diff --git a/.github/workflows/nightly-build beta-v5.9.yml b/.github/workflows/nightly-build beta-v5.9.yml new file mode 100644 index 0000000..6e48f18 --- /dev/null +++ b/.github/workflows/nightly-build beta-v5.9.yml @@ -0,0 +1,69 @@ +name: Build & Deploy Nightly images +on: + schedule: + - cron: '0 1 * * *' + +jobs: + test-and-build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + ARCH: [amd64, armhf, arm64, i386] + DEBIAN_VERSION: [stretch, buster] + env: + ARCH: ${{matrix.ARCH}} + DEBIAN_VERSION: ${{matrix.DEBIAN_VERSION}} + steps: + - name: Checkout Repo + uses: actions/checkout@v2 + with: + ref: dev + - name: Patching Versions File + run: | + git checkout -b beta-v5.9 + echo "CORE_VERSION=release/v5.4" > VERSIONS + echo "WEB_VERSION=release/v5.6" >> VERSIONS + echo "FTL_VERSION=release/v5.9" >> VERSIONS + - name: Run Tests + run: | + echo "Building ${ARCH}-${DEBIAN_VERSION}" + ./gh-actions-test.sh + - name: Push the ARCH image + if: github.event_name != 'pull_request' + run: | + . gh-actions-vars.sh + echo "${{ secrets.DOCKERHUB_PASS }}" | docker login --username="${{ secrets.DOCKERHUB_USER }}" --password-stdin + docker push "${ARCH_IMAGE}" + - name: Upload gh-workspace + if: github.event_name != 'pull_request' + uses: actions/upload-artifact@v1 + with: + name: gh-workspace + path: .gh-workspace + + publish: + runs-on: ubuntu-latest + needs: test-and-build + steps: + - name: Checkout Repo + uses: actions/checkout@v2 + with: + ref: dev + - name: Patching Versions File + run: | + git checkout -b beta-v5.9 + echo "CORE_VERSION=release/v5.4" > VERSIONS + echo "WEB_VERSION=release/v5.6" >> VERSIONS + echo "FTL_VERSION=release/v5.9" >> VERSIONS + - name: Download workspace files + uses: actions/download-artifact@v1 + with: + name: gh-workspace + path: .gh-workspace + - name: Tag and Publish multi-arch images + env: + DOCKERHUB_PASS: ${{ secrets.DOCKERHUB_PASS }} + DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }} + run: | + ./gh-actions-deploy.sh diff --git a/.github/workflows/workflow_dispatch.yml b/.github/workflows/workflow_dispatch.yml index 3a05a8f..677b94a 100644 --- a/.github/workflows/workflow_dispatch.yml +++ b/.github/workflows/workflow_dispatch.yml @@ -2,6 +2,10 @@ name: Build & Deploy custom image manually on: workflow_dispatch: inputs: + branch: + description: "Name of Branch to base build on" + required: false + default: dev name: description: 'Name of tag' required: true @@ -30,7 +34,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v2 with: - ref: dev + ref: ${{ github.event.inputs.branch }} - name: Patching Versions File run: | git checkout -b ${{ github.event.inputs.name }} diff --git a/Dockerfile b/Dockerfile index 5dda74b..32b7a0e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,13 +3,15 @@ FROM $PIHOLE_BASE ARG PIHOLE_ARCH ENV PIHOLE_ARCH "${PIHOLE_ARCH}" +ARG PIHOLE_TAG +ENV PIHOLE_TAG "${PIHOLE_TAG}" ARG S6_ARCH ARG S6_VERSION ENV S6OVERLAY_RELEASE "https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-${S6_ARCH}.tar.gz" COPY install.sh /usr/local/bin/install.sh -COPY VERSION /etc/docker-pi-hole-version -ENV PIHOLE_INSTALL /root/ph_install.sh +COPY VERSIONS /etc/pi-hole-versions +ENV PIHOLE_INSTALL /etc/.pihole/automated\ install/basic-install.sh RUN bash -ex install.sh 2>&1 && \ rm -rf /var/cache/apt/archives /var/lib/apt/lists/* diff --git a/Dockerfile.py b/Dockerfile.py index 30c5f20..2953bc3 100755 --- a/Dockerfile.py +++ b/Dockerfile.py @@ -20,12 +20,16 @@ from docopt import docopt import os import sys import subprocess +from dotenv import dotenv_values -__version__ = None -dot = os.path.abspath('.') -with open('{}/VERSION'.format(dot), 'r') as v: - raw_version = v.read().strip() - __version__ = raw_version.replace('release/', 'release-') +FTL_VERSION = None + + +def read_pihole_versions(): + global FTL_VERSION + dot = os.path.abspath('.') + config = dotenv_values('{}/VERSIONS'.format(dot)) + FTL_VERSION = config['FTL_VERSION'].replace('/','-') def build_dockerfiles(args) -> bool: @@ -60,13 +64,14 @@ def run_and_stream_command_output(command, environment_vars, verbose) -> bool: def build(docker_repo: str, arch: str, debian_version: str, hub_tag: str, show_time: bool, no_cache: bool, verbose: bool) -> bool: - create_tag = f'{docker_repo}:{__version__}-{arch}-{debian_version}' + create_tag = f'{docker_repo}:{FTL_VERSION}-{arch}-{debian_version}' print(f' ::: Building {create_tag}') time_arg = 'time' if show_time else '' cache_arg = '--no-cache' if no_cache else '' build_env = os.environ.copy() - build_env['PIHOLE_VERSION'] = __version__ + build_env['PIHOLE_VERSION'] = FTL_VERSION build_env['DEBIAN_VERSION'] = debian_version + build_env['PIHOLE_TAG'] = hub_tag build_command = f'{time_arg} docker-compose -f build.yml build {cache_arg} --pull {arch}' print(f' ::: Building {arch} into {create_tag}') success = run_and_stream_command_output(build_command, build_env, verbose) @@ -81,6 +86,7 @@ def build(docker_repo: str, arch: str, debian_version: str, hub_tag: str, show_t if __name__ == '__main__': args = docopt(__doc__, version='Dockerfile 1.1') + read_pihole_versions() success = build_dockerfiles(args) exit_code = 0 if success else 1 sys.exit(exit_code) diff --git a/Pipfile b/Pipfile index b6904f7..091ce68 100644 --- a/Pipfile +++ b/Pipfile @@ -58,6 +58,7 @@ Jinja2 = "==2.11.3" MarkupSafe = "==1.1.1" PyYAML = "==5.4" websocket_client = "==0.57.0" +python-dotenv = "==0.17.1" [requires] python_version = "3.8" diff --git a/Pipfile.lock b/Pipfile.lock index b3d8674..d8a7c49 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "6b8495479c1a2a11b99e728c23d5c4ec57b59b9e42e456f63ee46bedfeb24f45" + "sha256": "2c7f1fb7f001bf70bba7309859b06dc323040f21518b32ee8993aa823c27df15" }, "pipfile-spec": 6, "requires": { @@ -384,6 +384,7 @@ "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5", "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==20.9" }, "pathlib2": { @@ -464,6 +465,14 @@ "index": "pypi", "version": "==1.31.0" }, + "python-dotenv": { + "hashes": [ + "sha256:00aa34e92d992e9f8383730816359647f358f4a3be1ba45e5a5cefd27ee91544", + "sha256:b1ae5e9643d5ed987fc57cc2583021e38db531946518130777734f9589b3141f" + ], + "index": "pypi", + "version": "==0.17.1" + }, "pyyaml": { "hashes": [ "sha256:02c78d77281d8f8d07a255e57abdbf43b02257f59f50cc6b636937d68efa5dd0", @@ -552,7 +561,8 @@ "toml": { "hashes": [ "sha256:229f81c57791a41d65e399fc06bf0848bab550a9dfd5ed66df18ce5f05e73d5c", - "sha256:235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e" + "sha256:235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e", + "sha256:f1db651f9657708513243e61e6cc67d101a39bad662eaa9b5546f789338e07a3" ], "index": "pypi", "version": "==0.10.0" diff --git a/README.md b/README.md index 796c856..954b781 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,8 @@ services: - NET_ADMIN restart: unless-stopped ``` -2. Run `docker-compose up --detach` to build and start pi-hole +2. Run `docker-compose up -d` to build and start pi-hole +3. Use the Pi-hole web UI to change the DNS settings *Interface listening behavior* to "Listen on all interfaces, permit all origins", if using Docker's default `bridge` network setting [Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh). @@ -88,51 +89,70 @@ There are multiple different ways to run DHCP from within your Docker Pi-hole co There are other environment variables if you want to customize various things inside the docker container: -| Docker Environment Var. | Description | -| ----------------------- | ----------- | -| `ADMIN_EMAIL: `
*Optional Default: ''* | Set an administrative contact address for the Block Page -| `TZ: `
**Recommended** *Default: UTC* | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. -| `WEBPASSWORD: `
**Recommended** *Default: random* | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass. -| `PIHOLE_DNS_: `
*Optional* *Default: 8.8.8.8;8.8.4.4* | Upstream DNS server(s) for Pi-hole to forward queries to, seperated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4` -| `DNSSEC: <"true"\|"false">`
*Optional* *Default: "false"* | Enable DNSSEC support -| `DNS_BOGUS_PRIV: <"true"\|"false">`
*Optional* *Default: "true"* | Enable forwarding of reverse lookups for private ranges -| `DNS_FQDN_REQUIRED: <"true"\|"false">`
*Optional* *Default: true* | Never forward non-FQDNs -| `REV_SERVER: <"true"\|"false">`
*Optional* *Default: "false"* | Enable DNS conditional forwarding for device name resolution -| `REV_SERVER_DOMAIN: `
*Optional* | If conditional forwarding is enabled, set the domain of the local network router -| `REV_SERVER_TARGET: `
*Optional* | If conditional forwarding is enabled, set the IP of the local network router -| `REV_SERVER_CIDR: `
*Optional* | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) -| `ServerIP: `
**Recommended** | **--net=host mode requires** Set to your server's LAN IP, used by web block modes and lighttpd bind address -| `ServerIPv6: `
*Required if using IPv6* | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully -| `VIRTUAL_HOST: `
*Optional* *Default: $ServerIP* | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address -| `IPv6: <"true"\|"false">`
*Optional* *Default: "true"* | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false. -| `INTERFACE: `
*Advanced/Optional* | The default works fine with our basic example docker run commands. If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING. -| `DNSMASQ_LISTENING: `
*Advanced/Optional* | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local, `single` listens only on the interface specified. -| `WEB_PORT: `
*Advanced/Optional* | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument. This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc) -| `DNSMASQ_USER: `
*Experimental Default: root* | Allows running FTLDNS as non-root. -| `TEMPERATUREUNIT`:
*Optional Default: c* | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units. -| `WEBUIBOXEDLAYOUT: `
*Optional Default: boxed* | Use boxed layout (helpful when working on large screens) -| `SKIPGRAVITYONBOOT`:
*Optional Default: Not Set* | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. -| `QUERY_LOGGING: <"true"\|"false">`
*Optional* *Default: "true"* | Enable query logging or not. -| `DHCP_ACTIVE: <"true"\|"false">`
*Optional* *Default: "false"* | Enable DHCP server. Static DHCP leases can be configured with a custom `/etc/dnsmasq.d/04-pihole-static-dhcp.conf` -| `DHCP_START: `
*Optional* *Default: Not Set* | Start of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled). -| `DHCP_END: `
*Optional* *Default: Not Set* | End of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled). -| `DHCP_ROUTER: `
*Optional* *Default: Not Set* | Router (gateway) IP address sent by the DHCP server (mandatory if DHCP server is enabled). -| `DHCP_LEASETIME: `
*Optional* *Default: 24* | DHCP lease time in hours. -| `PIHOLE_DOMAIN: `
*Optional* *Default: lan* | Domain name sent by the DHCP server. -| `DHCP_IPv6: <"true"\|"false">`
*Optional* *Default: "false"* | Enable DHCP server IPv6 support (SLAAC + RA). -| `DHCP_rapid_commit <"true"\|"false">`
*Optional* *Default: "false"* | Enable DHCPv4 rapid commit (fast address assignment). +### Recommended Variables + +| Variable | Default | Value | Descrption | +| -------- | ------- | ----- | ---------- | +| `TZ` | UTC | `` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. +| `WEBPASSWORD` | random | `` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass. +| `ServerIP` | unset | `` | Set to your server's LAN IP, used by web block modes and lighttpd bind address + +### Optional Variables + +| Variable | Default | Value | Descrption | +| -------- | ------- | ----- | ---------- | +| `ADMIN_EMAIL` | unset | email address | Set an administrative contact address for the Block Page | +| `PIHOLE_DNS_` | `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, seperated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4` | +| `DNSSEC` | `false` | `<"true"\|"false">` | Enable DNSSEC support | +| `DNS_BOGUS_PRIV` | `true` |`<"true"\|"false">`| Never forward reverse lookups for private ranges | +| `DNS_FQDN_REQUIRED` | `true` | `<"true"\|"false">`| Never forward non-FQDNs | +| `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution | +| `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router | +| `REV_SERVER_TARGET` | unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router | +| `REV_SERVER_CIDR` | unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) | +| `DHCP_ACTIVE` | `false` | `<"true"\|"false">` | Enable DHCP server. Static DHCP leases can be configured with a custom `/etc/dnsmasq.d/04-pihole-static-dhcp.conf` +| `DHCP_START` | unset | `` | Start of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled). +| `DHCP_END` | unset | `` | End of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled). +| `DHCP_ROUTER` | unset | `` | Router (gateway) IP address sent by the DHCP server (mandatory if DHCP server is enabled). +| `DHCP_LEASETIME` | 24 | `` | DHCP lease time in hours. +| `PIHOLE_DOMAIN` | `lan` | `` | Domain name sent by the DHCP server. +| `DHCP_IPv6` | `false` | `<"true"\|"false">` | Enable DHCP server IPv6 support (SLAAC + RA). +| `DHCP_rapid_commit` | `false` | `<"true"\|"false">` | Enable DHCPv4 rapid commit (fast address assignment). +| `VIRTUAL_HOST` | `$ServerIP` | `` | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address +| `IPv6:` | `true` | `<"true"\|"false">` | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false. +| `TEMPERATUREUNIT` | `c` | `` | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units. +| `WEBUIBOXEDLAYOUT` | `boxed` | `` | Use boxed layout (helpful when working on large screens) +| `QUERY_LOGGING` | `true` | `<"true"\|"false">` | Enable query logging or not. +| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light">`| User interface theme to use. +| `WEBPASSWORD_FILE`| unset | `` |Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `WEBPASSWORD` is set, `WEBPASSWORD_FILE` is ignored. If `WEBPASSWORD` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file path, then `WEBPASSWORD` will be set to the contents of `WEBPASSWORD_FILE`. + +### Advanced Variables +| Variable | Default | Value | Descrption | +| -------- | ------- | ----- | ---------- | +| `ServerIPv6` | unset| `` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully +| `INTERFACE` | unset | `` | The default works fine with our basic example docker run commands. If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING. +| `DNSMASQ_LISTENING` | unset | `` | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local, `single` listens only on the interface specified. +| `WEB_PORT` | unset | `` | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument. This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc) +| `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. +| `CORS_HOSTS` | unset | `` | List of domains/subdomains on which CORS is allowed. Wildcards are not supported. Eg: `CORS_HOSTS: domain.com,home.domain.com,www.domain.com`. +| `CUSTOM_CACHE_SIZE` | `10000` | Number | Set the cache size for dnsmasq. Useful for increasing the default cache size or to set it to 0. Note that when `DNSSEC` is "true", then this setting is ignored. + +### Experimental Variables +| Variable | Default | Value | Descrption | +| -------- | ------- | ----- | ---------- | +| `DNSMASQ_USER` | unset | `` | Allows running FTLDNS as non-root. ## Deprecated environment variables: While these may still work, they are likely to be removed in a future version. Where applicible, alternative variable names are indicated. Please review the table above for usage of the alternative variables | Docker Environment Var. | Description | Replaced By | | ----------------------- | ----------- | ----------- | -| `CONDITIONAL_FORWARDING: <"true"\|"false">`
*Optional* *Default: "false"* | Enable DNS conditional forwarding for device name resolution | `REV_SERVER`| -| `CONDITIONAL_FORWARDING_IP: `
*Optional* | If conditional forwarding is enabled, set the IP of the local network router | `REV_SERVER_TARGET` | -| `CONDITIONAL_FORWARDING_DOMAIN: `
*Optional* | If conditional forwarding is enabled, set the domain of the local network router | `REV_SERVER_DOMAIN` | -| `CONDITIONAL_FORWARDING_REVERSE: `
*Optional* | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`) | `REV_SERVER_CIDR` | -| `DNS1: `
*Optional* *Default: 8.8.8.8* | Primary upstream DNS provider, default is google DNS | `PIHOLE_DNS_` | -| `DNS2: `
*Optional* *Default: 8.8.4.4* | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used | `PIHOLE_DNS_` | +| `CONDITIONAL_FORWARDING` | Enable DNS conditional forwarding for device name resolution | `REV_SERVER`| +| `CONDITIONAL_FORWARDING_IP` | If conditional forwarding is enabled, set the IP of the local network router | `REV_SERVER_TARGET` | +| `CONDITIONAL_FORWARDING_DOMAIN` | If conditional forwarding is enabled, set the domain of the local network router | `REV_SERVER_DOMAIN` | +| `CONDITIONAL_FORWARDING_REVERSE` | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`) | `REV_SERVER_CIDR` | +| `DNS1` | Primary upstream DNS provider, default is google DNS | `PIHOLE_DNS_` | +| `DNS2` | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used | `PIHOLE_DNS_` | To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1` @@ -160,6 +180,7 @@ Here is a rundown of other arguments for your docker-compose / docker run. * Ubuntu users see below for more detailed information * You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port. * [Here is an example of running with jwilder/proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/docker-compose-jwilder-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port. Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container. Please read jwilder/proxy readme for more info if you have trouble. +* Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for *Interface listening behavior* to "Listen on all interfaces, permit all origins". ### Installing on Ubuntu Modern releases of Ubuntu (17.10+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53. @@ -198,6 +219,8 @@ The primary docker tags / versions are explained in the following table. [Click | `v5.0-buster` | auto detect | Versioned tags, if you want to pin against a specific Pi-hole and Debian version, use one of these | | | `v5.0--buster ` | based on tag | Specific architectures and Debian version tags | | | `dev` | auto detect | like latest tag, but for the development branch (pushed occasionally) | | +| `beta-*` | auto detect | Early beta releases of upcoming versions - here be dragons | | +| `nightly` | auto detect | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, AdminLTE, FTL) | | ### `pihole/pihole:latest` [![](https://images.microbadger.com/badges/image/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") diff --git a/VERSION b/VERSION deleted file mode 100644 index 67617da..0000000 --- a/VERSION +++ /dev/null @@ -1 +0,0 @@ -v5.3.1 diff --git a/VERSIONS b/VERSIONS new file mode 100644 index 0000000..3464125 --- /dev/null +++ b/VERSIONS @@ -0,0 +1,3 @@ +CORE_VERSION=v5.3.1 +WEB_VERSION=v5.5.1 +FTL_VERSION=v5.8.1 diff --git a/bash_functions.sh b/bash_functions.sh index 40d220c..6f2c7c7 100644 --- a/bash_functions.sh +++ b/bash_functions.sh @@ -13,7 +13,7 @@ fix_capabilities() { prepare_configs() { # Done in /start.sh, don't do twice - PH_TEST=true . $PIHOLE_INSTALL + PH_TEST=true . "${PIHOLE_INSTALL}" # Set Debian webserver variables for installConfigs LIGHTTPD_USER="www-data" LIGHTTPD_GROUP="www-data" @@ -103,6 +103,7 @@ setup_dnsmasq() { setup_dnsmasq_interface "$interface" setup_dnsmasq_listening_behaviour "$dnsmasq_listening_behaviour" setup_dnsmasq_user "${DNSMASQ_USER}" + setup_cache_size "${CUSTOM_CACHE_SIZE}" ProcessDNSSettings } @@ -157,6 +158,32 @@ setup_dnsmasq_hostnames() { fi } +setup_cache_size() { + local warning="WARNING: CUSTOM_CACHE_SIZE not used" + local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" + # Quietly exit early for empty or default + if [[ -z "${1}" || "${1}" == '10000' ]] ; then return ; fi + + if [[ "${DNSSEC}" == "true" ]] ; then + echo "$warning - Cannot change cache size if DNSSEC is enabled" + return + fi + + if ! echo $1 | grep -q '^[0-9]*$' ; then + echo "$warning - $1 is not an integer" + return + fi + + local -i custom_cache_size="$1" + if (( $custom_cache_size < 0 )); then + echo "$warning - $custom_cache_size is not a positive integer or zero" + return + fi + echo "Custom CUSTOM_CACHE_SIZE set to $custom_cache_size" + + sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location} +} + setup_lighttpd_bind() { local serverip="$1" # if using '--net=host' only bind lighttpd on $ServerIP and localhost @@ -172,19 +199,22 @@ setup_php_env() { VIRTUAL_HOST="$ServerIP" fi; local vhost_line="\t\t\t\"VIRTUAL_HOST\" => \"${VIRTUAL_HOST}\"," + local corshosts_line="\t\t\t\"CORS_HOSTS\" => \"${CORS_HOSTS}\"," local serverip_line="\t\t\t\"ServerIP\" => \"${ServerIP}\"," local php_error_line="\t\t\t\"PHP_ERROR_LOG\" => \"${PHP_ERROR_LOG}\"," # idempotent line additions grep -qP "$vhost_line" "$PHP_ENV_CONFIG" || \ sed -i "/bin-environment/ a\\${vhost_line}" "$PHP_ENV_CONFIG" + grep -qP "$corshosts_line" "$PHP_ENV_CONFIG" || \ + sed -i "/bin-environment/ a\\${corshosts_line}" "$PHP_ENV_CONFIG" grep -qP "$serverip_line" "$PHP_ENV_CONFIG" || \ sed -i "/bin-environment/ a\\${serverip_line}" "$PHP_ENV_CONFIG" grep -qP "$php_error_line" "$PHP_ENV_CONFIG" || \ sed -i "/bin-environment/ a\\${php_error_line}" "$PHP_ENV_CONFIG" echo "Added ENV to php:" - grep -E '(VIRTUAL_HOST|ServerIP|PHP_ERROR_LOG)' "$PHP_ENV_CONFIG" + grep -E '(VIRTUAL_HOST|CORS_HOSTS|ServerIP|PHP_ERROR_LOG)' "$PHP_ENV_CONFIG" } setup_web_port() { diff --git a/build.yml b/build.yml index 68b657f..96fe62e 100644 --- a/build.yml +++ b/build.yml @@ -3,6 +3,7 @@ version: "3.7" x-common-args: &common-args PIHOLE_VERSION: ${PIHOLE_VERSION} + PIHOLE_TAG: ${PIHOLE_TAG} NAME: pihole/pihole MAINTAINER: adam@diginc.us S6_VERSION: v2.1.0.2 @@ -26,7 +27,7 @@ services: context: . args: <<: *common-args - PIHOLE_BASE: multiarch/debian-debootstrap:armel-${DEBIAN_VERSION:-buster}-slim + PIHOLE_BASE: pihole/debian-debootstrap:armel-${DEBIAN_VERSION:-buster}-slim PIHOLE_ARCH: armel S6_ARCH: arm armhf: @@ -35,7 +36,7 @@ services: context: . args: <<: *common-args - PIHOLE_BASE: multiarch/debian-debootstrap:armhf-${DEBIAN_VERSION:-buster}-slim + PIHOLE_BASE: pihole/debian-debootstrap:armhf-${DEBIAN_VERSION:-buster}-slim PIHOLE_ARCH: arm S6_ARCH: arm arm64: @@ -44,7 +45,7 @@ services: context: . args: <<: *common-args - PIHOLE_BASE: multiarch/debian-debootstrap:arm64-${DEBIAN_VERSION:-buster}-slim + PIHOLE_BASE: pihole/debian-debootstrap:arm64-${DEBIAN_VERSION:-buster}-slim PIHOLE_ARCH: arm64 S6_ARCH: aarch64 i386: @@ -53,6 +54,6 @@ services: context: . args: <<: *common-args - PIHOLE_BASE: multiarch/debian-debootstrap:i386-${DEBIAN_VERSION:-buster}-slim + PIHOLE_BASE: pihole/debian-debootstrap:i386-${DEBIAN_VERSION:-buster}-slim PIHOLE_ARCH: i386 S6_ARCH: x86 diff --git a/docker-compose-jwilder-proxy.yml b/docker-compose-nginx-proxy.yml similarity index 93% rename from docker-compose-jwilder-proxy.yml rename to docker-compose-nginx-proxy.yml index ee9c9e4..981cb9d 100644 --- a/docker-compose-jwilder-proxy.yml +++ b/docker-compose-nginx-proxy.yml @@ -3,8 +3,8 @@ version: "3" # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md services: - jwilder-proxy: - image: jwilder/nginx-proxy + nginx-proxy: + image: nginxproxy/nginx-proxy ports: - '80:80' environment: @@ -38,7 +38,7 @@ services: extra_hosts: # Resolve to nothing domains (terminate connection) - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0' - # LAN hostnames for other docker containers using jwilder + # LAN hostnames for other docker containers using nginx-proxy - 'yourDomain.lan:192.168.41.55' - 'pihole pihole.yourDomain.lan:192.168.41.55' - 'ghost ghost.yourDomain.lan:192.168.41.55' diff --git a/doco-example.yml b/doco-example.yml deleted file mode 120000 index 412c257..0000000 --- a/doco-example.yml +++ /dev/null @@ -1 +0,0 @@ -docker-compose.yml \ No newline at end of file diff --git a/install.sh b/install.sh index 2ce1641..e608807 100644 --- a/install.sh +++ b/install.sh @@ -2,22 +2,35 @@ mkdir -p /etc/pihole/ mkdir -p /var/run/pihole -# Production tags with valid web footers -export CORE_VERSION="$(cat /etc/docker-pi-hole-version)" -export WEB_VERSION="${CORE_VERSION}" -export PIHOLE_SKIP_OS_CHECK=true -# Overwrite WEB_VERSION if core and web versions are different -export WEB_VERSION="v5.5" -# Only use for pre-production / testing -export CHECKOUT_BRANCHES=false -# Search for release/* branch naming convention for custom checkouts -if [[ "$CORE_VERSION" == *"release/"* ]] ; then - CHECKOUT_BRANCHES=true -fi +# Source versions file +source /etc/pi-hole-versions + +CORE_REMOTE_REPO=https://github.com/pi-hole/pi-hole +CORE_LOCAL_REPO=/etc/.pihole +WEB_REMOTE_REPO=https://github.com/pi-hole/adminLTE +WEB_LOCAL_REPO=/var/www/html/admin +setupVars=/etc/pihole/setupVars.conf + +fetch_release_metadata() { + local directory="$1" + local version="$2" + pushd "$directory" + git fetch -t + git remote set-branches origin '*' + git fetch --depth 10 + #if version number begins with a v, it's a version number + if [[ $version == v* ]]; then + git checkout master + git reset --hard "$version" + else # else treat it as a branch + git checkout "$version" + fi + popd +} apt-get update -apt-get install --no-install-recommends -y curl procps ca-certificates +apt-get install --no-install-recommends -y curl procps ca-certificates git # curl in armhf-buster's image has SSL issues. Running c_rehash fixes it. # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923479 c_rehash @@ -25,13 +38,15 @@ ln -s `which echo` /usr/local/bin/whiptail curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C / mv /init /s6-init -# debconf-apt-progress seems to hang so get rid of it too -which debconf-apt-progress -mv "$(which debconf-apt-progress)" /bin/no_debconf-apt-progress +# clone the remote repos to their local destinations +git clone "${CORE_REMOTE_REPO}" "${CORE_LOCAL_REPO}" +fetch_release_metadata "${CORE_LOCAL_REPO}" "${CORE_VERSION}" -# Get the install functions -curl https://raw.githubusercontent.com/pi-hole/pi-hole/${CORE_VERSION}/automated%20install/basic-install.sh > "$PIHOLE_INSTALL" -PH_TEST=true . "${PIHOLE_INSTALL}" +git clone "${WEB_REMOTE_REPO}" "${WEB_LOCAL_REPO}" +fetch_release_metadata "${WEB_LOCAL_REPO}" "${WEB_VERSION}" + +# FTL uses a local version file for the installer to determine which version we want +echo "${FTL_VERSION}" > /etc/pihole/ftlbranch # Preseed variables to assist with using --unattended install { @@ -47,53 +62,38 @@ PH_TEST=true . "${PIHOLE_INSTALL}" source $setupVars export USER=pihole -distro_check -# fix permission denied to resolvconf post-inst /etc/resolv.conf moby/moby issue #1297 -apt-get -y install debconf-utils -echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections +export PIHOLE_SKIP_OS_CHECK=true ln -s /bin/true /usr/local/bin/service -bash -ex "./${PIHOLE_INSTALL}" --unattended +# Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated +bash -ex "./${PIHOLE_INSTALL}" --unattended --reconfigure rm /usr/local/bin/service # IPv6 support for nc openbsd better than traditional apt-get install -y --force-yes netcat-openbsd -fetch_release_metadata() { - local directory="$1" - local version="$2" - pushd "$directory" - git fetch -t - git remote set-branches origin '*' - git fetch --depth 10 - git checkout master - git reset --hard "$version" - popd -} - -if [[ $CHECKOUT_BRANCHES == true ]] ; then - ln -s /bin/true /usr/local/bin/service - ln -s /bin/true /usr/local/bin/update-rc.d - echo "${CORE_VERSION}" | sudo tee /etc/pihole/ftlbranch - echo y | bash -x pihole checkout core ${CORE_VERSION} - echo y | bash -x pihole checkout web ${WEB_VERSION} - # echo y | bash -x pihole checkout ftl ${CORE_VERSION} - # If the v is forgotten: ${CORE_VERSION/v/} - unlink /usr/local/bin/service - unlink /usr/local/bin/update-rc.d -else - # Reset to our tags so version numbers get detected correctly - fetch_release_metadata "${PI_HOLE_LOCAL_REPO}" "${CORE_VERSION}" - fetch_release_metadata "${webInterfaceDir}" "${WEB_VERSION}" -fi - sed -i 's/readonly //g' /opt/pihole/webpage.sh sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf -# Replace the call to `updatePiholeFunc` in arg parse with new `unsupportedFunc` +# sed a new function into the `pihole` script just above the `helpFunc()` function for later use. sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n echo "Function not supported in Docker images"\\\n exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole +# Replace a few of the `pihole` options with calls to `unsupportedFunc`: +# pihole -up / pihole updatePihole sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole +# pihole checkout +sed -i $'s/)\s*piholeCheckoutFunc/) unsupportedFunc/g' /usr/local/bin/pihole +# pihole -r / pihole reconfigure +sed -i $'s/)\s*reconfigurePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole +# pihole uninstall +sed -i $'s/)\s*uninstallFunc/) unsupportedFunc/g' /usr/local/bin/pihole + +# Inject a message into the debug scripts Operating System section to indicate that the debug log comes from a Docker system. +sed -i $'s/echo_current_diagnostic "Operating system"/echo_current_diagnostic "Operating system"\\\n log_write "${INFO} Pi-hole Docker Container: ${PIHOLE_TAG:-PIHOLE_TAG is unset}"/g' /opt/pihole/piholeDebug.sh + +# Inject container tag into web interface footer... +sed -i $"s/
    /
      \\n
    • Docker Tag<\/strong> ${PIHOLE_TAG//\//\\/}<\/li>/g" /var/www/html/admin/scripts/pi-hole/php/footer.php +sed -i $"s/
        /Docker Tag<\/strong> ${PIHOLE_TAG//\//\\/}\\n
          /g" /var/www/html/admin/scripts/pi-hole/php/footer.php touch /.piholeFirstBoot diff --git a/requirements.txt b/requirements.txt index 56a74c6..0d0a47a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -52,3 +52,4 @@ virtualenv==16.7.9 wcwidth==0.1.7 websocket-client==0.57.0 zipp==0.6.0 +python-dotenv==0.17.1 diff --git a/s6/debian-root/etc/cont-init.d/20-start.sh b/s6/debian-root/etc/cont-init.d/20-start.sh index 907e403..a482ecc 100644 --- a/s6/debian-root/etc/cont-init.d/20-start.sh +++ b/s6/debian-root/etc/cont-init.d/20-start.sh @@ -7,21 +7,33 @@ if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then bashCmd='bash -e -x' fi -# used to start dnsmasq here for gravity to use...now that conflicts port 53 - $bashCmd /start.sh # Gotta go fast, no time for gravity if [ -n "$PYTEST" ]; then sed -i 's/^gravity_spinup$/#gravity_spinup # DISABLED FOR PYTEST/g' "$(which gravity.sh)" fi -if [ -z "$SKIPGRAVITYONBOOT" ]; then + +gravityDBfile="/etc/pihole/gravity.db" +config_file="/etc/pihole/pihole-FTL.conf" +# make a point to mention which config file we're checking, as breadcrumb to revisit if/when pihole-FTL.conf is succeeded by TOML +echo " Checking if custom gravity.db is set in ${config_file}" +if [[ -f "${config_file}" ]]; then + gravityDBfile="$(grep --color=never -Po "^GRAVITYDB=\K.*" "${config_file}" 2> /dev/null || echo "/etc/pihole/gravity.db")" +fi + + +if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -e "${gravityDBfile}" ]; then + if [ -n "$SKIPGRAVITYONBOOT" ];then + echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." + echo " Ignoring SKIPGRAVITYONBOOT on this occaision." + fi + echo '@reboot root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log' > /etc/cron.d/gravity-on-boot else echo " Skipping Gravity Database Update." [ ! -e /etc/cron.d/gravity-on-boot ] || rm /etc/cron.d/gravity-on-boot &>/dev/null fi -# Kill dnsmasq because s6 won't like it if it's running when s6 services start -kill -9 $(pgrep pihole-FTL) || true # TODO: REVISIT THIS SO AS TO NOT kill -9 - pihole -v + +echo " Container tag is: ${PIHOLE_TAG}" \ No newline at end of file diff --git a/start.sh b/start.sh index d8a75be..603cec3 100755 --- a/start.sh +++ b/start.sh @@ -38,6 +38,8 @@ export DHCP_LEASETIME export PIHOLE_DOMAIN export DHCP_IPv6 export DHCP_rapid_commit +export WEBTHEME +export CUSTOM_CACHE_SIZE export adlistFile='/etc/pihole/adlists.list' @@ -52,7 +54,7 @@ export adlistFile='/etc/pihole/adlists.list' . /opt/pihole/webpage.sh # PH_TEST prevents the install from actually running (someone should rename that) -PH_TEST=true . $PIHOLE_INSTALL +PH_TEST=true . "${PIHOLE_INSTALL}" echo " ::: Starting docker specific checks & setup for docker pihole/pihole" @@ -74,8 +76,8 @@ prepare_configs [ -n "${INSTALL_WEB_SERVER}" ] && change_setting "INSTALL_WEB_SERVER" "$INSTALL_WEB_SERVER" [ -n "${INSTALL_WEB_INTERFACE}" ] && change_setting "INSTALL_WEB_INTERFACE" "$INSTALL_WEB_INTERFACE" [ -n "${LIGHTTPD_ENABLED}" ] && change_setting "LIGHTTPD_ENABLED" "$LIGHTTPD_ENABLED" -[ -n "${ServerIP}" ] && change_setting "IPV4_ADDRESS" "$ServerIP" -[ -n "${ServerIPv6}" ] && change_setting "IPV6_ADDRESS" "$ServerIPv6" +[ -n "${ServerIP}" ] && changeFTLsetting "REPLY_ADDR4" "$ServerIP" +[ -n "${ServerIPv6}" ] && changeFTLsetting "REPLY_ADDR6" "$ServerIPv6" [ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV" [ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED" [ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC" @@ -137,6 +139,21 @@ else fi fi +# Parse the WEBTHEME variable, if it exists, and set the selected theme if it is one of the supported values. +# If an invalid theme name was supplied, setup WEBTHEME to use the default-light theme. +if [ -n "${WEBTHEME}" ]; then + case "${WEBTHEME}" in + "default-dark" | "default-darker" | "default-light") + echo "Setting Web Theme based on WEBTHEME variable, using value ${WEBTHEME}" + change_setting "WEBTHEME" "${WEBTHEME}" + ;; + *) + echo "Invalid theme name supplied: ${WEBTHEME}, falling back to default-light." + change_setting "WEBTHEME" "default-light" + ;; + esac +fi + [[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_dhcp setup_web_port "$WEB_PORT" diff --git a/test/conftest.py b/test/conftest.py index 83253b0..a938e1f 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -1,27 +1,31 @@ -import functools import os import pytest import subprocess import testinfra -import types +from dotenv import dotenv_values local_host = testinfra.get_host('local://') check_output = local_host.check_output DEBIAN_VERSION = os.environ.get('DEBIAN_VERSION', 'buster') -__version__ = None -dotdot = os.path.abspath(os.path.join(os.path.abspath(__file__), os.pardir, os.pardir)) -with open('{}/VERSION'.format(dotdot), 'r') as v: - raw_version = v.read().strip() - __version__ = raw_version.replace('release/', 'release-') +FTL_VERSION = None + + +@pytest.fixture(autouse=True) +def read_pihole_versions(): + global FTL_VERSION + dotdot = os.path.abspath(os.path.join(os.path.abspath(__file__), os.pardir, os.pardir)) + config = dotenv_values('{}/VERSIONS'.format(dotdot)) + FTL_VERSION = config['FTL_VERSION'].replace('/','-') + @pytest.fixture() def run_and_stream_command_output(): def run_and_stream_command_output_inner(command, verbose=False): print("Running", command) build_env = os.environ.copy() - build_env['PIHOLE_VERSION'] = __version__ + build_env['PIHOLE_VERSION'] = FTL_VERSION build_result = subprocess.Popen(command.split(), env=build_env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, bufsize=1, universal_newlines=True) if verbose: @@ -82,7 +86,7 @@ def Docker(request, test_args, args, image, cmd, entrypoint): def DockerPersist(request, persist_test_args, persist_args, persist_image, persist_cmd, persist_entrypoint, Dig): ''' Persistent Docker container for multiple tests, instead of stopping container after one test ''' ''' Uses DUP'd module scoped fixtures because smaller scoped fixtures won't mix with module scope ''' - persistent_container = DockerGeneric(request, persist_test_args, persist_args, persist_image, persist_cmd, persist_entrypoint) + persistent_container = DockerGeneric(request, persist_test_args, persist_args, persist_image, persist_cmd, persist_entrypoint) ''' attach a dig conatiner for lookups ''' persistent_container.dig = Dig(persistent_container.id) return persistent_container @@ -97,7 +101,7 @@ def arch(request): @pytest.fixture() def version(): - return __version__ + return FTL_VERSION @pytest.fixture() def debian_version(): @@ -128,7 +132,7 @@ def persist_arch(): @pytest.fixture(scope='module') def persist_version(): - return __version__ + return FTL_VERSION @pytest.fixture(scope='module') def persist_debian_version(): diff --git a/test/test_bash_functions.py b/test/test_bash_functions.py index 8773d41..2402fed 100644 --- a/test/test_bash_functions.py +++ b/test/test_bash_functions.py @@ -48,6 +48,39 @@ def test_bad_input_to_WEB_PORT(Docker, test_args, expected_error): assert expected_error in function.stdout +@pytest.mark.parametrize('test_args,cache_size', [('-e CUSTOM_CACHE_SIZE="0"', '0'), ('-e CUSTOM_CACHE_SIZE="20000"', '20000')]) +def test_overrides_default_CUSTOM_CACHE_SIZE(Docker, Slow, test_args, cache_size): + ''' Changes the cache_size setting to increase or decrease the cache size for dnsmasq''' + CONFIG_LINE = r'cache-size\s*=\s*{}'.format(cache_size) + DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf' + + function = Docker.run('echo ${CUSTOM_CACHE_SIZE};. ./bash_functions.sh; echo ${CUSTOM_CACHE_SIZE}; eval `grep setup_dnsmasq /start.sh`') + assert "Custom CUSTOM_CACHE_SIZE set to {}".format(cache_size) in function.stdout + Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None) + + +@pytest.mark.parametrize('test_args', [ + '-e CUSTOM_CACHE_SIZE="-1"', + '-e CUSTOM_CACHE_SIZE="1,000"', +]) +def test_bad_input_to_CUSTOM_CACHE_SIZE(Docker, Slow, test_args): + CONFIG_LINE = r'cache-size\s*=\s*10000' + DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf' + + Docker.run('. ./bash_functions.sh; eval `grep setup_dnsmasq /start.sh`') + Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None) + +@pytest.mark.parametrize('test_args', [ + '-e DNSSEC="true" -e CUSTOM_CACHE_SIZE="0"', +]) +def test_dnssec_enabled_with_CUSTOM_CACHE_SIZE(Docker, Slow, test_args): + CONFIG_LINE = r'cache-size\s*=\s*10000' + DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf' + + Docker.run('. ./bash_functions.sh; eval `grep setup_dnsmasq /start.sh`') + Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None) + + # DNS Environment Variable behavior in combinations of modified pihole LTE settings @pytest.mark.skip('broke, needs investigation in v5.0 beta') @pytest.mark.parametrize('args_env, expected_stdout, dns1, dns2', [