Files should be created before calling addOrEditKeyValPair

Signed-off-by: Christian König <github@yubiuser.dev>

advanced/Scripts/piholeCheckout.sh

@@ -41,22 +41,6 @@ warning1() {
 }
 
 checkout() {
-
-    local skipFTL additionalFlag
-    skipFTL=false
-    # Check arguments
-    for var in "$@"; do
-        case "$var" in
-            "--skipFTL") skipFTL=true ;;
-        esac
-    done
-
-    if [ "${skipFTL}" == true ]; then
-        additionalFlag="--skipFTL"
-    else
-        additionalFlag=""
-    fi
-
     local corebranches
     local webbranches
 
@@ -251,7 +235,7 @@ checkout() {
     # Force updating everything
     if [[  ! "${1}" == "web" && ! "${1}" == "ftl" ]]; then
         echo -e "  ${INFO} Running installer to upgrade your installation"
-        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended ${additionalFlag}; then
+        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then
             exit 0
         else
             echo -e "  ${COL_RED} Error: Unable to complete update, please contact support${COL_NC}"

advanced/Scripts/update.sh

@@ -149,37 +149,31 @@ main() {
         echo -e "  ${INFO} Web Interface:\\t${COL_GREEN}up to date${COL_NC}"
     fi
 
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        local funcOutput
-        funcOutput=$(get_binary_name) #Store output of get_binary_name here
-        local binary
-        binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
+    local funcOutput
+    funcOutput=$(get_binary_name) #Store output of get_binary_name here
+    local binary
+    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
 
-        if FTLcheckUpdate "${binary}" &>/dev/null; then
-            FTL_update=true
-            echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
-        else
-            case $? in
-                1)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
-                    ;;
-                2)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
-                    exit 1
-                    ;;
-                3)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
-                    exit 1
-                    ;;
-                *)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
-                    exit 1
-            esac
-            FTL_update=false
-        fi
+    if FTLcheckUpdate "${binary}" &>/dev/null; then
+        FTL_update=true
+        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
     else
-        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}--skipFTL set - update check skipped${COL_NC}"
+        case $? in
+            1)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
+                ;;
+            2)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
+                exit 1
+                ;;
+            3)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
+                exit 1
+                ;;
+            *)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
+                exit 1
+        esac
         FTL_update=false
     fi
 
@@ -228,14 +222,7 @@ main() {
     fi
 
     if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then
-        local addionalFlag
-
-        if [[ ${skipFTL} == true ]]; then
-             addionalFlag="--skipFTL"
-        else
-             addionalFlag=""
-        fi
-        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --repair --unattended ${addionalFlag} || \
+        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --repair --unattended || \
             echo -e "${basicError}" && exit 1
     fi
 
@@ -255,15 +242,8 @@ main() {
     exit 0
 }
 
-CHECK_ONLY=false
-skipFTL=false
-
-# Check arguments
-for var in "$@"; do
-    case "$var" in
-    "--check-only") CHECK_ONLY=true ;;
-    "--skipFTL") skipFTL=true ;;
-    esac
-done
+if [[ "$1" == "--check-only" ]]; then
+    CHECK_ONLY=true
+fi
 
 main

advanced/Scripts/updatecheck.sh

@@ -50,9 +50,10 @@ rm -f "/etc/pihole/GitHubVersions"
 rm -f "/etc/pihole/localbranches"
 rm -f "/etc/pihole/localversions"
 
-# Create new versions file if it does not exist
 VERSION_FILE="/etc/pihole/versions"
-touch "${VERSION_FILE}"
+
+# Truncates the file to zero length if it exists to clear it up, otherwise creates an empty file.
+truncate -s 0 "${VERSION_FILE}"
 chmod 644 "${VERSION_FILE}"
 
 # if /pihole.docker.tag file exists, we will use it's value later in this script

advanced/Scripts/utils.sh

@@ -30,9 +30,6 @@ addOrEditKeyValPair() {
   local key="${2}"
   local value="${3}"
 
-  # touch file to prevent grep error if file does not exist yet
-  touch "${file}"
-
   if grep -q "^${key}=" "${file}"; then
     # Key already exists in file, modify the value
     sed -i "/^${key}=/c\\${key}=${value}" "${file}"

automated install/basic-install.sh

@@ -188,27 +188,14 @@ PIHOLE_META_DEPS_APK=(
 # The runUnattended flag is one example of this
 repair=false
 runUnattended=false
-skipFTL=false
 # Check arguments for the undocumented flags
 for var in "$@"; do
     case "${var}" in
     "--repair") repair=true ;;
     "--unattended") runUnattended=true ;;
-    "--skipFTL") skipFTL=true ;;
     esac
 done
 
-if [[ "${runUnattended}" == true ]]; then
-    # In order to run an unattended setup, a pre-seeded /etc/pihole/pihole.toml must exist
-    if [[ ! -f "${PI_HOLE_CONFIG_DIR}/pihole.toml" ]]; then
-        printf "  %b Error: \"%s\" not found. Cannot run unattended setup\\n" "${CROSS}" "${PI_HOLE_CONFIG_DIR}/pihole.toml"
-        exit 1
-    fi
-    printf "  %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
-    # also disable debconf-apt-progress dialogs
-    export DEBIAN_FRONTEND="noninteractive"
-fi
-
 # If the color table file exists,
 if [[ -f "${coltable}" ]]; then
     # source it
@@ -1963,18 +1950,9 @@ get_binary_name() {
 
     # If the machine is aarch64 (armv8)
     if [[ "${machine}" == "aarch64" ]]; then
-        if [[ "$(getconf LONG_BIT)" == "64" ]]; then
-            # If the OS is 64 bit, we use the arm64 binary
-            printf "%b  %b Detected AArch64 (64 Bit ARM) architecture\\n" "${OVER}" "${TICK}"
-            l_binary="pihole-FTL-arm64"
-        else
-            # If the OS is 32 bit, we use the armv7 binary (aarch64 is actually armv8)
-            # Even though the machine is 64 bit capable, this makes debugging
-            # very hard as 32bit tools like gdb, etc. cannot analyze the 64 bit
-            # binary. See FTL issue #2494 for such an example.
-            printf "%b  %b Detected AArch64 (64 Bit ARM) architecture with 32 bit OS\\n" "${OVER}" "${TICK}"
-            l_binary="pihole-FTL-armv7"
-        fi
+        # If AArch64 is found (e.g., BCM2711 in Raspberry Pi 4)
+        printf "%b  %b Detected AArch64 (64 Bit ARM) architecture\\n" "${OVER}" "${TICK}"
+        l_binary="pihole-FTL-arm64"
     elif [[ "${machine}" == "arm"* ]]; then
         # ARM 32 bit
         # Get supported processor from other binaries installed on the system
@@ -2344,18 +2322,21 @@ main() {
 
     # Check if there is a usable FTL binary available on this architecture - do
     # this early on as FTL is a hard dependency for Pi-hole
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        # Get the binary name for the current architecture
-        local funcOutput
-        funcOutput=$(get_binary_name) #Store output of get_binary_name here
-        # Abort early if this processor is not supported (get_binary_name returns empty string)
-        if [[ "${funcOutput}" == "" ]]; then
-            printf "  %b Upgrade/install aborted\\n" "${CROSS}" "${DISTRO_NAME}"
-            exit 1
+    local funcOutput
+    funcOutput=$(get_binary_name) #Store output of get_binary_name here
+    # Abort early if this processor is not supported (get_binary_name returns empty string)
+    if [[ "${funcOutput}" == "" ]]; then
+        printf "  %b Upgrade/install aborted\\n" "${CROSS}" "${DISTRO_NAME}"
+        exit 1
+    fi
+
+    if [[ "${fresh_install}" == false ]]; then
+        # if it's running unattended,
+        if [[ "${runUnattended}" == true ]]; then
+            printf "  %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
+            # also disable debconf-apt-progress dialogs
+            export DEBIAN_FRONTEND="noninteractive"
         fi
-    else
-        printf "  %b %b--skipFTL set - skipping architecture check%b\\n" "${INFO}" "${COL_YELLOW}" "${COL_NC}"
     fi
 
     if [[ "${fresh_install}" == true ]]; then
@@ -2388,18 +2369,13 @@ main() {
     create_pihole_user
 
     # Download and install FTL
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        local binary
-        binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
-        local theRest
-        theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL")
-        if ! FTLdetect "${binary}" "${theRest}"; then
-            printf "  %b FTL Engine not installed\\n" "${CROSS}"
-            exit 1
-        fi
-    else
-        printf "  %b %b--skipFTL set - skipping FTL binary installation%b\\n" "${INFO}" "${COL_YELLOW}" "${COL_NC}"
+    local binary
+    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
+    local theRest
+    theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL")
+    if ! FTLdetect "${binary}" "${theRest}"; then
+        printf "  %b FTL Engine not installed\\n" "${CROSS}"
+        exit 1
     fi
 
     # Install and log everything to a file

gravity.sh

@@ -612,7 +612,7 @@ compareLists() {
 gravity_DownloadBlocklistFromUrl() {
   local url="${1}" adlistID="${2}" saveLocation="${3}" compression="${4}" gravity_type="${5}" domain="${6}"
   local listCurlBuffer str httpCode success="" ip customUpstreamResolver=""
-  local file_path ip_addr port blocked=false download=true
+  local file_path permissions ip_addr port blocked=false download=true
   # modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream
   local modifiedOptions=()
 
@@ -721,40 +721,29 @@ gravity_DownloadBlocklistFromUrl() {
     fi
   fi
 
-  # If we "download" a local file (file://), verify read access before using it.
-    # When running as root (e.g., via pihole -g), check that the 'pihole' user can read the file
-    # to match the effective runtime user of FTL; otherwise, check the current user's read access
-    # (e.g., in Docker or when invoked by a non-root user). The target must
-    # resolve to a regular file and be readable by the evaluated user.
-  if [[ "${url}" == "file:/"* ]]; then
+  # If we are going to "download" a local file, we first check if the target
+  # file has a+r permission. We explicitly check for all+read because we want
+  # to make sure that the file is readable by everyone and not just the user
+  # running the script.
+  if [[ $url == "file://"* ]]; then
     # Get the file path
-    file_path=$(echo "${url}" | cut -d'/' -f3-)
+    file_path=$(echo "$url" | cut -d'/' -f3-)
     # Check if the file exists and is a regular file (i.e. not a socket, fifo, tty, block). Might still be a symlink.
-    if [[ ! -f ${file_path} ]]; then
-        # Output that the file does not exist
-        echo -e "${OVER}  ${CROSS} ${file_path} does not exist"
-        download=false
+    if [[ ! -f $file_path ]]; then
+      # Output that the file does not exist
+      echo -e "${OVER}  ${CROSS} ${file_path} does not exist"
+      download=false
     else
-        if [ "$(id -un)" == "root" ]; then
-            # If we are root, we need to check if the pihole user has read permission
-            #  otherwise, we might read files that the pihole user should not be able to read
-            if sudo -u pihole test -r "${file_path}"; then
-                echo -e "${OVER}  ${INFO} Using local file ${file_path}"
-            else
-                echo -e "${OVER}  ${CROSS} Cannot read file (user 'pihole' lacks read permission)"
-                download=false
-            fi
-        else
-            # If we are not root, we just check if the current user has read permission
-            if [[ -r "${file_path}" ]]; then
-                # Output that we are using the local file
-                echo -e "${OVER}  ${INFO} Using local file ${file_path}"
-            else
-                # Output that the file is not readable by the current user
-                echo -e "${OVER}  ${CROSS} Cannot read file (current user '$(id -un)' lacks read permission)"
-                download=false
-            fi
-        fi
+      # Check if the file or a file referenced by the symlink has a+r permissions
+      permissions=$(stat -L -c "%a" "$file_path")
+      if [[ $permissions == *4 || $permissions == *5 || $permissions == *6 || $permissions == *7 ]]; then
+        # Output that we are using the local file
+        echo -e "${OVER}  ${INFO} Using local file ${file_path}"
+      else
+        # Output that the file does not have the correct permissions
+        echo -e "${OVER}  ${CROSS} Cannot read file (file needs to have a+r permission)"
+        download=false
+      fi
     fi
   fi
 
@@ -822,10 +811,6 @@ gravity_DownloadBlocklistFromUrl() {
       fix_owner_permissions "${saveLocation}"
       # Compare lists if they are identical
       compareLists "${adlistID}" "${saveLocation}"
-      # Set permissions for the *.etag file
-      if [[ -f "${saveLocation}.etag" ]]; then
-          fix_owner_permissions "${saveLocation}.etag"
-      fi
       # Add domains to database table file
       pihole-FTL "${gravity_type}" parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}"
       done="true"

pihole

@@ -125,22 +125,7 @@ repairPiholeFunc() {
   if [ -n "${DOCKER_VERSION}" ]; then
     unsupportedFunc
   else
-    local skipFTL additionalFlag
-    skipFTL=false
-    # Check arguments
-    for var in "$@"; do
-        case "$var" in
-            "--skipFTL") skipFTL=true ;;
-        esac
-    done
-
-    if [ "${skipFTL}" == true ]; then
-        additionalFlag="--skipFTL"
-    else
-        additionalFlag=""
-    fi
-
-    /etc/.pihole/automated\ install/basic-install.sh --repair ${additionalFlag}
+    /etc/.pihole/automated\ install/basic-install.sh --repair
     exit 0;
   fi
 }
@@ -616,7 +601,7 @@ case "${1}" in
   "-d" | "debug"                  ) debugFunc "$@";;
   "-f" | "flush"                  ) flushFunc "$@";;
   "-up" | "updatePihole"          ) updatePiholeFunc "$@";;
-  "-r"  | "repair"                ) repairPiholeFunc "$@";;
+  "-r"  | "repair"                ) repairPiholeFunc;;
   "-g" | "updateGravity"          ) updateGravityFunc "$@";;
   "-l" | "logging"                ) piholeLogging "$@";;
   "uninstall"                     ) uninstallFunc;;

test/test_any_utils.py

@@ -2,6 +2,7 @@ def test_key_val_replacement_works(host):
     """Confirms addOrEditKeyValPair either adds or replaces a key value pair in a given file"""
     host.run("""
     source /opt/pihole/utils.sh
+    touch ./testoutput
     addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
     addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
     addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3"