}" | sed -E \ + tail -f $LOGFILE | grep --line-buffered -- "${1}" | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \ -e "s,(.*(denied |gravity blocked ).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ @@ -570,9 +570,9 @@ if [[ -z ${USER} ]]; then USER=$(whoami) fi -# Check if the current user is neither root nor pihole and if the command +# Check if the current user is not root and if the command # requires root. If so, exit with an error message. -if [[ $EUID -ne 0 && ${USER} != "pihole" && need_root -eq 1 ]];then +if [[ $EUID -ne 0 && need_root -eq 1 ]];then echo -e " ${CROSS} The Pi-hole command requires root privileges, try:" echo -e " ${COL_GREEN}sudo pihole $*${COL_NC}" exit 1 diff --git a/test/requirements.txt b/test/requirements.txt index b273c351..92f78840 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,6 +1,6 @@ pyyaml == 6.0.2 -pytest == 8.3.5 -pytest-xdist == 3.6.1 +pytest == 8.4.1 +pytest-xdist == 3.8.0 pytest-testinfra == 10.2.2 -tox == 4.26.0 +tox == 4.27.0 pytest-clarity == 1.0.1 diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 0fa0453a..cf4b454d 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -89,10 +89,8 @@ def test_installPihole_fresh_install_readableFiles(host): export DEBIAN_FRONTEND=noninteractive umask 0027 runUnattended=true - fresh_install=false source /opt/pihole/basic-install.sh > /dev/null runUnattended=true - fresh_install=false main /opt/pihole/pihole-FTL-prestart.sh """ @@ -473,6 +471,7 @@ def test_package_manager_has_pihole_deps(host): """ source /opt/pihole/basic-install.sh package_manager_detect + update_package_cache build_dependency_package install_dependent_packages """ @@ -489,6 +488,7 @@ def test_meta_package_uninstall(host): """ source /opt/pihole/basic-install.sh package_manager_detect + update_package_cache build_dependency_package install_dependent_packages """