Compare commits
4 Commits
7a352e61bc
...
tweak/grav
| Author | SHA1 | Date | |
|---|---|---|---|
|
ac78066657 | ||
|
|
f4a395cb06 | ||
|
|
0cfc02cbab | ||
|
|
4e191da1a0 |
8
.github/workflows/codeql-analysis.yml
vendored
8
.github/workflows/codeql-analysis.yml
vendored
@@ -25,16 +25,16 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout repository
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
-
|
||||
name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 #v4.31.7
|
||||
uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
|
||||
with:
|
||||
languages: 'python'
|
||||
-
|
||||
name: Autobuild
|
||||
uses: github/codeql-action/autobuild@cf1bb45a277cb3c205638b2cd5c984db1c46a412 #v4.31.7
|
||||
uses: github/codeql-action/autobuild@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
|
||||
-
|
||||
name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 #v4.31.7
|
||||
uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
|
||||
|
||||
4
.github/workflows/stale.yml
vendored
4
.github/workflows/stale.yml
vendored
@@ -17,7 +17,7 @@ jobs:
|
||||
issues: write
|
||||
|
||||
steps:
|
||||
- uses: actions/stale@997185467fa4f803885201cee163a9f38240193d #v10.1.1
|
||||
- uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 #v10.1.0
|
||||
with:
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
days-before-stale: 30
|
||||
@@ -40,7 +40,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
||||
- name: Remove 'stale' label
|
||||
run: gh issue edit ${{ github.event.issue.number }} --remove-label ${{ env.stale_label }}
|
||||
env:
|
||||
|
||||
2
.github/workflows/stale_pr.yml
vendored
2
.github/workflows/stale_pr.yml
vendored
@@ -17,7 +17,7 @@ jobs:
|
||||
pull-requests: write
|
||||
|
||||
steps:
|
||||
- uses: actions/stale@997185467fa4f803885201cee163a9f38240193d #v10.1.1
|
||||
- uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 #v10.1.0
|
||||
with:
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
# Do not automatically mark PR/issue as stale
|
||||
|
||||
2
.github/workflows/sync-back-to-dev.yml
vendored
2
.github/workflows/sync-back-to-dev.yml
vendored
@@ -33,7 +33,7 @@ jobs:
|
||||
name: Syncing branches
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
||||
- name: Opening pull request
|
||||
run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal'
|
||||
env:
|
||||
|
||||
18
.github/workflows/test.yml
vendored
18
.github/workflows/test.yml
vendored
@@ -18,7 +18,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
||||
with:
|
||||
fetch-depth: 0 # Differential ShellCheck requires full git history
|
||||
|
||||
@@ -36,24 +36,20 @@ jobs:
|
||||
severity: warning
|
||||
display-engine: sarif-fmt
|
||||
|
||||
- name: Secret Scanning with TruffleHog
|
||||
uses: trufflesecurity/trufflehog@821e8b9e5cdf8dc484dd23e06f78941fcf6b9191 #v3.91.2
|
||||
with:
|
||||
extra_args: --results=verified,unknown
|
||||
|
||||
- name: Spell-Checking
|
||||
uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 #v2.2
|
||||
uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 #v2.1
|
||||
with:
|
||||
ignore_words_file: .codespellignore
|
||||
|
||||
- name: Get editorconfig-checker
|
||||
uses: editorconfig-checker/action-editorconfig-checker@4b6cd6190d435e7e084fb35e36a096e98506f7b9 #v2.1.0
|
||||
uses: editorconfig-checker/action-editorconfig-checker@1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4 # tag v2. is really out of date
|
||||
|
||||
- name: Run editorconfig-checker
|
||||
run: editorconfig-checker
|
||||
|
||||
- name: Check python code formatting with black
|
||||
uses: psf/black@05f0a8ce1f71fbb36e1e032d3b518c7b945089a2 #25.11.0
|
||||
uses: psf/black@af0ba72a73598c76189d6dd1b21d8532255d5942 #25.9.0
|
||||
with:
|
||||
src: "./test"
|
||||
options: "--check --diff --color"
|
||||
@@ -78,19 +74,17 @@ jobs:
|
||||
fedora_40,
|
||||
fedora_41,
|
||||
fedora_42,
|
||||
fedora_43,
|
||||
alpine_3_21,
|
||||
alpine_3_22,
|
||||
alpine_3_23,
|
||||
]
|
||||
env:
|
||||
DISTRO: ${{matrix.distro}}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 #v6.1.0
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0
|
||||
with:
|
||||
python-version: "3.13"
|
||||
|
||||
|
||||
@@ -375,6 +375,22 @@ check_firewalld() {
|
||||
log_write "${CROSS} ${COL_RED} Allow Service: ${i}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
|
||||
fi
|
||||
done
|
||||
# check for custom FTL FirewallD zone
|
||||
local firewalld_zones
|
||||
firewalld_zones=$(firewall-cmd --get-zones)
|
||||
if [[ "${firewalld_zones}" =~ "ftl" ]]; then
|
||||
log_write "${TICK} ${COL_GREEN}FTL Custom Zone Detected${COL_NC}";
|
||||
# check FTL custom zone interface: lo
|
||||
local firewalld_ftl_zone_interfaces
|
||||
firewalld_ftl_zone_interfaces=$(firewall-cmd --zone=ftl --list-interfaces)
|
||||
if [[ "${firewalld_ftl_zone_interfaces}" =~ "lo" ]]; then
|
||||
log_write "${TICK} ${COL_GREEN} Local Interface Detected${COL_NC}";
|
||||
else
|
||||
log_write "${CROSS} ${COL_RED} Local Interface Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
|
||||
fi
|
||||
else
|
||||
log_write "${CROSS} ${COL_RED}FTL Custom Zone Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
log_write "${TICK} ${COL_GREEN}Firewalld service not detected${COL_NC}";
|
||||
@@ -577,21 +593,18 @@ check_required_ports() {
|
||||
# Add port 53
|
||||
ports_configured+=("53")
|
||||
|
||||
local protocol_type port_number service_name
|
||||
# Now that we have the values stored,
|
||||
for i in "${!ports_in_use[@]}"; do
|
||||
# loop through them and assign some local variables
|
||||
read -r protocol_type port_number service_name <<< "$(
|
||||
awk '{
|
||||
p=$1; n=$5; s=$7
|
||||
gsub(/users:\(\("/,"",s)
|
||||
gsub(/".*/,"",s)
|
||||
print p, n, s
|
||||
}' <<< "${ports_in_use[$i]}"
|
||||
)"
|
||||
local service_name
|
||||
service_name=$(echo "${ports_in_use[$i]}" | awk '{gsub(/users:\(\("/,"",$7);gsub(/".*/,"",$7);print $7}')
|
||||
local protocol_type
|
||||
protocol_type=$(echo "${ports_in_use[$i]}" | awk '{print $1}')
|
||||
local port_number
|
||||
port_number="$(echo "${ports_in_use[$i]}" | awk '{print $5}')" # | awk '{gsub(/^.*:/,"",$5);print $5}')
|
||||
|
||||
# Check if the right services are using the right ports
|
||||
if [[ ${ports_configured[*]} =~ ${port_number##*:} ]]; then
|
||||
if [[ ${ports_configured[*]} =~ $(echo "${port_number}" | rev | cut -d: -f1 | rev) ]]; then
|
||||
compare_port_to_service_assigned "${ftl}" "${service_name}" "${protocol_type}:${port_number}"
|
||||
else
|
||||
# If it's not a default port that Pi-hole needs, just print it out for the user to see
|
||||
@@ -709,7 +722,7 @@ dig_at() {
|
||||
fi
|
||||
|
||||
# Check if Pi-hole can use itself to block a domain
|
||||
if local_dig="$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" "${record_type}" -p "$(get_ftl_conf_value "dns.port")")"; then
|
||||
if local_dig="$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" "${record_type}")"; then
|
||||
# If it can, show success
|
||||
if [[ "${local_dig}" == *"status: NOERROR"* ]]; then
|
||||
local_dig="NOERROR"
|
||||
@@ -803,27 +816,42 @@ ftl_full_status(){
|
||||
|
||||
make_array_from_file() {
|
||||
local filename="${1}"
|
||||
|
||||
# If the file is a directory do nothing since it cannot be parsed
|
||||
[[ -d "${filename}" ]] && return
|
||||
|
||||
# The second argument can put a limit on how many line should be read from the file
|
||||
# Since some of the files are so large, this is helpful to limit the output
|
||||
local limit=${2}
|
||||
# A local iterator for testing if we are at the limit above
|
||||
local i=0
|
||||
# If the file is a directory
|
||||
if [[ -d "${filename}" ]]; then
|
||||
# do nothing since it cannot be parsed
|
||||
:
|
||||
else
|
||||
# Otherwise, read the file line by line
|
||||
while IFS= read -r line;do
|
||||
# Otherwise, strip out comments and blank lines
|
||||
new_line=$(echo "${line}" | sed -e 's/^\s*#.*$//' -e '/^$/d')
|
||||
# If the line still has content (a non-zero value)
|
||||
if [[ -n "${new_line}" ]]; then
|
||||
|
||||
# Process the file, strip out comments and blank lines
|
||||
local processed
|
||||
processed=$(sed -e 's/^\s*#.*$//' -e '/^$/d' "${filename}")
|
||||
# If the string contains "### CHANGED", highlight this part in red
|
||||
if [[ "${new_line}" == *"### CHANGED"* ]]; then
|
||||
new_line="${new_line//### CHANGED/${COL_RED}### CHANGED${COL_NC}}"
|
||||
fi
|
||||
|
||||
while IFS= read -r line; do
|
||||
# If the string contains "### CHANGED", highlight this part in red
|
||||
log_write " ${line//### CHANGED/${COL_RED}### CHANGED${COL_NC}}"
|
||||
((i++))
|
||||
# if the limit of lines we want to see is exceeded do nothing
|
||||
[[ -n ${limit} && $i -eq ${limit} ]] && break
|
||||
done <<< "$processed"
|
||||
# Finally, write this line to the log
|
||||
log_write " ${new_line}"
|
||||
fi
|
||||
# Increment the iterator +1
|
||||
i=$((i+1))
|
||||
# but if the limit of lines we want to see is exceeded
|
||||
if [[ -z ${limit} ]]; then
|
||||
# do nothing
|
||||
:
|
||||
elif [[ $i -eq ${limit} ]]; then
|
||||
break
|
||||
fi
|
||||
done < "${filename}"
|
||||
fi
|
||||
}
|
||||
|
||||
parse_file() {
|
||||
@@ -896,38 +924,38 @@ list_files_in_dir() {
|
||||
fi
|
||||
|
||||
# Store the files found in an array
|
||||
local files_found=("${dir_to_parse}"/*)
|
||||
mapfile -t files_found < <(ls "${dir_to_parse}")
|
||||
# For each file in the array,
|
||||
for each_file in "${files_found[@]}"; do
|
||||
if [[ -d "${each_file}" ]]; then
|
||||
if [[ -d "${dir_to_parse}/${each_file}" ]]; then
|
||||
# If it's a directory, do nothing
|
||||
:
|
||||
elif [[ "${each_file}" == "${PIHOLE_DEBUG_LOG}" ]] || \
|
||||
[[ "${each_file}" == "${PIHOLE_RAW_BLOCKLIST_FILES}" ]] || \
|
||||
[[ "${each_file}" == "${PIHOLE_INSTALL_LOG_FILE}" ]] || \
|
||||
[[ "${each_file}" == "${PIHOLE_LOG}" ]] || \
|
||||
[[ "${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then
|
||||
elif [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_DEBUG_LOG}" ]] || \
|
||||
[[ "${dir_to_parse}/${each_file}" == "${PIHOLE_RAW_BLOCKLIST_FILES}" ]] || \
|
||||
[[ "${dir_to_parse}/${each_file}" == "${PIHOLE_INSTALL_LOG_FILE}" ]] || \
|
||||
[[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG}" ]] || \
|
||||
[[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then
|
||||
:
|
||||
elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then
|
||||
# in case of the dnsmasq directory include all files in the debug output
|
||||
log_write "\\n${COL_GREEN}$(ls -lhd "${each_file}")${COL_NC}"
|
||||
make_array_from_file "${each_file}"
|
||||
log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}"
|
||||
make_array_from_file "${dir_to_parse}/${each_file}"
|
||||
else
|
||||
# Then, parse the file's content into an array so each line can be analyzed if need be
|
||||
for i in "${!REQUIRED_FILES[@]}"; do
|
||||
if [[ "${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then
|
||||
if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then
|
||||
# display the filename
|
||||
log_write "\\n${COL_GREEN}$(ls -lhd "${each_file}")${COL_NC}"
|
||||
log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}"
|
||||
# Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing)
|
||||
case "${each_file}" in
|
||||
case "${dir_to_parse}/${each_file}" in
|
||||
# If it's Web server log, give the first and last 25 lines
|
||||
"${PIHOLE_WEBSERVER_LOG}") head_tail_log "${each_file}" 25
|
||||
"${PIHOLE_WEBSERVER_LOG}") head_tail_log "${dir_to_parse}/${each_file}" 25
|
||||
;;
|
||||
# Same for the FTL log
|
||||
"${PIHOLE_FTL_LOG}") head_tail_log "${each_file}" 35
|
||||
"${PIHOLE_FTL_LOG}") head_tail_log "${dir_to_parse}/${each_file}" 35
|
||||
;;
|
||||
# parse the file into an array in case we ever need to analyze it line-by-line
|
||||
*) make_array_from_file "${each_file}";
|
||||
*) make_array_from_file "${dir_to_parse}/${each_file}";
|
||||
esac
|
||||
else
|
||||
# Otherwise, do nothing since it's not a file needed for Pi-hole so we don't care about it
|
||||
@@ -963,7 +991,6 @@ head_tail_log() {
|
||||
local filename="${1}"
|
||||
# The number of lines to use for head and tail
|
||||
local qty="${2}"
|
||||
local filebasename="${filename##*/}"
|
||||
local head_line
|
||||
local tail_line
|
||||
# Put the current Internal Field Separator into another variable so it can be restored later
|
||||
@@ -972,14 +999,14 @@ head_tail_log() {
|
||||
IFS=$'\r\n'
|
||||
local log_head=()
|
||||
mapfile -t log_head < <(head -n "${qty}" "${filename}")
|
||||
log_write " ${COL_CYAN}-----head of ${filebasename}------${COL_NC}"
|
||||
log_write " ${COL_CYAN}-----head of $(basename "${filename}")------${COL_NC}"
|
||||
for head_line in "${log_head[@]}"; do
|
||||
log_write " ${head_line}"
|
||||
done
|
||||
log_write ""
|
||||
local log_tail=()
|
||||
mapfile -t log_tail < <(tail -n "${qty}" "${filename}")
|
||||
log_write " ${COL_CYAN}-----tail of ${filebasename}------${COL_NC}"
|
||||
log_write " ${COL_CYAN}-----tail of $(basename "${filename}")------${COL_NC}"
|
||||
for tail_line in "${log_tail[@]}"; do
|
||||
log_write " ${tail_line}"
|
||||
done
|
||||
@@ -1006,24 +1033,6 @@ show_db_entries() {
|
||||
)
|
||||
|
||||
for line in "${entries[@]}"; do
|
||||
# Use gray color for "no". Normal color for "yes"
|
||||
line=${line//--no---/${COL_GRAY} no ${COL_NC}}
|
||||
line=${line//--yes--/ yes }
|
||||
|
||||
# Use red for "deny" and green for "allow"
|
||||
if [ "$title" = "Domainlist" ]; then
|
||||
line=${line//regex-deny/${COL_RED}regex-deny${COL_NC}}
|
||||
line=${line//regex-allow/${COL_GREEN}regex-allow${COL_NC}}
|
||||
line=${line//exact-deny/${COL_RED}exact-deny${COL_NC}}
|
||||
line=${line//exact-allow/${COL_GREEN}exact-allow${COL_NC}}
|
||||
fi
|
||||
|
||||
# Use red for "block" and green for "allow"
|
||||
if [ "$title" = "Adlists" ]; then
|
||||
line=${line//-BLOCK-/${COL_RED} Block ${COL_NC}}
|
||||
line=${line//-ALLOW-/${COL_GREEN} Allow ${COL_NC}}
|
||||
fi
|
||||
|
||||
log_write " ${line}"
|
||||
done
|
||||
|
||||
@@ -1071,15 +1080,15 @@ check_dhcp_servers() {
|
||||
}
|
||||
|
||||
show_groups() {
|
||||
show_db_entries "Groups" "SELECT id,CASE enabled WHEN '0' THEN '--no---' WHEN '1' THEN '--yes--' ELSE enabled END enabled,name,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,description FROM \"group\"" "4 7 50 19 19 50"
|
||||
show_db_entries "Groups" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,name,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,description FROM \"group\"" "4 7 50 19 19 50"
|
||||
}
|
||||
|
||||
show_adlists() {
|
||||
show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN '--no---' WHEN '1' THEN '--yes--' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids, CASE type WHEN '0' THEN '-BLOCK-' WHEN '1' THEN '-ALLOW-' ELSE type END type, address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 7 100 19 19 50"
|
||||
show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 100 19 19 50"
|
||||
}
|
||||
|
||||
show_domainlist() {
|
||||
show_db_entries "Domainlist" "SELECT id,CASE type WHEN '0' THEN 'exact-allow' WHEN '1' THEN 'exact-deny' WHEN '2' THEN 'regex-allow' WHEN '3' THEN 'regex-deny' ELSE type END type,CASE enabled WHEN '0' THEN '--no---' WHEN '1' THEN '--yes--' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 11 7 12 90 19 19 50"
|
||||
show_db_entries "Domainlist (0/1 = exact allow-/denylist, 2/3 = regex allow-/denylist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 4 7 12 100 19 19 50"
|
||||
}
|
||||
|
||||
show_clients() {
|
||||
|
||||
@@ -8,20 +8,12 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
|
||||
|
||||
# Get file paths
|
||||
FTL_PID_FILE="$(getFTLConfigValue files.pid)"
|
||||
FTL_LOG_FILE="$(getFTLConfigValue files.log.ftl)"
|
||||
PIHOLE_LOG_FILE="$(getFTLConfigValue files.log.dnsmasq)"
|
||||
WEBSERVER_LOG_FILE="$(getFTLConfigValue files.log.webserver)"
|
||||
FTL_PID_FILE="${FTL_PID_FILE:-/run/pihole-FTL.pid}"
|
||||
FTL_LOG_FILE="${FTL_LOG_FILE:-/var/log/pihole/FTL.log}"
|
||||
PIHOLE_LOG_FILE="${PIHOLE_LOG_FILE:-/var/log/pihole/pihole.log}"
|
||||
WEBSERVER_LOG_FILE="${WEBSERVER_LOG_FILE:-/var/log/pihole/webserver.log}"
|
||||
|
||||
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
|
||||
mkdir -p /var/log/pihole
|
||||
chown -R pihole:pihole /etc/pihole/ /var/log/pihole/
|
||||
|
||||
# allow all users read version file (and use pihole -v)
|
||||
touch /etc/pihole/versions
|
||||
chmod 0644 /etc/pihole/versions
|
||||
|
||||
# allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs)
|
||||
@@ -36,7 +28,7 @@ chown root:root /etc/pihole/logrotate
|
||||
|
||||
# Touch files to ensure they exist (create if non-existing, preserve if existing)
|
||||
[ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
|
||||
[ -f "${FTL_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${FTL_LOG_FILE}"
|
||||
[ -f "${PIHOLE_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${PIHOLE_LOG_FILE}"
|
||||
[ -f "${WEBSERVER_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${WEBSERVER_LOG_FILE}"
|
||||
[ -f /var/log/pihole/FTL.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
|
||||
[ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
|
||||
[ -f /var/log/pihole/webserver.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/webserver.log
|
||||
[ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
|
||||
|
||||
@@ -13,7 +13,7 @@ extra_started_commands="reload"
|
||||
|
||||
respawn_max=5
|
||||
respawn_period=60
|
||||
capabilities="^CAP_NET_BIND_SERVICE,^CAP_NET_RAW,^CAP_NET_ADMIN,^CAP_SYS_NICE,^CAP_IPC_LOCK,^CAP_CHOWN,^CAP_SYS_TIME"
|
||||
capabilities="^CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN,CAP_SYS_TIME"
|
||||
|
||||
depend() {
|
||||
want net
|
||||
|
||||
@@ -17,15 +17,15 @@ StartLimitIntervalSec=60s
|
||||
|
||||
[Service]
|
||||
User=pihole
|
||||
PermissionsStartOnly=true
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN CAP_SYS_TIME
|
||||
|
||||
# Run prestart with elevated permissions
|
||||
ExecStartPre=+/opt/pihole/pihole-FTL-prestart.sh
|
||||
ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
|
||||
ExecStart=/usr/bin/pihole-FTL -f
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
ExecStopPost=+/opt/pihole/pihole-FTL-poststop.sh
|
||||
ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh
|
||||
|
||||
# Use graceful shutdown with a reasonable timeout
|
||||
TimeoutStopSec=60s
|
||||
|
||||
@@ -116,11 +116,11 @@ c=70
|
||||
PIHOLE_META_PACKAGE_CONTROL_APT=$(
|
||||
cat <<EOM
|
||||
Package: pihole-meta
|
||||
Version: 0.6
|
||||
Version: 0.5
|
||||
Maintainer: Pi-hole team <adblock@pi-hole.net>
|
||||
Architecture: all
|
||||
Description: Pi-hole dependency meta package
|
||||
Depends: awk,bash-completion,binutils,ca-certificates,cron|cron-daemon,curl,dialog,bind9-dnsutils|dnsutils,dns-root-data,git,grep,iproute2,iputils-ping,jq,libcap2,libcap2-bin,lshw,procps,psmisc,sudo,unzip
|
||||
Depends: awk,bash-completion,binutils,ca-certificates,cron|cron-daemon,curl,dialog,dnsutils,dns-root-data,git,grep,iproute2,iputils-ping,jq,libcap2,libcap2-bin,lshw,procps,psmisc,sudo,unzip
|
||||
Section: contrib/metapackages
|
||||
Priority: optional
|
||||
EOM
|
||||
@@ -155,7 +155,7 @@ EOM
|
||||
)
|
||||
|
||||
# List of required packages on APK based systems
|
||||
PIHOLE_META_VERSION_APK=0.2
|
||||
PIHOLE_META_VERSION_APK=0.1
|
||||
PIHOLE_META_DEPS_APK=(
|
||||
bash
|
||||
bash-completion
|
||||
@@ -181,6 +181,7 @@ PIHOLE_META_DEPS_APK=(
|
||||
sudo
|
||||
tzdata
|
||||
unzip
|
||||
wget
|
||||
)
|
||||
|
||||
######## Undocumented Flags. Shhh ########
|
||||
@@ -693,11 +694,10 @@ chooseInterface() {
|
||||
status="OFF"
|
||||
done
|
||||
# Disable check for double quote here as we are passing a string with spaces
|
||||
# shellcheck disable=SC2086
|
||||
PIHOLE_INTERFACE=$(dialog --no-shadow --keep-tite --output-fd 1 \
|
||||
--cancel-label "Exit" --ok-label "Select" \
|
||||
--radiolist "Choose An Interface (press space to toggle selection)" \
|
||||
${r} ${c} "${interfaceCount}" ${interfacesList})
|
||||
${r} ${c} "${interfaceCount}" "${interfacesList}")
|
||||
|
||||
result=$?
|
||||
case ${result} in
|
||||
|
||||
16
gravity.sh
16
gravity.sh
@@ -611,7 +611,7 @@ compareLists() {
|
||||
# Download specified URL and perform checks on HTTP status and file content
|
||||
gravity_DownloadBlocklistFromUrl() {
|
||||
local url="${1}" adlistID="${2}" saveLocation="${3}" compression="${4}" gravity_type="${5}" domain="${6}"
|
||||
local listCurlBuffer str httpCode success="" ip customUpstreamResolver=""
|
||||
local listCurlBuffer str curlJson httpCode curlErrorMsg="" curlExitCode="" success="" ip customUpstreamResolver=""
|
||||
local file_path permissions ip_addr port blocked=false download=true
|
||||
# modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream
|
||||
local modifiedOptions=()
|
||||
@@ -750,14 +750,19 @@ gravity_DownloadBlocklistFromUrl() {
|
||||
# Check for allowed protocols
|
||||
if [[ $url != "http"* && $url != "https"* && $url != "file"* && $url != "ftp"* && $url != "ftps"* && $url != "sftp"* ]]; then
|
||||
echo -e "${OVER} ${CROSS} ${str} Invalid protocol specified. Ignoring list."
|
||||
echo -e " Ensure your URL starts with a valid protocol like http:// , https:// or file:// ."
|
||||
echo -e "Ensure your URL starts with a valid protocol like http:// , https:// or file:// ."
|
||||
download=false
|
||||
fi
|
||||
|
||||
if [[ "${download}" == true ]]; then
|
||||
httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression:+${compression}} ${customUpstreamResolver:+${customUpstreamResolver}} "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
|
||||
curlJson=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression:+${compression}} ${customUpstreamResolver:+${customUpstreamResolver}} "${modifiedOptions[@]}" -w "%{json}" "${url}" -o "${listCurlBuffer}")
|
||||
fi
|
||||
|
||||
# Retrieve the HTTP code, exit code and error message returned by curl command
|
||||
httpCode=$(echo "${curlJson}" | jq '.http_code')
|
||||
curlErrorMsg=$(echo "${curlJson}" | jq '.errormsg')
|
||||
curlExitCode=$(echo "${curlJson}" | jq '.exitcode')
|
||||
|
||||
case $url in
|
||||
# Did we "download" a local file?
|
||||
"file"*)
|
||||
@@ -780,7 +785,6 @@ gravity_DownloadBlocklistFromUrl() {
|
||||
echo -e "${OVER} ${TICK} ${str} No changes detected"
|
||||
success=true
|
||||
;;
|
||||
"000") echo -e "${OVER} ${CROSS} ${str} Connection Refused" ;;
|
||||
"403") echo -e "${OVER} ${CROSS} ${str} Forbidden" ;;
|
||||
"404") echo -e "${OVER} ${CROSS} ${str} Not found" ;;
|
||||
"408") echo -e "${OVER} ${CROSS} ${str} Time-out" ;;
|
||||
@@ -789,7 +793,7 @@ gravity_DownloadBlocklistFromUrl() {
|
||||
"504") echo -e "${OVER} ${CROSS} ${str} Connection Timed Out (Gateway)" ;;
|
||||
"521") echo -e "${OVER} ${CROSS} ${str} Web Server Is Down (Cloudflare)" ;;
|
||||
"522") echo -e "${OVER} ${CROSS} ${str} Connection Timed Out (Cloudflare)" ;;
|
||||
*) echo -e "${OVER} ${CROSS} ${str} ${url} (${httpCode})" ;;
|
||||
*) echo -e "${OVER} ${CROSS} ${str} Failure (exit_code=${COL_RED}${curlExitCode}${COL_NC} Msg: ${COL_CYAN}${curlErrorMsg}${COL_NC})" ;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
@@ -1130,7 +1134,7 @@ fi
|
||||
|
||||
if [[ "${forceDelete:-}" == true ]]; then
|
||||
str="Deleting existing list cache"
|
||||
echo -ne " ${INFO} ${str}..."
|
||||
echo -ne "${INFO} ${str}..."
|
||||
|
||||
rm "${listsCacheDir}/list.*" 2>/dev/null || true
|
||||
echo -e "${OVER} ${TICK} ${str}"
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
FROM alpine:3.23
|
||||
|
||||
ENV GITDIR=/etc/.pihole
|
||||
ENV SCRIPTDIR=/opt/pihole
|
||||
RUN sed -i 's/#\(.*\/community\)/\1/' /etc/apk/repositories
|
||||
RUN apk --no-cache add bash coreutils curl git jq openrc shadow
|
||||
|
||||
RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
|
||||
ADD . $GITDIR
|
||||
RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
|
||||
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
|
||||
|
||||
RUN true && \
|
||||
chmod +x $SCRIPTDIR/*
|
||||
|
||||
ENV SKIP_INSTALL=true
|
||||
|
||||
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
|
||||
@@ -1,17 +0,0 @@
|
||||
FROM fedora:43
|
||||
RUN dnf install -y git initscripts
|
||||
|
||||
ENV GITDIR=/etc/.pihole
|
||||
ENV SCRIPTDIR=/opt/pihole
|
||||
|
||||
RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
|
||||
ADD . $GITDIR
|
||||
RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
|
||||
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
|
||||
|
||||
RUN true && \
|
||||
chmod +x $SCRIPTDIR/*
|
||||
|
||||
ENV SKIP_INSTALL=true
|
||||
|
||||
#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
|
||||
@@ -1,6 +1,6 @@
|
||||
pyyaml == 6.0.3
|
||||
pytest == 9.0.1
|
||||
pytest == 8.4.2
|
||||
pytest-xdist == 3.8.0
|
||||
pytest-testinfra == 10.2.2
|
||||
tox == 4.32.0
|
||||
tox == 4.31.0
|
||||
pytest-clarity == 1.0.1
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
[tox]
|
||||
envlist = py3
|
||||
|
||||
[testenv:py3]
|
||||
allowlist_externals = docker
|
||||
deps = -rrequirements.txt
|
||||
setenv =
|
||||
COLUMNS=120
|
||||
commands = docker buildx build --load --progress plain -f _alpine_3_23.Dockerfile -t pytest_pihole:test_container ../
|
||||
pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
|
||||
@@ -1,10 +0,0 @@
|
||||
[tox]
|
||||
envlist = py3
|
||||
|
||||
[testenv]
|
||||
allowlist_externals = docker
|
||||
deps = -rrequirements.txt
|
||||
setenv =
|
||||
COLUMNS=120
|
||||
commands = docker buildx build --load --progress plain -f _fedora_43.Dockerfile -t pytest_pihole:test_container ../
|
||||
pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py
|
||||
Reference in New Issue
Block a user